Merge remote-tracking branch 'refs/remotes/origin/rs3' into jd3csp

2025-05-20 09:17:25 +00:00 · 2017-08-24 06:55:55 -07:00 · 2017-08-24 06:55:55 -07:00 · 88585e81f6
commit 88585e81f6
parent 92e64347d4 69c65c1098
9 changed files with 5433 additions and 1281 deletions
--- a/devices/surface-hub/surface-hub-authenticator-app.md
+++ b/devices/surface-hub/surface-hub-authenticator-app.md
@ -39,8 +39,13 @@ Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs tha
 ## Individual prerequisites
 - An Android phone running 6.0 or later, or an iPhone or iPad running iOS9 or later 
 - The most recent version of the Microsoft Authenticator app from the appropriate app store 
    >[!NOTE]
    >The Microsoft Authenticator app on phones running a Windows operating system can't be used to sign in to Surface Hub.
 - Passcode or screen lock on your device is enabled
 - A standard SMTP email address (example: joe@contoso.com). Non-standard or vanity SMTP email addresses (example: firstname.lastname@contoso.com) currently don’t work.
--- a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
+++ b/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md
@ -89,6 +89,14 @@ You can use your preferred method to view WMI. If you use PowerShell, run `gwmi
 <td align="left"><p>14</p></td>
 <td align="left"><p>AutoUnlock unsafe unless the OS volume is encrypted.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>15</p></td>
 <td align="left"><p>Policy requires minimum cypher strength is XTS-AES-128 bit, actual cypher strength is weaker than that.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>16</p></td>
 <td align="left"><p>Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker than that.</p></td>
 </tr>
 </tbody>
 </table>
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -52,7 +52,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 ## <a href="" id="whatsnew"></a>What's new in Windows 10, version 1511
-<table>
+<table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
@ -184,7 +184,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 ## <a href="" id="whatsnew1607"></a>What's new in Windows 10, version 1607
-<table>
+<table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
@ -495,7 +495,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 ## <a href="" id="whatsnew10"></a>What's new in Windows 10, version 1703
-<table>
+<table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
@ -916,7 +916,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 ## <a href="" id="whatsnew1709"></a>What's new in Windows 10, version 1709
-<table>
+<table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
@ -1025,10 +1025,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>Defender/AttackSurfaceReductionRules</li>
 <li>Defender/CloudBlockLevel </li>
 <li>Defender/CloudExtendedTimeout</li>
-<li>Defender/EnableGuardMyFolders</li>
+<li>Defender/ControlledFolderAccessAllowedApplications</li>
 <li>Defender/ControlledFolderAccessProtectedFolders</li>
 <li>Defender/EnableControlledFolderAccess</li>
 <li>Defender/EnableNetworkProtection</li>
 <li>Defender/GuardedFoldersAllowedApplications</li>
 <li>Defender/GuardedFoldersList</li>
 <li>Education/DefaultPrinterName</li>
 <li>Education/PreventAddingNewPrinters</li>
 <li>Education/PrinterNames</li>
@ -1324,7 +1324,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 ### August 2017
-<table>
+<table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
@ -1394,6 +1394,15 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Added default values.</li>
 </ul>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[Policy DDF file](policy-ddf-file.md)</td>
 <td style="vertical-align:top">Added another Policy DDF file [download](http://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
 <ul>
 <li>Browser/AllowMicrosoftCompatibilityList</li>
 <li>Update/DisableDualScan</li>
 <li>Update/FillEmptyContentUrls</li>
 </ul>
 </td></tr>
 <tr class="even">
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
@ -1427,6 +1436,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Privacy/PublishUserActivities</li>
 </ul>
 <p>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.</p>
 <p>Changed the names of the following policies:</p>
 <ul>
 <li>Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications</li>
 <li>Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders</li>
 <li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess</li>
 </ul>
