diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index c744876e01..ef8103d135 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -9,6 +9,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: miladCA +ms.date: 06/29/2017 --- # Microsoft Surface Data Eraser diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index f64cc3d1cd..207c434259 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -2,6 +2,7 @@ title: Microsoft Surface Deployment Accelerator (Surface) description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4 +ms.date: 06/29/2017 localizationpriority: high keywords: deploy, install, tool ms.prod: w10 diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md index f41c92b26b..e555b82072 100644 --- a/devices/surface/surface-dock-updater.md +++ b/devices/surface/surface-dock-updater.md @@ -9,6 +9,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: jobotto +ms.date: 06/29/2017 --- # Microsoft Surface Dock Updater diff --git a/windows/access-protection/hello-for-business/hello-and-password-changes.md b/windows/access-protection/hello-for-business/hello-and-password-changes.md index 33bc609550..0a5b5a6d31 100644 --- a/windows/access-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/access-protection/hello-for-business/hello-and-password-changes.md @@ -8,6 +8,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Hello and password changes diff --git a/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md index cb9bfb63dd..c458afafc8 100644 --- a/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Hello biometrics in the enterprise diff --git a/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md index b9f0619b20..ee01d1173d 100644 --- a/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Hello errors during PIN creation diff --git a/windows/access-protection/hello-for-business/hello-event-300.md b/windows/access-protection/hello-for-business/hello-event-300.md index 1eecd8dd53..3d94345736 100644 --- a/windows/access-protection/hello-for-business/hello-event-300.md +++ b/windows/access-protection/hello-for-business/hello-event-300.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Event ID 300 - Windows Hello successfully created diff --git a/windows/access-protection/hello-for-business/hello-how-it-works.md b/windows/access-protection/hello-for-business/hello-how-it-works.md index 379783c65a..1e42ccaded 100644 --- a/windows/access-protection/hello-for-business/hello-how-it-works.md +++ b/windows/access-protection/hello-for-business/hello-how-it-works.md @@ -7,6 +7,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # How Windows Hello for Business works diff --git a/windows/access-protection/hello-for-business/hello-identity-verification.md b/windows/access-protection/hello-for-business/hello-identity-verification.md index 063ed2cfe2..eaac2063b5 100644 --- a/windows/access-protection/hello-for-business/hello-identity-verification.md +++ b/windows/access-protection/hello-for-business/hello-identity-verification.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security, mobile author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Hello for Business diff --git a/windows/access-protection/hello-for-business/hello-manage-in-organization.md b/windows/access-protection/hello-for-business/hello-manage-in-organization.md index 165f6259f6..8ef71c6d85 100644 --- a/windows/access-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/access-protection/hello-for-business/hello-manage-in-organization.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Manage Windows Hello for Business in your organization diff --git a/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md index 8426ced11d..eaa96377ed 100644 --- a/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/access-protection/hello-for-business/hello-prepare-people-to-use.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Prepare people to use Windows Hello diff --git a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 208b3e6a3c..a224eeab82 100644 --- a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -9,6 +9,7 @@ ms.sitesec: library ms.pagetype: security author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Why a PIN is better than a password diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index babe4c7aa6..7dc9c4e629 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -41,6 +41,8 @@ ##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) #### [Change history for Plan for Windows 10 deployment](planning/change-history-for-plan-for-windows-10-deployment.md) +### [Overview of Windows AutoPilot](windows-10-auto-pilot.md) + ### [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) ### [Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md) diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md index 56563526b0..7353568c47 100644 --- a/windows/deployment/change-history-for-deploy-windows-10.md +++ b/windows/deployment/change-history-for-deploy-windows-10.md @@ -6,11 +6,17 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay +ms.date: 06/28/2017 --- # Change history for Deploy Windows 10 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10). +## June 2017 +| New or changed topic | Description | +|----------------------|-------------| +| [Overview of Windows AutoPilot](windows-10-auto-pilot.md) | New | + ## April 2017 | New or changed topic | Description | |----------------------|-------------| diff --git a/windows/deployment/update/change-history-for-update-windows-10.md b/windows/deployment/update/change-history-for-update-windows-10.md index 97ece9af22..3af0220b18 100644 --- a/windows/deployment/update/change-history-for-update-windows-10.md +++ b/windows/deployment/update/change-history-for-update-windows-10.md @@ -5,6 +5,8 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin +ms.author: daniha +ms.date: 05/16/2017 --- # Change history for Update Windows 10 @@ -13,6 +15,12 @@ This topic lists new and updated topics in the [Update Windows 10](index.md) doc >If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history). +## May 2017 + +| New or changed topic | Description | +| --- | --- | +| [Manage additional Windows Update settings](waas-wu-settings.md) | New | + ## RELEASE: Windows 10, version 1703 The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added: diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md index bc18ab0d95..4d6601fda8 100644 --- a/windows/deployment/update/index.md +++ b/windows/deployment/update/index.