From ac70db625620c0785f5aa230b72ad55dcbd05edc Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:13:07 +0000 Subject: [PATCH 01/44] Project Junk Drawer - changing to ms.topic article --- windows/deployment/upgrade/windows-error-reporting.md | 2 +- windows/deployment/usmt/usmt-configxml-file.md | 2 +- windows/deployment/usmt/usmt-conflicts-and-precedence.md | 2 +- windows/deployment/usmt/usmt-custom-xml-examples.md | 2 +- windows/deployment/usmt/usmt-customize-xml-files.md | 2 +- windows/deployment/usmt/usmt-how-it-works.md | 2 +- windows/deployment/usmt/usmt-identify-application-settings.md | 2 +- .../deployment/usmt/usmt-identify-operating-system-settings.md | 2 +- windows/deployment/usmt/usmt-identify-users.md | 2 +- windows/deployment/usmt/usmt-loadstate-syntax.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 2 +- .../deployment/usmt/usmt-recognized-environment-variables.md | 2 +- windows/deployment/usmt/usmt-requirements.md | 2 +- windows/deployment/usmt/usmt-reroute-files-and-settings.md | 2 +- windows/deployment/usmt/usmt-resources.md | 2 +- windows/deployment/usmt/usmt-scanstate-syntax.md | 2 +- windows/deployment/usmt/usmt-utilities.md | 2 +- windows/deployment/usmt/usmt-xml-elements-library.md | 2 +- windows/deployment/usmt/xml-file-requirements.md | 2 +- windows/deployment/wds-boot-support.md | 2 +- windows/deployment/windows-adk-scenarios-for-it-pros.md | 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 34c5e47773..958dbd15ef 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -6,7 +6,7 @@ description: Learn how to review the events generated by Windows Error Reporting ms.service: windows-client author: frankroj ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy ms.date: 01/29/2025 appliesto: diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index f77777e41f..b0444cb0cd 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index c2a0454e4b..c514ca0de2 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index c398822c63..ea5761cc5e 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -6,7 +6,7 @@ manager: aaroncz ms.author: frankroj ms.service: windows-client author: frankroj -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy ms.date: 01/29/2025 appliesto: diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md index 00a902de28..1c80db779b 100644 --- a/windows/deployment/usmt/usmt-customize-xml-files.md +++ b/windows/deployment/usmt/usmt-customize-xml-files.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md index 0da69dfec4..49a7170f0c 100644 --- a/windows/deployment/usmt/usmt-how-it-works.md +++ b/windows/deployment/usmt/usmt-how-it-works.md @@ -6,7 +6,7 @@ manager: aaroncz ms.author: frankroj ms.service: windows-client author: frankroj -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy ms.date: 01/29/2025 appliesto: diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md index 41d2a4f881..644d0c72b2 100644 --- a/windows/deployment/usmt/usmt-identify-application-settings.md +++ b/windows/deployment/usmt/usmt-identify-application-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index 941df2cced..b37083ce78 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md index 314590b2b7..e72d3bab25 100644 --- a/windows/deployment/usmt/usmt-identify-users.md +++ b/windows/deployment/usmt/usmt-identify-users.md @@ -6,7 +6,7 @@ manager: aaroncz ms.author: frankroj ms.service: windows-client author: frankroj -ms.topic: conceptual +ms.topic: article ms.localizationpriority: medium ms.subservice: itpro-deploy ms.date: 01/29/2025 diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 30667f7873..cb3ee8ef8b 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 27e897b01d..e015af4036 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 74170fceed..c626ac56fe 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -8,7 +8,7 @@ manager: aaroncz ms.author: frankroj author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.collection: - highpri - tier2 diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 438b71d40b..fb0d5ddf48 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md index e7a5305f00..8cbda2d6c9 100644 --- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md +++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md index 6e81c92b9a..cf9749d531 100644 --- a/windows/deployment/usmt/usmt-resources.md +++ b/windows/deployment/usmt/usmt-resources.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index a25a4bde8e..04fee70623 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md index bef1f41088..29f40c6108 100644 --- a/windows/deployment/usmt/usmt-utilities.md +++ b/windows/deployment/usmt/usmt-utilities.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md index fc41899980..edf9b0b470 100644 --- a/windows/deployment/usmt/usmt-xml-elements-library.md +++ b/windows/deployment/usmt/usmt-xml-elements-library.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index 8b1d97b433..d26d21f084 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 182f55c874..35a89089d3 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz -ms.topic: conceptual +ms.topic: article ms.date: 07/19/2024 ms.subservice: itpro-deploy appliesto: diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md index cf038aa4a9..2c3b28dac0 100644 --- a/windows/deployment/windows-adk-scenarios-for-it-pros.md +++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md @@ -7,7 +7,7 @@ manager: aaroncz ms.service: windows-client ms.localizationpriority: medium ms.date: 02/13/2024 -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From 891d26f03efb5988573898879b5b9c311a92e366 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:13:08 +0000 Subject: [PATCH 02/44] Project Junk Drawer - changing to ms.topic article --- ...crosoft-intune-automatic-mdm-enrollment-in-the-new-portal.md | 2 +- .../client-tools/administrative-tools-in-windows.md | 2 +- windows/client-management/config-lock.md | 2 +- windows/client-management/device-update-management.md | 2 +- .../client-management/disconnecting-from-mdm-unenrollment.md | 2 +- windows/client-management/enterprise-app-management.md | 2 +- windows/client-management/esim-enterprise-management.md | 2 +- .../federated-authentication-device-enrollment.md | 2 +- .../manage-windows-10-in-your-organization-modern-management.md | 2 +- windows/client-management/mdm-overview.md | 2 +- windows/client-management/mobile-device-enrollment.md | 2 +- windows/client-management/oma-dm-protocol-support.md | 2 +- .../on-premise-authentication-device-enrollment.md | 2 +- windows/client-management/server-requirements-windows-mdm.md | 2 +- .../using-powershell-scripting-with-the-wmi-bridge-provider.md | 2 +- .../win32-and-centennial-app-policy-configuration.md | 2 +- windows/client-management/windows-mdm-enterprise-settings.md | 2 +- windows/client-management/wmi-providers-supported-in-windows.md | 2 +- .../provisioning-packages/provisioning-how-it-works.md | 2 +- .../provisioning-packages/provisioning-powershell.md | 2 +- .../AppIdTagging/appcontrol-appid-tagging-guide.md | 2 +- ...dd-rules-for-packaged-apps-to-existing-applocker-rule-set.md | 2 +- .../applocker/applocker-architecture-and-components.md | 2 +- .../app-control-for-business/applocker/applocker-functions.md | 2 +- .../app-control-for-business/applocker/applocker-overview.md | 2 +- .../applocker/applocker-policies-design-guide.md | 2 +- .../applocker/applocker-policy-use-scenarios.md | 2 +- .../applocker/applocker-processes-and-interactions.md | 2 +- .../determine-group-policy-structure-and-rule-enforcement.md | 2 +- .../applocker/dll-rules-in-applocker.md | 2 +- .../applocker/document-your-application-list.md | 2 +- .../applocker/enforce-applocker-rules.md | 2 +- .../applocker/executable-rules-in-applocker.md | 2 +- .../applocker/how-applocker-works-techref.md | 2 +- .../applocker/optimize-applocker-performance.md | 2 +- ...ckaged-apps-and-packaged-app-installer-rules-in-applocker.md | 2 +- .../applocker/requirements-to-use-applocker.md | 2 +- .../applocker/rule-collection-extensions.md | 2 +- .../applocker/script-rules-in-applocker.md | 2 +- .../applocker/security-considerations-for-applocker.md | 2 +- .../applocker/select-types-of-rules-to-create.md | 2 +- .../applocker/tools-to-use-with-applocker.md | 2 +- .../applocker/understanding-applocker-rule-condition-types.md | 2 +- .../applocker/use-the-applocker-windows-powershell-cmdlets.md | 2 +- .../applocker/using-event-viewer-with-applocker.md | 2 +- .../applocker/windows-installer-rules-in-applocker.md | 2 +- .../applocker/working-with-applocker-policies.md | 2 +- .../applocker/working-with-applocker-rules.md | 2 +- .../use-code-signing-for-better-control-and-protection.md | 2 +- .../app-control-for-business/design/appcontrol-and-dotnet.md | 2 +- .../app-control-for-business/design/appcontrol-design-guide.md | 2 +- .../design/appcontrol-wizard-create-base-policy.md | 2 +- .../design/appcontrol-wizard-create-supplemental-policy.md | 2 +- .../design/appcontrol-wizard-editing-policy.md | 2 +- .../design/appcontrol-wizard-merging-policies.md | 2 +- .../design/appcontrol-wizard-parsing-event-logs.md | 2 +- .../app-control-for-business/design/appcontrol-wizard.md | 2 +- .../operations/event-tag-explanations.md | 2 +- .../operations/inbox-appcontrol-policies.md | 2 +- ...roduction-to-virtualization-based-security-and-appcontrol.md | 2 +- .../test-scenarios-md-app-guard.md | 2 +- .../windows-sandbox/windows-sandbox-architecture.md | 2 +- .../windows-sandbox/windows-sandbox-versions.md | 2 +- .../how-hardware-based-root-of-trust-helps-protect-windows.md | 2 +- .../hardware-security/kernel-dma-protection-for-thunderbolt.md | 2 +- .../pluton/microsoft-pluton-security-processor.md | 2 +- windows/security/hardware-security/pluton/pluton-as-tpm.md | 2 +- .../system-guard-secure-launch-and-smm-protection.md | 2 +- .../tpm/backup-tpm-recovery-information-to-ad-ds.md | 2 +- .../hardware-security/tpm/change-the-tpm-owner-password.md | 2 +- .../security/hardware-security/tpm/how-windows-uses-the-tpm.md | 2 +- windows/security/hardware-security/tpm/tpm-fundamentals.md | 2 +- windows/security/hardware-security/tpm/tpm-recommendations.md | 2 +- .../trusted-platform-module-services-group-policy-settings.md | 2 +- .../get-support-for-security-baselines.md | 2 +- .../windows-security-baselines.md | 2 +- .../system-security/cryptography-certificate-mgmt.md | 2 +- .../operating-system-security/system-security/trusted-boot.md | 2 +- .../windows-defender-security-center.md | 2 +- .../enhanced-phishing-protection.md | 2 +- 80 files changed, 80 insertions(+), 80 deletions(-) diff --git a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md index aca40777f6..2b977fd6b9 100644 --- a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md +++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md @@ -1,7 +1,7 @@ --- title: Automatic MDM enrollment in the Intune admin center description: Automatic MDM enrollment in the Intune admin center -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/client-tools/administrative-tools-in-windows.md b/windows/client-management/client-tools/administrative-tools-in-windows.md index 785eb740cc..7e095632aa 100644 --- a/windows/client-management/client-tools/administrative-tools-in-windows.md +++ b/windows/client-management/client-tools/administrative-tools-in-windows.md @@ -2,7 +2,7 @@ title: Windows Tools description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users. ms.date: 07/01/2024 -ms.topic: conceptual +ms.topic: article zone_pivot_groups: windows-versions-11-10 ms.collection: - essentials-manage diff --git a/windows/client-management/config-lock.md b/windows/client-management/config-lock.md index f497c86712..bdf2eb1540 100644 --- a/windows/client-management/config-lock.md +++ b/windows/client-management/config-lock.md @@ -1,7 +1,7 @@ --- title: Secured-core configuration lock description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 appliesto: - ✅ Windows 11 diff --git a/windows/client-management/device-update-management.md b/windows/client-management/device-update-management.md index 5f61783f99..4a33972765 100644 --- a/windows/client-management/device-update-management.md +++ b/windows/client-management/device-update-management.md @@ -1,7 +1,7 @@ --- title: Mobile device management MDM for device updates description: Windows provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 ms.collection: - highpri diff --git a/windows/client-management/disconnecting-from-mdm-unenrollment.md b/windows/client-management/disconnecting-from-mdm-unenrollment.md index cfc52d7c69..39ad4a5693 100644 --- a/windows/client-management/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/disconnecting-from-mdm-unenrollment.md @@ -1,7 +1,7 @@ --- title: Disconnecting from the management infrastructure (unenrollment) description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/enterprise-app-management.md b/windows/client-management/enterprise-app-management.md index 71b7fe55b9..589b1b90c1 100644 --- a/windows/client-management/enterprise-app-management.md +++ b/windows/client-management/enterprise-app-management.md @@ -1,7 +1,7 @@ --- title: Enterprise app management description: This article covers one of the key mobile device management (MDM) features for managing the lifecycle of apps across Windows devices. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md index 2a28981591..db582151c3 100644 --- a/windows/client-management/esim-enterprise-management.md +++ b/windows/client-management/esim-enterprise-management.md @@ -2,7 +2,7 @@ title: eSIM Enterprise Management description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/federated-authentication-device-enrollment.md b/windows/client-management/federated-authentication-device-enrollment.md index 32b2fef7ef..6ae40cab14 100644 --- a/windows/client-management/federated-authentication-device-enrollment.md +++ b/windows/client-management/federated-authentication-device-enrollment.md @@ -1,7 +1,7 @@ --- title: Federated authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using federated authentication policy. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index a43167be49..475dfb0985 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -3,7 +3,7 @@ title: Manage Windows devices in your organization - transitioning to modern man description: This article offers strategies for deploying and managing Windows devices, including deploying Windows in a mixed environment. ms.localizationpriority: medium ms.date: 07/08/2024 -ms.topic: conceptual +ms.topic: article --- # Manage Windows devices in your organization - transitioning to modern management diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md index 1db4cb2fee..0bac6e35c0 100644 --- a/windows/client-management/mdm-overview.md +++ b/windows/client-management/mdm-overview.md @@ -2,7 +2,7 @@ title: Mobile Device Management overview description: Windows provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy. ms.date: 07/08/2024 -ms.topic: conceptual +ms.topic: article ms.localizationpriority: medium ms.collection: - highpri diff --git a/windows/client-management/mobile-device-enrollment.md b/windows/client-management/mobile-device-enrollment.md index 214a73f052..5c3f785c04 100644 --- a/windows/client-management/mobile-device-enrollment.md +++ b/windows/client-management/mobile-device-enrollment.md @@ -1,7 +1,7 @@ --- title: Mobile device enrollment description: Learn how mobile device enrollment verifies that only authenticated and authorized devices are managed by the enterprise. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 ms.collection: - highpri diff --git a/windows/client-management/oma-dm-protocol-support.md b/windows/client-management/oma-dm-protocol-support.md index 5caf42c5f0..7095cd64e9 100644 --- a/windows/client-management/oma-dm-protocol-support.md +++ b/windows/client-management/oma-dm-protocol-support.md @@ -1,7 +1,7 @@ --- title: OMA DM protocol support description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/on-premise-authentication-device-enrollment.md b/windows/client-management/on-premise-authentication-device-enrollment.md index e6c445b43c..16f7ade83e 100644 --- a/windows/client-management/on-premise-authentication-device-enrollment.md +++ b/windows/client-management/on-premise-authentication-device-enrollment.md @@ -1,7 +1,7 @@ --- title: On-premises authentication device enrollment description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/server-requirements-windows-mdm.md b/windows/client-management/server-requirements-windows-mdm.md index 92e09679f4..8931bdcdbf 100644 --- a/windows/client-management/server-requirements-windows-mdm.md +++ b/windows/client-management/server-requirements-windows-mdm.md @@ -1,7 +1,7 @@ --- title: Server requirements for using OMA DM to manage Windows devices description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md index ca347147ab..e404a8bacd 100644 --- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md +++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md @@ -1,7 +1,7 @@ --- title: Using PowerShell scripting with the WMI Bridge Provider description: This article covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md index 363072d68c..eebd880b1e 100644 --- a/windows/client-management/win32-and-centennial-app-policy-configuration.md +++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md @@ -1,7 +1,7 @@ --- title: Win32 and Desktop Bridge app ADMX policy Ingestion description: Ingest ADMX files and set ADMX policies for Win32 and Desktop Bridge apps. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md index a9b47a78e9..a86920ff45 100644 --- a/windows/client-management/windows-mdm-enterprise-settings.md +++ b/windows/client-management/windows-mdm-enterprise-settings.md @@ -1,7 +1,7 @@ --- title: Enterprise settings and policy management description: The DMClient manages the interaction between a device and a server. Learn more about the client-server management workflow. -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/client-management/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md index 610f0e36b9..e9a528a68b 100644 --- a/windows/client-management/wmi-providers-supported-in-windows.md +++ b/windows/client-management/wmi-providers-supported-in-windows.md @@ -1,7 +1,7 @@ --- title: WMI providers supported in Windows description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI). -ms.topic: conceptual +ms.topic: article ms.date: 07/08/2024 --- diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index ec61311214..6c82ea8c13 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -1,7 +1,7 @@ --- title: How provisioning works in Windows description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings. -ms.topic: conceptual +ms.topic: article ms.date: 07/09/2024 --- diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md index d8292d3413..26ceb503e8 100644 --- a/windows/configuration/provisioning-packages/provisioning-powershell.md +++ b/windows/configuration/provisioning-packages/provisioning-powershell.md @@ -1,7 +1,7 @@ --- title: PowerShell cmdlets for provisioning packages in Windows description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows devices. -ms.topic: conceptual +ms.topic: article ms.date: 07/09/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md index 8ea04f6820..d6095213cd 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/appcontrol-appid-tagging-guide.md @@ -3,7 +3,7 @@ title: Designing, creating, managing, and troubleshooting App Control for Busine description: How to design, create, manage, and troubleshoot your App Control AppId Tagging policies ms.localizationpriority: medium ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: article --- # App Control Application ID (AppId) Tagging guide diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index 64ec3acfbf..19aa013427 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -2,7 +2,7 @@ title: Add rules for packaged apps to existing AppLocker rule-set description: This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md index 7314cce2f9..b23c2bbb56 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components.md @@ -2,7 +2,7 @@ title: AppLocker architecture and components description: This article for IT professional describes AppLocker’s basic architecture and its major components. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md index 2ce3ad5532..cd332a947e 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-functions.md @@ -2,7 +2,7 @@ title: AppLocker functions description: This article for the IT professional lists the functions and security levels for AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md index 1af7a371bb..0123fba7fe 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview.md @@ -4,7 +4,7 @@ description: This article provides a description of AppLocker and can help you d ms.collection: - tier3 - must-keep -ms.topic: conceptual +ms.topic: article ms.localizationpriority: medium ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md index 174ed4907c..af106d2482 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-design-guide.md @@ -2,7 +2,7 @@ title: AppLocker design guide description: This article for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md index 0d11e182ca..0b9425c2ca 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policy-use-scenarios.md @@ -2,7 +2,7 @@ title: AppLocker policy use scenarios description: This article for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md index 4bc0bd0949..b28e45f232 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-processes-and-interactions.md @@ -2,7 +2,7 @@ title: AppLocker processes and interactions description: This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md index 29380fe1e1..64a91162b6 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -2,7 +2,7 @@ title: Determine the Group Policy structure and rule enforcement description: This overview article describes the process to follow when you're planning to deploy AppLocker rules. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md index 054c18fb61..c26bd8e92a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker.md @@ -2,7 +2,7 @@ title: DLL rules in AppLocker description: This article describes the file formats and available default rules for the DLL rule collection. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md index 00e357875d..49bcd565c3 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/document-your-application-list.md @@ -2,7 +2,7 @@ title: Document your app list description: This planning article describes the app information that you should document when you create a list of apps for AppLocker policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md index 2abb621ddc..ac0281aec5 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/enforce-applocker-rules.md @@ -2,7 +2,7 @@ title: Enforce AppLocker rules description: This article for IT professionals describes how to enforce application control rules by using AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md index 99ffe04a6d..650edc17f1 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/executable-rules-in-applocker.md @@ -2,7 +2,7 @@ title: Executable rules in AppLocker description: This article describes the file formats and available default rules for the executable rule collection. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md index c704a9e977..b9871903f4 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/how-applocker-works-techref.md @@ -2,7 +2,7 @@ title: How AppLocker works description: This article for the IT professional provides links to articles about AppLocker architecture and components, processes and interactions, rules and policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md index f160bda367..e19aced7fc 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/optimize-applocker-performance.md @@ -2,7 +2,7 @@ title: Optimize AppLocker performance description: This article for IT professionals describes how to optimize AppLocker policy enforcement. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index 7085567383..edae5b70c8 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -2,7 +2,7 @@ title: Packaged apps and packaged app installer rules in AppLocker description: This article explains the AppLocker rule collection for packaged app installers and packaged apps. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md index 7bb94f1197..1cdee958cf 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-to-use-applocker.md @@ -2,7 +2,7 @@ title: Requirements to use AppLocker description: This article for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md index e4481ab2c7..deab94e661 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/rule-collection-extensions.md @@ -4,7 +4,7 @@ description: This article describes the RuleCollectionExtensions added in Window ms.collection: - tier3 - must-keep -ms.topic: conceptual +ms.topic: article ms.localizationpriority: medium ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md index bc342eba8b..e3f7030429 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md @@ -2,7 +2,7 @@ title: Script rules in AppLocker description: This article describes the file formats and available default rules for the script rule collection. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md index 6a11796ca7..894f2f14ac 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/security-considerations-for-applocker.md @@ -2,7 +2,7 @@ title: Security considerations for AppLocker description: This article for the IT professional describes the security considerations you need to address when implementing AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md index 8000ce41d4..b6385e0a25 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/select-types-of-rules-to-create.md @@ -2,7 +2,7 @@ title: Select the types of rules to create description: This article lists resources you can use when selecting your application control policy rules by using AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md index 5b1ed0083d..f595601d15 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/tools-to-use-with-applocker.md @@ -2,7 +2,7 @@ title: Tools to use with AppLocker description: This article for the IT professional describes the tools available to create and administer AppLocker policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md index 1bbbc6329c..fcdb46f43a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-rule-condition-types.md @@ -2,7 +2,7 @@ title: Understanding AppLocker rule condition types description: This article for the IT professional describes the three types of AppLocker rule conditions. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md index 574c33a03b..8bf591dcbe 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -2,7 +2,7 @@ title: Use the AppLocker Windows PowerShell cmdlets description: This article for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md index 65fa1be015..e73c36db1f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/using-event-viewer-with-applocker.md @@ -2,7 +2,7 @@ title: Using Event Viewer with AppLocker description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md index cfc1ce02c6..bbf33108ab 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/windows-installer-rules-in-applocker.md @@ -2,7 +2,7 @@ title: Windows Installer rules in AppLocker description: This article describes the file formats and available default rules for the Windows Installer rule collection. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md index 2a7f5153ec..24899eecfc 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-policies.md @@ -2,7 +2,7 @@ title: Working with AppLocker policies description: This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md index c827358a61..74f328bc4a 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules.md @@ -4,7 +4,7 @@ description: This article for IT professionals describes AppLocker rule types an ms.localizationpriority: medium msauthor: jsuther ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: article --- # Working with AppLocker rules diff --git a/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md index 69735b11bd..3710567ff2 100644 --- a/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md +++ b/windows/security/application-security/application-control/app-control-for-business/deployment/use-code-signing-for-better-control-and-protection.md @@ -2,7 +2,7 @@ title: Use code signing for added control and protection with App Control description: Code signing can be used to better control Win32 app authorization and add protection for your App Control for Business policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md index 6e31a5e523..5a5945c92c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-and-dotnet.md @@ -3,7 +3,7 @@ title: App Control for Business and .NET description: Understand how App Control and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime. ms.localizationpriority: medium ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: article --- # App Control for Business and .NET diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md index 73bbde562c..74cccbdaad 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-design-guide.md @@ -2,7 +2,7 @@ title: App Control for Business design guide description: Microsoft App Control for Business allows organizations to control what apps and drivers will run on their managed Windows devices. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md index 5de28ef21c..02e0814f1f 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy.md @@ -2,7 +2,7 @@ title: App Control for Business Wizard Base Policy Creation description: Creating new base App Control policies with the App Control Wizard. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md index 3cd72d3fcd..e0bb02d843 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-supplemental-policy.md @@ -2,7 +2,7 @@ title: App Control for Business Wizard Supplemental Policy Creation description: Creating supplemental App Control policies with the App Control Wizard. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md index 8818dc5ae7..832e5b3936 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-editing-policy.md @@ -2,7 +2,7 @@ title: Editing App Control for Business Policies with the Wizard description: Editing existing base and supplemental policies with the Microsoft App Control Wizard. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md index a0c8c1e69a..ad430e20d0 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-merging-policies.md @@ -2,7 +2,7 @@ title: App Control for Business Wizard Policy Merging Operation description: Merging multiple policies into a single App Control policy with the App Control Wizard. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md index 5e2b4e4017..4cd50e9bd2 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-parsing-event-logs.md @@ -2,7 +2,7 @@ title: App Control for Business Wizard App Control Event Parsing description: Creating App Control policy rules from the App Control event logs and the MDE Advanced Hunting App Control events. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md index 5fab393481..5cd068e7b1 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard.md @@ -2,7 +2,7 @@ title: App Control for Business Wizard description: The App Control for Business policy wizard tool allows you to create, edit, and merge App Control policies in a simple to use Windows application. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md index f2db0b2d7a..eb8c5af737 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/event-tag-explanations.md @@ -3,7 +3,7 @@ title: Understanding App Control event tags description: Learn what different App Control for Business event tags signify. ms.localizationpriority: medium ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: article --- # Understanding App Control event tags diff --git a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md index f62b037cb4..6520b17bbb 100644 --- a/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/operations/inbox-appcontrol-policies.md @@ -3,7 +3,7 @@ title: Inbox App Control policies description: This article describes the inbox App Control policies that may be active on a device. ms.manager: jsuther ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: article ms.localizationpriority: medium --- diff --git a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md index ce8d6225a0..9f6ad2b2dc 100644 --- a/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md +++ b/windows/security/application-security/application-control/introduction-to-virtualization-based-security-and-appcontrol.md @@ -6,7 +6,7 @@ author: vinaypamnani-msft ms.author: vinpa manager: aaroncz ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: article appliesto: - ✅ Windows 11 - ✅ Windows 10 diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 275a28dd9e..9fdffea69e 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -3,7 +3,7 @@ title: Testing scenarios with Microsoft Defender Application Guard description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. ms.localizationpriority: medium ms.date: 07/11/2024 -ms.topic: conceptual +ms.topic: article --- # Application Guard testing scenarios diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md index fcb9b56ddc..671352b771 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture.md @@ -1,7 +1,7 @@ --- title: Windows Sandbox architecture description: Windows Sandbox architecture -ms.topic: conceptual +ms.topic: article ms.date: 09/09/2024 --- diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md index 42ffe331cc..aa15412076 100644 --- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md +++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-versions.md @@ -1,7 +1,7 @@ --- title: Windows Sandbox versions description: Windows Sandbox versions -ms.topic: conceptual +ms.topic: article ms.date: 10/22/2024 --- diff --git a/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md index 54f9cc0237..6e2dcf5d19 100644 --- a/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -3,7 +3,7 @@ title: How System Guard helps protect Windows description: Learn how System Guard reorganizes the existing Windows system integrity features under one roof. ms.localizationpriority: medium ms.date: 07/10/2024 -ms.topic: conceptual +ms.topic: article --- # System Guard: How a hardware-based root of trust helps protect Windows diff --git a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md index d010c70d1c..71947fb098 100644 --- a/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md @@ -3,7 +3,7 @@ title: Kernel DMA Protection description: Learn how Kernel DMA Protection protects Windows devices against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices. ms.collection: - tier1 -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md index dfdb572272..0e940b9215 100644 --- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md +++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md @@ -1,7 +1,7 @@ --- title: Microsoft Pluton security processor description: Learn more about Microsoft Pluton security processor -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/pluton/pluton-as-tpm.md b/windows/security/hardware-security/pluton/pluton-as-tpm.md index 2946f43e11..c73773ce96 100644 --- a/windows/security/hardware-security/pluton/pluton-as-tpm.md +++ b/windows/security/hardware-security/pluton/pluton-as-tpm.md @@ -1,7 +1,7 @@ --- title: Microsoft Pluton as Trusted Platform Module (TPM 2.0) description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0) -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md index af01702227..d088aaf278 100644 --- a/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md @@ -2,7 +2,7 @@ title: System Guard Secure Launch and SMM protection description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows devices. ms.date: 07/10/2024 -ms.topic: conceptual +ms.topic: article --- # System Guard Secure Launch and SMM protection diff --git a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md index 7a1c590a9a..c6bbdddee7 100644 --- a/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -1,7 +1,7 @@ --- title: Back up TPM recovery information to Active Directory description: Learn how to back up the Trusted Platform Module (TPM) recovery information to Active Directory. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md index 37025f1eca..12ec2add28 100644 --- a/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md +++ b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md @@ -1,7 +1,7 @@ --- title: Change the TPM owner password description: This article for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md index a4d314ad3f..fc8234350c 100644 --- a/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md @@ -1,7 +1,7 @@ --- title: How Windows uses the TPM description: Learn how Windows uses the Trusted Platform Module (TPM) to enhance security. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/tpm/tpm-fundamentals.md b/windows/security/hardware-security/tpm/tpm-fundamentals.md index a6b202ab80..973ba406fe 100644 --- a/windows/security/hardware-security/tpm/tpm-fundamentals.md +++ b/windows/security/hardware-security/tpm/tpm-fundamentals.md @@ -1,7 +1,7 @@ --- title: Trusted Platform Module (TPM) fundamentals description: Learn about the components of the Trusted Platform Module and how they're used to mitigate dictionary attacks. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/hardware-security/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md index ff2f368320..5d8894c0dd 100644 --- a/windows/security/hardware-security/tpm/tpm-recommendations.md +++ b/windows/security/hardware-security/tpm/tpm-recommendations.md @@ -1,7 +1,7 @@ --- title: TPM recommendations description: This article provides recommendations for Trusted Platform Module (TPM) technology for Windows. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 ms.collection: - tier1 diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md index fdc858bcd3..11597ee071 100644 --- a/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md @@ -1,7 +1,7 @@ --- title: TPM Group Policy settings description: This article describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md index 75939e36c9..e4e9708f86 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -2,7 +2,7 @@ title: Get support for security baselines description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 10/01/2024 --- diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md index 436a88a7a3..50bf145b5d 100644 --- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md @@ -1,7 +1,7 @@ --- title: Security baselines guide description: Learn how to use security baselines in your organization. -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 --- diff --git a/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md index 0d9d62c33e..0cc64c4d6f 100644 --- a/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md +++ b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md @@ -1,7 +1,7 @@ --- title: Cryptography and Certificate Management description: Get an overview of cryptography and certificate management in Windows -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 ms.reviewer: skhadeer, aathipsa --- diff --git a/windows/security/operating-system-security/system-security/trusted-boot.md b/windows/security/operating-system-security/system-security/trusted-boot.md index 4da0621dc6..8265bf9725 100644 --- a/windows/security/operating-system-security/system-security/trusted-boot.md +++ b/windows/security/operating-system-security/system-security/trusted-boot.md @@ -1,7 +1,7 @@ --- title: Secure Boot and Trusted Boot description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11 -ms.topic: conceptual +ms.topic: article ms.date: 07/10/2024 ms.reviewer: jsuther appliesto: diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md index 2a65943ed8..0fdbcab450 100644 --- a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md +++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md @@ -2,7 +2,7 @@ title: Windows Security description: Windows Security brings together common Windows security features into one place. ms.date: 06/27/2024 -ms.topic: conceptual +ms.topic: article --- # Windows Security diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md index ee7a31a01b..595cb143ba 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md +++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md @@ -2,7 +2,7 @@ title: Enhanced Phishing Protection in Microsoft Defender SmartScreen description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. ms.date: 07/10/2024 -ms.topic: conceptual +ms.topic: article appliesto: - ✅ Windows 11, version 22H2 --- From 52c8afcd28d03221a0c4a1c68f7254cd1d9b1479 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:13:21 +0000 Subject: [PATCH 03/44] Project Junk Drawer - changing to ms.topic article --- windows/deployment/do/delivery-optimization-proxy.md | 2 +- windows/deployment/do/delivery-optimization-workflow.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md index 3449e9f030..b199cbd985 100644 --- a/windows/deployment/do/delivery-optimization-proxy.md +++ b/windows/deployment/do/delivery-optimization-proxy.md @@ -3,7 +3,7 @@ title: Using a proxy with Delivery Optimization description: Settings to use with various proxy configurations to allow Delivery Optimization to work in your environment. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: cmknox ms.author: carmenf manager: aaroncz diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md index 1f89eca0a6..8683d2cbfc 100644 --- a/windows/deployment/do/delivery-optimization-workflow.md +++ b/windows/deployment/do/delivery-optimization-workflow.md @@ -3,7 +3,7 @@ title: Delivery Optimization workflow, privacy, security, and endpoints description: Details of how Delivery Optimization communicates with the server when content is requested to download including privacy, security, and endpoints. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: cmknox ms.author: carmenf manager: aaroncz From 1eda9b66045ccbdab77e0582b3977ec7b038e109 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:13:28 +0000 Subject: [PATCH 04/44] Project Junk Drawer - changing to ms.topic article --- .../deployment/update/catalog-checkpoint-cumulative-updates.md | 2 +- windows/deployment/update/eval-infra-tools.md | 2 +- windows/deployment/update/get-started-updates-channels-tools.md | 2 +- windows/deployment/update/how-windows-update-works.md | 2 +- windows/deployment/update/optional-content.md | 2 +- windows/deployment/update/plan-define-readiness.md | 2 +- windows/deployment/update/plan-define-strategy.md | 2 +- windows/deployment/update/release-cycle.md | 2 +- windows/deployment/update/safeguard-holds.md | 2 +- windows/deployment/update/safeguard-opt-out.md | 2 +- windows/deployment/update/servicing-stack-updates.md | 2 +- windows/deployment/update/update-baseline.md | 2 +- windows/deployment/update/update-policies.md | 2 +- windows/deployment/update/waas-branchcache.md | 2 +- windows/deployment/update/waas-configure-wufb.md | 2 +- windows/deployment/update/waas-quick-start.md | 2 +- windows/deployment/update/windows-update-security.md | 2 +- windows/deployment/update/wufb-compliancedeadlines.md | 2 +- windows/deployment/update/wufb-reports-admin-center.md | 2 +- windows/deployment/update/wufb-reports-configuration-script.md | 2 +- windows/deployment/update/wufb-reports-do.md | 2 +- windows/deployment/update/wufb-reports-prerequisites.md | 2 +- windows/whats-new/extended-security-updates.md | 2 +- windows/whats-new/windows-11-requirements.md | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/windows/deployment/update/catalog-checkpoint-cumulative-updates.md b/windows/deployment/update/catalog-checkpoint-cumulative-updates.md index ce4b36fd45..c2b9c9452a 100644 --- a/windows/deployment/update/catalog-checkpoint-cumulative-updates.md +++ b/windows/deployment/update/catalog-checkpoint-cumulative-updates.md @@ -3,7 +3,7 @@ title: Checkpoint cumulative updates and the Microsoft Update Catalog description: This article describes how to handle checkpoint cumulative updates when you use the Microsoft Update Catalog to update devices and images. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article ms.author: mstewart author: mestew manager: aaroncz diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md index 920952b771..d12a78f404 100644 --- a/windows/deployment/update/eval-infra-tools.md +++ b/windows/deployment/update/eval-infra-tools.md @@ -3,7 +3,7 @@ title: Evaluate infrastructure and tools description: Review the steps to ensure your infrastructure is ready to deploy updates to clients in your organization. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md index 46dca308f1..f05a593282 100644 --- a/windows/deployment/update/get-started-updates-channels-tools.md +++ b/windows/deployment/update/get-started-updates-channels-tools.md @@ -3,7 +3,7 @@ title: Windows client updates, channels, and tools description: Brief summary of the kinds of Windows updates, the channels they're served through, and the tools for managing them ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 70f2c18280..b8165cc86a 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -3,7 +3,7 @@ title: How Windows Update works description: In this article, learn about the process Windows Update uses to download and install updates on Windows client devices. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md index d91a00bbc2..430ed73a59 100644 --- a/windows/deployment/update/optional-content.md +++ b/windows/deployment/update/optional-content.md @@ -3,7 +3,7 @@ title: Migrating and acquiring optional Windows content description: How to keep language resources and Features on Demand during operating system updates for your organization. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md index dcc9544f7e..47a408ee3e 100644 --- a/windows/deployment/update/plan-define-readiness.md +++ b/windows/deployment/update/plan-define-readiness.md @@ -3,7 +3,7 @@ title: Define readiness criteria description: Identify important roles and figure out how to classify apps so you can plan and manage your deployment ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md index e2175c7b40..37900735dd 100644 --- a/windows/deployment/update/plan-define-strategy.md +++ b/windows/deployment/update/plan-define-strategy.md @@ -3,7 +3,7 @@ title: Define update strategy description: Example of using a calendar-based approach to achieve consistent update installation in your organization. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/release-cycle.md b/windows/deployment/update/release-cycle.md index ef01bc96d7..5e08f00c11 100644 --- a/windows/deployment/update/release-cycle.md +++ b/windows/deployment/update/release-cycle.md @@ -3,7 +3,7 @@ title: Update release cycle for Windows clients description: Learn about the release cycle for updates so Windows clients in your organization stay productive and protected. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md index 3472db7106..69db899de5 100644 --- a/windows/deployment/update/safeguard-holds.md +++ b/windows/deployment/update/safeguard-holds.md @@ -3,7 +3,7 @@ title: Safeguard holds for Windows description: What are safeguard holds? How to can you tell if a safeguard hold is in effect, and what to do about it. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md index 0e0a112ae1..0855d446f3 100644 --- a/windows/deployment/update/safeguard-opt-out.md +++ b/windows/deployment/update/safeguard-opt-out.md @@ -3,7 +3,7 @@ title: Opt out of safeguard holds description: How to install an update in your organization even when a safeguard hold for a known issue has been applied to it. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index f8476b518e..392ee59e6e 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -3,7 +3,7 @@ title: Servicing stack updates description: In this article, learn how servicing stack updates improve the code that installs the other updates. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md index 28b05bb90e..e625088cb2 100644 --- a/windows/deployment/update/update-baseline.md +++ b/windows/deployment/update/update-baseline.md @@ -3,7 +3,7 @@ title: Windows 10 Update Baseline description: Use an update baseline to optimize user experience and meet monthly update goals in your organization. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 0e1a4c7d47..cfa5ff37f5 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -3,7 +3,7 @@ title: Policies for update compliance and user experience description: Explanation and recommendations for update compliance, activity, and user experience for your organization. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index 11732bc1ca..8bae58b073 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -3,7 +3,7 @@ title: Configure BranchCache for Windows client updates description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index cf98c00264..a3325adef6 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -6,7 +6,7 @@ ms.service: windows-client author: mestew ms.localizationpriority: medium ms.author: mstewart -ms.topic: conceptual +ms.topic: article ms.subservice: itpro-updates ms.collection: - tier1 diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index bc88925736..44a8b3df30 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -3,7 +3,7 @@ title: Quick guide to Windows as a service description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md index 013dcffe27..7ae6ec0103 100644 --- a/windows/deployment/update/windows-update-security.md +++ b/windows/deployment/update/windows-update-security.md @@ -4,7 +4,7 @@ manager: aaroncz description: Overview of the security for Windows Update including security for the metadata exchange and content download. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart appliesto: diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index e574086aa8..a348c98869 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business description: This article contains information on how to enforce compliance deadlines using Windows Update for Business. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.localizationpriority: medium ms.author: mstewart diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md index 37d01729ad..ee1df9351e 100644 --- a/windows/deployment/update/wufb-reports-admin-center.md +++ b/windows/deployment/update/wufb-reports-admin-center.md @@ -5,7 +5,7 @@ manager: aaroncz description: Microsoft admin center populates Windows Update for Business reports data into the software updates page. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart ms.localizationpriority: medium diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md index 2d3b3f14b0..8452c0087f 100644 --- a/windows/deployment/update/wufb-reports-configuration-script.md +++ b/windows/deployment/update/wufb-reports-configuration-script.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: How to get and use the Windows Update for Business reports configuration script to configure devices for Windows Update for Business reports. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md index 04291e8ef2..cef5beedc7 100644 --- a/windows/deployment/update/wufb-reports-do.md +++ b/windows/deployment/update/wufb-reports-do.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: This article provides information about Delivery Optimization data in Windows Update for Business reports. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md index 8bd8aec2da..5878b42548 100644 --- a/windows/deployment/update/wufb-reports-prerequisites.md +++ b/windows/deployment/update/wufb-reports-prerequisites.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: List of prerequisites for enabling and using Windows Update for Business reports in your organization. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/whats-new/extended-security-updates.md b/windows/whats-new/extended-security-updates.md index e5f8535abe..0a74721232 100644 --- a/windows/whats-new/extended-security-updates.md +++ b/windows/whats-new/extended-security-updates.md @@ -7,7 +7,7 @@ ms.author: mstewart author: mestew manager: aaroncz ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.date: 02/19/2025 ms.collection: - highpri diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index a348f85ad3..909814ca56 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -6,7 +6,7 @@ author: mestew ms.author: mstewart ms.service: windows-client ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: article ms.collection: - highpri - tier1 From 8fd11376487d442a18f20895266b1cc18cde6299 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:13:30 +0000 Subject: [PATCH 05/44] Project Junk Drawer - changing to ms.topic article --- .../enterprise-background-activity-controls.md | 2 +- .../private-app-repository-mdm-company-portal-windows-11.md | 2 +- windows/security/threat-protection/index.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md index 73dbb919ae..2a00963aef 100644 --- a/windows/application-management/enterprise-background-activity-controls.md +++ b/windows/application-management/enterprise-background-activity-controls.md @@ -5,7 +5,7 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 10/03/2017 -ms.topic: conceptual +ms.topic: article ms.service: windows-client ms.subservice: itpro-apps ms.localizationpriority: medium diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md index 65f0231016..c7c06cff12 100644 --- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md +++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md @@ -5,7 +5,7 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 09/03/2023 -ms.topic: conceptual +ms.topic: article ms.service: windows-client ms.subservice: itpro-apps ms.localizationpriority: medium diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 0409ddfbb3..a7938a1a29 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -4,7 +4,7 @@ description: Describes the security capabilities in Windows client focused on th author: aczechowski ms.author: aaroncz manager: aaroncz -ms.topic: conceptual +ms.topic: article ms.date: 12/31/2017 --- From 2efbc5619946dcbdd0b8631c4f323c4bb57c6285 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:13:33 +0000 Subject: [PATCH 06/44] Project Junk Drawer - changing to ms.topic article --- windows/deployment/do/mcc-ent-early-preview.md | 2 +- windows/deployment/do/mcc-ent-prerequisites.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-ent-early-preview.md b/windows/deployment/do/mcc-ent-early-preview.md index 1e1922f15a..eb1e76aeb7 100644 --- a/windows/deployment/do/mcc-ent-early-preview.md +++ b/windows/deployment/do/mcc-ent-early-preview.md @@ -3,7 +3,7 @@ title: Microsoft Connected Cache for Enterprise and Education early preview description: Details on Microsoft Connected Cache for Enterprise early preview ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article manager: naengler ms.author: lichris author: chrisjlin diff --git a/windows/deployment/do/mcc-ent-prerequisites.md b/windows/deployment/do/mcc-ent-prerequisites.md index f8ddaef129..4462a52318 100644 --- a/windows/deployment/do/mcc-ent-prerequisites.md +++ b/windows/deployment/do/mcc-ent-prerequisites.md @@ -3,7 +3,7 @@ title: Microsoft Connected Cache for Enterprise and Education prerequisites description: Details of prerequisites and recommendations for using Microsoft Connected Cache for Enterprise and Education. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: article ms.author: lichris author: chrisjlin manager: naengler From 88a2bdb7f0c1171c08bbaa703cdc87a38e422a4e Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:14:56 +0000 Subject: [PATCH 07/44] Project Junk Drawer - changing to ms.topic article --- windows/privacy/windows-privacy-compliance-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-privacy-compliance-guide.md b/windows/privacy/windows-privacy-compliance-guide.md index fb9459ba79..2cb7a70074 100644 --- a/windows/privacy/windows-privacy-compliance-guide.md +++ b/windows/privacy/windows-privacy-compliance-guide.md @@ -8,7 +8,7 @@ author: DHB-MSFT ms.author: danbrown manager: laurawi ms.date: 05/20/2019 -ms.topic: conceptual +ms.topic: article ms.collection: essentials-compliance --- From ba85e24587a3ec5e834ac5fada8928ca1d6c71aa Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:26:08 +0000 Subject: [PATCH 08/44] Project Junk Drawer - changing to ms.topic best-practice --- windows/deployment/usmt/usmt-best-practices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index fe77583153..34fb82aa18 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: best-practice ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From 205173c3e18c4bf4a3d73ef0d666ad73a51b94aa Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:26:13 +0000 Subject: [PATCH 09/44] Project Junk Drawer - changing to ms.topic reference --- windows/deployment/usmt/offline-migration-reference.md | 2 +- windows/deployment/usmt/usmt-reference.md | 2 +- windows/deployment/usmt/usmt-technical-reference.md | 2 +- windows/deployment/usmt/usmt-xml-reference.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 631c7b6aa6..e60272da5f 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: reference ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index adeaf3c10e..a5e4eea126 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: reference ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md index d269cd7597..4e15899fb3 100644 --- a/windows/deployment/usmt/usmt-technical-reference.md +++ b/windows/deployment/usmt/usmt-technical-reference.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: reference ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md index 21d2195393..551883b1ab 100644 --- a/windows/deployment/usmt/usmt-xml-reference.md +++ b/windows/deployment/usmt/usmt-xml-reference.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: reference ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From 8df4f0d8ad4c6e5258869c107e927a8f18d6e7f9 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:26:19 +0000 Subject: [PATCH 10/44] Project Junk Drawer - changing to ms.topic get-started --- windows/deployment/update/windows-update-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index c81a8e7319..55cf4cf9e5 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -3,7 +3,7 @@ title: Get started with Windows Update description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: get-started author: mestew ms.author: mstewart manager: aaroncz From b28f78af5067eafaad966c6ab066b2dc199ad313 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:26:20 +0000 Subject: [PATCH 11/44] Project Junk Drawer - changing to ms.topic how-to --- .../configure-windows-diagnostic-data-in-your-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 6fa1d2a9e2..6239e43f99 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -9,7 +9,7 @@ ms.author: danbrown manager: laurawi ms.date: 03/11/2016 ms.collection: highpri -ms.topic: conceptual +ms.topic: how-to --- # Configure Windows diagnostic data in your organization From 3f033349686dbed61e9bfce7be71e550c7fffa74 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:26:23 +0000 Subject: [PATCH 12/44] Project Junk Drawer - changing to ms.topic how-to --- windows/deployment/update/check-release-health.md | 2 +- windows/deployment/update/media-dynamic-update.md | 2 +- .../update/waas-servicing-channels-windows-10-updates.md | 2 +- .../update/waas-servicing-strategy-windows-10-updates.md | 2 +- windows/deployment/update/waas-wufb-csp-mdm.md | 2 +- windows/deployment/update/waas-wufb-group-policy.md | 2 +- windows/deployment/update/wufb-reports-configuration-intune.md | 2 +- windows/deployment/update/wufb-reports-enable.md | 2 +- windows/deployment/update/wufb-reports-use.md | 2 +- windows/deployment/update/wufb-reports-workbook.md | 2 +- windows/deployment/update/wufb-wsus.md | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md index bb837de075..66190ba643 100644 --- a/windows/deployment/update/check-release-health.md +++ b/windows/deployment/update/check-release-health.md @@ -3,7 +3,7 @@ title: How to check Windows release health description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to ms.author: mstewart author: mestew manager: aaroncz diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 33f43d08f6..736b716433 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -3,7 +3,7 @@ title: Update Windows installation media with Dynamic Update description: Learn how to acquire and apply Dynamic Update packages to existing Windows images prior to deployment ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 78cf2b2e50..03cdf677fb 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -3,7 +3,7 @@ title: Assign devices to servicing channels for updates description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 2e0aea738c..994bb5ef07 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -3,7 +3,7 @@ title: Prepare a servicing strategy for Windows client updates description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md index 0ab9c7324e..372c9e38c8 100644 --- a/windows/deployment/update/waas-wufb-csp-mdm.md +++ b/windows/deployment/update/waas-wufb-csp-mdm.md @@ -3,7 +3,7 @@ title: Configure Windows Update for Business by using CSPs and MDM description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index f78cd0d3e4..52a546dcf2 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -4,7 +4,7 @@ description: Walk through of how to configure Windows Update for Business settin ms.service: windows-client ms.subservice: itpro-updates manager: aaroncz -ms.topic: conceptual +ms.topic: how-to author: mestew ms.localizationpriority: medium ms.author: mstewart diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 94e36fa723..555bab68e4 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: How to configure devices to use Windows Update for Business reports from Microsoft Intune. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md index 157adbc776..0deac75ed2 100644 --- a/windows/deployment/update/wufb-reports-enable.md +++ b/windows/deployment/update/wufb-reports-enable.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: How to enable the Windows Update for Business reports service through the Azure portal or the Microsoft 365 admin center. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md index 7fb8613fcf..4f96164a1b 100644 --- a/windows/deployment/update/wufb-reports-use.md +++ b/windows/deployment/update/wufb-reports-use.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md index faa2671fbe..ba85a80f98 100644 --- a/windows/deployment/update/wufb-reports-workbook.md +++ b/windows/deployment/update/wufb-reports-workbook.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: How to use the Windows Update for Business reports workbook from the Azure portal. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index 2cb3016af2..c2a1c6e1a7 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -3,7 +3,7 @@ title: Use Windows Update for Business and Windows Server Update Services (WSUS) description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: how-to author: mestew ms.author: mstewart manager: aaroncz From 8e2fd52afc4b2440fe0a13e35a52fac9913abbd8 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:26:37 +0000 Subject: [PATCH 13/44] Project Junk Drawer - changing to ms.topic concept-article --- windows/deployment/usmt/usmt-general-conventions.md | 2 +- windows/deployment/usmt/usmt-topics.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md index 950371b73e..146ed9bd56 100644 --- a/windows/deployment/usmt/usmt-general-conventions.md +++ b/windows/deployment/usmt/usmt-general-conventions.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md index 56ee8a1868..98ddecb7ae 100644 --- a/windows/deployment/usmt/usmt-topics.md +++ b/windows/deployment/usmt/usmt-topics.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From ad3fe7486751bb2fa543022faa2f3c7415e74112 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:27:16 +0000 Subject: [PATCH 14/44] Project Junk Drawer - changing to ms.topic how-to --- windows/deployment/do/waas-optimize-windows-10-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md index 330f5c1225..b03d0b328e 100644 --- a/windows/deployment/do/waas-optimize-windows-10-updates.md +++ b/windows/deployment/do/waas-optimize-windows-10-updates.md @@ -2,7 +2,7 @@ title: Optimize Windows update delivery description: Learn about the two methods of peer-to-peer content distribution that are available, Delivery Optimization and BranchCache. ms.service: windows-client -ms.topic: conceptual +ms.topic: how-to ms.subservice: itpro-updates ms.author: carmenf author: cmknox From ebef3424f7de6e435ab57d565a52f027cec454c6 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:27:21 +0000 Subject: [PATCH 15/44] Project Junk Drawer - changing to ms.topic get-started --- .../usmt/getting-started-with-the-user-state-migration-tool.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 3a2a091e06..d1313e2a39 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -6,7 +6,7 @@ manager: aaroncz ms.author: frankroj ms.service: windows-client author: frankroj -ms.topic: conceptual +ms.topic: get-started ms.subservice: itpro-deploy ms.date: 01/29/2025 appliesto: From d82ee3690c392c624b9f8d4f9f72122b01f78b27 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:37:56 +0000 Subject: [PATCH 16/44] Project Junk Drawer - changing to ms.topic how-to --- windows/deployment/configure-a-pxe-server-to-load-windows-pe.md | 2 +- windows/deployment/customize-boot-image.md | 2 +- windows/deployment/usmt/usmt-exclude-files-and-settings.md | 2 +- .../usmt/usmt-identify-file-types-files-and-folders.md | 2 +- windows/deployment/usmt/usmt-include-files-and-settings.md | 2 +- windows/deployment/windows-missing-fonts.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md index 4b8d904b2e..0cd29c4772 100644 --- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md +++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium author: frankroj manager: aaroncz ms.author: frankroj -ms.topic: conceptual +ms.topic: how-to ms.date: 11/23/2022 ms.subservice: itpro-deploy --- diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md index 858a5e63bf..0d282bce4e 100644 --- a/windows/deployment/customize-boot-image.md +++ b/windows/deployment/customize-boot-image.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium author: frankroj manager: aaroncz ms.author: frankroj -ms.topic: conceptual +ms.topic: how-to ms.date: 08/16/2024 ms.subservice: itpro-deploy appliesto: diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md index 72388d511e..52a44c5d33 100644 --- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md +++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md index e46ff9f218..217fc28b31 100644 --- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md +++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md index 6ff87626e6..aa3a9e2593 100644 --- a/windows/deployment/usmt/usmt-include-files-and-settings.md +++ b/windows/deployment/usmt/usmt-include-files-and-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/windows-missing-fonts.md b/windows/deployment/windows-missing-fonts.md index eabee6f44f..f86ac6ce2f 100644 --- a/windows/deployment/windows-missing-fonts.md +++ b/windows/deployment/windows-missing-fonts.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium author: frankroj ms.author: frankroj manager: aaroncz -ms.topic: conceptual +ms.topic: how-to ms.date: 03/28/2024 ms.subservice: itpro-deploy zone_pivot_groups: windows-versions-11-10 From 3832dd0b660eb641aea2fa3973621455fd0b0aa6 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:10 +0000 Subject: [PATCH 17/44] Project Junk Drawer - changing to ms.topic how-to --- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 327b1336ab..abb60675b1 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -6,7 +6,7 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 12/31/2017 -ms.topic: conceptual +ms.topic: how-to --- # Mitigate threats by using Windows 10 security features From d2189ba52536ea50e906e023ec46296a2ba07e91 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:19 +0000 Subject: [PATCH 18/44] Project Junk Drawer - changing to ms.topic install-set-up-deploy --- windows/deployment/update/create-deployment-plan.