 <p>Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).</p>
 </td></tr>
 </tbody>
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -667,7 +667,7 @@ The following diagram shows the Policy configuration service provider in tree fo
    <a href="./policy-csp-defender.md#defender-daystoretaincleanedmalware" id="defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
  </dd>
  <dd>
-    <a href="./policy-csp-defender.md#defender-enableguardmyfolders" id="defender-enableguardmyfolders">Defender/EnableGuardMyFolders</a>
+    <a href="./policy-csp-defender.md#defender-enablecontrolledfolderaccess" id="defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
  </dd>
  <dd>
    <a href="./policy-csp-defender.md#defender-enablenetworkprotection" id="defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
@ -682,10 +682,10 @@ The following diagram shows the Policy configuration service provider in tree fo
    <a href="./policy-csp-defender.md#defender-excludedprocesses" id="defender-excludedprocesses">Defender/ExcludedProcesses</a>
  </dd>
  <dd>
-    <a href="./policy-csp-defender.md#defender-guardedfoldersallowedapplications" id="defender-guardedfoldersallowedapplications">Defender/GuardedFoldersAllowedApplications</a>
+    <a href="./policy-csp-defender.md#defender-controlledfolderaccessallowedapplications" id="defender-controlledfolderaccessallowedapplications">Defender/ControlledFolderAccessAllowedApplications</a>
  </dd>
  <dd>
-    <a href="./policy-csp-defender.md#defender-guardedfolderslist" id="defender-guardedfolderslist">Defender/GuardedFoldersList</a>
+    <a href="./policy-csp-defender.md#defender-controlledfolderaccessprotectedfolders" id="defender-controlledfolderaccessprotectedfolders">Defender/ControlledFolderAccessProtectedFolders</a>
  </dd>
  <dd>
    <a href="./policy-csp-defender.md#defender-puaprotection" id="defender-puaprotection">Defender/PUAProtection</a>
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -782,7 +782,7 @@ Value type is string.
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="defender-enableguardmyfolders"></a>**Defender/EnableGuardMyFolders**  
+<a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**  
 <!--StartSKU-->
 <table>
@ -809,13 +809,13 @@ Value type is string.
 <!--EndSKU-->
 <!--StartDescription-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders  and changed to EnableControlledFolderAccess.
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.  
- 0 (default) - Off
+- 0 (default) - Disabled
- 1 - Audit mode
+- 1 - Enabled
- 2 - Enforcement mode
+- 2 - Audit Mode
 <!--EndDescription-->
 <!--EndPolicy-->
@ -977,7 +977,7 @@ Value type is string.
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="defender-guardedfoldersallowedapplications"></a>**Defender/GuardedFoldersAllowedApplications**  
+<a href="" id="defender-controlledfolderaccessallowedapplications"></a>**Defender/ControlledFolderAccessAllowedApplications**  
 <!--StartSKU-->
 <table>
@ -1004,14 +1004,14 @@ Value type is string.
 <!--EndSKU-->
 <!--StartDescription-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode &#xF000; as the substring separator.
 <!--EndDescription-->
 <!--EndPolicy-->
 <!--StartPolicy-->
-<a href="" id="defender-guardedfolderslist"></a>**Defender/GuardedFoldersList**  
+<a href="" id="defender-controlledfolderaccessprotectedfolders"></a>**Defender/ControlledFolderAccessProtectedFolders**  
 <!--StartSKU-->
 <table>
@ -1038,7 +1038,7 @@ Value type is string.
 <!--EndSKU-->
 <!--StartDescription-->
 > [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
+> This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode &#xF000; as the substring separator.
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@ -8,6 +8,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: high
 ms.author: jdecker
 ms.date: 10/05/2017
 ---
 # Customize Windows 10 Start and taskbar with Group Policy
@ -61,6 +63,9 @@ Three features enable Start and taskbar layout control:
 To apply the Start and taskbar layout to users in a domain, use the Group Policy Management Console (GPMC) to configure a domain-based Group Policy Object (GPO) that sets **Start Layout** policy settings in the **Start Menu and Taskbar** administrative template for users in a domain.
 >[!IMPORTANT]
 >In Windows 10, version 1709, Edge is pinned to the desktop automatically during Windows 10 installation or upgrade. When you apply a custom Start layout using this policy, Edge will not be pinned to the desktop. 
