diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md index 3ee9e20feb..731ea42546 100644 --- a/windows/application-management/app-v/appv-evaluating-appv.md +++ b/windows/application-management/app-v/appv-evaluating-appv.md @@ -18,6 +18,9 @@ ms.author: greglin **Applies to** - Windows 10, version 1607 +> [!NOTE] +> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)] + Before you deploy App-V into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V in a lab environment for evaluation purposes only. ## Configure lab computers for App-V Evaluation diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md index bcea5b5e47..51b2a21a10 100644 --- a/windows/application-management/app-v/appv-for-windows.md +++ b/windows/application-management/app-v/appv-for-windows.md @@ -16,6 +16,9 @@ ms.topic: article >Applies to: Windows 10, version 1607 +> [!NOTE] +> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)] + The topics in this section provide information and instructions to help you administer App-V and its components. This information is for system administrators who manage large installations with many servers and clients, and for support personnel who interact directly with the computers or users. [Getting started with App-V](appv-getting-started.md) diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md index 56cf023ddc..fd20851076 100644 --- a/windows/application-management/app-v/appv-getting-started.md +++ b/windows/application-management/app-v/appv-getting-started.md @@ -16,6 +16,9 @@ ms.topic: article >Applies to: Windows 10, version 1607 +> [!NOTE] +> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)] + Microsoft Application Virtualization (App-V) for Windows 10 delivers Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on an as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally. With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise). If you're new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. To learn what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md). diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md index 94081c7ff8..9f7685040d 100644 --- a/windows/application-management/app-v/appv-planning-for-appv.md +++ b/windows/application-management/app-v/appv-planning-for-appv.md @@ -16,6 +16,9 @@ ms.topic: article >Applies to: Windows 10, version 1607 +> [!NOTE] +> [!INCLUDE [Application Virtualization will be end of life in April 2026](../includes/app-v-end-life-statement.md)] + Use the following information to plan to deploy App-V without disrupting your existing network or user experience. ## Planning information diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 4fc3710369..f30e8fa94f 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -134,7 +134,7 @@ When your apps are ready, you can add or deploy these apps to your Windows devic - **Application Virtualization (App-V)**: App-V allows Win32 apps to be used as virtual apps. > [!NOTE] - > Application Virtualization will be [end of life in April 2026](/lifecycle/announcements/mdop-extended). We recommend looking at **Azure Virtual desktop with MSIX app attach**. For more information, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview) and [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal). + > [!INCLUDE [Application Virtualization will be end of life in April 2026](./includes/app-v-end-life-statement.md)] On an on-premises server, you install and configure the App-V server components, and then install your Win32 apps. On Windows Enterprise client devices, you use the App-V client components to run the virtualized apps. They allow users to open the virtual apps using the icons and file names they're familiar with. Users use the apps as if they're installed locally. diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md new file mode 100644 index 0000000000..f016963135 --- /dev/null +++ b/windows/application-management/includes/app-v-end-life-statement.md @@ -0,0 +1,12 @@ +--- +author: MandiOhlinger +ms.author: mandia +ms.date: 09/20/2021 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: w10 +ms.topic: include +--- + +Application Virtualization will be [end of life in April 2026](/lifecycle/announcements/mdop-extended). We recommend looking at Azure Virtual Desktop with MSIX app attach. For more information, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview) and [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal). diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 2fc8c02088..ee2647b40c 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -284,7 +284,7 @@ ms.date: 10/08/2020 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression) - [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification) -- ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption) +- [ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption) - [ADMX_FileSys/EnablePagefileEncryption](./policy-csp-admx-filesys.md#admx-filesys-enablepagefileencryption) - [ADMX_FileSys/LongPathsEnabled](./policy-csp-admx-filesys.md#admx-filesys-longpathsenabled) - [ADMX_FileSys/ShortNameCreationSettings](./policy-csp-admx-filesys.md#admx-filesys-shortnamecreationsettings) @@ -299,6 +299,9 @@ ms.date: 10/08/2020 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2) - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1) - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) +- [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane) +- [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane) +- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc.md#admx-fthsvc-wdiscenarioexecutionpolicy) - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin) - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1) - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2) @@ -400,6 +403,7 @@ ms.date: 10/08/2020 - [ADMX_ICM/ShellRemovePublishToWeb_2](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2) - [ADMX_ICM/WinMSG_NoInstrumentation_1](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1) - [ADMX_ICM/WinMSG_NoInstrumentation_2](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2) +- [ADMX_IIS/PreventIISInstall](./policy-csp-admx-iis.md#admx-iis-preventiisinstall) - [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor) - [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch) - [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness) @@ -421,8 +425,10 @@ ms.date: 10/08/2020 - [ADMX_LanmanWorkstation/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder) - [ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles) - [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares) +- [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy) - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio) - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr) +- [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1) - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin) - [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon) - [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1) @@ -1769,4 +1775,4 @@ ms.date: 10/08/2020 ## Related topics -[Policy CSP](policy-configuration-service-provider.md) \ No newline at end of file +[Policy CSP](policy-configuration-service-provider.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index ed2019d348..57e8014985 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1218,6 +1218,23 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC +### ADMX_FramePanes policies +
+
+ ADMX_FramePanes/NoReadingPane +
+
+ ADMX_FramePanes/NoPreviewPane +
+
+ +### ADMX_FTHSVC policies +
+
+ ADMX_FTHSVC/WdiScenarioExecutionPolicy +
+
+ ### ADMX_Help policies
@@ -1234,6 +1251,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_HotSpotAuth policies +
+
+ ADMX_HotSpotAuth/HotspotAuth_Enable +
+
+ ### ADMX_Globalization policies
@@ -1545,6 +1569,15 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_IIS policies +
+
+ ADMX_IIS/PreventIISInstall +
+
+ ### ADMX_kdc policies
@@ -1626,6 +1659,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_LeakDiagnostic policies +
+
+ ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy +
+
+ ### ADMX_LinkLayerTopologyDiscovery policies
@@ -1636,6 +1676,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_LocationProviderAdm policies + +
+
+ ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin +
+
+ ### ADMX_Logon policies
@@ -6079,6 +6127,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### Feeds policies +
+
+ Feeds/FeedsEnabled +
+
+ ### FileExplorer policies
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md new file mode 100644 index 0000000000..b6c506ddd9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -0,0 +1,193 @@ +--- +title: Policy CSP - ADMX_FramePanes +description: Policy CSP - ADMX_FramePanes +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/14/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FramePanes +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FramePanes policies + +
+
+ ADMX_FramePanes/NoReadingPane +
+
+ ADMX_FramePanes/NoPreviewPane +
+
+ + +
+ + +**ADMX_FramePanes/NoReadingPane** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting shows or hides the Details Pane in File Explorer. + +- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user. + +- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. + +> [!NOTE] +> This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time. + +- If you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. + +This is the default policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn on or off details pane* +- GP name: *NoReadingPane* +- GP path: *Windows Components\File Explorer\Explorer Frame Pane* +- GP ADMX file name: *FramePanes.admx* + + + +
+ + +**ADMX_FramePanes/NoPreviewPane** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Hides the Preview Pane in File Explorer. + +- If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user. + +- If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Preview Pane* +- GP name: *NoPreviewPane* +- GP path: *Windows Components\File Explorer\Explorer Frame Pane* +- GP ADMX file name: *FramePanes.admx* + + + + +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md new file mode 100644 index 0000000000..8790ac9ad7 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -0,0 +1,116 @@ +--- +title: Policy CSP - ADMX_FTHSVC +description: Policy CSP - ADMX_FTHSVC +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/15/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FTHSVC +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FTHSVC policies + +
+
+ ADMX_FTHSVC/WdiScenarioExecutionPolicy +
+
+ +
+ + +**ADMX_FTHSVC/WdiScenarioExecutionPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems. + +- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. + +- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. +If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. +This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. +The DPS can be configured with the Services snap-in to the Microsoft Management Console. +No system restart or service restart is required for this policy setting to take effect: changes take effect immediately. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Configure Scenario Execution Level* +- GP name: *WdiScenarioExecutionPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap* +- GP ADMX file name: *FTHSVC.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md new file mode 100644 index 0000000000..17e85306fc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -0,0 +1,115 @@ +--- +title: Policy CSP - ADMX_HotSpotAuth +description: Policy CSP - ADMX_HotSpotAuth +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/15/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_HotSpotAuth +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_HotSpotAuth policies + +
+
+ ADMX_HotSpotAuth/HotspotAuth_Enable +
+
+ +
+ + +**ADMX_HotSpotAuth/HotspotAuth_Enable** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support. + +- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. + +- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators. + +- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. + +- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Enable Hotspot Authentication* +- GP name: *HotspotAuth_Enable* +- GP path: *Network\Hotspot Authentication* +- GP ADMX file name: *HotSpotAuth.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md new file mode 100644 index 0000000000..7516b56b97 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -0,0 +1,113 @@ +--- +title: Policy CSP - ADMX_IIS +description: Policy CSP - ADMX_IIS +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/17/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_IIS +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_IIS policies + +
+
+ ADMX_IIS/PreventIISInstall +
+
+ +
+ + +**ADMX_IIS/PreventIISInstall** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting prevents installation of Internet Information Services (IIS) on this computer. + +- If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. + +Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. + +- If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run." + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Prevent IIS installation* +- GP name: *PreventIISInstall* +- GP path: *Windows Components\Internet Information Services* +- GP ADMX file name: *IIS.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md new file mode 100644 index 0000000000..23ab94d3d1 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -0,0 +1,123 @@ +--- +title: Policy CSP - ADMX_LeakDiagnostic +description: Policy CSP - ADMX_LeakDiagnostic +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/17/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LeakDiagnostic +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LeakDiagnostic policies + +
+
+ ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy +
+
+ + +
+ + +**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. + +- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. + +- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. + +No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. + +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. + +The DPS can be configured with the Services snap-in to the Microsoft Management Console. + +> [!NOTE] +> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure custom alert text* +- GP name: *WdiScenarioExecutionPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic* +- GP ADMX file name: *LeakDiagnostic.admx* + + + +
+ + + +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md new file mode 100644 index 0000000000..c1280d5f04 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md @@ -0,0 +1,112 @@ +--- +title: Policy CSP - ADMX_LocationProviderAdm +description: Policy CSP - ADMX_LocationProviderAdm +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/20/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LocationProviderAdm +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LocationProviderAdm policies + +
+
+ ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1 +
+
+ + +
+ + +**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting turns off the Windows Location Provider feature for this computer. + +- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. + +- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Windows Location Provider* +- GP name: *DisableWindowsLocationProvider_1* +- GP path: *Windows Components\Location and Sensors\Windows Location Provider* +- GP ADMX file name: *LocationProviderAdm.admx* + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index ff50ae9cb0..61abaceb22 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -37,9 +37,6 @@ manager: dansimp
Experience/AllowManualMDMUnenrollment
-
- Experience/AllowNewsAndInterestsOnTheTaskbar -
Experience/AllowSaveAsOfOfficeFiles
@@ -105,28 +102,34 @@ manager: dansimp - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark5YesYes
Businesscheck mark5YesYes
Enterprisecheck mark5YesYes
Educationcheck mark5YesYes
@@ -184,28 +187,34 @@ ADMX Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck markYesYes
Businesscheck markYesYes
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -252,28 +261,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck markYesYes
Businesscheck markYesYes
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -314,28 +329,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark2YesYes
Businesscross markNoNo
Enterprisecheck mark2YesYes
Educationcheck mark2YesYes
@@ -384,28 +405,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck markYesYes
Businesscheck markYesYes
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -442,65 +469,6 @@ The following list shows the supported values:
- - -**Experience/AllowNewsAndInterestsOnTheTaskbar** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procheck mark
Businesscheck mark
Enterprisecheck mark
Educationcheck mark
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Machine - -
- - - -Specifies whether to allow "News and interests" on the Taskbar. - - - -The values for this policy are 1 and 0. This policy defaults to 1. - -- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode. - -- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed. - - - - -
Experience/AllowSaveAsOfOfficeFiles @@ -531,28 +499,34 @@ This policy is deprecated. - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck markYesYes
Businesscheck markYesYes
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -589,28 +563,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark2YesYes
Businesscross markNoNo
Enterprisecheck mark2YesYes
Educationcheck mark2YesYes
@@ -665,28 +645,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark1YesYes
Businesscheck mark1YesYes
Enterprisecheck mark1YesYes
Educationcheck mark1YesYes
@@ -735,28 +721,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -808,28 +800,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark1YesYes
Educationcheck mark1YesYes
@@ -880,28 +878,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark2YesYes
Educationcheck mark2YesYes
@@ -951,28 +955,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1021,28 +1031,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark2YesYes
Educationcheck mark2YesYes