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md index d1b6ebd87e..12be8abe43 100644 --- a/windows/deployment/update/create-deployment-plan.md +++ b/windows/deployment/update/create-deployment-plan.md @@ -3,7 +3,7 @@ title: Create a deployment plan description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: install-set-up-deploy author: mestew ms.author: mstewart manager: aaroncz From 2eab9ce753bfbbd8b26e0e366e0ea6b1ef495a9a Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:26 +0000 Subject: [PATCH 19/44] Project Junk Drawer - changing to ms.topic install-set-up-deploy --- windows/deployment/do/mcc-isp-create-provision-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md index fbe4478bf8..daa7a581db 100644 --- a/windows/deployment/do/mcc-isp-create-provision-deploy.md +++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md @@ -7,7 +7,7 @@ manager: aaroncz author: nidos ms.author: nidos ms.reviewer: mstewart -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.collection: tier3 appliesto: - ✅ Windows 11 From 6e91f5f1fd67b97cafdf526c32a50f2716cb06e9 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:34 +0000 Subject: [PATCH 20/44] Project Junk Drawer - changing to ms.topic install-set-up-deploy --- .../provisioning-packages/provisioning-packages.md | 2 +- .../provisioning-packages/provisioning-uninstall-package.md | 2 +- .../AppIdTagging/deploy-appid-tagging-policies.md | 2 +- .../applocker/applocker-policies-deployment-guide.md | 2 +- ...eate-list-of-applications-deployed-to-each-business-group.md | 2 +- ...loy-applocker-policies-by-using-the-enforce-rules-setting.md | 2 +- .../applocker/deploy-the-applocker-policy-into-production.md | 2 +- .../applocker/requirements-for-deploying-applocker-policies.md | 2 +- .../design/common-appcontrol-use-cases.md | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index a226b877f3..14273f9e99 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -2,7 +2,7 @@ title: Provisioning packages overview description: With Windows, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages are and what they do. ms.reviewer: kevinsheehan -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 07/08/2024 --- diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md index a4f68379ee..b203b2e332 100644 --- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md +++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md @@ -1,7 +1,7 @@ --- title: Settings changed when you uninstall a provisioning package description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows desktop client devices. -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 07/09/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md index 82fbcd6156..3ab782c3a7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/AppIdTagging/deploy-appid-tagging-policies.md @@ -3,7 +3,7 @@ title: Deploying App Control for Business AppId tagging policies description: How to deploy your App Control AppId tagging policies locally and globally within your managed environment. ms.localizationpriority: medium ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: install-set-up-deploy --- # Deploying App Control for Business AppId tagging policies diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md index 8520621d36..2708051c46 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-policies-deployment-guide.md @@ -2,7 +2,7 @@ title: AppLocker deployment guide description: This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md index f015e79882..a573b63891 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -2,7 +2,7 @@ title: Create a list of apps deployed to each business group description: This article describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index 83e603b364..50bc9f1a76 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -2,7 +2,7 @@ title: Deploy AppLocker policies by using the enforce rules setting description: This article for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md index 941a047e99..37ffcce44c 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/deploy-the-applocker-policy-into-production.md @@ -2,7 +2,7 @@ title: Deploy the AppLocker policy into production description: This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md index 2caf917483..ca1dd0b0c7 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/requirements-for-deploying-applocker-policies.md @@ -2,7 +2,7 @@ title: Requirements for deploying AppLocker policies description: This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 09/11/2024 --- diff --git a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md index 4ba40200b3..bf802fc507 100644 --- a/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md +++ b/windows/security/application-security/application-control/app-control-for-business/design/common-appcontrol-use-cases.md @@ -3,7 +3,7 @@ title: Policy creation for common App Control usage scenarios description: Develop a plan for deploying App Control for Business in your organization based on these common scenarios. ms.localizationpriority: medium ms.date: 09/11/2024 -ms.topic: conceptual +ms.topic: install-set-up-deploy --- # App Control for Business deployment in different scenarios: types of devices From 065b7204685e3d564f058b6cdb4f571a4af30f60 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:44 +0000 Subject: [PATCH 21/44] Project Junk Drawer - changing to ms.topic reference --- .../applocker/applocker-technical-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md index 5dd3820526..057585ea54 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-technical-reference.md @@ -2,7 +2,7 @@ title: AppLocker technical reference description: This overview article for IT professionals provides links to the articles in the technical reference. ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: reference ms.date: 09/11/2024 --- From ed33e90742cb9d62efa226e9b56d8bf3d2697317 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:47 +0000 Subject: [PATCH 22/44] Project Junk Drawer - changing to ms.topic install-set-up-deploy --- windows/deployment/deploy-m365.md | 2 +- windows/deployment/windows-deployment-scenarios-and-tools.md | 2 +- windows/deployment/windows-deployment-scenarios.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index d125b76faf..83453c4766 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -6,7 +6,7 @@ description: Learn about deploying Windows with Microsoft 365 and how to use a f ms.service: windows-client ms.localizationpriority: medium author: frankroj -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 02/13/2024 ms.subservice: itpro-deploy appliesto: diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 4794ab6ddf..22734dbc08 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -5,7 +5,7 @@ manager: aaroncz ms.author: frankroj author: frankroj ms.service: windows-client -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 08/30/2024 ms.subservice: itpro-deploy --- diff --git a/windows/deployment/windows-deployment-scenarios.md b/windows/deployment/windows-deployment-scenarios.md index 857188ae38..ca61bef97b 100644 --- a/windows/deployment/windows-deployment-scenarios.md +++ b/windows/deployment/windows-deployment-scenarios.md @@ -6,7 +6,7 @@ ms.author: frankroj author: frankroj ms.service: windows-client ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: install-set-up-deploy ms.date: 02/13/2024 ms.subservice: itpro-deploy appliesto: From b8679e6f68747ce2bd180c77ec7b16ed9d7e2b95 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:38:59 +0000 Subject: [PATCH 23/44] Project Junk Drawer - changing to ms.topic integration --- windows/deployment/update/waas-integrate-wufb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 892daae8af..24d404f377 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -3,7 +3,7 @@ title: Integrate Windows Update for Business description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: integration author: mestew ms.author: mstewart manager: aaroncz From 344c4276a322e28ce36d025860ddcb24a36e6d33 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:39:16 +0000 Subject: [PATCH 24/44] Project Junk Drawer - changing to ms.topic overview --- .../md-app-guard-overview.md | 2 +- .../microsoft-defender-smartscreen/index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md index cc5f471678..436c24ff57 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md @@ -2,7 +2,7 @@ title: Microsoft Defender Application Guard description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet. ms.date: 07/11/2024 -ms.topic: conceptual +ms.topic: overview --- # Microsoft Defender Application Guard overview diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md index 56fc48b2bf..909ccb5dd2 100644 --- a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md +++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md @@ -2,7 +2,7 @@ title: Microsoft Defender SmartScreen overview description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. ms.date: 07/10/2024 -ms.topic: conceptual +ms.topic: overview appliesto: - ✅ Windows 11 - ✅ Windows 10 From ac995f0856836e392b4d31e3c202b3fd43f4013f Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:39:44 +0000 Subject: [PATCH 25/44] Project Junk Drawer - changing to ms.topic integration --- .../azure-active-directory-integration-with-mdm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md index eefc2151ab..7b70ff0a60 100644 --- a/windows/client-management/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/azure-active-directory-integration-with-mdm.md @@ -1,7 +1,7 @@ --- title: Microsoft Entra integration with MDM description: Microsoft Entra ID is the world's largest enterprise cloud identity management service. -ms.topic: conceptual +ms.topic: integration ms.collection: - highpri - tier2 From a28000ec6d442baa08270be079be5f7547c49369 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:49:17 +0000 Subject: [PATCH 26/44] Project Junk Drawer - changing to ms.topic troubleshooting-general --- windows/deployment/upgrade/resolve-windows-upgrade-errors.md | 2 +- windows/deployment/upgrade/submit-errors.md | 2 +- windows/deployment/usmt/usmt-troubleshooting.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md index 444ff9cf37..9ab18bdcfd 100644 --- a/windows/deployment/upgrade/resolve-windows-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-upgrade-errors.md @@ -5,7 +5,7 @@ ms.author: frankroj description: Resolve Windows upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. author: frankroj ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: troubleshooting-general ms.service: windows-client ms.subservice: itpro-deploy ms.date: 01/29/2025 diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index 5caad8feef..fd90fdc246 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -6,7 +6,7 @@ description: Download the Feedback Hub app, and then submit Windows upgrade erro ms.service: windows-client author: frankroj ms.localizationpriority: medium -ms.topic: conceptual +ms.topic: troubleshooting-general ms.subservice: itpro-deploy ms.date: 01/29/2025 appliesto: diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md index 3ca79322a4..98b2ed5c0e 100644 --- a/windows/deployment/usmt/usmt-troubleshooting.md +++ b/windows/deployment/usmt/usmt-troubleshooting.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: troubleshooting-general ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From df3ee656734daa27c1969b45f0909f3c1c071228 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:49:29 +0000 Subject: [PATCH 27/44] Project Junk Drawer - changing to ms.topic troubleshooting-general --- windows/deployment/update/wufb-reports-help.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md index 4561a0045f..868d704195 100644 --- a/windows/deployment/update/wufb-reports-help.md +++ b/windows/deployment/update/wufb-reports-help.md @@ -4,7 +4,7 @@ titleSuffix: Windows Update for Business reports description: Windows Update for Business reports support, feedback, and troubleshooting information. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: troubleshooting-general author: mestew ms.author: mstewart manager: aaroncz From 80a253e0cb816e50e6d3ef62340aa7c1c8640949 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:49:39 +0000 Subject: [PATCH 28/44] Project Junk Drawer - changing to ms.topic troubleshooting-general --- windows/client-management/mdm-diagnose-enrollment.md | 2 +- .../tpm/initialize-and-configure-ownership-of-the-tpm.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm-diagnose-enrollment.md b/windows/client-management/mdm-diagnose-enrollment.md index 5610d29c34..1b62250e8e 100644 --- a/windows/client-management/mdm-diagnose-enrollment.md +++ b/windows/client-management/mdm-diagnose-enrollment.md @@ -1,7 +1,7 @@ --- title: Diagnose MDM enrollment failures description: Learn how to diagnose enrollment failures for Windows devices -ms.topic: conceptual +ms.topic: troubleshooting-general ms.date: 07/08/2024 --- diff --git a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md index bede99fdbe..4534e82e7a 100644 --- a/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -1,7 +1,7 @@ --- title: Troubleshoot the TPM description: Learn how to view and troubleshoot the Trusted Platform Module (TPM). -ms.topic: conceptual +ms.topic: troubleshooting-general ms.date: 07/10/2024 ms.collection: - tier1 From 4b08bb02d37c35cc468a2eb992543d4137794f52 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:49:39 +0000 Subject: [PATCH 29/44] Project Junk Drawer - changing to ms.topic release-notes --- windows/deployment/do/mcc-ent-release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-ent-release-notes.md b/windows/deployment/do/mcc-ent-release-notes.md index 7a69747aff..774d9cd43f 100644 --- a/windows/deployment/do/mcc-ent-release-notes.md +++ b/windows/deployment/do/mcc-ent-release-notes.md @@ -3,7 +3,7 @@ title: Microsoft Connected Cache Release Notes description: Release Notes for Microsoft Connected Cache for Enterprise and Education. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: release-notes ms.author: lichris author: chrisjlin manager: naengler From 963e17f862b1910ff11cfa42047cef743a9cef32 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:49:45 +0000 Subject: [PATCH 30/44] Project Junk Drawer - changing to ms.topic whats-new --- .../new-in-windows-mdm-enrollment-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/new-in-windows-mdm-enrollment-management.md b/windows/client-management/new-in-windows-mdm-enrollment-management.md index 053a0dd779..7be08881f7 100644 --- a/windows/client-management/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/new-in-windows-mdm-enrollment-management.md @@ -1,7 +1,7 @@ --- title: What's new in MDM enrollment and management description: Discover what's new and breaking changes in mobile device management (MDM) enrollment and management experience across all Windows devices. -ms.topic: conceptual +ms.topic: whats-new ms.localizationpriority: medium ms.date: 07/08/2024 --- From 40bb4508d54a6cd4676abe38bcf663bcaefa6bd3 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:50:13 +0000 Subject: [PATCH 31/44] Project Junk Drawer - changing to ms.topic whats-new --- windows/deployment/do/whats-new-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md index 607817cbf7..1e39fdbb8d 100644 --- a/windows/deployment/do/whats-new-do.md +++ b/windows/deployment/do/whats-new-do.md @@ -3,7 +3,7 @@ title: What's new in Delivery Optimization description: What's new in Delivery Optimization, a peer-to-peer distribution method in Windows 10 and Windows 11. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: whats-new author: cmknox ms.author: carmenf manager: aaroncz From 2fef1be061a7aff639cc85ea1f5bb04b9803db12 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:50:24 +0000 Subject: [PATCH 32/44] Project Junk Drawer - changing to ms.topic upgrade-and-migration-article --- windows/deployment/upgrade/windows-edition-upgrades.md | 2 +- .../upgrade/windows-upgrade-and-migration-considerations.md | 2 +- windows/deployment/upgrade/windows-upgrade-paths.md | 2 +- windows/deployment/usmt/migrate-application-settings.md | 2 +- windows/deployment/usmt/migration-store-types-overview.md | 2 +- windows/deployment/usmt/understanding-migration-xml-files.md | 2 +- windows/deployment/usmt/usmt-choose-migration-store-type.md | 2 +- windows/deployment/usmt/usmt-command-line-syntax.md | 2 +- windows/deployment/usmt/usmt-common-migration-scenarios.md | 2 +- windows/deployment/usmt/usmt-determine-what-to-migrate.md | 2 +- windows/deployment/usmt/usmt-estimate-migration-store-size.md | 2 +- .../usmt-extract-files-from-a-compressed-migration-store.md | 2 +- windows/deployment/usmt/usmt-hard-link-migration-store.md | 2 +- windows/deployment/usmt/usmt-how-to.md | 2 +- .../deployment/usmt/usmt-migrate-efs-files-and-certificates.md | 2 +- windows/deployment/usmt/usmt-migrate-user-accounts.md | 2 +- windows/deployment/usmt/usmt-migration-store-encryption.md | 2 +- windows/deployment/usmt/usmt-plan-your-migration.md | 2 +- windows/deployment/usmt/usmt-test-your-migration.md | 2 +- windows/deployment/usmt/usmt-what-does-usmt-migrate.md | 2 +- .../verify-the-condition-of-a-compressed-migration-store.md | 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/windows/deployment/upgrade/windows-edition-upgrades.md b/windows/deployment/upgrade/windows-edition-upgrades.md index b1fc50c67b..eea591bb03 100644 --- a/windows/deployment/upgrade/windows-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-edition-upgrades.md @@ -6,7 +6,7 @@ ms.author: frankroj ms.service: windows-client ms.localizationpriority: medium author: frankroj -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.collection: - highpri - tier2 diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index 125f0fd64a..ca0f26473f 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -5,7 +5,7 @@ manager: aaroncz ms.author: frankroj ms.service: windows-client author: frankroj -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy ms.date: 08/30/2024 --- diff --git a/windows/deployment/upgrade/windows-upgrade-paths.md b/windows/deployment/upgrade/windows-upgrade-paths.md index 4d1dcd205e..f6a5c42c55 100644 --- a/windows/deployment/upgrade/windows-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-upgrade-paths.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium author: frankroj manager: aaroncz ms.author: frankroj -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.collection: - highpri - tier2 diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 563fffa13b..8b5bfa1ce9 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index e69fa2a0eb..628bcc545a 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 2994c4a929..8607adabb8 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index e8a0d69a2f..c63aaf7c6a 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 71da51bdda..9e52d5b7c4 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index d618b669c3..5ca0004d73 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 098c1a8a45..a8dcc7d47f 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index ae5b4e142e..7391cddae1 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 9fefd6f0b4..07e8027b09 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 7c21f7e783..0f8e6f5578 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index 72231c5f35..f5da1dd94b 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index 8d146557a2..3321c860af 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 2e82b3db4e..2c45dc04a9 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index 2084dbdd22..6b42cb8b3c 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index 6fbc90a488..f0faa1f0c1 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index 4b1d005a41..fa350814e6 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 56cee12f98..58692dde4d 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index f611d55175..0c1b1bf6da 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual +ms.topic: upgrade-and-migration-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From 2ede63bd487f6319fbd9f2af0f89193c3dbc2032 Mon Sep 17 00:00:00 2001 From: Docs Allowlist Management Date: Mon, 24 Feb 2025 19:50:29 +0000 Subject: [PATCH 33/44] Project Junk Drawer - changing to ms.topic troubleshooting-known-issue --- windows/client-management/mdm-known-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm-known-issues.md b/windows/client-management/mdm-known-issues.md index 43e571ecb6..6534f06502 100644 --- a/windows/client-management/mdm-known-issues.md +++ b/windows/client-management/mdm-known-issues.md @@ -1,7 +1,7 @@ --- title: Known issues in MDM description: Learn about known issues for Windows devices in MDM -ms.topic: conceptual +ms.topic: troubleshooting-known-issue ms.date: 07/08/2024 --- From 0f0c340183be2fad2af8d08b18748ea7dbf9b61f Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Tue, 25 Feb 2025 01:23:36 +0530 Subject: [PATCH 34/44] acro fix --- windows/deployment/do/delivery-optimization-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md index b199cbd985..c0f4cd232b 100644 --- a/windows/deployment/do/delivery-optimization-proxy.md +++ b/windows/deployment/do/delivery-optimization-proxy.md @@ -66,7 +66,7 @@ You can set a device-wide proxy that will apply to all users including an intera Or, if you use Group Policy, you can apply proxy settings to all users of the same device by enabling the **Computer Configuration\ Administrative Templates\ Windows Components\ Internet Explorer\ Make proxy settings per-machine (rather than per-user)** policy. -This policy is meant to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user, so if you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer. If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings. +This policy is meant to ensure that proxy settings apply uniformly to the same computer and don't vary from user to user, so if you enable this policy, users can't set user-specific proxy settings. They must use the zones created for all users of the computer. If you disable this policy or don't configure it, users of the same computer can establish their own proxy settings. ## Using a proxy with Microsoft Connected Cache From c3f6782df9f06d09063ae27b1b8fd68e15bdbd97 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Tue, 25 Feb 2025 01:57:04 +0530 Subject: [PATCH 35/44] trying to improve acro score --- windows/deployment/update/wufb-wsus.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index c2a1c6e1a7..0d9b10ba84 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -23,7 +23,7 @@ The Windows update scan source policy enables you to choose what types of update We added the scan source policy starting with the [September 1, 2021—KB5005101 (OS Builds 19041.1202, 19042.1202, and 19043.1202) Preview](https://support.microsoft.com/help/5005101) update and it applies to Window 10, version 2004 and above and Windows 11. This policy changes the way devices determine whether to scan against a local WSUS server or Windows Update service. > [!IMPORTANT] -> The policy **Do not allow update deferral policies to cause scans against Windows Update**, also known as Dual Scan, is no longer supported on Windows 11 and on Windows 10 it is replaced by the new Windows scan source policy and is not recommended for use. If you configure both on Windows 10, you will not get updates from Windows Update. +> The policy **Do not allow update deferral policies to cause scans against Windows Update**, also known as Dual Scan, is no longer supported on Windows 11 and on Windows 10 it's replaced by the new Windows scan source policy and isn't recommended for use. If you configure both on Windows 10, you won't get updates from Windows Update. ## About the scan source policy @@ -53,7 +53,7 @@ To help you better understand the scan source policy, see the default scan behav > The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options. > [!NOTE] -> If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who select "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. +> If you have devices configured for WSUS and don't configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who select "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. ## Configure the scan sources @@ -68,7 +68,7 @@ The policy can be configured using the following two methods: 2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor<Update Type>**: > [!NOTE] -> - You should configure **all** of these policies if you are using CSPs. +> - You should configure **all** of these policies if you're using CSPs. > - Editing the registry to change the behavior of update policies isn't recommended. Use Group Policy or the Configuration Service Provider (CSP) policy instead of directly writing to the registry. However, if you choose to edit the registry, ensure you've configured the `UseUpdateClassPolicySource` registry key too, or the scan source won't be altered. > - If you're also using the **Specify settings for optional component installation and component repair** policy to enable content for FoDs and language packs, see [How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager](fod-and-lang-packs.md) to verify your policy configuration. From 2cb258ece58dfdb9e42760e4f4ddda55eff279f3 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 24 Feb 2025 15:31:59 -0500 Subject: [PATCH 36/44] security book split --- ...vices-protect-your-personal-information.md | 55 ++----------------- .../security/book/includes/find-my-device.md | 15 +++++ .../book/includes/microsoft-account.md | 21 +++++++ .../book/includes/onedrive-for-personal.md | 20 +++++++ .../security/book/includes/personal-vault.md | 17 ++++++ 5 files changed, 77 insertions(+), 51 deletions(-) create mode 100644 windows/security/book/includes/find-my-device.md create mode 100644 windows/security/book/includes/microsoft-account.md create mode 100644 windows/security/book/includes/onedrive-for-personal.md create mode 100644 windows/security/book/includes/personal-vault.md diff --git a/windows/security/book/cloud-services-protect-your-personal-information.md b/windows/security/book/cloud-services-protect-your-personal-information.md index 36707a697b..085aecff6a 100644 --- a/windows/security/book/cloud-services-protect-your-personal-information.md +++ b/windows/security/book/cloud-services-protect-your-personal-information.md @@ -9,57 +9,10 @@ ms.date: 11/18/2024 :::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false"::: -## Microsoft account +[!INCLUDE [microsoft-account](includes/microsoft-account.md)] -Your Microsoft account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android. +[!INCLUDE [find-my-device](includes/find-my-device.md)] -You can even go passwordless with your Microsoft account by removing the password from your MSA: +[!INCLUDE [onedrive-for-personal](includes/onedrive-for-personal.md)] -- Use Windows Hello to eliminate the password sign-in method for an even more secure experience -- Use the Microsoft Authenticator app on your Android or iOS device - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [What is a Microsoft account?][LINK-1] -- [Go passwordless with your Microsoft account][LINK-5] - -## Find my device - -When location services and *Find my device* settings are turned on, basic system services like time zone and Find my device are allowed to use the device's location. Find my device can be used to help recover lost or stolen Windows devices, reducing the security threats that rely on physical access. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [How to set up, find, and lock a lost Windows device using a Microsoft account][LINK-2] - -## OneDrive for personal - -Microsoft OneDrive for personal[\[10\]](conclusion.md#footnote10) offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that: - -- If a device is lost or stolen, users can quickly recover all their important files from the cloud -- If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Get started with OneDrive][LINK-6] -- [How to recover from a ransomware attack using Microsoft 365][LINK-7] -- [How to restore from OneDrive][LINK-3] - -## Personal Vault - -Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in Personal Vault, where they're protected by identity verification and are easily accessible across devices. - -Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Protect your OneDrive files in Personal Vault][LINK-4] - - - -[LINK-1]: https://support.microsoft.com/topic/4a7c48e9-ff5a-e9c6-5a5c-1a57d66c3bfa -[LINK-2]: https://support.microsoft.com/topic/890bf25e-b8ba-d3fe-8253-e98a12f26316 -[LINK-3]: https://support.microsoft.com/topic/fa231298-759d-41cf-bcd0-25ac53eb8a15 -[LINK-4]: https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4 -[LINK-5]: https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856 -[LINK-6]: https://support.microsoft.com/onedrive -[LINK-7]: /microsoft-365/security/office-365-security/recover-from-ransomware +[!INCLUDE [personal-vault](includes/personal-vault.md)] diff --git a/windows/security/book/includes/find-my-device.md b/windows/security/book/includes/find-my-device.md new file mode 100644 index 0000000000..b889fb3898 --- /dev/null +++ b/windows/security/book/includes/find-my-device.md @@ -0,0 +1,15 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Find my device + +When location services and *Find my device* settings are turned on, basic system services like time zone and Find my device are allowed to use the device's location. Find my device can be used to help recover lost or stolen Windows devices, reducing the security threats that rely on physical access. + +[!INCLUDE [learn-more](learn-more.md)] + +- [How to set up, find, and lock a lost Windows device using a Microsoft account](https://support.microsoft.com/topic/890bf25e-b8ba-d3fe-8253-e98a12f26316) \ No newline at end of file diff --git a/windows/security/book/includes/microsoft-account.md b/windows/security/book/includes/microsoft-account.md new file mode 100644 index 0000000000..221eb6d664 --- /dev/null +++ b/windows/security/book/includes/microsoft-account.md @@ -0,0 +1,21 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Microsoft account + +Your Microsoft account (MSA) provides seamless access to Microsoft products and services with just one sign-in, allowing you to manage everything in one place. You can easily keep track of your subscriptions and order history, update your privacy and security settings, monitor the health and safety of your devices, and earn rewards. Your information stays with you in the cloud, accessible across devices and operating systems, including iOS and Android. + +You can even go passwordless with your Microsoft account by removing the password from your MSA: + +- Use Windows Hello to eliminate the password sign-in method for an even more secure experience +- Use the Microsoft Authenticator app on your Android or iOS device + +[!INCLUDE [learn-more](learn-more.md)] + +- [What is a Microsoft account?](https://support.microsoft.com/topic/4a7c48e9-ff5a-e9c6-5a5c-1a57d66c3bfa) +- [Go passwordless with your Microsoft account](https://support.microsoft.com/topic/585a71d7-2295-4878-aeac-a014984df856) \ No newline at end of file diff --git a/windows/security/book/includes/onedrive-for-personal.md b/windows/security/book/includes/onedrive-for-personal.md new file mode 100644 index 0000000000..65c039f76d --- /dev/null +++ b/windows/security/book/includes/onedrive-for-personal.md @@ -0,0 +1,20 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## OneDrive for personal + +Microsoft OneDrive for personal[\[10\]](../conclusion.md#footnote10) offers enhanced security, backup, and restore options for important personal files. Users can access their data from anywhere, since their files are stored and protected in the cloud. OneDrive provides an excellent solution for backing up folders, ensuring that: + +- If a device is lost or stolen, users can quickly recover all their important files from the cloud +- If a user is targeted by a ransomware attack, OneDrive enables recovery. With configured backups, users have more options to mitigate and recover from such attacks + +[!INCLUDE [learn-more](learn-more.md)] + +- [Get started with OneDrive](https://support.microsoft.com/onedrive) +- [How to recover from a ransomware attack using Microsoft 365](/microsoft-365/security/office-365-security/recover-from-ransomware) +- [How to restore from OneDrive](https://support.microsoft.com/topic/fa231298-759d-41cf-bcd0-25ac53eb8a15) \ No newline at end of file diff --git a/windows/security/book/includes/personal-vault.md b/windows/security/book/includes/personal-vault.md new file mode 100644 index 0000000000..6b0b47fcc0 --- /dev/null +++ b/windows/security/book/includes/personal-vault.md @@ -0,0 +1,17 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Personal Vault + +Personal Vault offers robust protection for the most important or sensitive files, without sacrificing the convenience of anywhere access. Secure digital copies of crucial documents in Personal Vault, where they're protected by identity verification and are easily accessible across devices. + +Once the Personal Vault is configured, users can access it using a strong authentication method or a second step of identity verification. The second steps of verification include fingerprint, face recognition, PIN, or a code sent via email or text. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Protect your OneDrive files in Personal Vault](https://support.microsoft.com/topic/6540ef37-e9bf-4121-a773-56f98dce78c4) \ No newline at end of file From 8a79c41fde6bd08ebb195847423fa8b395baad08 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Tue, 25 Feb 2025 02:04:23 +0530 Subject: [PATCH 37/44] acro fix --- .../applocker/script-rules-in-applocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md index e3f7030429..a9f2b80103 100644 --- a/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md +++ b/windows/security/application-security/application-control/app-control-for-business/applocker/script-rules-in-applocker.md @@ -26,7 +26,7 @@ The following table lists the default rules that are available for the script ru | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder | Everyone | Path: `%programfiles%\*`| > [!NOTE] -> When a script runs that is not allowed by policy, AppLocker raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host. In the case of PowerShell, "blocked" scripts will still run, but only in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). Authorized scripts run in Full Language Mode. +> When a script runs that isn't allowed by policy, AppLocker raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host. In the case of PowerShell, "blocked" scripts will still run, but only in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). Authorized scripts run in Full Language Mode. ## Related articles From b53b03452c6133191651c30f584575c91780dcfa Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 24 Feb 2025 12:49:27 -0800 Subject: [PATCH 38/44] fix ms.topic --- windows/deployment/usmt/migrate-application-settings.md | 2 +- windows/deployment/usmt/migration-store-types-overview.md | 2 +- windows/deployment/usmt/understanding-migration-xml-files.md | 2 +- windows/deployment/usmt/usmt-choose-migration-store-type.md | 2 +- windows/deployment/usmt/usmt-command-line-syntax.md | 2 +- windows/deployment/usmt/usmt-common-migration-scenarios.md | 2 +- windows/deployment/usmt/usmt-determine-what-to-migrate.md | 2 +- windows/deployment/usmt/usmt-estimate-migration-store-size.md | 2 +- .../usmt-extract-files-from-a-compressed-migration-store.md | 2 +- windows/deployment/usmt/usmt-hard-link-migration-store.md | 2 +- windows/deployment/usmt/usmt-how-to.md | 2 +- .../deployment/usmt/usmt-migrate-efs-files-and-certificates.md | 2 +- windows/deployment/usmt/usmt-migrate-user-accounts.md | 2 +- windows/deployment/usmt/usmt-migration-store-encryption.md | 2 +- windows/deployment/usmt/usmt-plan-your-migration.md | 2 +- windows/deployment/usmt/usmt-test-your-migration.md | 2 +- windows/deployment/usmt/usmt-what-does-usmt-migrate.md | 2 +- .../verify-the-condition-of-a-compressed-migration-store.md | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index 8b5bfa1ce9..c6c0627a49 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 628bcc545a..a8473748b7 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: overview ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 8607adabb8..fab9e7724b 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index c63aaf7c6a..46f76521b8 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: overview ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 9e52d5b7c4..cac5f93581 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: overview ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 5ca0004d73..4c855a61da 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index a8dcc7d47f..1e042e2a1d 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 7391cddae1..0ebc0fc1de 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md index 07e8027b09..8f2d1c1196 100644 --- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md +++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 0f8e6f5578..8c6cfc3a0e 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md index f5da1dd94b..29114c8d6e 100644 --- a/windows/deployment/usmt/usmt-how-to.md +++ b/windows/deployment/usmt/usmt-how-to.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: overview ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md index 3321c860af..9f896b125f 100644 --- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md +++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 2c45dc04a9..ba220bc251 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index 6b42cb8b3c..5efad7737a 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index f0faa1f0c1..843769c557 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index fa350814e6..d51103c854 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index 58692dde4d..f016bb111c 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: conceptual-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md index 0c1b1bf6da..0f537173ad 100644 --- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md +++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: upgrade-and-migration-article +ms.topic: how-to ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From 5c642ddd7c310b4136d2c1e29d21eba8b5e63e29 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 24 Feb 2025 12:55:27 -0800 Subject: [PATCH 39/44] fix ms.topic --- windows/deployment/usmt/usmt-common-migration-scenarios.md | 2 +- windows/deployment/usmt/usmt-determine-what-to-migrate.md | 2 +- windows/deployment/usmt/usmt-hard-link-migration-store.md | 2 +- windows/deployment/usmt/usmt-migration-store-encryption.md | 2 +- windows/deployment/usmt/usmt-plan-your-migration.md | 2 +- windows/deployment/usmt/usmt-test-your-migration.md | 2 +- windows/deployment/usmt/usmt-what-does-usmt-migrate.md | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 4c855a61da..b81d59505e 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 1e042e2a1d..afad7e7d3d 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 8c6cfc3a0e..75a8d9fb1d 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index 5efad7737a..0af8864e20 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index 843769c557..a75bc7ea90 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md index d51103c854..08bbb67f9d 100644 --- a/windows/deployment/usmt/usmt-test-your-migration.md +++ b/windows/deployment/usmt/usmt-test-your-migration.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md index f016bb111c..a60ce0dd07 100644 --- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md +++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md @@ -7,7 +7,7 @@ ms.author: frankroj ms.service: windows-client author: frankroj ms.date: 01/29/2025 -ms.topic: conceptual-article +ms.topic: concept-article ms.subservice: itpro-deploy appliesto: - ✅ Windows 11 From d49c0971d9be90436a6eb71ec0ef2f000e3ba5fa Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 24 Feb 2025 16:54:18 -0500 Subject: [PATCH 40/44] split content --- ...-services-protect-your-work-information.md | 372 +----------------- .../includes/azure-attestation-service.md | 23 ++ .../cloud-native-device-management.md | 34 ++ .../microsoft-defender-for-endpoint.md | 28 ++ .../book/includes/microsoft-entra-id.md | 84 ++++ .../book/includes/microsoft-intune.md | 66 ++++ .../includes/onedrive-for-work-or-school.md | 26 ++ .../book/includes/security-baselines.md | 33 ++ .../security/book/includes/universal-print.md | 51 +++ .../book/includes/windows-autopatch.md | 20 + .../book/includes/windows-autopilot.md | 27 ++ .../book/includes/windows-hotpatch.md | 17 + .../security/book/includes/windows-laps.md | 21 + .../includes/windows-update-for-business.md | 19 + 14 files changed, 462 insertions(+), 359 deletions(-) create mode 100644 windows/security/book/includes/azure-attestation-service.md create mode 100644 windows/security/book/includes/cloud-native-device-management.md create mode 100644 windows/security/book/includes/microsoft-defender-for-endpoint.md create mode 100644 windows/security/book/includes/microsoft-entra-id.md create mode 100644 windows/security/book/includes/microsoft-intune.md create mode 100644 windows/security/book/includes/onedrive-for-work-or-school.md create mode 100644 windows/security/book/includes/security-baselines.md create mode 100644 windows/security/book/includes/universal-print.md create mode 100644 windows/security/book/includes/windows-autopatch.md create mode 100644 windows/security/book/includes/windows-autopilot.md create mode 100644 windows/security/book/includes/windows-hotpatch.md create mode 100644 windows/security/book/includes/windows-laps.md create mode 100644 windows/security/book/includes/windows-update-for-business.md diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md index 033200a8f1..d29800ce98 100644 --- a/windows/security/book/cloud-services-protect-your-work-information.md +++ b/windows/security/book/cloud-services-protect-your-work-information.md @@ -9,374 +9,28 @@ ms.date: 11/04/2024 :::image type="content" source="images/cloud-security.png" alt-text="Diagram containing a list of security features for cloud security." lightbox="images/cloud-security.png" border="false"::: -## :::image type="icon" source="images/microsoft-entra-id.svg" border="false"::: Microsoft Entra ID +[!INCLUDE [microsoft-entra-id](includes/microsoft-entra-id.md)] -Microsoft Entra ID is a comprehensive cloud-based identity management solution that helps enable secure access to applications, networks, and other resources and guard against threats. Microsoft Entra ID can also be used with Windows Autopilot for zero-touch provisioning of devices preconfigured with corporate security policies. +[!INCLUDE [azure-attestation-service](includes/azure-attestation-service.md)] -Organizations can deploy Microsoft Entra ID joined devices to enable access to both cloud and on-premises apps and resources. Access to resources can be controlled based on the Microsoft Entra ID account and Conditional Access policies applied to the device. For the most seamless and delightful end to end single sign-on (SSO) experience, we recommend users configure Windows Hello for Business during the out of box experience for easy passwordless sign-in to Entra ID . +[!INCLUDE [microsoft-defender-for-endpoint](includes/microsoft-defender-for-endpoint.md)] -:::row::: - :::column::: - For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification. - :::column-end::: - :::column::: -:::image type="content" source="images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="images/device-registration.png"::: - :::column-end::: -:::row-end::: +[!INCLUDE [cloud-native-device-management](includes/cloud-native-device-management.md)] -To provide more security and control for IT and a seamless experience for users, Microsoft Entra ID works with apps and services, including on-premises software and thousands of software-as-a-service (SaaS) applications. Microsoft Entra ID protections include single sign-on, multifactor authentication, conditional access policies, identity protection, identity governance, and privileged identity management. +[!INCLUDE [microsoft-intune](includes/microsoft-intune.md)] -Windows 11 works with Microsoft Entra ID to provide secure access, identity management, and single sign-on to apps and services from anywhere. Windows has built-in settings to add work or school accounts by syncing the device configuration to an Active Directory domain or Microsoft Entra ID tenant. +[!INCLUDE [security-baselines](includes/security-baselines.md)] -:::image type="content" source="images/access-work-or-school.png" alt-text="Screenshot of the add work or school account in Settings." border="false"::: +[!INCLUDE [windows-laps](includes/windows-laps.md)] -When a device is Microsoft Entra ID joined and managed with Microsoft Intune[\[4\]](conclusion.md#footnote4), it receives the following security benefits: +[!INCLUDE [windows-autopilot](includes/windows-autopilot.md)] -- Default managed user and device settings and policies -- Single sign-in to all Microsoft Online Services -- Full suite of authentication management capabilities using Windows Hello for Business -- Single sign-on (SSO) to enterprise and SaaS applications -- No use of consumer Microsoft account identity +[!INCLUDE [windows-update-for-business](includes/windows-update-for-business.md)] -Organizations and users can join or register their Windows devices with Microsoft Entra ID to get a seamless experience to both native and web applications. In addition, users can set up Windows Hello for Business or FIDO2 security keys with Microsoft Entra ID and benefit from greater security with passwordless authentication. +[!INCLUDE [windows-autopatch](includes/windows-autopatch.md)] -In combination with Microsoft Intune, Microsoft Entra ID offers powerful security control through Conditional Access to restrict access to organizational resources to healthy and compliant devices. Note that Microsoft Entra ID is only supported on Windows Pro and Enterprise editions. +[!INCLUDE [windows-hotpatch](includes/windows-hotpatch.md)] -Every Windows device has a built-in local administrator account that must be secured and protected to mitigate any Pass-the-Hash (PtH) and lateral traversal attacks. Many customers have been using our standalone, on-premises Windows Local Administrator Password Solution (LAPS) to manage their domain-joined Windows machines. We heard from many customers that LAPS support was needed as they modernized their Windows environment to join directly to Microsoft Entra ID. +[!INCLUDE [onedrive-for-work-or-school](includes/onedrive-for-work-or-school.md)] -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Microsoft Entra ID documentation][LINK-1] -- [Microsoft Entra plans and pricing][LINK-2] - -### Microsoft Entra Private Access - -Microsoft Entra Private Access provides organizations the ability to manage and give users access to private or internal fully qualified domain names (FQDNs) and IP addresses. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Microsoft Entra Private Access][LINK-4] - -### Microsoft Entra Internet Access - -Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs. - -> [!NOTE] -> Both Microsoft Entra Private Access and Microsoft Entra Internet Access requires Microsoft Entra ID and Microsoft Entra Joined devices for deployment. The two solutions use the Global Secure Access client for Windows, which secures and controls the features. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Microsoft Entra Internet Access][LINK-3] -- [Global Secure Access client for Windows][LINK-6] -- [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access Proof of Concept][LINK-5] - -### Enterprise State Roaming - -Available to any organization with a Microsoft Entra ID Premium[\[4\]](conclusion.md#footnote4) license, Enterprise State Roaming provides users with a unified Windows Settings experience across their Windows devices and reduces the time needed for configuring a new device. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Enterprise State Roaming in Microsoft Entra ID][LINK-7] - -## :::image type="icon" source="images/azure-attestation.svg" border="false"::: Azure Attestation service - -Remote attestation helps ensure that devices are compliant with security policies and are operating in a trusted state before they're allowed to access resources. Microsoft Intune[\[4\]](conclusion.md#footnote4) integrates with Azure Attestation service to review Windows device health comprehensively and connect this information with Microsoft Entra ID[\[4\]](conclusion.md#footnote4) Conditional Access. - -**Attestation policies are configured in the Azure Attestation service which can then:** - -- Verify the integrity of evidence provided by the Windows Attestation component by validating the signature and ensuring the Platform Configuration Registers (PCRs) match the values recomputed by replaying the measured boot log -- Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM -- Verify that security features are in the expected states - -Once this verification is complete, the attestation service returns a signed report with the security features state to the relying party - such as Microsoft Intune - to assess the trustworthiness of the platform relative to the admin-configured device compliance specifications. Conditional access is then granted or denied based on the device's compliance. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Azure Attestation overview][LINK-8] - -## :::image type="icon" source="images/defender-for-endpoint.svg" border="false"::: Microsoft Defender for Endpoint - -Microsoft Defender for Endpoint[\[4\]](conclusion.md#footnote4) is an enterprise endpoint detection and response solution that helps security teams detect, disrupt, investigate, and respond to advanced threats. Organizations can use the rich event data and attack insights Defender for Endpoint provides to investigate incidents. - -Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents: - -- Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated cloud instance of Microsoft Defender for Endpoint -- With Automatic Attack Disruption uses AI, machine learning, and Microsoft Security Intelligence to analyze the entire attack and respond at the incident level, where it's able to contain a device, and/or a user which reduces the impact of attacks such as ransomware, human-operated attacks, and other advanced attacks. -- Cloud security analytics: Behavioral signals are translated into insights, detections, and recommended responses to advanced threats. These analytics leverage big data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products such as Microsoft 365[\[4\]](conclusion.md#footnote4), and online assets -- Threat intelligence: Microsoft processes over 43 trillion security signals every 24 hours, yielding a deep and broad view into the evolving threat landscape. Combined with our global team of security experts and cutting-edge artificial intelligence and machine learning, we can see threats that others miss. This threat intelligence helps provide unparalleled protection for our customers. The protections built into our platforms and products blocked attacks that include 31 billion identity threats and 32 billion email threats -- Rich response capabilities: Defender for Endpoint empowers SecOps teams to isolate, remediate, and remote into machines to further investigate and stop active threats in their environment, as well as block files, network destinations, and create alerts for them. In addition, Automated Investigation and Remediation can help reduce the load on the SOC by automatically performing otherwise manual steps towards remediation and providing -detailed investigation outcomes - -Defender for Endpoint is also part of Microsoft Defender XDR, our end-to-end, cloud-native extended detection and response (XDR) solution that combines best-of-breed endpoint, email, and identity security products. It enables organizations to prevent, detect, investigate, and remediate attacks by delivering deep visibility, granular context, and actionable insights generated from raw signals harnessed across the Microsoft 365 environment and other -platforms, all synthesized into a single dashboard. This solution offers tremendous value to organizations of any size, especially those that are looking to break away from the added complexity of multiple point solutions, keeping them protected from sophisticated attacks and saving IT and security teams' time and resources. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) -- [Microsoft 365 Defender](/defender-xdr/microsoft-365-defender) - -## Cloud-native device management - -Microsoft recommends cloud-based device management so that IT professionals can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With cloud-native device management solutions like Microsoft Intune[\[4\]](conclusion.md#footnote4), IT can manage Windows 11 using industry standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate device management client. - -Windows 11 built-in management features include: - -- The enrollment client, which enrolls and configures the device to securely communicate with the enterprise device management server -- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Mobile device management overview][LINK-9] - -### Remote wipe - -When a device is lost or stolen, IT administrators might want to remotely wipe data stored in memory and hard disks. A helpdesk agent might also want to reset devices to fix issues encountered by remote workers. A remote wipe can also be used to prepare a previously used device for a new user. - -Windows 11 supports the Remote Wipe configuration service provider (CSP) so that device management solutions can remotely initiate any of the following operations: - -- Reset the device and remove user accounts and data -- Reset the device and clean the drive -- Reset the device but persist user accounts and data - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Remote wipe CSP][LINK-10] - -## :::image type="icon" source="images/microsoft-intune.svg" border="false"::: Microsoft Intune - -Microsoft Intune[\[4\]](conclusion.md#footnote4) is a comprehensive cloud-native endpoint management solution that helps secure, deploy, and manage users, apps, and devices. Intune brings together technologies like Microsoft Configuration Manager and Windows Autopilot to simplify provisioning, configuration management, and software updates across the organization. - -Intune works with Microsoft Entra ID to manage security features and processes, including multifactor authentication and conditional access. - -Organizations can cut costs while securing and managing remote devices through the cloud in compliance with company policies[\[11\]](conclusion.md#footnote11). For example, organizations can save time and money by provisioning preconfigured devices to remote employees using Windows Autopilot. - -Windows 11 enables IT professionals to move to the cloud while consistently enforcing security policies. Windows 11 provides expanded support for group policy administrative templates (ADMX-backed policies) in cloud-native device management solutions like Microsoft Intune, enabling IT professionals to easily apply the same security policies to both on-premises and remote devices. - -Customers have asked for App Control for Business (previously called *Windows Defender Application Control*) to support manage installer for a long time. Now it's possible to enable allowlisting of Win32 apps to proactively reduce the number of malware infections. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [What is Microsoft Intune][LINK-12] - -### Windows enrollment attestation - -When a device enrolls into device management, the administrator expects it to receive the appropriate policies to secure and manage the PC. However, in some cases, malicious actors can remove enrollment certificates and use them on unmanaged PCs, making them appear enrolled but without the intended security and management policies. - -With Windows enrollment attestation, Microsoft Entra and Microsoft Intune certificates are bound to a device using the Trusted Platform Module (TPM). This ensures that the certificates can't be transferred from one device to another, maintaining the integrity of the enrollment process. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Windows enrollment attestation][LINK-13] - -### Microsoft Cloud PKI - -Microsoft Cloud PKI is a cloud-based service included in the Microsoft Intune Suite[\[4\]](conclusion.md#footnote4) that simplifies and automates the management of a Public Key Infrastructure (PKI) for organizations. It eliminates the need for on-premises servers, hardware, and connectors, making it easier to set up and manage a PKI compared to, for instance, Microsoft Active Directory Certificate Services (AD CS) combined with the Certificate Connector for Microsoft Intune. - -Key features include: - -- Certificate lifecycle management: automates the lifecycle of certificates, including issuance, renewal, and revocation, for all devices managed by Intune -- Multi-platform support: supports certificate management for Windows, iOS/iPadOS, macOS, and Android devices -- Enhanced security: enables certificate-based authentication for Wi-Fi, VPN, and other scenarios, improving security over traditional password-based methods. All certificate requests leverage Simple Certificate Enrollment Protocol (SCEP), making sure that the private key never leaves the requesting client -- Simplified management: provides easy management of certification authorities (CAs), registration authorities (RAs), certificate revocation lists (CRLs), monitoring, and reporting - -With Microsoft Cloud PKI, organizations can accelerate their digital transformation and achieve a fully managed cloud PKI service with minimal effort. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Overview of Microsoft Cloud PKI for Microsoft Intune](/mem/intune/protect/microsoft-cloud-pki-overview) - -### Endpoint Privilege Management (EPM) - -Intune Endpoint Privilege Management supports organizations' Zero Trust journeys by helping them achieve a broad user base running with least privilege, while still permitting users to run elevated tasks allowed by the organization to remain productive. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Endpoint Privilege Management][LINK-14] - -### Mobile application management (MAM) - -With Intune, organizations can also extend MAM App Config, MAM App Protection, and App Protection Conditional Access capabilities to Windows. This enables people to access protected organizational content without having the device managed by IT. The first application to support MAM for Windows is Microsoft Edge. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Data protection for Windows MAM][LINK-15] - -## Security baselines - -Every organization faces security threats. However, different organizations can be concerned with different types of security threats. For example, an e-commerce company might focus on protecting its internet-facing web apps, while a hospital on confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization. - -A security baseline is a group of Microsoft-recommended configuration settings that explains their security implications. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Security baselines][LINK-11] - -### Security baseline for cloud-based device management solutions - -Windows 11 can be configured with Microsoft's security baseline, designed for cloud-based device management solutions like Microsoft Intune[\[4\]](conclusion.md#footnote4). These security baselines function similarly to group policy-based ones and can be easily integrated into existing device management tools. - -The security baseline includes policies for: - -- Microsoft inbox security technologies such as BitLocker, Microsoft Defender SmartScreen, Virtualization-based security, Exploit Guard, Microsoft Defender Antivirus, and Windows Firewall -- Restricting remote access to devices -- Setting credential requirements for passwords and PINs -- Restricting the use of legacy technology - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Intune security baseline overview][LINK-16] -- [List of the settings in the Windows security baseline in Intune][LINK-17] - -## Windows Local Administrator Password Solution (LAPS) - -Windows Local Administrator Password Solution (LAPS) is a feature that automatically manages and backs up the password of a local administrator account on Microsoft Entra joined and Active Directory-joined devices. It helps enhance security by regularly rotating and managing local administrator account passwords, protecting against pass-the-hash and lateral-traversal attacks. - -Windows LAPS can be configured via group policy or with a device management solution like Microsoft Intune[\[4\]](conclusion.md#footnote4). - -[!INCLUDE [new-24h2](includes/new-24h2.md)] - -Several enhancements have been made to improve manageability and security. Administrators can now configure LAPS to automatically create managed local accounts, integrating with existing policies to enhance security and efficiency. Policy settings have been updated to generate more readable passwords by ignoring certain characters and to support the generation of readable passphrases, with options to choose from three separate word source list and control passphrase length. Additionally, LAPS can detect when a computer rolls back to a previous image, ensuring password consistency between the computer and Active Directory. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Windows LAPS overview][LINK-18] - -## Windows Autopilot - -Traditionally, IT professionals spend significant time building and customizing images that will later be deployed to devices. If you're purchasing new devices or managing device refresh cycles, you can use Windows Autopilot to set up and preconfigure new devices, getting them ready for productive use. Autopilot helps you ensure your devices are delivered locked down and compliant with corporate security policies. The solution can also be used to reset, repurpose, and recover devices with zero touch by your IT team and no infrastructure to manage, enhancing efficiency with a process that's both easy and simple. - -With Windows Autopilot, there's no need to reimage or manually set-up devices before giving them to the users. Your hardware vendor can ship them, ready to go, directly to the users. From a user perspective, they turn on their device, go online, and Windows Autopilot delivers apps and settings. - -Windows Autopilot enables you to: - -- Automatically join devices to Microsoft Entra ID or Active Directory via Microsoft Entra hybrid join -- Autoenroll devices into a device management solution like Microsoft Intune[\[4\]](conclusion.md#footnote4) (requires a Microsoft Entra ID Premium subscription for configuration) -- Create and autoassignment of devices to configuration groups based on a device's profile -- Customize of the out-of-box experience (OOBE) content specific to your organization - -Existing devices can also be quickly prepared for a new user with Windows Autopilot Reset. The reset capability is also useful in break/fix scenarios to quickly bring a device back to a business-ready state. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Windows Autopilot][LINK-19] -- [Windows Autopilot Reset][LINK-20] - -## Windows Update for Business - -Windows Update for Business empowers IT administrators to ensure that their organization's Windows client devices are consistently up to date with the latest security updates and features. By directly connecting these systems to the Windows Update service, administrators can maintain a high level of security and functionality. - -Administrators can utilize group policy or a device management solution like Microsoft Intune[\[4\]](conclusion.md#footnote4), to configure Windows Update for Business settings. These settings control the timing and manner in which updates are applied, allowing for thorough reliability and performance testing on a subset of devices before deploying updates across the entire organization. - -This approach not only provides control over the update process but also ensures a seamless and positive update experience for all users within the organization. By using Windows Update for Business, organizations can achieve a more secure and efficient operational environment. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Windows Update for Business documentation][LINK-21] - -## Windows Autopatch - -Cybercriminals commonly exploit obsolete or unpatched software to infiltrate networks. It's essential to maintain current updates to seal security gaps. Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates so your IT Admins can focus on other activities and tasks. - -There's a lot more to learn about Windows Autopatch: this [Forrester Consulting Total Economic Impact™ Study][LINK-22] commissioned by Microsoft, features insights from customers who deployed Windows Autopatch and its impact on their organizations. You can also find out more information about new Autopatch features and the future of the service in the regularly published Windows IT Pro Blog and Windows Autopatch community. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/) -- [Windows updates API overview](/graph/windowsupdates-concept-overview) -- [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows-ITPro-blog/label-name/Windows%20Autopatch) -- [Windows Autopatch community](https://techcommunity.microsoft.com/t5/windows-autopatch/bd-p/Windows-Autopatch) - -## :::image type="icon" source="images/soon-button-title.svg" border="false"::: Windows Hotpatch - -Windows Hotpatch is a feature designed to enhance security and minimize disruptions. With Windows Hotpatch, organizations can apply critical security updates without requiring a system restart, reducing the time to adopt a security update by 60% from the moment the update is offered. Hotpatch updates streamline the installation process, enhance compliance efficiency, and provide a per-policy level view of update statuses for all devices. - -By utilizing hotpatching through Windows Autopatch, the number of system restarts for Windows updates can be reduced from 12 times a year to just 4, ensuring consistent protection and uninterrupted productivity. This means less downtime, a streamlined experience for users, and a reduction in security risks. This technology, proven in the Azure Server environment, is now expanding to Windows 11, offering immediate security from day one without the need for a restart. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/) - -## :::image type="icon" source="images/onedrive.svg" border="false"::: OneDrive for work or school - -OneDrive for work or school is a cloud storage service that allows users to store, share, and collaborate on files. It's a part of Microsoft 365 and is designed to help organizations protect their data and comply with regulations. OneDrive for work or school is protected both in transit and at rest. - -When data transits either into the service from clients or between datacenters, it's protected using transport layer security (TLS) encryption. OneDrive only permits secure access. - -Authenticated connections aren't allowed over HTTP and instead redirect to HTTPS. - -There are several ways that OneDrive for work or school is protected at rest: - -- Physical protection: Microsoft understands the importance of protecting customer data and is committed to securing the datacenters that contain it. Microsoft datacenters are designed, built, and operated to strictly limit physical access to the areas where customer data is stored. Physical security at datacenters is in alignment with the defense-in-depth principle. Multiple security measures are implemented to reduce the risk of unauthorized users accessing data and other datacenter resources. Learn more [here](/compliance/assurance/assurance-datacenter-physical-access-security). -- Network protection: The networks and identities are isolated from the corporate network. Firewalls limit traffic into the environment from unauthorized locations -- Application security: Engineers who build features follow the security development lifecycle. Automated and manual analyses help identify possible vulnerabilities. The [Microsoft Security Response Center](https://technet.microsoft.com/security/dn440717.aspx) helps triage incoming vulnerability reports and evaluate mitigations. Through the [Microsoft Cloud Bug Bounty Terms](https://technet.microsoft.com/dn800983), people across the world can earn money by reporting vulnerabilities -- Content protection: Each file is encrypted at rest with a unique AES-256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [How OneDrive safeguards data in the cloud](https://support.microsoft.com/topic/23c6ea94-3608-48d7-8bf0-80e142edd1e1) - -## :::image type="icon" source="images/universal-print.svg" border="false"::: Universal Print - -Universal Print eliminates the need for on-premises print servers. It also eliminates the need for print drivers from the users' Windows devices and makes the devices secure, reducing the malware attacks that typically exploit vulnerabilities in driver model. It enables Universal Print-ready printers (with native support) to connect directly to the Microsoft Cloud. All major printer OEMs have these [models][LINK-23]. It also supports existing printers by using the connector software that comes with Universal Print. - -Unlike traditional print solutions that rely on Windows print servers, Universal Print is a Microsoft-hosted cloud subscription service that supports a Zero Trust security model when using the Universal Print-ready printers. Customers can enable network isolation of printers, including the Universal Print connector software, from the rest of the organization's resources. Users and their devices don't need to be on the same local network as the printers or the Universal Print connector. - -Universal Print supports Zero Trust security by requiring that: - -- Each connection and API call to Universal Print cloud service requires authentication validated by Microsoft Entra ID[\[4\]](conclusion.md#footnote4). A hacker would have to have knowledge of the right credentials to successfully connect to the Universal Print service -- Every connection established by the user's device (client), the printer, or another cloud service to the Universal Print cloud service uses SSL with TLS 1.2 protection. This protects network snooping of traffic to gain access to sensitive data -- Each printer registered with Universal Print is created as a device object in the customer's Microsoft Entra ID tenant and issued its own device certificate. Every connection from the printer is authenticated using this certificate. The printer can access only its own data and no other device's data -- Applications can connect to Universal Print using either user, device, or application authentication. To ensure data security, it's highly recommended that only cloud applications use application authentication -- Each acting application must register with Microsoft Entra ID and specify the set of permission scopes it requires. Microsoft's own acting applications - for example, the Universal Print connector - are registered with the Microsoft Entra ID service. Customer administrators need to provide their consent to the required permission scopes as part of onboarding the application to their tenant -- Each authentication with Microsoft Entra ID from an acting application can't extend the permission scope as defined by the acting client app. This prevents the app from requesting additional permissions if the app is breached - -Additionally, Windows 11 includes device management support to simplify printer setup for users. With support from Microsoft Intune[\[4\]](conclusion.md#footnote4), admins can now configure policy settings to provision specific printers onto the user's Windows devices. - -Universal Print stores the print data in cloud securely in Office Storage, the same storage used by other Microsoft 365 products. - -More information about handling of Microsoft 365 data (this includes Universal Print data) can be found [here][LINK-24]. - -The Universal Print secure release platform ensures user privacy, secures organizational data, and reduces print wastage. It eliminates the need for people to rush to a shared printer as soon as they send a print job to ensure that no one sees the private or confidential content. Sometimes, printed documents are picked up by another person or not picked up at all and discarded. Detailed support and configuration information can be found [here][LINK-25]. - -Universal Print supports Administrative Units in Microsoft Entra ID to enable the assignments of a *Printer Administrator* role to specific teams in the organization. The assigned team can configure only the printers that are part of the same Administrative Unit. - -For customers who want to stay on print servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM. - -[!INCLUDE [learn-more](includes/learn-more.md)] - -- [Universal Print][LINK-26] -- [Data handling in Universal Print][LINK-27] -- [Delegate Printer Administration with Administrative Units][LINK-28] -- [Print support app design guide][LINK-29] - - - -[LINK-1]: /entra -[LINK-2]: https://www.microsoft.com/security/business/microsoft-entra-pricing -[LINK-3]: /entra/global-secure-access/concept-internet-access -[LINK-4]: /entra/global-secure-access/concept-private-access -[LINK-5]: /entra/architecture/sse-deployment-guide-internet-access -[LINK-6]: /entra/global-secure-access/how-to-install-windows-client -[LINK-7]: /entra/identity/devices/enterprise-state-roaming-enable -[LINK-8]: /azure/attestation/overview -[LINK-9]: /windows/client-management/mdm-overview -[LINK-10]: /windows/client-management/mdm/remotewipe-csp -[LINK-11]: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines -[LINK-12]: /mem/intune/fundamentals/what-is-intune -[LINK-13]: /mem/intune/enrollment/windows-enrollment-attestation -[LINK-14]: /mem/intune/protect/epm-overview?formCode=MG0AV3 -[LINK-15]: /mem/intune/apps/protect-mam-windows?formCode=MG0AV3 -[LINK-16]: /mem/intune/protect/security-baselines -[LINK-17]: /mem/intune/protect/security-baseline-settings-mdm-all -[LINK-18]: /windows-server/identity/laps/laps-overview -[LINK-19]: /autopilot/overview -[LINK-20]: /mem/autopilot/windows-autopilot-reset -[LINK-21]: /windows/deployment/update/waas-manage-updates-wufb -[LINK-22]: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW10vlw -[LINK-23]: /universal-print/fundamentals/universal-print-partner-integrations -[LINK-24]: /microsoft-365/enterprise/m365-dr-overview -[LINK-25]: /universal-print/fundamentals/universal-print-qrcode -[LINK-26]: https://www.microsoft.com/microsoft-365/windows/universal-print -[LINK-27]: /universal-print/data-handling -[LINK-28]: /universal-print/portal/delegated-admin -[LINK-29]: /windows-hardware/drivers/devapps/print-support-app-design-guide +[!INCLUDE [universal-print](includes/universal-print.md)] diff --git a/windows/security/book/includes/azure-attestation-service.md b/windows/security/book/includes/azure-attestation-service.md new file mode 100644 index 0000000000..e233d321fd --- /dev/null +++ b/windows/security/book/includes/azure-attestation-service.md @@ -0,0 +1,23 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/azure-attestation.svg" border="false"::: Azure Attestation service + +Remote attestation helps ensure that devices are compliant with security policies and are operating in a trusted state before they're allowed to access resources. Microsoft Intune[\[4\]](../conclusion.md#footnote4) integrates with Azure Attestation service to review Windows device health comprehensively and connect this information with Microsoft Entra ID[\[4\]](../conclusion.md#footnote4) Conditional Access. + +**Attestation policies are configured in the Azure Attestation service which can then:** + +- Verify the integrity of evidence provided by the Windows Attestation component by validating the signature and ensuring the Platform Configuration Registers (PCRs) match the values recomputed by replaying the measured boot log +- Verify that the TPM has a valid Attestation Identity Key issued by the authenticated TPM +- Verify that security features are in the expected states + +Once this verification is complete, the attestation service returns a signed report with the security features state to the relying party - such as Microsoft Intune - to assess the trustworthiness of the platform relative to the admin-configured device compliance specifications. Conditional access is then granted or denied based on the device's compliance. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Azure Attestation overview](/azure/attestation/overview) diff --git a/windows/security/book/includes/cloud-native-device-management.md b/windows/security/book/includes/cloud-native-device-management.md new file mode 100644 index 0000000000..33a7b3fe8c --- /dev/null +++ b/windows/security/book/includes/cloud-native-device-management.md @@ -0,0 +1,34 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Cloud-native device management + +Microsoft recommends cloud-based device management so that IT professionals can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With cloud-native device management solutions like Microsoft Intune[\[4\]](../conclusion.md#footnote4), IT can manage Windows 11 using industry standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate device management client. + +Windows 11 built-in management features include: + +- The enrollment client, which enrolls and configures the device to securely communicate with the enterprise device management server +- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT + +[!INCLUDE [learn-more](learn-more.md)] + +- [Mobile device management overview](/windows/client-management/mdm-overview) + +### Remote wipe + +When a device is lost or stolen, IT administrators might want to remotely wipe data stored in memory and hard disks. A helpdesk agent might also want to reset devices to fix issues encountered by remote workers. A remote wipe can also be used to prepare a previously used device for a new user. + +Windows 11 supports the Remote Wipe configuration service provider (CSP) so that device management solutions can remotely initiate any of the following operations: + +- Reset the device and remove user accounts and data +- Reset the device and clean the drive +- Reset the device but persist user accounts and data + +[!INCLUDE [learn-more](learn-more.md)] + +- [Remote wipe CSP](/windows/client-management/mdm/remotewipe-csp) diff --git a/windows/security/book/includes/microsoft-defender-for-endpoint.md b/windows/security/book/includes/microsoft-defender-for-endpoint.md new file mode 100644 index 0000000000..dbe7d1f270 --- /dev/null +++ b/windows/security/book/includes/microsoft-defender-for-endpoint.md @@ -0,0 +1,28 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/defender-for-endpoint.svg" border="false"::: Microsoft Defender for Endpoint + +Microsoft Defender for Endpoint[\[4\]](../conclusion.md#footnote4) is an enterprise endpoint detection and response solution that helps security teams detect, disrupt, investigate, and respond to advanced threats. Organizations can use the rich event data and attack insights Defender for Endpoint provides to investigate incidents. + +Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents: + +- Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated cloud instance of Microsoft Defender for Endpoint +- With Automatic Attack Disruption uses AI, machine learning, and Microsoft Security Intelligence to analyze the entire attack and respond at the incident level, where it's able to contain a device, and/or a user which reduces the impact of attacks such as ransomware, human-operated attacks, and other advanced attacks. +- Cloud security analytics: Behavioral signals are translated into insights, detections, and recommended responses to advanced threats. These analytics leverage big data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products such as Microsoft 365[\[4\]](../conclusion.md#footnote4), and online assets +- Threat intelligence: Microsoft processes over 43 trillion security signals every 24 hours, yielding a deep and broad view into the evolving threat landscape. Combined with our global team of security experts and cutting-edge artificial intelligence and machine learning, we can see threats that others miss. This threat intelligence helps provide unparalleled protection for our customers. The protections built into our platforms and products blocked attacks that include 31 billion identity threats and 32 billion email threats +- Rich response capabilities: Defender for Endpoint empowers SecOps teams to isolate, remediate, and remote into machines to further investigate and stop active threats in their environment, as well as block files, network destinations, and create alerts for them. In addition, Automated Investigation and Remediation can help reduce the load on the SOC by automatically performing otherwise manual steps towards remediation and providing +detailed investigation outcomes + +Defender for Endpoint is also part of Microsoft Defender XDR, our end-to-end, cloud-native extended detection and response (XDR) solution that combines best-of-breed endpoint, email, and identity security products. It enables organizations to prevent, detect, investigate, and remediate attacks by delivering deep visibility, granular context, and actionable insights generated from raw signals harnessed across the Microsoft 365 environment and other +platforms, all synthesized into a single dashboard. This solution offers tremendous value to organizations of any size, especially those that are looking to break away from the added complexity of multiple point solutions, keeping them protected from sophisticated attacks and saving IT and security teams' time and resources. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) +- [Microsoft 365 Defender](/defender-xdr/microsoft-365-defender) diff --git a/windows/security/book/includes/microsoft-entra-id.md b/windows/security/book/includes/microsoft-entra-id.md new file mode 100644 index 0000000000..e9bfd270c6 --- /dev/null +++ b/windows/security/book/includes/microsoft-entra-id.md @@ -0,0 +1,84 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/microsoft-entra-id.svg" border="false"::: Microsoft Entra ID + +Microsoft Entra ID is a comprehensive cloud-based identity management solution that helps enable secure access to applications, networks, and other resources and guard against threats. Microsoft Entra ID can also be used with Windows Autopilot for zero-touch provisioning of devices preconfigured with corporate security policies. + +Organizations can deploy Microsoft Entra ID joined devices to enable access to both cloud and on-premises apps and resources. Access to resources can be controlled based on the Microsoft Entra ID account and Conditional Access policies applied to the device. For the most seamless and delightful end to end single sign-on (SSO) experience, we recommend users configure Windows Hello for Business during the out of box experience for easy passwordless sign-in to Entra ID . + +:::row::: + :::column::: + For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification. + :::column-end::: + :::column::: +:::image type="content" source="../images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="images/device-registration.png"::: + :::column-end::: +:::row-end::: + +To provide more security and control for IT and a seamless experience for users, Microsoft Entra ID works with apps and services, including on-premises software and thousands of software-as-a-service (SaaS) applications. Microsoft Entra ID protections include single sign-on, multifactor authentication, conditional access policies, identity protection, identity governance, and privileged identity management. + +Windows 11 works with Microsoft Entra ID to provide secure access, identity management, and single sign-on to apps and services from anywhere. Windows has built-in settings to add work or school accounts by syncing the device configuration to an Active Directory domain or Microsoft Entra ID tenant. + +:::image type="content" source="../images/access-work-or-school.png" alt-text="Screenshot of the add work or school account in Settings." border="false"::: + +When a device is Microsoft Entra ID joined and managed with Microsoft Intune[\[4\]](../conclusion.md#footnote4), it receives the following security benefits: + +- Default managed user and device settings and policies +- Single sign-in to all Microsoft Online Services +- Full suite of authentication management capabilities using Windows Hello for Business +- Single sign-on (SSO) to enterprise and SaaS applications +- No use of consumer Microsoft account identity + +Organizations and users can join or register their Windows devices with Microsoft Entra ID to get a seamless experience to both native and web applications. In addition, users can set up Windows Hello for Business or FIDO2 security keys with Microsoft Entra ID and benefit from greater security with passwordless authentication. + +In combination with Microsoft Intune, Microsoft Entra ID offers powerful security control through Conditional Access to restrict access to organizational resources to healthy and compliant devices. Note that Microsoft Entra ID is only supported on Windows Pro and Enterprise editions. + +Every Windows device has a built-in local administrator account that must be secured and protected to mitigate any Pass-the-Hash (PtH) and lateral traversal attacks. Many customers have been using our standalone, on-premises Windows Local Administrator Password Solution (LAPS) to manage their domain-joined Windows machines. We heard from many customers that LAPS support was needed as they modernized their Windows environment to join directly to Microsoft Entra ID. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Microsoft Entra ID documentation][LINK-1] +- [Microsoft Entra plans and pricing][LINK-2] + +### Microsoft Entra Private Access + +Microsoft Entra Private Access provides organizations the ability to manage and give users access to private or internal fully qualified domain names (FQDNs) and IP addresses. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Microsoft Entra Private Access][LINK-4] + +### Microsoft Entra Internet Access + +Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs. + +> [!NOTE] +> Both Microsoft Entra Private Access and Microsoft Entra Internet Access requires Microsoft Entra ID and Microsoft Entra Joined devices for deployment. The two solutions use the Global Secure Access client for Windows, which secures and controls the features. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Microsoft Entra Internet Access][LINK-3] +- [Global Secure Access client for Windows][LINK-6] +- [Microsoft's Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access Proof of Concept][LINK-5] + +### Enterprise State Roaming + +Available to any organization with a Microsoft Entra ID Premium[\[4\]](../conclusion.md#footnote4) license, Enterprise State Roaming provides users with a unified Windows Settings experience across their Windows devices and reduces the time needed for configuring a new device. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Enterprise State Roaming in Microsoft Entra ID][LINK-7] + +[LINK-1]: /entra +[LINK-2]: https://www.microsoft.com/security/business/microsoft-entra-pricing +[LINK-3]: /entra/global-secure-access/concept-internet-access +[LINK-4]: /entra/global-secure-access/concept-private-access +[LINK-5]: /entra/architecture/sse-deployment-guide-internet-access +[LINK-6]: /entra/global-secure-access/how-to-install-windows-client +[LINK-7]: /entra/identity/devices/enterprise-state-roaming-enable diff --git a/windows/security/book/includes/microsoft-intune.md b/windows/security/book/includes/microsoft-intune.md new file mode 100644 index 0000000000..e0ca22fcd7 --- /dev/null +++ b/windows/security/book/includes/microsoft-intune.md @@ -0,0 +1,66 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/microsoft-intune.svg" border="false"::: Microsoft Intune + +Microsoft Intune[\[4\]](../conclusion.md#footnote4) is a comprehensive cloud-native endpoint management solution that helps secure, deploy, and manage users, apps, and devices. Intune brings together technologies like Microsoft Configuration Manager and Windows Autopilot to simplify provisioning, configuration management, and software updates across the organization. + +Intune works with Microsoft Entra ID to manage security features and processes, including multifactor authentication and conditional access. + +Organizations can cut costs while securing and managing remote devices through the cloud in compliance with company policies[\[11\]](../conclusion.md#footnote11). For example, organizations can save time and money by provisioning preconfigured devices to remote employees using Windows Autopilot. + +Windows 11 enables IT professionals to move to the cloud while consistently enforcing security policies. Windows 11 provides expanded support for group policy administrative templates (ADMX-backed policies) in cloud-native device management solutions like Microsoft Intune, enabling IT professionals to easily apply the same security policies to both on-premises and remote devices. + +Customers have asked for App Control for Business (previously called *Windows Defender Application Control*) to support manage installer for a long time. Now it's possible to enable allowlisting of Win32 apps to proactively reduce the number of malware infections. + +[!INCLUDE [learn-more](learn-more.md)] + +- [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) + +### Windows enrollment attestation + +When a device enrolls into device management, the administrator expects it to receive the appropriate policies to secure and manage the PC. However, in some cases, malicious actors can remove enrollment certificates and use them on unmanaged PCs, making them appear enrolled but without the intended security and management policies. + +With Windows enrollment attestation, Microsoft Entra and Microsoft Intune certificates are bound to a device using the Trusted Platform Module (TPM). This ensures that the certificates can't be transferred from one device to another, maintaining the integrity of the enrollment process. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Windows enrollment attestation](/mem/intune/enrollment/windows-enrollment-attestation) + +### Microsoft Cloud PKI + +Microsoft Cloud PKI is a cloud-based service included in the Microsoft Intune Suite[\[4\]](../conclusion.md#footnote4) that simplifies and automates the management of a Public Key Infrastructure (PKI) for organizations. It eliminates the need for on-premises servers, hardware, and connectors, making it easier to set up and manage a PKI compared to, for instance, Microsoft Active Directory Certificate Services (AD CS) combined with the Certificate Connector for Microsoft Intune. + +Key features include: + +- Certificate lifecycle management: automates the lifecycle of certificates, including issuance, renewal, and revocation, for all devices managed by Intune +- Multi-platform support: supports certificate management for Windows, iOS/iPadOS, macOS, and Android devices +- Enhanced security: enables certificate-based authentication for Wi-Fi, VPN, and other scenarios, improving security over traditional password-based methods. All certificate requests leverage Simple Certificate Enrollment Protocol (SCEP), making sure that the private key never leaves the requesting client +- Simplified management: provides easy management of certification authorities (CAs), registration authorities (RAs), certificate revocation lists (CRLs), monitoring, and reporting + +With Microsoft Cloud PKI, organizations can accelerate their digital transformation and achieve a fully managed cloud PKI service with minimal effort. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Overview of Microsoft Cloud PKI for Microsoft Intune](/mem/intune/protect/microsoft-cloud-pki-overview) + +### Endpoint Privilege Management (EPM) + +Intune Endpoint Privilege Management supports organizations' Zero Trust journeys by helping them achieve a broad user base running with least privilege, while still permitting users to run elevated tasks allowed by the organization to remain productive. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Endpoint Privilege Management](/mem/intune/protect/epm-overview?formCode=MG0AV3) + +### Mobile application management (MAM) + +With Intune, organizations can also extend MAM App Config, MAM App Protection, and App Protection Conditional Access capabilities to Windows. This enables people to access protected organizational content without having the device managed by IT. The first application to support MAM for Windows is Microsoft Edge. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Data protection for Windows MAM](/mem/intune/apps/protect-mam-windows?formCode=MG0AV3) diff --git a/windows/security/book/includes/onedrive-for-work-or-school.md b/windows/security/book/includes/onedrive-for-work-or-school.md new file mode 100644 index 0000000000..2abb36a1a1 --- /dev/null +++ b/windows/security/book/includes/onedrive-for-work-or-school.md @@ -0,0 +1,26 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/onedrive.svg" border="false"::: OneDrive for work or school + +OneDrive for work or school is a cloud storage service that allows users to store, share, and collaborate on files. It's a part of Microsoft 365 and is designed to help organizations protect their data and comply with regulations. OneDrive for work or school is protected both in transit and at rest. + +When data transits either into the service from clients or between datacenters, it's protected using transport layer security (TLS) encryption. OneDrive only permits secure access. + +Authenticated connections aren't allowed over HTTP and instead redirect to HTTPS. + +There are several ways that OneDrive for work or school is protected at rest: + +- Physical protection: Microsoft understands the importance of protecting customer data and is committed to securing the datacenters that contain it. Microsoft datacenters are designed, built, and operated to strictly limit physical access to the areas where customer data is stored. Physical security at datacenters is in alignment with the defense-in-depth principle. Multiple security measures are implemented to reduce the risk of unauthorized users accessing data and other datacenter resources. Learn more [here](/compliance/assurance/assurance-datacenter-physical-access-security). +- Network protection: The networks and identities are isolated from the corporate network. Firewalls limit traffic into the environment from unauthorized locations +- Application security: Engineers who build features follow the security development lifecycle. Automated and manual analyses help identify possible vulnerabilities. The [Microsoft Security Response Center](https://technet.microsoft.com/security/dn440717.aspx) helps triage incoming vulnerability reports and evaluate mitigations. Through the [Microsoft Cloud Bug Bounty Terms](https://technet.microsoft.com/dn800983), people across the world can earn money by reporting vulnerabilities +- Content protection: Each file is encrypted at rest with a unique AES-256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault + +[!INCLUDE [learn-more](learn-more.md)] + +- [How OneDrive safeguards data in the cloud](https://support.microsoft.com/topic/23c6ea94-3608-48d7-8bf0-80e142edd1e1) diff --git a/windows/security/book/includes/security-baselines.md b/windows/security/book/includes/security-baselines.md new file mode 100644 index 0000000000..5473219e28 --- /dev/null +++ b/windows/security/book/includes/security-baselines.md @@ -0,0 +1,33 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Security baselines + +Every organization faces security threats. However, different organizations can be concerned with different types of security threats. For example, an e-commerce company might focus on protecting its internet-facing web apps, while a hospital on confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization. + +A security baseline is a group of Microsoft-recommended configuration settings that explains their security implications. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Security baselines](/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines) + +### Security baseline for cloud-based device management solutions + +Windows 11 can be configured with Microsoft's security baseline, designed for cloud-based device management solutions like Microsoft Intune[\[4\]](../conclusion.md#footnote4). These security baselines function similarly to group policy-based ones and can be easily integrated into existing device management tools. + +The security baseline includes policies for: + +- Microsoft inbox security technologies such as BitLocker, Microsoft Defender SmartScreen, Virtualization-based security, Exploit Guard, Microsoft Defender Antivirus, and Windows Firewall +- Restricting remote access to devices +- Setting credential requirements for passwords and PINs +- Restricting the use of legacy technology + +[!INCLUDE [learn-more](learn-more.md)] + +- [Intune security baseline overview](/mem/intune/protect/security-baselines) +- [List of the settings in the Windows security baseline in Intune](/mem/intune/protect/security-baseline-settings-mdm-all) diff --git a/windows/security/book/includes/universal-print.md b/windows/security/book/includes/universal-print.md new file mode 100644 index 0000000000..7e61d82121 --- /dev/null +++ b/windows/security/book/includes/universal-print.md @@ -0,0 +1,51 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/universal-print.svg" border="false"::: Universal Print + +Universal Print eliminates the need for on-premises print servers. It also eliminates the need for print drivers from the users' Windows devices and makes the devices secure, reducing the malware attacks that typically exploit vulnerabilities in driver model. It enables Universal Print-ready printers (with native support) to connect directly to the Microsoft Cloud. All major printer OEMs have these [models][LINK-23]. It also supports existing printers by using the connector software that comes with Universal Print. + +Unlike traditional print solutions that rely on Windows print servers, Universal Print is a Microsoft-hosted cloud subscription service that supports a Zero Trust security model when using the Universal Print-ready printers. Customers can enable network isolation of printers, including the Universal Print connector software, from the rest of the organization's resources. Users and their devices don't need to be on the same local network as the printers or the Universal Print connector. + +Universal Print supports Zero Trust security by requiring that: + +- Each connection and API call to Universal Print cloud service requires authentication validated by Microsoft Entra ID[\[4\]](../conclusion.md#footnote4). A hacker would have to have knowledge of the right credentials to successfully connect to the Universal Print service +- Every connection established by the user's device (client), the printer, or another cloud service to the Universal Print cloud service uses SSL with TLS 1.2 protection. This protects network snooping of traffic to gain access to sensitive data +- Each printer registered with Universal Print is created as a device object in the customer's Microsoft Entra ID tenant and issued its own device certificate. Every connection from the printer is authenticated using this certificate. The printer can access only its own data and no other device's data +- Applications can connect to Universal Print using either user, device, or application authentication. To ensure data security, it's highly recommended that only cloud applications use application authentication +- Each acting application must register with Microsoft Entra ID and specify the set of permission scopes it requires. Microsoft's own acting applications - for example, the Universal Print connector - are registered with the Microsoft Entra ID service. Customer administrators need to provide their consent to the required permission scopes as part of onboarding the application to their tenant +- Each authentication with Microsoft Entra ID from an acting application can't extend the permission scope as defined by the acting client app. This prevents the app from requesting additional permissions if the app is breached + +Additionally, Windows 11 includes device management support to simplify printer setup for users. With support from Microsoft Intune[\[4\]](../conclusion.md#footnote4), admins can now configure policy settings to provision specific printers onto the user's Windows devices. + +Universal Print stores the print data in cloud securely in Office Storage, the same storage used by other Microsoft 365 products. + +More information about handling of Microsoft 365 data (this includes Universal Print data) can be found [here][LINK-24]. + +The Universal Print secure release platform ensures user privacy, secures organizational data, and reduces print wastage. It eliminates the need for people to rush to a shared printer as soon as they send a print job to ensure that no one sees the private or confidential content. Sometimes, printed documents are picked up by another person or not picked up at all and discarded. Detailed support and configuration information can be found [here][LINK-25]. + +Universal Print supports Administrative Units in Microsoft Entra ID to enable the assignments of a *Printer Administrator* role to specific teams in the organization. The assigned team can configure only the printers that are part of the same Administrative Unit. + +For customers who want to stay on print servers, we recommend using the Microsoft IPP Print driver. For features beyond what's covered in the standard IPP driver, use Print Support Applications (PSA) for Windows from the respective printer OEM. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Universal Print][LINK-26] +- [Data handling in Universal Print][LINK-27] +- [Delegate Printer Administration with Administrative Units][LINK-28] +- [Print support app design guide][LINK-29] + + + +[LINK-23]: /universal-print/fundamentals/universal-print-partner-integrations +[LINK-24]: /microsoft-365/enterprise/m365-dr-overview +[LINK-25]: /universal-print/fundamentals/universal-print-qrcode +[LINK-26]: https://www.microsoft.com/microsoft-365/windows/universal-print +[LINK-27]: /universal-print/data-handling +[LINK-28]: /universal-print/portal/delegated-admin +[LINK-29]: /windows-hardware/drivers/devapps/print-support-app-design-guide diff --git a/windows/security/book/includes/windows-autopatch.md b/windows/security/book/includes/windows-autopatch.md new file mode 100644 index 0000000000..b6d04f951b --- /dev/null +++ b/windows/security/book/includes/windows-autopatch.md @@ -0,0 +1,20 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Windows Autopatch + +Cybercriminals commonly exploit obsolete or unpatched software to infiltrate networks. It's essential to maintain current updates to seal security gaps. Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates so your IT Admins can focus on other activities and tasks. + +There's a lot more to learn about Windows Autopatch: this [Forrester Consulting Total Economic Impact™ Study](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW10vlw) commissioned by Microsoft, features insights from customers who deployed Windows Autopatch and its impact on their organizations. You can also find out more information about new Autopatch features and the future of the service in the regularly published Windows IT Pro Blog and Windows Autopatch community. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/) +- [Windows updates API overview](/graph/windowsupdates-concept-overview) +- [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows-ITPro-blog/label-name/Windows%20Autopatch) +- [Windows Autopatch community](https://techcommunity.microsoft.com/t5/windows-autopatch/bd-p/Windows-Autopatch) diff --git a/windows/security/book/includes/windows-autopilot.md b/windows/security/book/includes/windows-autopilot.md new file mode 100644 index 0000000000..4fc3ca74c7 --- /dev/null +++ b/windows/security/book/includes/windows-autopilot.md @@ -0,0 +1,27 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Windows Autopilot + +Traditionally, IT professionals spend significant time building and customizing images that will later be deployed to devices. If you're purchasing new devices or managing device refresh cycles, you can use Windows Autopilot to set up and preconfigure new devices, getting them ready for productive use. Autopilot helps you ensure your devices are delivered locked down and compliant with corporate security policies. The solution can also be used to reset, repurpose, and recover devices with zero touch by your IT team and no infrastructure to manage, enhancing efficiency with a process that's both easy and simple. + +With Windows Autopilot, there's no need to reimage or manually set-up devices before giving them to the users. Your hardware vendor can ship them, ready to go, directly to the users. From a user perspective, they turn on their device, go online, and Windows Autopilot delivers apps and settings. + +Windows Autopilot enables you to: + +- Automatically join devices to Microsoft Entra ID or Active Directory via Microsoft Entra hybrid join +- Autoenroll devices into a device management solution like Microsoft Intune[\[4\]](../conclusion.md#footnote4) (requires a Microsoft Entra ID Premium subscription for configuration) +- Create and autoassignment of devices to configuration groups based on a device's profile +- Customize of the out-of-box experience (OOBE) content specific to your organization + +Existing devices can also be quickly prepared for a new user with Windows Autopilot Reset. The reset capability is also useful in break/fix scenarios to quickly bring a device back to a business-ready state. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Windows Autopilot](/autopilot/overview) +- [Windows Autopilot Reset](/mem/autopilot/windows-autopilot-reset) diff --git a/windows/security/book/includes/windows-hotpatch.md b/windows/security/book/includes/windows-hotpatch.md new file mode 100644 index 0000000000..c084cb0939 --- /dev/null +++ b/windows/security/book/includes/windows-hotpatch.md @@ -0,0 +1,17 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## :::image type="icon" source="../images/soon-button-title.svg" border="false"::: Windows Hotpatch + +Windows Hotpatch is a feature designed to enhance security and minimize disruptions. With Windows Hotpatch, organizations can apply critical security updates without requiring a system restart, reducing the time to adopt a security update by 60% from the moment the update is offered. Hotpatch updates streamline the installation process, enhance compliance efficiency, and provide a per-policy level view of update statuses for all devices. + +By utilizing hotpatching through Windows Autopatch, the number of system restarts for Windows updates can be reduced from 12 times a year to just 4, ensuring consistent protection and uninterrupted productivity. This means less downtime, a streamlined experience for users, and a reduction in security risks. This technology, proven in the Azure Server environment, is now expanding to Windows 11, offering immediate security from day one without the need for a restart. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Windows Autopatch documentation](/windows/deployment/windows-autopatch/) diff --git a/windows/security/book/includes/windows-laps.md b/windows/security/book/includes/windows-laps.md new file mode 100644 index 0000000000..7c2d30bc84 --- /dev/null +++ b/windows/security/book/includes/windows-laps.md @@ -0,0 +1,21 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Windows Local Administrator Password Solution (LAPS) + +Windows Local Administrator Password Solution (LAPS) is a feature that automatically manages and backs up the password of a local administrator account on Microsoft Entra joined and Active Directory-joined devices. It helps enhance security by regularly rotating and managing local administrator account passwords, protecting against pass-the-hash and lateral-traversal attacks. + +Windows LAPS can be configured via group policy or with a device management solution like Microsoft Intune[\[4\]](../conclusion.md#footnote4). + +[!INCLUDE [new-24h2](new-24h2.md)] + +Several enhancements have been made to improve manageability and security. Administrators can now configure LAPS to automatically create managed local accounts, integrating with existing policies to enhance security and efficiency. Policy settings have been updated to generate more readable passwords by ignoring certain characters and to support the generation of readable passphrases, with options to choose from three separate word source list and control passphrase length. Additionally, LAPS can detect when a computer rolls back to a previous image, ensuring password consistency between the computer and Active Directory. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Windows LAPS overview](/windows-server/identity/laps/laps-overview) diff --git a/windows/security/book/includes/windows-update-for-business.md b/windows/security/book/includes/windows-update-for-business.md new file mode 100644 index 0000000000..a52459c919 --- /dev/null +++ b/windows/security/book/includes/windows-update-for-business.md @@ -0,0 +1,19 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 12/11/2024 +ms.topic: include +ms.service: windows-client +--- + +## Windows Update for Business + +Windows Update for Business empowers IT administrators to ensure that their organization's Windows client devices are consistently up to date with the latest security updates and features. By directly connecting these systems to the Windows Update service, administrators can maintain a high level of security and functionality. + +Administrators can utilize group policy or a device management solution like Microsoft Intune[\[4\]](../conclusion.md#footnote4), to configure Windows Update for Business settings. These settings control the timing and manner in which updates are applied, allowing for thorough reliability and performance testing on a subset of devices before deploying updates across the entire organization. + +This approach not only provides control over the update process but also ensures a seamless and positive update experience for all users within the organization. By using Windows Update for Business, organizations can achieve a more secure and efficient operational environment. + +[!INCLUDE [learn-more](learn-more.md)] + +- [Windows Update for Business documentation](/windows/deployment/update/waas-manage-updates-wufb) From 87286af40b2b3279cda1d1f853a02122edbe2b56 Mon Sep 17 00:00:00 2001 From: Robert Durff <43757104+MSRobertD@users.noreply.github.com> Date: Mon, 24 Feb 2025 13:55:55 -0800 Subject: [PATCH 41/44] Remove broken links on cc-windows-server-previous.md Removing 3 broken links per email thread w/ Aaron Czechowski and Paolo Matarazzo --- .../validations/cc-windows-server-previous.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md index 392c293fd2..d41e015648 100644 --- a/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md +++ b/windows/security/security-foundations/certification/validations/cc-windows-server-previous.md @@ -1,7 +1,7 @@ --- title: Common Criteria certifications for previous Windows Server releases description: Learn about the completed Common Criteria certifications for previous Windows Server releases. -ms.date: 2/1/2024 +ms.date: 2/24/2025 ms.topic: reference --- @@ -28,16 +28,16 @@ The following tables list the completed Common Criteria certifications for Windo |Product details |Date |Scope |Documents | |---------|---------|---------|---------| -|Validated editions: Standard, Enterprise, Datacenter, Itanium. |March 24, 2011 |(OS certification.) Certified against the Protection Profile for General Purpose Operating Systems. |[Security Target][security-target-march-2011]; [Administrative Guide][admin-guide-march-2011]; [Certification Report][certification-report-march-2011] | +|Validated editions: Standard, Enterprise, Datacenter, Itanium. |March 24, 2011 |(OS certification.) Certified against the Protection Profile for General Purpose Operating Systems. |[Security Target][security-target-march-2011]; [Certification Report][certification-report-march-2011] | |Server Core 2008 R2: Hyper-V Server Role|July 24, 2009 |(Hyper-V certification.) Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 3. It is CC Part 2 extended and Part 3 conformant, with a claimed Evaluation Assurance Level of EAL4, augmented by ALC_FLR.3. |[Security Target][security-target-july-2009]; [Administrative Guide][admin-guide-july-2009]; [Certification Report][certification-report-july-2009] | ## Windows Server 2008 |Product details |Date |Scope |Documents | |---------|---------|---------|---------| -|Validated edition: Standard, Enterprise, Datacenter. |August 15, 2009 |Controlled Access Protection Profile. CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 4. |[Security Target][security-target-august-2009]; [Administrative Guide][admin-guide-august-2009]; [Certification Report][certification-report-august-2009] | +|Validated edition: Standard, Enterprise, Datacenter. |August 15, 2009 |Controlled Access Protection Profile. CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 4. |[Security Target][security-target-august-2009]; [Certification Report][certification-report-august-2009] | |Microsoft Windows Server Core 2008: Hyper-V Server Role. |July 24, 2009 |CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 4. |[Security Target][security-target-july-2009-hyperv]; [Administrative Guide][admin-guide-july-2009-hyperv]; [Certification Report][certification-report-july-2009-hyperv] | -|Validated edition: Standard, Enterprise, Datacenter. |September 17, 2008 |CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 1. |[Security Target][security-target-september-2008]; [Administrative Guide][admin-guide-september-2008]; [Certification Report][certification-report-september-2008] | +|Validated edition: Standard, Enterprise, Datacenter. |September 17, 2008 |CC Part 2: security functional requirements. CC Part 3: security assurance requirements, at EAL 1. |[Security Target][security-target-september-2008]; [Certification Report][certification-report-september-2008] | ## Windows Server 2003 Certificate Server @@ -77,11 +77,8 @@ The following tables list the completed Common Criteria certifications for Windo [admin-guide-january-2015-pro]: https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx [admin-guide-april-2014]: https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf [admin-guide-january-2014]: https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx -[admin-guide-march-2011]: https://www.microsoft.com/downloads/en/details.aspx?familyid=ee05b6d0-9939-4765-9217-63083bb94a00 [admin-guide-july-2009]: https://www.microsoft.com/download/en/details.aspx?id=29308 [admin-guide-july-2009-hyperv]: https://www.microsoft.com/en-us/download/details.aspx?id=14252 -[admin-guide-august-2009]: https://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567 -[admin-guide-september-2008]: https://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567 From c522341feecf2aedf384046d5519ea8ae05723b8 Mon Sep 17 00:00:00 2001 From: Robert Durff <43757104+MSRobertD@users.noreply.github.com> Date: Mon, 24 Feb 2025 14:02:01 -0800 Subject: [PATCH 42/44] Fix link in fips-140-windows10.md Fixing one incorrect link URL for BitLocker Dump Filter Security Policy. --- .../certification/validations/fips-140-windows10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/security-foundations/certification/validations/fips-140-windows10.md b/windows/security/security-foundations/certification/validations/fips-140-windows10.md index 9bf64e0084..e7cecf69e6 100644 --- a/windows/security/security-foundations/certification/validations/fips-140-windows10.md +++ b/windows/security/security-foundations/certification/validations/fips-140-windows10.md @@ -1,7 +1,7 @@ --- title: FIPS 140 validated modules for Windows 10 description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 10. -ms.date: 11/13/2024 +ms.date: 2/24/2025 ms.topic: reference --- @@ -339,6 +339,6 @@ Build: 10.0.10240. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, M [sp-4515]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4515.pdf [sp-4536]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4536.pdf [sp-4537]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf -[sp-4538]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf +[sp-4538]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4538.pdf [sp-4766]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4766.pdf [sp-4825]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4825.pdf From 3549f64622c220be206b3d11c467a70e38da68c8 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:05:04 -0500 Subject: [PATCH 43/44] update --- windows/security/book/includes/microsoft-entra-id.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/book/includes/microsoft-entra-id.md b/windows/security/book/includes/microsoft-entra-id.md index e9bfd270c6..f0b400b0dd 100644 --- a/windows/security/book/includes/microsoft-entra-id.md +++ b/windows/security/book/includes/microsoft-entra-id.md @@ -17,7 +17,7 @@ Organizations can deploy Microsoft Entra ID joined devices to enable access to b For users wanting to connect to Microsoft Entra on their personal devices, they can do so by adding their work or school account to Windows. This action registers the user's personal device with Microsoft Entra ID, allowing IT admins to support users in bring your own device (BYOD) scenarios. Credentials are authenticated and bound to the joined device, and can't be copied to another device without explicit reverification. :::column-end::: :::column::: -:::image type="content" source="../images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="images/device-registration.png"::: +:::image type="content" source="../images/device-registration.png" alt-text="Screenshot of the Entra account registration page." border="false" lightbox="../images/device-registration.png"::: :::column-end::: :::row-end::: From 0aa7f0159e649606b8725c7190352295f44f9acd Mon Sep 17 00:00:00 2001 From: Rebecca Agiewich <16087112+rjagiewich@users.noreply.github.com> Date: Mon, 24 Feb 2025 14:28:50 -0800 Subject: [PATCH 44/44] Fix typos / acro fix --- windows/deployment/update/update-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index cfa5ff37f5..8f10fce044 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -94,7 +94,7 @@ options must be **Disabled** in order to take advantage of intelligent active ho If you do set active hours, we recommend setting the following policies to **Disabled** in order to increase update velocity: -- [Delay automatic reboot](waas-restart.md#delay-automatic-restart). While it's possible to set the system to delay restarts for users who are logged in, this setting might delay an update indefinitely if a user is always either logged in or shut down. Instead, we recommend setting the following polices to **Disabled**: +- [Delay automatic reboot](waas-restart.md#delay-automatic-restart). While it's possible to set the system to delay restarts for users who are logged in, this setting might delay an update indefinitely if a user is always either logged in or shut down. Instead, we recommend setting the following policies to **Disabled**: - **Turn off auto-restart during active hours** - **No auto-restart with logged on users for scheduled automatic updates** @@ -183,7 +183,7 @@ As administrators, you have set up and expect certain behaviors, so we expressly > expected. For example, if a device is not reacting to your MDM policy changes, check to see if a similar > policy is set in Group Policy with a differing value. > If you find that update velocity is not as high as you expect or if some devices are slower than others, it might be -> time to clear all polices and settings and specify only the recommended update policies. See the Policy and settings reference for a consolidated list of recommended polices. +> time to clear all policies and settings and specify only the recommended update policies. See the Policy and settings reference for a consolidated list of recommended policies. The following are policies that you might want to disable because they could decrease update velocity or there are better policies to use that might conflict: - **Defer Feature Updates Period in Days**. For maximum update velocity, it's best to set this to **0** (no