 The GPO applies the Start and taskbar layout at the next user sign-in. Each time the user signs in, the timestamp of the .xml file with the Start and taskbar layout is checked and if a newer version of the file is available, the settings in the latest version of the file are applied.
 The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed.
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@ -0,0 +1,20 @@
 ---
 title: Windows Autopilot EULA dismissal – important information
 description: A notice about EULA dismissal through Windows AutoPilot
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 ms.localizationpriority: high
 ms.author: mayam
 ms.date: 08/22/2017
 ROBOTS: noindex,nofollow
 ---
 # Windows Autopilot EULA dismissal – important information
 >[!IMPORTANT]
 >The information below isn't the EULA. It is a notice of awareness to the administrator that's configuring to skip End User License Agreement (EULA) during the OOBE (Out-of-Box Experience).
 Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.  
 By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms.  This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors.
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@ -52,10 +52,9 @@ Whenever a change or comment is made to an alert, it is recorded in the **Commen
 Added comments instantly appear on the pane.
 ## Suppress alerts
 There might be scenarios where you need to suppress alerts from appearing in the Windows Defender ATP portal. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. 
-Windows Defender ATP lets you create suppression rules so you can limit the alerts you see in the **Alerts queue**.
+Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
 Suppression rules can be created from an existing alert.
 When a suppression rule is created, it will take effect from the point when the rule is created. The rule will not affect existing alerts already in the queue prior to the rule creation. The rule will only be applied on alerts that satisfy the conditions set after the rule is created.
@ -64,7 +63,9 @@ There are two contexts for a suppression rule that you can choose from:
 - **Suppress alert on this machine**
 - **Suppress alert in my organization**
-The context of the rule lets you tailor the queue to ensure that only alerts you are interested in will appear. You can use the examples in the following table to help you choose the context for a suppression rule:
+The context of the rule lets you tailor what gets surfaced into the portal and ensure that only real security alerts are surfaced into the portal.
 You can use the examples in the following table to help you choose the context for a suppression rule:
 | **Context**                           | **Definition**                                                                                                                                              | **Example scenarios**                                                                                                                                                                                                  |
 |:--------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
@ -87,35 +88,28 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
  > [!NOTE]
  > You cannot create a custom or blank suppression rule. You must start from an existing alert.
 4. Specify the conditions for when the rule is applied:
    - Alert title
    - Indicator of compromise (IOC)
    - Suppression conditions
    > [!NOTE]
-    > The SHA1 of the alert cannot be modified
+    > The SHA1 of the alert cannot be modified, however you can clear the SHA1 to remove it from the suppression conditions.
-5. Specify the action and scope on the alert. You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. You can also specify to suppress the alert on the machine only or the whole organization.
+    
 5. Specify the action and scope on the alert. <br>
   You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. Alerts that are marked as hidden will be suppressed from the entire system, both on the machine's associated alerts and from the dashboard. You can also specify to suppress the alert on the machine only or the whole organization.
 6. Click **Save and close**.
-**See the list of suppression rules:**
+### View the list of suppression rules
-1. Click the settings icon ![The settings icon looks like a cogwheel or gear](images/settings.png) on the main menu bar at the top of the Windows Defender ATP screen.
+1. Click **Alerts queue** > **Suppression rules**.
 2. Click **Suppression rules**.
-  ![Click the settings icon and then Suppression rules to create and modify rules](images/atp-suppression-rules.png)
+2. The list of suppression rules shows all the rules that users in your organization have created.
 The list of suppression rules shows all the rules that users in your organization have created.
 ![Suppression rules show the rule name or title, the context, the date, and an icon to delete the rule](images/rules-legend.png)
 Each rule shows:
 - (1) The title of the alert that is suppressed
 - (2) Whether the alert was suppressed for a single machine (clicking the machine name will allow you to investigate the machine) or the entire organization
 - (3) The date when the alert was suppressed
 - (4) An option to delete the suppression rule, which will cause alerts with this title to be displayed in the queue from this point onwards.
 You can select rules to open up the **Alert management** pane. From there, you can activate previously disabled rules.
 ## Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)