@@ -1093,28 +1109,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -1159,28 +1181,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck markNoNo
Businesscheck markNoNo
Enterprisecheck markNoYes
Educationcheck markNoYes
@@ -1217,28 +1245,34 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark1YesYes
Educationcheck mark1YesYes
@@ -1286,28 +1320,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecheck mark9YesYes
Procheck mark9YesYes
Businesscheck mark9YesYes
Enterprisecheck mark9YesYes
Educationcheck mark9YesYes
@@ -1356,28 +1396,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark1YesYes
Businesscheck mark1YesYes
Enterprisecheck mark1YesYes
Educationcheck mark1YesYes
@@ -1426,28 +1472,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark5YesYes
Educationcheck mark5YesYes
@@ -1512,36 +1564,40 @@ _**Turn syncing off by default but don’t disable**_ -
- **Experience/PreventUsersFromTurningOnBrowserSyncing** - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscross markNoNo
Enterprisecheck mark5YesYes
Educationcheck mark5YesYes
@@ -1615,28 +1671,34 @@ Validation procedure: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procross markNoNo
Businesscheck mark6YesYes
Enterprisecheck mark6YesYes
Educationcheck mark6YesYes
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md new file mode 100644 index 0000000000..0f683d9be9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-feeds.md @@ -0,0 +1,103 @@ +--- +title: Policy CSP - Feeds +description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device. +ms.author: v-nsatapathy +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.localizationpriority: medium +ms.date: 09/17/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - Feeds + + +
+ + +## Feeds policies + +
+
+ Feeds/FeedsEnabled +
+
+ + +
+ + +**Feeds/FeedsEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesNo
BusinessYesNo
EnterpriseYesNo
EducationYesNo
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting specifies whether news and interests is allowed on the device. + +The values for this policy are 1 and 0. This policy defaults to 1. + +- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode. + +- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed. + + + + +ADMX Info: +- GP Friendly name: *Enable news and interests on the taskbar* +- GP name: *FeedsEnabled* +- GP path: *Windows Components\News and interests* +- GP ADMX file name: *Feeds.admx* + + + + + + diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index c004295d70..1c0cdcacb8 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -1,6 +1,6 @@ --- title: Policy CSP - LocalPoliciesSecurityOptions -description: These settings prevents users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions. +description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -69,6 +69,9 @@ manager: dansimp
LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
+
+ LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways +
LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
@@ -173,28 +176,34 @@ manager: dansimp - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -245,28 +254,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -322,28 +337,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -385,28 +406,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -448,28 +475,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -512,28 +545,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -576,28 +615,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -621,9 +666,8 @@ For a computer to print to a shared printer, the driver for that shared printer Default on servers: Enabled. Default on workstations: Disabled -Note - -This setting does not affect the ability to add a local printer. This setting does not affect Administrators. +>[!Note] +>This setting does not affect the ability to add a local printer. This setting does not affect Administrators. @@ -642,28 +686,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -705,28 +755,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -772,28 +828,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -843,29 +905,34 @@ Valid values: - - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -917,28 +984,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -991,28 +1064,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -1058,28 +1137,34 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -1123,28 +1208,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -1186,28 +1277,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1254,6 +1351,83 @@ GP Info: - GP Friendly name: *Interactive logon: Smart card removal behavior* - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + +
+ + +**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Microsoft network client: Digitally sign communications (always) + +This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. + +If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. + +Default: Disabled. + +>[!Note] +>All Windows operating systems support both a client-side SMB component and a server-side SMB component.Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: +>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. +>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. +>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. +>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. +> +>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing). + + + +GP Info: +- GP Friendly name: *Microsoft network client: Digitally sign communications (always)* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + @@ -1265,28 +1439,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1313,16 +1493,16 @@ If this setting is enabled, the Microsoft network client will ask the server to Default: Enabled. -Notes - -All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: -Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. -Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. -Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. -Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. -If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. -SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. -For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. +>[!Note] +>All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: +>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. +>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. +>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. +>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. +>If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. +> +>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. +For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing). @@ -1341,28 +1521,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1404,28 +1590,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck markYesYes
Businesscheck markYesYes
Enterprisecheck markYesYes
Educationcheck markYesYes
@@ -1482,28 +1674,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1528,30 +1726,18 @@ The server message block (SMB) protocol provides the basis for Microsoft file an If this setting is enabled, the Microsoft network server will not communicate with a Microsoft network client unless that client agrees to perform SMB packet signing. If this setting is disabled, SMB packet signing is negotiated between the client and server. -Default: +Default: Disabled for member servers. Enabled for domain controllers. -Disabled for member servers. -Enabled for domain controllers. - -Notes - -All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: -Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. -Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. -Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. -Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. -Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. -If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled. -SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. - -Important - -For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. To enable server-side SMB packet signing, set the following policy: -Microsoft network server: Digitally sign communications (if server agrees) - -For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the Windows 2000 server: -HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature -For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. +>[!Note] +>All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: +>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. +>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. +>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. +>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. +> +>Similarly, if client-side SMB signing is required, that client will not be able to establish a session with servers that do not have packet signing enabled. By default, server-side SMB signing is enabled only on domain controllers. +>If server-side SMB signing is enabled, SMB packet signing will be negotiated with clients that have client-side SMB signing enabled. +>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing). @@ -1570,28 +1756,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1618,20 +1810,16 @@ If this setting is enabled, the Microsoft network server will negotiate SMB pack Default: Enabled on domain controllers only. -Important - -For Windows 2000 servers to negotiate signing with Windows NT 4.0 clients, the following registry value must be set to 1 on the server running Windows 2000: HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature - -Notes - -All Windows operating systems support both a client-side SMB component and a server-side SMB component. For Windows 2000 and above, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: -Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. -Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. -Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. -Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. -If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. -SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. -For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. +>[!Note] +> All Windows operating systems support both a client-side SMB component and a server-side SMB component. Enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: +>- Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. +>- Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. +>- Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. +>- Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. +>If both client-side and server-side SMB signing is enabled and the client establishes an SMB 1.0 connection to the server, SMB signing will be attempted. +> +>SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. This setting only applies to SMB 1.0 connections. +For more information, reference: [Reduced performance after SMB Encryption or SMB Signing is enabled - Windows Server | Microsoft Docs](/troubleshoot/windows-server/networking/reduced-performance-after-smb-encryption-signing). @@ -1650,28 +1838,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1702,9 +1896,8 @@ Disabled: No additional restrictions. Rely on default permissions. Default on workstations: Enabled. Default on server:Enabled. -Important - -This policy has no impact on domain controllers. +>[!Important] +>This policy has no impact on domain controllers. @@ -1723,28 +1916,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1786,28 +1985,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1849,28 +2054,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -1912,28 +2123,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -1979,28 +2196,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -2047,28 +2270,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2093,11 +2322,6 @@ This security setting determines if, at the next password change, the LAN Manage Default on Windows Vista and above: Enabled Default on Windows XP: Disabled. -Important - -Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Microsoft Windows NT 4.0. -This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP, and the Windows