From 7f93359f7334d3f0741bb12c463fbb79d029d18f Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 28 Apr 2017 10:53:18 -0700 Subject: [PATCH 01/11] fixing redirect --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index bc0528dea6..8af01fd971 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -207,7 +207,7 @@ }, { "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md", -"redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-mobile-edition", +"redirect_url": "/windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition", "redirect_document_id": true }, { From 1db7b70b7a62cfe10052a14f55611b6d98e908cc Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 28 Apr 2017 10:57:59 -0700 Subject: [PATCH 02/11] fixing author metadata --- browsers/internet-explorer/docfx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 2c883d6a53..b19b1d7f96 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -18,7 +18,7 @@ "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json", "ROBOTS": "INDEX, FOLLOW", "ms.author": "lizross", - "author": "lizross", + "author": "eross-msft", "ms.technology": "internet-explorer", "ms.topic": "article" }, From d56093a3f98ab36b2a53af5c61e2797b9916de1f Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 28 Apr 2017 11:47:31 -0700 Subject: [PATCH 03/11] added list of new Group Policy settings for Windows 10, version 1703 --- .../change-history-for-client-management.md | 5 +- .../new-policies-for-windows-10.md | 160 +++++++++++++++--- 2 files changed, 140 insertions(+), 25 deletions(-) diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md index e0349be98b..17d2570fda 100644 --- a/windows/client-management/change-history-for-client-management.md +++ b/windows/client-management/change-history-for-client-management.md @@ -14,7 +14,10 @@ author: jdeckerMS This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile. - +## April 2017 +| New or changed topic | Description | +|----------------------|-------------| +| [New policies for Windows 10](new-policies-for-windows-10.md) | Added a list of new Group Policy settings for Windows 10, version 1703 | ## RELEASE: Windows 10, version 1703 diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index bdb9f28644..2d0e3ccf37 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -20,32 +20,144 @@ localizationpriority: high Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=625081). -## New Group Policy settings in Windows 10 +## New Group Policy settings in Windows 10, version 1703 + +The following Group Policy settings were added in Windows 10, version 1703: + +**Control Panel** + +- Control Panel\Add or Remove Programs\Specify default category for Add New Programs +- Control Panel\Add or Remove Programs\Hide the "Add a program from CD-ROM or floppy disk" option +- Control Panel\Personalization\Prevent changing lock screen and logon image + +**Network** + +- Network\Background Intelligent Transfer Service (BITS)\Limit the maximum network bandwidth for BITS background transfers +- Network\Background Intelligent Transfer Service (BITS)\Allow BITS Peercaching +- Network\Background Intelligent Transfer Service (BITS)\Limit the age of files in the BITS Peercache +- Network\Background Intelligent Transfer Service (BITS)\Limit the BITS Peercache size +- Network\DNS Client\Allow NetBT queries for fully qualified domain names +- Network\Network Connections\Prohibit access to properties of components of a LAN connection +- Network\Network Connections\Ability to Enable/Disable a LAN connection +- Network\Offline Files\Turn on economical application of administratively assigned Offline Files +- Network\Offline Files\Configure slow-link mode +- Network\Offline Files\Enable Transparent Caching +- Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set the Seed Server +- Network\Microsoft Peer-to-Peer Networking Services\Disable password strength validation for Peer Grouping + +**System** + +- System\App-V\Streaming\Location Provider +- System\App-V\Streaming\Certificate Filter For Client SSL +- System\Credentials Delegation\Allow delegating default credentials with NTLM-only server authentication +- System\Ctrl+Alt+Del Options\Remove Change Password +- System\Ctrl+Alt+Del Options\Remove Lock Computer +- System\Ctrl+Alt+Del Options\Remove Task Manager +- System\Ctrl+Alt+Del Options\Remove Logoff +- System\Device Installation\Do not send a Windows error report when a generic driver is installed on a device +- System\Device Installation\Prevent Windows from sending an error report when a device driver requests additional software during installation +- System\Locale Services\Disallow user override of locale settings +- System\Logon\Do not process the legacy run list +- System\Logon\Always use custom logon background +- System\Logon\Do not display network selection UI +- System\Logon\Block user from showing account details on sign-in +- System\Logon\Turn off app notifications on the lock screen +- System\User Profiles\Establish timeout value for dialog boxes +- System\Enable Windows NTP Server\Windows Time Service\Enable Windows NTP Client + +**Windows Components** + +- Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls +- Windows Components\ActiveX Installer Service\Establish ActiveX installation policy for sites in Trusted zones +- Windows Components\Application Compatibility\Turn off Application Compatibility Engine +- Windows Components\Application Compatibility\Turn off Program Compatibility Assistant +- Windows Components\Application Compatibility\Turn off Program Compatibility Assistant +- Windows Components\Application Compatibility\Turn off Steps Recorder +- Windows Components\Attachment Manager\Notify antivirus programs when opening attachments +- Windows Components\Biometrics\Allow the use of biometrics +- Windows Components\NetMeeting\Disable Whiteboard +- Windows Components\Data Collection and Preview Builds\Configure the Commercial ID +- Windows Components\File Explorer\Display the menu bar in File Explorer +- Windows Components\File History\Turn off File History +- Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting Filter +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting Filter +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting +- Windows Components\Internet Explorer\Accelerators\Restrict Accelerators to those deployed through Group Policy +- Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode +- Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider +- Windows Components\Microsoft Edge\Configure Autofill +- Windows Components\Microsoft Edge\Allow Developer Tools +- Windows Components\Microsoft Edge\Allow Developer Tools +- Windows Components\Microsoft Edge\Configure Do Not Track +- Windows Components\Microsoft Edge\Allow InPrivate browsing +- Windows Components\Microsoft Edge\Configure Password Manager +- Windows Components\Microsoft Edge\Configure Password Manager +- Windows Components\Microsoft Edge\Configure Pop-up Blocker +- Windows Components\Microsoft Edge\Configure Pop-up Blocker +- Windows Components\Microsoft Edge\Allow search engine customization +- Windows Components\Microsoft Edge\Allow search engine customization +- Windows Components\Microsoft Edge\Configure search suggestions in Address bar +- Windows Components\Microsoft Edge\Set default search engine +- Windows Components\Microsoft Edge\Configure additional search engines +- Windows Components\Microsoft Edge\Configure additional search engines +- Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List +- Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List +- Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC +- Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC +- Windows Components\Microsoft Edge\Configure Start pages +- Windows Components\Microsoft Edge\Configure Start pages +- Windows Components\Microsoft Edge\Disable lockdown of Start pages +- Windows Components\Microsoft Edge\Disable lockdown of Start pages +- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites +- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites +- Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files +- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\.Net Framework Configuration +- Windows Components\Windows Installer\Prohibit use of Restart Manager +- Windows Components\Desktop Gadgets\Restrict unpacking and installation of gadgets that are not digitally signed. +- Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets +- Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets +- Windows Components\OneDrive\Prevent the usage of OneDrive for file storage +- Windows Components\OneDrive\Prevent the usage of OneDrive for file storage on Windows 8.1 +- Windows Components\OneDrive\Prevent OneDrive files from syncing over metered connections +- Windows Components\OneDrive\Save documents to OneDrive by default +- Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute +- Windows Components\Smart Card\Turn on certificate propagation from smart card +- Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks +- Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507]) +- Windows Components\Windows Defender Antivirus\Real-time Protection\Turn on behavior monitoring +- Windows Components\Windows Defender Antivirus\Signature Updates\Define file shares for downloading definition updates +- Windows Components\Windows Defender Antivirus\Signature Updates\Turn on scan after signature update +- Windows Components\File Explorer\Display confirmation dialog when deleting files +- Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow OpenSearch queries in File Explorer +- Windows Components\Windows Update\Remove access to use all Windows Update features +- Windows Components\Windows Update\Configure Automatic Updates +- Windows Components\Windows Update\Specify intranet Microsoft update service location +- Windows Components\Windows Update\Automatic Updates detection frequency +- Windows Components\Windows Update\Allow non-administrators to receive update notifications +- Windows Components\Windows Update\Allow Automatic Updates immediate installation +- Windows Components\Windows Update\Turn on recommended updates via Automatic Updates +- Windows Components\Shutdown Options\Turn off legacy remote shutdown interface -There are some new policy settings in Group Policy for devices running Windows 10 , such as: - -- Microsoft Edge browser settings - -- Universal Windows app settings, such as: - - - Disable deployment of Windows Store apps to non-system volumes - - - Restrict users' application data to always stay on the system volume - - - Allow applications to share app data between users - -- [Start screen and Start menu layout](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy) - -- Windows Tips - -- Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu - -- [Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=623294) - -- Windows Updates for Business - -For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627). +For a spreadsheet of Group Policy settings included in Windows 10 and Windows Server 2016, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627). ## New MDM policies From 129f2960092ea8c464ce5e58500898d594163bfa Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Fri, 28 Apr 2017 13:03:57 -0700 Subject: [PATCH 04/11] Update cloud-mode-business-setup.md Added the banner at the top again, but this time below the topic title, which should show the author and other info. --- smb/cloud-mode-business-setup.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index ea6e3ecf3a..60c537b382 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -13,6 +13,9 @@ author: CelesteDG --- # Get started: Deploy and manage a full cloud IT solution for your business + +![Learn how to set up a full cloud infrastructure for your business](images/business-cloud-mode.png) + **Applies to:** - Office 365 Business Premium, Azure AD Premium, Intune, Windows Store for Business, Windows 10 From 273dfc07899920836155bd3bedbec01ab51dcc74 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 28 Apr 2017 14:09:48 -0700 Subject: [PATCH 05/11] Updating for clarity --- .../create-wip-policy-using-intune.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md index cb3d8f028e..10a8f84146 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -1,5 +1,5 @@ --- -title: Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune (Windows 10) +title: Create a Windows Information Protection (WIP) with enrollment policy using Microsoft Azure Intune (Windows 10) description: Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721 ms.prod: w10 @@ -10,7 +10,7 @@ author: eross-msft localizationpriority: high --- -# Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune +# Create a Windows Information Protection (WIP) with enrollment policy using Microsoft Azure Intune **Applies to:** @@ -19,6 +19,9 @@ localizationpriority: high Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. +>[!Important] +>This topic covers creating a Windows Information Protection (WIP) policy for organizations already managing devices by using Mobile Device Management (MDM) solutions. If your organization uses a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without managing devices, you must follow the instructions in the [Create and deploy Windows Information Protection (WIP) app protection policy with Intune](https://docs.microsoft.com/en-us/intune/deploy-use/create-windows-information-protection-policy-with-intune) topic. + ## Add a WIP policy After you’ve set up Intune for your organization, you must create a WIP-specific policy. From d858bcb4707a6a50f80572bbf665583755e0f0db Mon Sep 17 00:00:00 2001 From: Angela Robertson Date: Fri, 28 Apr 2017 15:54:11 -0700 Subject: [PATCH 06/11] Update create-wip-policy-using-intune.md Microsoft Azure Intune -> Microsoft Intune --- .../create-wip-policy-using-intune.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md index cb3d8f028e..bc98961754 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -1,6 +1,6 @@ --- -title: Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune (Windows 10) -description: Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10) +description: Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721 ms.prod: w10 ms.mktglfcycl: explore @@ -10,20 +10,20 @@ author: eross-msft localizationpriority: high --- -# Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune +# Create a Windows Information Protection (WIP) policy using Microsoft Intune **Applies to:** - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) -Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. +Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. ## Add a WIP policy After you’ve set up Intune for your organization, you must create a WIP-specific policy. **To add a WIP policy** -1. Open the Microsoft Azure Intune mobile application management console, click **All settings**, and then click **App policy**. +1. Open the Microsoft Intune mobile application management console, click **All settings**, and then click **App policy**. ![Microsoft Azure Intune management console: App policy link](images/wip-azure-portal-start.png) @@ -293,9 +293,9 @@ For this example, we’re going to add an AppLocker XML file to the **Allowed ap ``` -12. After you’ve created your XML file, you need to import it by using Microsoft Azure Intune. +12. After you’ve created your XML file, you need to import it by using Microsoft Intune. -**To import your list of Allowed apps using Microsoft Azure Intune** +**To import your list of Allowed apps using Microsoft Intune** 1. From the **Allowed apps** area, click **Import apps**. @@ -497,7 +497,7 @@ After you've decided where your protected apps can access enterprise data on you ### Choose to set up Azure Rights Management with WIP WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/en-us/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. -To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Azure Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. +To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. @@ -506,7 +506,7 @@ Optionally, if you don’t want everyone in your organization to be able to shar ## Related topics - [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) -- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md) +- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) - [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/) - [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) From 36084c8dbdae41f7c555c60a3bb80892a78db4af Mon Sep 17 00:00:00 2001 From: Angela Robertson Date: Fri, 28 Apr 2017 15:56:28 -0700 Subject: [PATCH 07/11] Update create-vpn-and-wip-policy-using-intune.md Microsoft Azure Intune -> Microsoft Intune --- .../create-vpn-and-wip-policy-using-intune.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index 9fbe861ddc..6c53aea745 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -1,5 +1,5 @@ --- -title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune (Windows 10) +title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune (Windows 10) description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b keywords: WIP, Enterprise Data Protection @@ -11,22 +11,22 @@ author: eross-msft localizationpriority: high --- -# Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune +# Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune **Applies to:** - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) -After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. +After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. -## Associate your WIP policy to your VPN policy by using Microsoft Azure Intune +## Associate your WIP policy to your VPN policy by using Microsoft Intune Follow these steps to associate your WIP policy with your organization's existing VPN policy. **To associate your policies** 1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). -2. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. +2. Open the Microsoft Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. ![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png) @@ -70,4 +70,4 @@ After you’ve created your VPN policy, you'll need to deploy it to the same gro ![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png) >[!NOTE] ->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file +>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From 2e9862a7093e6d9ff9de9fe4a9c45903d84a272a Mon Sep 17 00:00:00 2001 From: jtippet Date: Fri, 28 Apr 2017 19:10:54 -0700 Subject: [PATCH 08/11] Update manage-surface-dock-firmware-updates.md Fix typo: HLKM->HKLM --- devices/surface/manage-surface-dock-firmware-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md index 70a884e151..a07e2d8789 100644 --- a/devices/surface/manage-surface-dock-firmware-updates.md +++ b/devices/surface/manage-surface-dock-firmware-updates.md @@ -87,7 +87,7 @@ For more information about how to deploy MSI packages see [Create and deploy an >[!NOTE] >When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in: -> **HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters** +> **HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters** Firmware status is displayed for both the main chipset (displayed as **Component10**) and the DisplayPort chipset (displayed as **Component20**). For each chipset there are four keys, where *xx* is **10** or **20** corresponding to each chipset: From 376fb1c61e00fe9ed6843e92e6d554c7adeafb6a Mon Sep 17 00:00:00 2001 From: jtippet Date: Fri, 28 Apr 2017 19:15:49 -0700 Subject: [PATCH 09/11] Update windows-virtual-pc-application-exclude-list.md Fix typo HLKM -> HKLM --- mdop/medv-v2/windows-virtual-pc-application-exclude-list.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md b/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md index f0f22b199f..6ec3d5c3a4 100644 --- a/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md +++ b/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md @@ -15,7 +15,7 @@ ms.prod: w7 In some instances, you might not want applications that are installed in the MED-V workspace to be published to the host computer **Start** menu. You can unpublish these applications by following the instructions at [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md). However, if the program ever automatically updates, it might also be automatically republished. This causes you to have to unpublish the application again. -Windows Virtual PC includes a feature known as the "Exclude List" that lets you specify certain installed applications that you do not want published to the host **Start** menu. The "Exclude List" is located in the guest registry in the HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Virtual Machine\\VPCVAppExcludeList key and lists those applications that are not published to the host **Start** menu. You can think of the “Exclude List” as permanently unpublishing the specified applications because any automatic updates to the applications that are listed will not cause them to be automatically republished. +Windows Virtual PC includes a feature known as the "Exclude List" that lets you specify certain installed applications that you do not want published to the host **Start** menu. The "Exclude List" is located in the guest registry in the HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Virtual Machine\\VPCVAppExcludeList key and lists those applications that are not published to the host **Start** menu. You can think of the “Exclude List” as permanently unpublishing the specified applications because any automatic updates to the applications that are listed will not cause them to be automatically republished. ## Managing Applications by Using the Exclude List in Windows Virtual PC From 9600759551877a06415b6c8f1dfd7dcd3b58324a Mon Sep 17 00:00:00 2001 From: LizRoss Date: Mon, 1 May 2017 06:56:46 -0700 Subject: [PATCH 10/11] Adding related topics --- .../create-wip-policy-using-intune.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md index 995f0668f9..eb5c8a099f 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -507,6 +507,12 @@ Optionally, if you don’t want everyone in your organization to be able to shar >For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic. ## Related topics +- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) + +- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune](https://docs.microsoft.com/en-us/intune/deploy-use/create-windows-information-protection-policy-with-intune) + +- [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/) + - [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) - [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) @@ -515,9 +521,7 @@ Optionally, if you don’t want everyone in your organization to be able to shar - [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/) -- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) -- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune](https://docs.microsoft.com/en-us/intune/deploy-use/create-windows-information-protection-policy-with-intune) >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). From 2b7e3ffddc39d3165e1c4468a40532b1e26c8e73 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Mon, 1 May 2017 07:00:55 -0700 Subject: [PATCH 11/11] Updated content --- .../create-wip-policy-using-intune.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md index eb5c8a099f..31ea9b52b2 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -41,6 +41,9 @@ After you’ve set up Intune for your organization, you must create a WIP-specif ![Microsoft Intune management console: Create your new policy in the Add a policy blade](images/wip-azure-portal-add-policy.png) + >[!Important] + >Choosing **With enrollment** only applies for organizations using MDM. If you're using MAM, you must use these instructions, [Create and deploy Windows Information Protection (WIP) app protection policy with Intune](https://docs.microsoft.com/en-us/intune/deploy-use/create-windows-information-protection-policy-with-intune), instead. + 3. Click **Create**. The policy is created and appears in the table on the **App Policy** screen.