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Update Windows 10 in the enterprise diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index 4c15562191..e284dc274b 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Configure BranchCache for Windows 10 updates diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 18983b1998..b41a060c96 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -6,6 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Configure Windows Update for Business diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 919c9ff1d3..e15cd39494 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -6,6 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Configure Delivery Optimization for Windows 10 updates diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index bec102fa51..f8a51fb650 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Build deployment rings for Windows 10 updates diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 36bba4f716..294a8ed333 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Integrate Windows Update for Business with management solutions diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index 6d68004a30..13e614dbf4 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Deploy Windows 10 updates using System Center Configuration Manager diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 2c9f7a83e5..f9cc0b2feb 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Deploy Windows 10 updates using Windows Server Update Services (WSUS) diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index d7207457f6..2c33b3ad01 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Deploy updates using Windows Update for Business diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md index 570725361b..35ed31ba72 100644 --- a/windows/deployment/update/waas-mobile-updates.md +++ b/windows/deployment/update/waas-mobile-updates.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index 0d6fac4aab..f6ff84324d 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Optimize Windows 10 update delivery diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index c8811f1289..b1034016b5 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Overview of Windows as a service diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index ae3f319cef..3a5f929896 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Quick guide to Windows as a service diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 4d57b5a82a..1c88ea8fb5 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -6,6 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Manage device restarts after updates diff --git a/windows/deployment/update/waas-servicing-branches-windows-10-updates.md b/windows/deployment/update/waas-servicing-branches-windows-10-updates.md index 964db9c8fc..43aade46a5 100644 --- a/windows/deployment/update/waas-servicing-branches-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-branches-windows-10-updates.md @@ -6,6 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Assign devices to servicing branches for Windows 10 updates diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 99c0566d7f..a53ddfc63c 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Prepare servicing strategy for Windows 10 updates diff --git a/windows/deployment/update/waas-windows-insider-for-business-aad.md b/windows/deployment/update/waas-windows-insider-for-business-aad.md index 5467e01600..9b9ebc28ce 100644 --- a/windows/deployment/update/waas-windows-insider-for-business-aad.md +++ b/windows/deployment/update/waas-windows-insider-for-business-aad.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Insider Program for Business using Azure Active Directory diff --git a/windows/deployment/update/waas-windows-insider-for-business-faq.md b/windows/deployment/update/waas-windows-insider-for-business-faq.md index aa84530023..4ad1cd7e3f 100644 --- a/windows/deployment/update/waas-windows-insider-for-business-faq.md +++ b/windows/deployment/update/waas-windows-insider-for-business-faq.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Insider Program for Business Frequently Asked Questions diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md index 5308d3e795..4a57a47307 100644 --- a/windows/deployment/update/waas-windows-insider-for-business.md +++ b/windows/deployment/update/waas-windows-insider-for-business.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Windows Insider Program for Business diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index b2d249199f..006e2e91e3 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -6,6 +6,8 @@ ms.mktglfcycl: deploy ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha +ms.date: 05/16/2017 --- # Manage additional Windows Update settings diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 4b8c9d6362..5833d568ae 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Walkthrough: use Group Policy to configure Windows Update for Business diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md index fd8cb722f8..8375a45ceb 100644 --- a/windows/deployment/update/waas-wufb-intune.md +++ b/windows/deployment/update/waas-wufb-intune.md @@ -6,6 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: DaniHalfin localizationpriority: high +ms.author: daniha --- # Walkthrough: use Microsoft Intune to configure Windows Update for Business diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md index da64ff50b4..9d8881dce7 100644 --- a/windows/deployment/windows-10-auto-pilot.md +++ b/windows/deployment/windows-10-auto-pilot.md @@ -8,6 +8,8 @@ localizationpriority: high ms.sitesec: library ms.pagetype: deploy author: DaniHalfin +ms.author: daniha +ms.date: 06/28/2017 --- # Overview of Windows AutoPilot @@ -73,7 +75,7 @@ $wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 $wmi.DeviceHardwareData | Out-File "$($env:COMPUTERNAME).txt" ``` >[!NOTE] ->This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the [Microsoft Store for Business](/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance. +>This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance. By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization. Additional options and customization is available through these portals to pre-configure the devices. @@ -89,7 +91,7 @@ Additional options we are working on for the next Windows 10 release: * Personalizing the setup experience * MDM Support -To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot). +To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot). ### IT-Driven diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md index ac3bd4f087..51e6aa452f 100644 --- a/windows/threat-protection/TOC.md +++ b/windows/threat-protection/TOC.md @@ -153,6 +153,7 @@ #### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md) ## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) ## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) +## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) ## [Secure the windows 10 boot process](secure-the-windows-10-boot-process.md) ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) diff --git a/windows/threat-protection/change-history-for-threat-protection.md b/windows/threat-protection/change-history-for-threat-protection.md index c664fa8066..ee84b688ce 100644 --- a/windows/threat-protection/change-history-for-threat-protection.md +++ b/windows/threat-protection/change-history-for-threat-protection.md @@ -14,7 +14,8 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc ## June 2017 |New or changed topic |Description | |---------------------|------------| -[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.