Server 2003 family to communicate with computers running Windows 95 and Windows 98. - GP Info: @@ -2115,28 +2339,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2169,13 +2399,9 @@ Send NTLMv2 response only\refuse LM: Clients use NTLMv2 authentication only and Send NTLMv2 response only\refuse LM and NTLM: Clients use NTLMv2 authentication only and use NTLMv2 session security if the server supports it; domain controllers refuse LM and NTLM (accept only NTLMv2 authentication). -Important - -This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the network. For example, at the time of this writing, computers running Windows NT 4.0 SP4 and earlier did not support NTLMv2. Computers running Windows 95 and Windows 98 did not support NTLM. - Default: -Windows 2000 and windows XP: send LM and NTLM responses +windows XP: send LM and NTLM responses Windows Server 2003: Send NTLM response only @@ -2198,28 +2424,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2245,7 +2477,7 @@ This security setting allows a client device to require the negotiation of 128-b Default: -Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. +Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption. @@ -2266,28 +2498,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2313,7 +2551,7 @@ Require 128-bit encryption. The connection will fail if strong encryption (128-b Default: -Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. +Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008: No requirements. Windows 7 and Windows Server 2008 R2: Require 128-bit encryption @@ -2334,28 +2572,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2408,28 +2652,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2487,28 +2737,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2566,28 +2822,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2645,28 +2907,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -2719,28 +2987,34 @@ Valid values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -2784,28 +3058,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -2858,27 +3138,34 @@ Valid values: - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -2934,28 +3221,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -3002,28 +3295,34 @@ The following list shows the supported values: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -3067,28 +3366,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -3132,28 +3437,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -3204,28 +3515,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -3272,28 +3589,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
@@ -3337,28 +3660,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark4YesYes
Businesscheck mark4YesYes
Enterprisecheck mark4YesYes
Educationcheck mark4YesYes
@@ -3402,28 +3731,34 @@ GP Info: - - + + + - + + - + + - + + - + + - + +
Windows EditionSupported?EditionWindows 10Windows 11
Homecross markNoNo
Procheck mark3YesYes
Businesscheck mark3YesYes
Enterprisecheck mark3YesYes
Educationcheck mark3YesYes
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index a52a4922f6..c59664b8dd 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -480,7 +480,7 @@ items: - name: ADMX_Explorer href: policy-csp-admx-explorer.md - name: ADMX_ExternalBoot - href: policy-csp-admx-externalboot.md + href: policy-csp-admx-externalboot.md - name: ADMX_FileRecovery href: policy-csp-admx-filerecovery.md - name: ADMX_FileRevocation @@ -491,6 +491,10 @@ items: href: policy-csp-admx-filesys.md - name: ADMX_FolderRedirection href: policy-csp-admx-folderredirection.md + - name: ADMX_FramePanes + href: policy-csp-admx-framepanes.md + - name: ADMX_FTHSVC + href: policy-csp-admx-fthsvc.md - name: ADMX_Globalization href: policy-csp-admx-globalization.md - name: ADMX_GroupPolicy @@ -501,6 +505,8 @@ items: href: policy-csp-admx-helpandsupport.md - name: ADMX_ICM href: policy-csp-admx-icm.md + - name: ADMX_IIS + href: policy-csp-admx-iis.md - name: ADMX_kdc href: policy-csp-admx-kdc.md - name: ADMX_Kerberos @@ -509,8 +515,12 @@ items: href: policy-csp-admx-lanmanserver.md - name: ADMX_LanmanWorkstation href: policy-csp-admx-lanmanworkstation.md + - name: ADMX_LeakDiagnostic + href: policy-csp-admx-leakdiagnostic.md - name: ADMX_LinkLayerTopologyDiscovery href: policy-csp-admx-linklayertopologydiscovery.md + - name: ADMX_LocationProviderAdm + href: policy-csp-admx-locationprovideradm.md - name: ADMX_Logon href: policy-csp-admx-logon.md - name: ADMX_MicrosoftDefenderAntivirus @@ -709,6 +719,8 @@ items: href: policy-csp-experience.md - name: ExploitGuard href: policy-csp-exploitguard.md + - name: Feeds + href: policy-csp-feeds.md - name: FileExplorer href: policy-csp-fileexplorer.md - name: Games diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 1fed240483..87588a2a0e 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -9,7 +9,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 10/30/2020 +ms.date: 09/21/2021 --- # VPNv2 CSP @@ -591,7 +591,7 @@ Valid values: - True = Register the connection's addresses in DNS. **VPNv2/**ProfileName**/DnsSuffix** -Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. +Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance. Value type is chr. Supported operations include Get, Add, Replace, and Delete. diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md index 90070e8930..f10b516b5c 100644 --- a/windows/configuration/customize-start-menu-layout-windows-11.md +++ b/windows/configuration/customize-start-menu-layout-windows-11.md @@ -1,6 +1,6 @@ --- title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs -description: Export Start layout to LayoutModification.json with pinned apps, add or remove pinned apps, and use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices. +description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices. ms.assetid: manager: dougeby ms.author: mandia @@ -10,7 +10,6 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile author: MandiOhlinger -ms.date: 09/14/2021 ms.localizationpriority: medium --- @@ -28,7 +27,7 @@ For example, you can override the default set of apps with your own a set of pin To add apps you want pinned to the Start menu, you use a JSON file. In previous Windows versions, IT administrators used an XML file to customize the Start menu. The XML file isn't available on Windows 11 and later ***unless*** [you're an OEM](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu). -This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Intune MDM policy. +This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Endpoint Manager policy. ## Before you begin @@ -52,12 +51,29 @@ Start has the following areas: - **Pinned**: Shows pinned apps, or a subset of all of the apps installed on the device. You can create a list of pinned apps you want on the devices using the **ConfigureStartPins** policy. **ConfigureStartPins** overrides the entire layout, which also removes apps that are pinned by default. - This article shows you how to use the **ConfigureStartPins** policy. + This article shows you [how to use the **ConfigureStartPins** policy](#get-the-pinnedlist-json). -- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. You can use the `Start/ShowOrHideMostUsedApps` CSP, which is a policy to configure the "Most used" section at the top of the all apps list. -- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. To prevent files from showing in this section, you can use the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists). This CSP also hides recent files that show from the taskbar. +- **All apps**: Users select this option to see an alphabetical list of all the apps on the device. This section can't be customized using the JSON file. - You can use an MDM provider, like Microsoft Intune, to manage the [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) on your devices. For more information on the Start menu settings you can configure in a Microsoft Intune policy, see [Windows 10 (and later) device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#start). + The [Start/HideFrequentlyUsedApps CSP](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) exposes settings that configure the "Most used" section, which is at the top of the all apps list. + + In **Endpoint Manager**, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start). + + In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices: + + - `Computer Configuration\Administrative Templates\Start Menu and Taskbar` + - `User Configuration\Administrative Templates\Start Menu and Taskbar` + +- **Recommended**: Shows recently opened files and recently installed apps. This section can't be customized using the JSON file. + + The [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) exposes settings that prevent files from showing in this section. This CSP also hides recent files that show from the taskbar. + + In **Endpoint Manager**, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start). + + In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices: + + - `Computer Configuration\Administrative Templates\Start Menu and Taskbar` + - `User Configuration\Administrative Templates\Start Menu and Taskbar` ## Create the JSON file @@ -111,13 +127,13 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization. -MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list. +MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list. -This section shows you how to create a pinned list policy in Microsoft Intune. There isn't a Group Policy to create a pinned list. +This section shows you how to create a pinned list policy in Endpoint Manager. There isn't a Group Policy to create a pinned list. -### Create a pinned list using a Microsoft Intune policy +### Create a pinned list using an Endpoint Manager policy -To deploy this policy in Microsoft Intune, the devices must be enrolled in Microsoft Intune, and managed by your organization. For more information, see [What is device enrollment in Intune?](/mem/intune/enrollment/device-enrollment). +To deploy this policy, the devices must be enrolled, and managed by your organization. For more information, see [What is device enrollment?](/mem/intune/enrollment/device-enrollment). 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Select **Devices** > **Configuration profiles** > **Create profile**. @@ -157,13 +173,12 @@ To deploy this policy in Microsoft Intune, the devices must be enrolled in Micro :::image type="content" source="./images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList"::: 8. Select **Save** > **Next** to save your changes. -9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings in Intune](/mem/intune/configuration/custom-settings-configure). +9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings](/mem/intune/configuration/custom-settings-configure). -The Windows OS has many CSPs that apply to the Start menu. Using an MDM provider, like Intune, you can use these CSPs to customize Start even more. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md). +The Windows OS exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md). -### Deploy the policy using Microsoft Intune +### Deploy the policy using Endpoint Manager -When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed before users sign in the first time. - -For more information on assigning policies using Microsoft Intune, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign). +When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed anytime, including before users sign in the first time. +For more information and guidance on assigning policies to devices in your organization, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign). diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 4eca196e15..63c9c6aa24 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -16,7 +16,10 @@ ms.topic: article # Windows Update for Business deployment service -> Applies to: Windows 10 +**Applies to** + +- Windows 10 +- Windows 11 The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies. @@ -56,18 +59,18 @@ The deployment service exposes these capabilities through Microsoft [Graph REST To work with the deployment service, devices must meet all