From 131880a1a0de8759c0958fdfdc12f20ece6f3a78 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 30 Sep 2016 10:52:03 -0700 Subject: [PATCH 1/2] Update index.md --- devices/surface-hub/index.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index 03268e3bb2..8c84d59605 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -36,14 +36,3 @@ Documents related to the Microsoft Surface Hub. - -  - -  - -  - - - - - From 771a6d3aed4b460d8dd3004aee31dc2750c0712d Mon Sep 17 00:00:00 2001 From: jamiejdt Date: Fri, 30 Sep 2016 12:33:37 -0700 Subject: [PATCH 2/2] Add caveats to MBAM XTS-AES support --- mdop/mbam-v25/release-notes-for-mbam-25-sp1.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md index d8e92abf32..b52e59331b 100644 --- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md @@ -119,7 +119,16 @@ If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an "Acc **Workaround:** If the "Access Denied" error message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled. ### Support for Bitlocker XTS-AES encryption algorithm -Bitlocker added support for the XTS-AES encryption algorithm in Windows 10, version 1511. As of HF02, MBAM now supports this Bitlocker option. +Bitlocker added support for the XTS-AES encryption algorithm in Windows 10, version 1511. +As of HF02, MBAM now supports this Bitlocker option and is a client-only update. +However, there are two known limitations: + +* MBAM will correctly report compliance status but the **Cipher Strength** field in MBAM reports will be empty. +MBAM pre-built reports and compliance charts won’t break but the **Cipher Strength** column will be empty for XTS machines. +Also, if a customer has a custom report that uses this particular field, they may have to make adjustments to accommodate this update. + +* Customers must use the same encryption strength for OS and data volumes on the same machine. +If different encryption strengths are used, MBAM will report the machine as **non-compliant**. ### Self-Service Portal automatically adds "-" on Key ID entry As of HF02, the MBAM Self-Service Portal automatically adds the '-' on Key ID entry.