| +| [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New | +|[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.| [Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.| [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.| |[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)|Updated to include newly enlightened and supported apps.| diff --git a/windows/threat-protection/how-hardware-based-containers-help-protect-windows.md b/windows/threat-protection/how-hardware-based-containers-help-protect-windows.md new file mode 100644 index 0000000000..8b6124f000 --- /dev/null +++ b/windows/threat-protection/how-hardware-based-containers-help-protect-windows.md @@ -0,0 +1,60 @@ +--- +title: How hardware-based containers help protect Windows 10 (Windows 10) +description: Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised. +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: justinha +ms.date: 06/29/2017 +--- + +# How hardware-based containers help protect Windows 10 + +Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised. +Windows 10 protects critical resources, such as the Windows authentication stack, single sign-on tokens, Windows Hello biometric stack, and Virtual Trusted Platform Module, by using a container type called Windows Defender System Guard. + +Protecting system services and data with Windows Defender System Guard is an important first step, but is just the beginning of what we need to do as it doesn’t protect the rest of the operating system, information on the device, other apps, or the network. +Since systems are generally compromised through the application layer, and often though browsers, Windows 10 includes Windows Defender Application Guard to isolate Microsoft Edge from the operating system, information on the device, and the network. +With this, Windows can start to protect the broader range of resources. + +The following diagram shows Windows Defender System Guard and Windows Defender Application Guard in relation to the Windows 10 operating system. + +![Application Guard and System Guard](images/application-guard-and-system-guard.png) + +## What security threats do containers protect against + +Exploiting zero days and vulnerabilities are an increasing threat that attackers are attempting to take advantage of. +The following diagram shows the traditional Windows software stack: a kernel with an app platform, and an app running on top of it. +Let’s look at how an attacker might elevate privileges and move down the stack. + +![Traditional Windows software stack](images/traditional-windows-software-stack.png) + +In desktop operating systems, those apps typically run under the context of the user’s privileges. +If the app was malicious, it would have access to all the files in the file system, all the settings that you as a user Standard user have access to, and so on. + +A different type of app may run under the context of an Administrator. +If attackers exploit a vulnerability in that app, they could gain Administrator privileges. +Then they can start turning off defenses. + +They can poke down a little bit lower in the stack and maybe elevate to System, which is greater than Administrator. +Or if they can exploit the kernel mode, they can turn on and turn off all defenses, while at the same time making the computer look healthy. +SecOps tools could report the computer as healthy when in fact it’s completely under the control of someone else. + +One way to address this threat is to use a sandbox, as smartphones do. +That puts a layer between the app layer and the Windows platform services. +Universal Windows Platform (UWP) applications work this way. +But what if a vulnerability in the sandbox exists? +The attacker can escape and take control of the system. + +## How containers help protect Windows 10 + +Windows 10 addresses this by using virtualization based security to isolate more and more components out of Windows (left side) over time and moving those components into a separate, isolated hardware container. +The container helps prevent zero days and vulnerabilities from allowing an attacker to take control of a device. + +Anything that's running in that container on the right side will be safe, even from Windows, even if the kernel's compromised. +Anything that's running in that container will also be secure against a compromised app. +Initially, Windows Defender System Guard will protect things like authentication and other system services and data that needs to resist malware, and more things will be protected over time. + +![Windows Defender System Guard](images/windows-defender-system-guard.png) diff --git a/windows/threat-protection/images/application-guard-and-system-guard.png b/windows/threat-protection/images/application-guard-and-system-guard.png new file mode 100644 index 0000000000..b4b883db90 Binary files /dev/null and b/windows/threat-protection/images/application-guard-and-system-guard.png differ diff --git a/windows/threat-protection/images/traditional-windows-software-stack.png b/windows/threat-protection/images/traditional-windows-software-stack.png new file mode 100644 index 0000000000..0da610c368 Binary files /dev/null and b/windows/threat-protection/images/traditional-windows-software-stack.png differ diff --git a/windows/threat-protection/images/windows-defender-system-guard.png b/windows/threat-protection/images/windows-defender-system-guard.png new file mode 100644 index 0000000000..865af86b19 Binary files /dev/null and b/windows/threat-protection/images/windows-defender-system-guard.png differ diff --git a/windows/threat-protection/secure-the-windows-10-boot-process.md b/windows/threat-protection/secure-the-windows-10-boot-process.md index 069d8b1578..2f0931b1dc 100644 --- a/windows/threat-protection/secure-the-windows-10-boot-process.md +++ b/windows/threat-protection/secure-the-windows-10-boot-process.md @@ -8,6 +8,7 @@ ms.pagetype: security ms.sitesec: library localizationpriority: medium author: brianlic-msft +ms.date: 06/23/2017 --- # Secure the Windows 10 boot process