deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into ADO-9517656-Update-for-Business

Browse Source
This commit is contained in:
Gary Moore 2025-03-26 11:33:18 -07:00
commit 8b088f8f55
3 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/policy-csp-accounts.md
View File

@ -143,6 +143,8 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant
<!-- AllowMicrosoftAccountSignInAssistant-Editable-Begin --> <!-- AllowMicrosoftAccountSignInAssistant-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. --> <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!CAUTION]
> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a Multiple Activation Key (MAK) will fail.
<!-- AllowMicrosoftAccountSignInAssistant-Editable-End --> <!-- AllowMicrosoftAccountSignInAssistant-Editable-End -->
<!-- AllowMicrosoftAccountSignInAssistant-DFProperties-Begin --> <!-- AllowMicrosoftAccountSignInAssistant-DFProperties-Begin -->

6
windows/security/operating-system-security/network-security/windows-firewall/rules.md
View File

@ -11,7 +11,7 @@ In many cases, a first step for administrators is to customize the firewall prof
This article describes the concepts and recommendations for creating and managing firewall rules. This article describes the concepts and recommendations for creating and managing firewall rules.
## Rule precedence for inbound rules ## Rule precedence for inbound and outbound rules
In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when configuring inbound exceptions: In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when configuring inbound exceptions:
@ -19,7 +19,9 @@ In many cases, allowing specific types of inbound traffic is required for applic
1. Explicit block rules take precedence over any conflicting allow rules 1. Explicit block rules take precedence over any conflicting allow rules
1. More specific rules take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 takes precedence 1. More specific rules take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 takes precedence
Because of 1 and 2, when designing a set of policies you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow. Because of 1 and 2, when designing a set of policies, you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
Outbound rules follow the same precedence behaviors.
> [!NOTE] > [!NOTE]
> Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described. > Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described.

2
windows/whats-new/deprecated-features-resources.md
View File

@ -36,6 +36,8 @@ In many cases, applications should be able to replace NTLM with Negotiate using
Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm).
NTLM v1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. Some situations still use NTLMv1 primitives for legacy reasons. MSCHAPv2 uses the same response function as NTLMv1 and is vulnerable to the same attacks against the weak crypto. MSCHAPv2 is only disabled by enabling Credential Guard.
## WordPad ## WordPad
WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: