DocuTune: Dry run for security rebranding

2025-06-21 21:33:38 +00:00 · 2021-10-29 13:44:20 -04:00
parent 8018f5f624
commit 8e9a0f145b
14 changed files with 44 additions and 53 deletions
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@ -116,8 +116,8 @@ This node will trigger attestation flow by launching an attestation process. If
                </Target>
                <Data>
                    {
-                    rpID : "rpID", serviceEndpoint : “MAA endpoint”,
-                    nonce : “nonce”, aadToken : “aadToken”, "cv" : "CorrelationVector"
+                    rpID : "rpID", serviceEndpoint : "MAA endpoint",
+                    nonce : "nonce", aadToken : "aadToken", "cv" : "CorrelationVector"
                    }                    
                </Data>
            </Item>
@ -219,7 +219,7 @@ OR Sync ML 404 error if not cached report available.

 <a href="" id="getServiceCorrelationIDs"></a>**GetServiceCorrelationIDs**
 <p>Node type: GET
-This node will retrieve the service-generated correlation IDs for the given MDM provider. If there are more than one correlation IDs, they are separated by “;” in the string.
+This node will retrieve the service-generated correlation IDs for the given MDM provider. If there are more than one correlation IDs, they are separated by ";" in the string.
 </p>
 <p>Templated SyncML Call:</p>

@ -506,7 +506,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
 <ul>
 <li>DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot, and TPM counters) that are required for validating device boot health.</li>
 <li>DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.</li>
-<li>DHA-SignedBlob: it is a signed snapshot of the current state of a device’s runtime that is captured by DHA-CSP at device health attestation time.</li>
+<li>DHA-SignedBlob: it is a signed snapshot of the current state of a device's runtime that is captured by DHA-CSP at device health attestation time.</li>
 <li>DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has two parts:
 <ul> 
 <li>DHA-EncBlob: the encrypted data blob that the device receives from DHA-Service</li>
@ -529,7 +529,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
 </ul>

 <strong>DHA-CSP (Device HealthAttestation Configuration Service Provider)</strong>
-<p>The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device’s TPM and firmware to measure critical security properties of the device’s BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.</p>
+<p>The Device HealthAttestation Configuration Service Provider (DHA-CSP) uses a device's TPM and firmware to measure critical security properties of the device's BIOS and Windows boot, such that even on a system infected with kernel level malware or a rootkit, these properties cannot be spoofed.</p>
 <p>The following list of operations is performed by DHA-CSP:</p>
 <ul>
 <li>Collects device boot data (DHA-BootData) from a managed device</li>
@ -541,7 +541,7 @@ More information about TPM attestation can be found here: [Microsoft Azure Attes
 <strong>DHA-Service (Device HealthAttestation Service)</strong>
 <p>Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.</p>

-<p>DHA-Service is available in two flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
+<p>DHA-Service is available in two flavors: "DHA-Cloud" and "DHA-Server2016". DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.</p>
 <p>The following list of operations is performed by DHA-Service:</p>

 - Receives device boot data (DHA-BootData) from a DHA-Enabled device</li>
@ -890,8 +890,8 @@ When the MDM-Server receives the above data, it must:
 <?xml version='1.0' encoding='utf-8' ?>
 <HealthCertificateValidationRequest ProtocolVersion='1' xmlns='http://schemas.microsoft.com/windows/security/healthcertificate/validation/request/v1'>
    <Nonce>[INT]</Nonce>
-    <Claims> [base64 blob, eg ‘ABc123+/…==’] </Claims>
-    <HealthCertificateBlob> [base64 blob, eg ‘ABc123+/...==’]
+    <Claims> [base64 blob, eg 'ABc123+/…=='] </Claims>
+    <HealthCertificateBlob> [base64 blob, eg 'ABc123+/...==']
    </HealthCertificateBlob>
 </HealthCertificateValidationRequest>
 ```
@ -948,7 +948,7 @@ The following list of data points is verified by the DHA-Service in DHA-Report v

 \*  TPM 2.0 only   
 \*\*  Reports if BitLocker was enabled during initial boot.    
-\*\*\* The “Hybrid Resume” must be disabled on the device. Reports first-party ELAM “Defender” was loaded during boot.  
+\*\*\* The "Hybrid Resume" must be disabled on the device. Reports first-party ELAM "Defender" was loaded during boot.

 Each of these are described in further detail in the following sections, along with the recommended actions to take.

@ -956,7 +956,7 @@ Each of these are described in further detail in the following sections, along w
 <p>The date and time DHA-report was evaluated or issued to MDM.</p>

 <a href="" id="aikpresent"></a>**AIKPresent**  
-<p>When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn’t have an EK certificate.</p>
+<p>When an Attestation Identity Key (AIK) is present on a device, it indicates that the device has an endorsement key (EK) certificate. It can be trusted more than a device that doesn't have an EK certificate.</p>

 <p>If AIKPresent = True (1), then allow access.</p>

@ -1277,7 +1277,7 @@ Each of these are described in further detail in the following sections, along w
    <tr>
        <td>1</td>
        <td>HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED</td>
-        <td>This state signifies that MDM client’s Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.</td>
+        <td>This state signifies that MDM client's Exec call on the node VerifyHealth has been triggered and now the OS is trying to retrieve DHA-EncBlob from DHA-Server.</td>
    </tr>
    <tr>
        <td>2</td>
@ -1620,4 +1620,3 @@ xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validatio


 [Configuration service provider reference](configuration-service-provider-reference.md)
-
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@ -14,8 +14,7 @@ author: dansimp

 # Mobile device management

-
-Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server.
+Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.

 There are two parts to the Windows management component:

@ -26,19 +25,18 @@ Third-party MDM servers can manage Windows 10 by using the MDM protocol. The bu

 ## MDM security baseline

-With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros’ operational needs, addressing security concerns for modern cloud-managed devices.
-
+With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support IT pros' operational needs, addressing security concerns for modern cloud-managed devices.

 The MDM security baseline includes policies that cover the following areas:

- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall
+- Microsoft inbox security technology (not deprecated) such as BitLocker, Windows Defender SmartScreen, and Device Guard (virtual-based security), Exploit Guard, Defender, and Firewall
 - Restricting remote access to devices
 - Setting credential requirements for passwords and PINs
 - Restricting use of legacy technology
 - Legacy technology policies that offer alternative solutions with modern technology
 - And much more

-For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see:
+For more details about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:

 - [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
@ -82,6 +80,3 @@ When an organization wants to move to MDM to manage devices, they should prepare
 -   [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
 -   [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
 -   [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
-
- 
-
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -3564,7 +3564,7 @@ The options are:
 - 0 - Disabled: Admin Approval Mode and all related UAC policy settings are disabled.

  > [!NOTE]
-  > If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.
+  > If this policy setting is disabled, the Windows Security Center notifies you that the overall security of the operating system has been reduced.

 - 1 - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. 

--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@ -210,7 +210,7 @@ ADMX Info:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 <!--/Description-->
 <!--ADMXMapped-->
@ -282,7 +282,7 @@ Valid values:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 Value type is integer. Supported operations are Add, Get, Replace and Delete.

@ -444,7 +444,7 @@ ADMX Info:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 <!--/Description-->
 <!--ADMXMapped-->
@ -593,7 +593,7 @@ The following list shows the supported values:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 Value type is integer. Supported operations are Add, Get, Replace and Delete.

@ -667,7 +667,7 @@ The following list shows the supported values:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 Value type is integer. Supported operations are Add, Get, Replace and Delete.

@ -741,7 +741,7 @@ The following list shows the supported values:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 Value type is integer. Supported operations are Add, Get, Replace and Delete.

@ -977,7 +977,7 @@ ADMX Info:

 <!--/Scope-->
 <!--Description-->
-Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows Defender Security Center will display this area.

 Value type is integer. Supported operations are Add, Get, Replace and Delete.

@ -1733,4 +1733,3 @@ ADMX Info:
 <hr/>

 <!--/Policies-->
-