deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #402 from MicrosoftDocs/FromPrivateRepo

Browse Source 
From private repo
This commit is contained in:
Alma Jenks 2018-01-03 16:08:14 -08:00 committed by GitHub
commit 8d6194f265
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 2574 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
education/trial-in-a-box/educator-tib-get-started.md
View File

@ -17,6 +17,8 @@ ms.date: 12/11/2017
# Get started for Educators
Hello, Teachers! In this guide we'll show you how you can quickly and easily try out a few transformational tools in Microsoft Education.
Connect the device to your school's Wi-Fi and then log-in with your teacher credentials included with your Trial in a Box.
![Explore these four tools for educators](images/msedu_tib_teachersteps_nologo.png)
## Explore these four tools in Microsoft Education
@ -59,11 +61,8 @@ See how Microsoft Teams for Education works in the classroom.
<span style="color:#00BCF2; font-size: 1.5em">**Try this!**</span> Take a guided tour of Microsoft Teams and test drive some teaching tasks.
1. Open your browser and visit <a href="https://aka.ms/EduTeamsWalkthrough" target="_blank">https://aka.ms/EduTeamsWalkthrough</a>.
2. Sign in using these credentials:
- **User**: MSFT
- **Password**: onStage!
3. Follow along with the guide.
1. Open your browser and visit <a href="https://msteamsdemo.azurewebsites.net/" target="_blank">https://msteamsdemo.azurewebsites.net/</a>.
2. Follow along with the guide.
## 3. OneNote
OneNote acts as an unlimited digital canvas for the whole class to store text, images, handwritten drawings, attachments, links, voice, video, and more. See how a group project comes together with opportunities to interact with other students, multimedia, and sophisticated drawing tools. This one works best with your digital pen!

13
education/trial-in-a-box/index.md
View File

@ -18,19 +18,18 @@ ms.date: 12/11/2017
![Microsoft Education Trial in a Box header image](images/TrialInABox_Header_Map_Graphic-01.png)
## Welcome to the Microsoft Education Trial in a Box!
**Applies to:**
- Windows 10 S Fall Creators Update, Office 365 for Education, Microsoft Intune for Education, Microsoft Store for Education, Minecraft: Education Edition
Welcome to the Microsoft Education Trial in a Box!
## What's Trial in a Box?
Trial in a Box lets you evaluate our latest solutions for education.
Trial in a Box puts the Microsoft education technology into an easy package so you can see how our solution can help to:
With Microsoft Education Trial in a Box:
* Educators can enhance independence for students of all abilities with intelligent tools like Microsoft Learning Tools, spark creativity, collaboration, and problem-solving with OneNote
* Students can be more creative, collaborative, and improve problem-solving skills with Minecraft: Education Edition and bring ideas to life in 3D
* IT admins can learn about the tools they can use to implement and deploy a full cloud infrastructure for their school that's secure and easy to manage
* Enhance independence for students of all abilities with intelligent tools like Microsoft Learning Tools, and spark creativity, collaboration, and problem-solving with OneNote.
* Inspire creativity, collaboration, and improve problem-solving skills with Minecraft: Education Edition and bring ideas to life in 3D.
* Allow IT admins to quickly implement and deploy a full cloud infrastructure for their school that's secure and easy to manage.
## What's in Trial in a Box?

18
store-for-business/configure-mdm-provider-microsoft-store-for-business.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: store
author: TrudyHa
ms.localizationpriority: high
ms.date: 10/17/2017
ms.date: 1/6/2018
---
# Configure an MDM provider
@ -23,17 +23,19 @@ Your management tool needs to be installed and configured with Azure AD, in the
**To configure a management tool in Azure AD**
1. Sign in to the Azure Portal as an Administrator.
2. Click **Active Directory**, and then choose your directory. 
3. Click **Applications**, find the application, and add it to your directory.
1. Sign in to the Azure Portal as an Administrator.
2. Click **Azure Active Directory**, and then choose your directory.
4. Click **Mobility (MDM and MAM)**.  
3. Click **+Add Applications**, find the application, and add it to your directory.
After your management tool is added to your Azure AD directory, you can configure it to work with Microsoft Store. You can configure multiple management tools - just repeat the following procedure.
**To configure a management tool in Store for Business**
**To configure a management tool in Microsoft Store for Business**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com)
2. Click **Manage**, click **Store settings**, and then click **Management tools**.
3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.**
1. Sign in to the [Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com)
2. Click **Manage**, click **Settings**.
3. Under **Distribute**, click **Management tools**.
3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.**
Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics:
- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)

206
windows/client-management/mdm/policy-csp-accountpoliciesaccountlockoutpolicy.md Normal file
View File

@ -0,0 +1,206 @@
---
title: Policy CSP - AccountPoliciesAccountLockoutPolicy
description: Policy CSP - AccountPoliciesAccountLockoutPolicy
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 12/29/2017
---
# Policy CSP - AccountPoliciesAccountLockoutPolicy
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
<!--StartPolicies-->
## AccountPoliciesAccountLockoutPolicy policies
<dl>
<dd>
<a href="#accountpoliciesaccountlockoutpolicy-accountlockoutduration">AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</a>
</dd>
<dd>
<a href="#accountpoliciesaccountlockoutpolicy-accountlockoutthreshold">AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</a>
</dd>
<dd>
<a href="#accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter">AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter</a>
</dd>
</dl>
<hr/>
<!--StartPolicy-->
<a href="" id="accountpoliciesaccountlockoutpolicy-accountlockoutduration"></a>**AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major release. This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator explicitly unlocks it.
If an account lockout threshold is defined, the account lockout duration must be greater than or equal to the reset time.
Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="accountpoliciesaccountlockoutpolicy-accountlockoutthreshold"></a>**AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major release. This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon attempts. If you set the value to 0, the account will never be locked out.
Failed password attempts against workstations or member servers that have been locked using either CTRL+ALT+DELETE or password-protected screen savers count as failed logon attempts.
Default: 0.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="accountpoliciesaccountlockoutpolicy-resetaccountlockoutcounterafter"></a>**AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major release. This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes.
If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration.
Default: None, because this policy setting only has meaning when an Account lockout threshold is specified.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
Footnote:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
<!--EndPolicies-->

2026
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
View File

File diff suppressed because it is too large Load Diff

24
windows/client-management/mdm/policy-csp-update.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 12/14/2017
ms.date: 12/19/2017
---
# Policy CSP - Update
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -112,6 +114,9 @@ ms.date: 12/14/2017
<dd>
<a href="#update-pausequalityupdatesstarttime">Update/PauseQualityUpdatesStartTime</a>
</dd>
<dd>
<a href="#update-phoneupdaterestrictions">Update/PhoneUpdateRestrictions</a>
</dd>
<dd>
<a href="#update-requiredeferupgrade">Update/RequireDeferUpgrade</a>
</dd>
@ -1756,6 +1761,23 @@ The following list shows the supported values:
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="update-phoneupdaterestrictions"></a>**Update/PhoneUpdateRestrictions**
<!--StartDescription-->
<p style="margin-left: 20px">This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupdateapproval) instead.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="update-requiredeferupgrade"></a>**Update/RequireDeferUpgrade**
<!--StartSKU-->

290
windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
View File

@ -6,11 +6,13 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/01/2017
ms.date: 12/29/2017
---
# Policy CSP - WindowsDefenderSecurityCenter
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
<hr/>
@ -22,9 +24,15 @@ ms.date: 11/01/2017
<dd>
<a href="#windowsdefendersecuritycenter-companyname">WindowsDefenderSecurityCenter/CompanyName</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disableaccountprotectionui">WindowsDefenderSecurityCenter/DisableAccountProtectionUI</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disabledevicesecurityui">WindowsDefenderSecurityCenter/DisableDeviceSecurityUI</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-disableenhancednotifications">WindowsDefenderSecurityCenter/DisableEnhancedNotifications</a>
</dd>
@ -55,6 +63,15 @@ ms.date: 11/01/2017
<dd>
<a href="#windowsdefendersecuritycenter-enableinappcustomization">WindowsDefenderSecurityCenter/EnableInAppCustomization</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-hideransomwaredatarecovery">WindowsDefenderSecurityCenter/HideRansomwareDataRecovery</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-hidesecureboot">WindowsDefenderSecurityCenter/HideSecureBoot</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-hidetpmtroubleshooting">WindowsDefenderSecurityCenter/HideTPMTroubleshooting</a>
</dd>
<dd>
<a href="#windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
</dd>
@ -108,6 +125,61 @@ ms.date: 11/01/2017
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-disableaccountprotectionui"></a>**WindowsDefenderSecurityCenter/DisableAccountProtectionUI**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major release. Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Valid values:
- 0 - (Disable) The users can see the display of the Account protection area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-disableappbrowserui"></a>**WindowsDefenderSecurityCenter/DisableAppBrowserUI**
<!--StartSKU-->
@ -154,6 +226,61 @@ ms.date: 11/01/2017
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-disabledevicesecurityui"></a>**WindowsDefenderSecurityCenter/DisableDeviceSecurityUI**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major release. Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
Valid values:
- 0 - (Disable) The users can see the display of the Device security area in Windows Defender Security Center.
- 1 - (Enable) The users cannot see the display of the Device secuirty area in Windows Defender Security Center.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-disableenhancednotifications"></a>**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**
<!--StartSKU-->
@ -603,7 +730,7 @@ ms.date: 11/01/2017
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709.Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
<p style="margin-left: 20px">Added in Windows 10, version 1709. Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
<p style="margin-left: 20px">Value type is integer. Supported operations are Add, Get, Replace, and Delete. Valid values:
@ -614,6 +741,165 @@ ms.date: 11/01/2017
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-hideransomwaredatarecovery"></a>**WindowsDefenderSecurityCenter/HideRansomwareDataRecovery**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. If you enable or do not configure this setting, the Ransomware data recovery area will be visible and actionable for users.
If you disable (same as not configured) this setting, the Ransomware data protection area will not be visible and any related toast notifications will not be active on the device.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-hidesecureboot"></a>**WindowsDefenderSecurityCenter/HideSecureBoot**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. Use this policy to hide the Secure boot area in the Windows Defender Security Center.
Valid values:
- 0 - (Disable or not configured) The Secure boot area is displayed.
- 1 - (Enable) The Secure boot area is hidden.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-hidetpmtroubleshooting"></a>**WindowsDefenderSecurityCenter/HideTPMTroubleshooting**
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, next major update. Use this policy to hide the Security processor (TPM) troubleshooting area in the Windows Defender Security Center.
Valid values:
- 0 - (Disable or not configured) The Security processor (TPM) troubleshooting area is displayed.
- 1 - (Enable) The Security processor (TPM) troubleshooting area is hidden.
<!--EndDescription-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--EndPolicy-->
<hr/>
<!--StartPolicy-->
<a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**
<!--StartSKU-->

5
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -359,9 +359,12 @@ If you're running Windows 10, version 1507 or Windows 10, version 1511, create a
### <a href="" id="bkmk-previewbuilds"></a>7. Insider Preview builds
The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10.
This setting stops communication with the Windows Insider Preview service that checks for new builds.
Windows Insider Preview builds only apply to Windows 10 and are not available for Windows Server 2016.
> [!NOTE]
> This setting stops communication with the Windows Insider Preview service that checks for new builds. Windows Insider Preview builds only apply to Windows 10 and are not available for Windows Server 2016.
> If you upgrade a device that is configured to minimize connections from Windows to Microsoft services (that is, a device configured for zero exhaust) to a Windows Insider Preview build, the Feedback & Diagnostic setting will automatically be set to **Full**. Although the telemetry level may initially appear as **Basic**, a few hours after the UI is refreshed or the machine is rebooted, the setting will become **Full**.
To turn off Insider Preview builds for a released version of Windows 10:

6
windows/device-security/device-guard/deploy-code-integrity-policies-policy-rules-and-file-rules.md
View File

@ -76,6 +76,12 @@ RuleOption -Help** in a Windows PowerShell session. Table 2 describes each rule
| **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. |
| **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. |
| **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
| **11 Disabled:Script Enforcement** | WDAC policies also restrict scripts and MSIs, and PowerShell runs in constrained language mode. Enabling this rule option will allow unsigned scripts to run and will leave PowerShell in full language mode. |
| **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. |
| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. |
| **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsofts Intelligent Security Graph (ISG). |
| **15 Enabled:Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically re-validate the reputation for files that were authorized by the ISG.|
| **16 Enabled:Update Policy No Reboot** | Use this option to allow future WDAC policy updates to apply without requiring a system reboot. |
## Windows Defender Application Control file rule levels

4
windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
View File

@ -9,8 +9,8 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
author: v-anbic
ms.author: v-anbic
ms.date: 09/12/2017
---