Merge branch 'main' into cz-20220909-vsdx

2025-06-15 18:33:43 +00:00 · 2022-09-12 10:51:38 -07:00
parent a05324d847 cbd5860e63
commit 85383e466b
10 changed files with 38 additions and 21 deletions
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@ -150,6 +150,15 @@ If you disable or don't configure this policy setting, the PIN will be provision

 Supported operations are Add, Get, Delete, and Replace.

+<a href="" id="tenantid-policies-usecloudtrustforonpremauth--only-for---device-vendor-msft-"></a>***TenantId*/Policies/UseCloudTrustForOnPremAuth** (only for ./Device/Vendor/MSFT)  
+Boolean value that enables Windows Hello for Business to use Azure AD Kerberos to authenticate to on-premises resources.
+
+If you enable this policy setting, Windows Hello for Business will use an Azure AD Kerberos ticket to authenticate to on-premises resources. The Azure AD Kerberos ticket is returned to the client after a successful authentication to Azure AD if Azure AD Kerberos is enabled for the tenant and domain.
+
+If you disable or do not configure this policy setting, Windows Hello for Business will use a key or certificate to authenticate to on-premises resources.
+
+Supported operations are Add, Get, Delete, and Replace.
+
 <a href="" id="tenantid-policies-pincomplexity"></a>***TenantId*/Policies/PINComplexity**  
 Node for defining PIN settings.

--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -2105,17 +2105,17 @@ If you disable or don't configure this setting, security intelligence will be re
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
-   GP Friendly name: *Define security intelligence location for VDI clients*
+-   GP Friendly name: *Specify the signature (Security intelligence) delivery optimization for Defender in Virtual Environments*
 -   GP name: *SecurityIntelligenceLocation*
 -   GP element: *SecurityIntelligenceLocation*
-   GP path: *Windows Components/Microsoft Defender Antivirus/Security Intelligence Updates*
+-   GP path: *Windows Components/Microsoft Defender Antivirus/Windows Defender*
 -   GP ADMX file name: *WindowsDefender.admx*

 <!--/ADMXMapped-->
 <!--SupportedValues-->

 - Empty string - no policy is set
- Non-empty string - the policy is set and security intelligence is gathered from the location
+- Non-empty string - the policy is set and security intelligence is gathered from the location.

 <!--/SupportedValues-->
 <!--/Policy-->
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@ -128,7 +128,7 @@ This policy setting allows you to turn off discovering the display service adver
 <!--SupportedValues-->
 The following list shows the supported values:

-   0 - Don't allow
+-   0 - Doesn't allow
 -   1 - Allow

 <!--/SupportedValues-->
@ -166,9 +166,9 @@ The table below shows the applicability of Windows:
 <!--Description-->
 This policy setting allows you to disable the infrastructure movement detection feature.

-If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you're projecting over infrastructure.
+- If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure.

-If you set it to 1, your PC will detect that you've moved and will automatically disconnect your infrastructure Wireless Display session.
+- If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session.

 The default value is 1.

@ -177,7 +177,7 @@ The default value is 1.

 The following list shows the supported values:

- 0 - Don't allow
+- 0 - Doesn't allow
 - 1 (Default) - Allow

 <!--/SupportedValues-->
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
@ -20,7 +20,7 @@ Windows Autopatch is a cloud service for enterprise customers designed to keep e

 Windows Autopatch provides its service to enterprise customers, and properly administers customers' enrolled devices by using data from various sources.

-The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages. The service also uses these Microsoft services to enable Windows Autopatch to provide IT as a Service (ITaaS) capabilities:
+The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages.

 | Data source | Purpose |
 | ------ | ------ |
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@ -69,9 +69,7 @@ If the error occurs again, check the error code against the following table to s
 | 0x801C044D | Authorization token does not contain device ID.                    | Unjoin the device from Azure AD and rejoin. |
 |            | Unable to obtain user token.                                       | Sign out and then sign in again. Check network and credentials. |
 | 0x801C044E | Failed to receive user credentials input.                          | Sign out and then sign in again. |
-| 0xC00000BB | Your PIN or this option is temporarily unavailable.| The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Use a different login method.  Another common issue is caused by clients inability to verify the KDC certificate CRL|
-
-
+| 0xC00000BB | Your PIN or this option is temporarily unavailable.                | The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Another common cause can be the client can not verify the KDC certificate CRL. Use a different login method.|

 ## Errors with unknown mitigation

--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@ -65,6 +65,8 @@ landingContent:
            url: hello-identity-verification.md
      - linkListType: how-to-guide
        links:
+          - text: Hybrid Cloud Trust Deployment
+            url: hello-hybrid-cloud-trust.md
          - text: Hybrid Azure AD Joined Key Trust Deployment
            url: hello-hybrid-key-trust.md
          - text: Hybrid Azure AD Joined Certificate Trust Deployment
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@ -28,13 +28,8 @@ Windows Sandbox has the following properties:
 - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
 - **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.

-   > [!IMPORTANT]
-   > Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).
-
-The following video provides an overview of Windows Sandbox.
-
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4rFAo]
-
+> [!IMPORTANT]
+> Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).

 ## Prerequisites