Merge branch 'main' into ADO-9517656-Update-for-Business

2025-05-12 13:27:23 +00:00 · 2025-03-26 11:33:18 -07:00 · 2025-03-26 11:33:18 -07:00 · 8b088f8f55
commit 8b088f8f55
parent a6f6924ea0 d926a66eb3
3 changed files with 8 additions and 2 deletions
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@ -143,6 +143,8 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant

 <!-- AllowMicrosoftAccountSignInAssistant-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!CAUTION]
+> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a Multiple Activation Key (MAK) will fail.
 <!-- AllowMicrosoftAccountSignInAssistant-Editable-End -->

 <!-- AllowMicrosoftAccountSignInAssistant-DFProperties-Begin -->
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@ -11,7 +11,7 @@ In many cases, a first step for administrators is to customize the firewall prof

 This article describes the concepts and recommendations for creating and managing firewall rules.

-## Rule precedence for inbound rules
+## Rule precedence for inbound and outbound rules

 In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when configuring inbound exceptions:

@ -19,7 +19,9 @@ In many cases, allowing specific types of inbound traffic is required for applic
 1. Explicit block rules take precedence over any conflicting allow rules
 1. More specific rules take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 takes precedence

-Because of 1 and 2, when designing a set of policies you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
+Because of 1 and 2, when designing a set of policies, you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
+
+Outbound rules follow the same precedence behaviors. 

 > [!NOTE]
 > Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described.
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@ -36,6 +36,8 @@ In many cases, applications should be able to replace NTLM with Negotiate using

 Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). 

+NTLM v1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. Some situations still use NTLMv1 primitives for legacy reasons. MSCHAPv2 uses the same response function as NTLMv1 and is vulnerable to the same attacks against the weak crypto.  MSCHAPv2 is only disabled by enabling Credential Guard.
+
 ## WordPad

 WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: