deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into atp-server-onboarding

Browse Source
This commit is contained in:
Joey Caparas 2017-06-29 13:14:46 -07:00
commit 912e1d1eba
45 changed files with 119 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
devices/surface/microsoft-surface-data-eraser.md
View File

@ -9,6 +9,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: miladCA
ms.date: 06/29/2017
---
# Microsoft Surface Data Eraser

1
devices/surface/microsoft-surface-deployment-accelerator.md
View File

@ -2,6 +2,7 @@
title: Microsoft Surface Deployment Accelerator (Surface)
description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
ms.date: 06/29/2017
localizationpriority: high
keywords: deploy, install, tool
ms.prod: w10

1
devices/surface/surface-dock-updater.md
View File

@ -9,6 +9,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
author: jobotto
ms.date: 06/29/2017
---
# Microsoft Surface Dock Updater

1
windows/access-protection/hello-for-business/hello-and-password-changes.md
View File

@ -8,6 +8,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Hello and password changes

1
windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Hello biometrics in the enterprise

1
windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Hello errors during PIN creation

1
windows/access-protection/hello-for-business/hello-event-300.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Event ID 300 - Windows Hello successfully created

1
windows/access-protection/hello-for-business/hello-how-it-works.md
View File

@ -7,6 +7,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# How Windows Hello for Business works

1
windows/access-protection/hello-for-business/hello-identity-verification.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security, mobile
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Hello for Business

1
windows/access-protection/hello-for-business/hello-manage-in-organization.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Manage Windows Hello for Business in your organization

1
windows/access-protection/hello-for-business/hello-prepare-people-to-use.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Prepare people to use Windows Hello

1
windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
View File

@ -9,6 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Why a PIN is better than a password

2
windows/deployment/TOC.md
View File

@ -41,6 +41,8 @@
##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
#### [Change history for Plan for Windows 10 deployment](planning/change-history-for-plan-for-windows-10-deployment.md)
### [Overview of Windows AutoPilot](windows-10-auto-pilot.md)
### [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
### [Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md)

6
windows/deployment/change-history-for-deploy-windows-10.md
View File

@ -6,11 +6,17 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.date: 06/28/2017
---
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
## June 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Overview of Windows AutoPilot](windows-10-auto-pilot.md) | New |
## April 2017
| New or changed topic | Description |
|----------------------|-------------|

8
windows/deployment/update/change-history-for-update-windows-10.md
View File

@ -5,6 +5,8 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
ms.author: daniha
ms.date: 05/16/2017
---
# Change history for Update Windows 10
@ -13,6 +15,12 @@ This topic lists new and updated topics in the [Update Windows 10](index.md) doc
>If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
## May 2017
| New or changed topic | Description |
| --- | --- |
| [Manage additional Windows Update settings](waas-wu-settings.md) | New |
## RELEASE: Windows 10, version 1703
The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added:

1
windows/deployment/update/index.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Update Windows 10 in the enterprise

1
windows/deployment/update/waas-branchcache.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Configure BranchCache for Windows 10 updates

1
windows/deployment/update/waas-configure-wufb.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Configure Windows Update for Business

1
windows/deployment/update/waas-delivery-optimization.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Configure Delivery Optimization for Windows 10 updates

1
windows/deployment/update/waas-deployment-rings-windows-10-updates.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Build deployment rings for Windows 10 updates

1
windows/deployment/update/waas-integrate-wufb.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Integrate Windows Update for Business with management solutions

1
windows/deployment/update/waas-manage-updates-configuration-manager.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Deploy Windows 10 updates using System Center Configuration Manager

1
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Deploy Windows 10 updates using Windows Server Update Services (WSUS)

1
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Deploy updates using Windows Update for Business

1
windows/deployment/update/waas-mobile-updates.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile

1
windows/deployment/update/waas-optimize-windows-10-updates.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Optimize Windows 10 update delivery

1
windows/deployment/update/waas-overview.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Overview of Windows as a service

1
windows/deployment/update/waas-quick-start.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Quick guide to Windows as a service

1
windows/deployment/update/waas-restart.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Manage device restarts after updates

1
windows/deployment/update/waas-servicing-branches-windows-10-updates.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Assign devices to servicing branches for Windows 10 updates

1
windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Prepare servicing strategy for Windows 10 updates

1
windows/deployment/update/waas-windows-insider-for-business-aad.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Insider Program for Business using Azure Active Directory

1
windows/deployment/update/waas-windows-insider-for-business-faq.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Insider Program for Business Frequently Asked Questions

1
windows/deployment/update/waas-windows-insider-for-business.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Windows Insider Program for Business

2
windows/deployment/update/waas-wu-settings.md
View File

@ -6,6 +6,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
ms.date: 05/16/2017
---
# Manage additional Windows Update settings

1
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Walkthrough: use Group Policy to configure Windows Update for Business

1
windows/deployment/update/waas-wufb-intune.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
ms.author: daniha
---
# Walkthrough: use Microsoft Intune to configure Windows Update for Business

6
windows/deployment/windows-10-auto-pilot.md
View File

@ -8,6 +8,8 @@ localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 06/28/2017
---
# Overview of Windows AutoPilot
@ -73,7 +75,7 @@ $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01
$wmi.DeviceHardwareData | Out-File "$($env:COMPUTERNAME).txt"
```
>[!NOTE]
>This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the [Microsoft Store for Business](/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance.
>This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance.
By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
Additional options and customization is available through these portals to pre-configure the devices.
@ -89,7 +91,7 @@ Additional options we are working on for the next Windows 10 release:
* Personalizing the setup experience
* MDM Support
To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
### IT-Driven

1
windows/threat-protection/TOC.md
View File

@ -153,6 +153,7 @@
#### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md)
## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
## [Secure the windows 10 boot process](secure-the-windows-10-boot-process.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)

3
windows/threat-protection/change-history-for-threat-protection.md
View File

@ -14,7 +14,8 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
## June 2017
|New or changed topic |Description |
|---------------------|------------|
[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
| [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New |
|[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
[Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
[Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
|[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)|Updated to include newly enlightened and supported apps.|

60
windows/threat-protection/how-hardware-based-containers-help-protect-windows.md Normal file
View File

@ -0,0 +1,60 @@
---
title: How hardware-based containers help protect Windows 10 (Windows 10)
description: Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: justinha
ms.date: 06/29/2017
---
# How hardware-based containers help protect Windows 10
Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
Windows 10 protects critical resources, such as the Windows authentication stack, single sign-on tokens, Windows Hello biometric stack, and Virtual Trusted Platform Module, by using a container type called Windows Defender System Guard.
Protecting system services and data with Windows Defender System Guard is an important first step, but is just the beginning of what we need to do as it doesnt protect the rest of the operating system, information on the device, other apps, or the network.
Since systems are generally compromised through the application layer, and often though browsers, Windows 10 includes Windows Defender Application Guard to isolate Microsoft Edge from the operating system, information on the device, and the network.
With this, Windows can start to protect the broader range of resources.
The following diagram shows Windows Defender System Guard and Windows Defender Application Guard in relation to the Windows 10 operating system.
![Application Guard and System Guard](images/application-guard-and-system-guard.png)
## What security threats do containers protect against
Exploiting zero days and vulnerabilities are an increasing threat that attackers are attempting to take advantage of.
The following diagram shows the traditional Windows software stack: a kernel with an app platform, and an app running on top of it.
Lets look at how an attacker might elevate privileges and move down the stack.
![Traditional Windows software stack](images/traditional-windows-software-stack.png)
In desktop operating systems, those apps typically run under the context of the users privileges.
If the app was malicious, it would have access to all the files in the file system, all the settings that you as a user Standard user have access to, and so on.
A different type of app may run under the context of an Administrator.
If attackers exploit a vulnerability in that app, they could gain Administrator privileges.
Then they can start turning off defenses.
They can poke down a little bit lower in the stack and maybe elevate to System, which is greater than Administrator.
Or if they can exploit the kernel mode, they can turn on and turn off all defenses, while at the same time making the computer look healthy.
SecOps tools could report the computer as healthy when in fact its completely under the control of someone else.
One way to address this threat is to use a sandbox, as smartphones do.
That puts a layer between the app layer and the Windows platform services.
Universal Windows Platform (UWP) applications work this way.
But what if a vulnerability in the sandbox exists?
The attacker can escape and take control of the system.
## How containers help protect Windows 10
Windows 10 addresses this by using virtualization based security to isolate more and more components out of Windows (left side) over time and moving those components into a separate, isolated hardware container.
The container helps prevent zero days and vulnerabilities from allowing an attacker to take control of a device.
Anything that's running in that container on the right side will be safe, even from Windows, even if the kernel's compromised.
Anything that's running in that container will also be secure against a compromised app.
Initially, Windows Defender System Guard will protect things like authentication and other system services and data that needs to resist malware, and more things will be protected over time.
![Windows Defender System Guard](images/windows-defender-system-guard.png)

BIN
windows/threat-protection/images/application-guard-and-system-guard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
windows/threat-protection/images/traditional-windows-software-stack.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
windows/threat-protection/images/windows-defender-system-guard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 69 KiB

1
windows/threat-protection/secure-the-windows-10-boot-process.md
View File

@ -8,6 +8,7 @@ ms.pagetype: security
ms.sitesec: library
localizationpriority: medium
author: brianlic-msft
ms.date: 06/23/2017
---
# Secure the Windows 10 boot process