these requirements: -- Be running Windows 10, version 1709 or later +- Be running Windows 10, version 1709 or later (or Windows 11) - Be joined to Azure Active Directory (AD) or Hybrid AD -- Have one of the following Windows 10 editions installed: - - Windows 10 Pro - - Windows 10 Enterprise - - Windows 10 Education - - Windows 10 Pro Education - - Windows 10 Pro for Workstations +- Have one of the following Windows 10 or Windows 11 editions installed: + - Pro + - Enterprise + - Education + - Pro Education + - Pro for Workstations Additionally, your organization must have one of the following subscriptions: -- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) -- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5) +- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) +- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) - Windows Virtual Desktop Access E3 or E5 - Microsoft 365 Business Premium @@ -78,7 +81,7 @@ To use the deployment service, you use a management tool built on the platform, ### Using Microsoft Endpoint Manager -Microsoft Endpoint Manager integrates with the deployment service to provide Windows 10 update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates). +Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates). ### Scripting common actions using PowerShell @@ -141,18 +144,27 @@ To enroll devices in Windows Update for Business cloud processing, set the **All Following is an example of setting the policy using Microsoft Endpoint Manager: 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). + 2. Select **Devices** > **Configuration profiles** > **Create profile**. + 3. Select **Windows 10 and later** in **Platform**, select **Templates** in **Profile type**, select **Custom** in **Template name**, and then select **Create**. + 4. In **Basics**, enter a meaningful name and a description for the policy, and then select **Next**. + 5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**. - Name: **AllowWUfBCloudProcessing** - Description: Enter a description. - OMA-URI: `./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing` - Data type: **Integer** - Value: **8** + 6. In **Assignments**, select the groups that will receive the profile, and then select **Next**. + 7. In **Review + create**, review your settings, and then select **Create**. -8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**. + +8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: + + **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing** ## Best practices Follow these suggestions for the best results with the service. @@ -160,6 +172,7 @@ Follow these suggestions for the best results with the service. ### Device onboarding - Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day). + - Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors. ### General diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md index 735acd6e97..eb28dce097 100644 --- a/windows/deployment/update/safeguard-holds.md +++ b/windows/deployment/update/safeguard-holds.md @@ -12,9 +12,14 @@ ms.topic: article # Safeguard holds -Microsoft uses quality and compatibility data to identify issues that might cause a Windows 10 feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available. +**Applies to** -Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows 10. +- Windows 10 +- Windows 11 + +Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available. + +Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client. The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices. diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index eb178f7528..ac67414ec6 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -7,9 +7,9 @@ audience: itpro itproauthor: jaimeo ms.audience: itpro author: jaimeo -ms.reviewer: +ms.reviewer: kaushika manager: laurawi -ms.topic: article +ms.topic: troubleshooting ms.custom: seo-marvel-apr2020 --- @@ -22,22 +22,198 @@ ms.custom: seo-marvel-apr2020 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them. +## 0x8024402F -| Error Code | Message | Description | Mitigation | -|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering.
Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed | -| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again:
Rename the following folders to \*.BAK:
- %systemroot%\system32\catroot2

Type the following commands at a command prompt. Press ENTER after you type each command.
- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak
- Ren %systemroot%\SoftwareDistribution\Download \*.bak
Ren %systemroot%\system32\catroot2 \*.bak | -| 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. | -| 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.

If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). | -| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked:
http://.update.microsoft.com
https://.update.microsoft.com


You can also take a network trace to check what is timing out. \ | -| 0x80072EFD
0x80072EFE 
0x80D02002 | TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs.
Take a network monitor trace to understand better. \ | -| 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. | -| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. | -| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. | -| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update installation. | -| 0x80246017 | WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator). | -| 0x8024000B | WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. | -| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. | -| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.

Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. | -| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update.

Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. | -| 0x80070422 | | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.
| +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software.
Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. | + +## 0x80242006 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again:
Rename the following folders to \*.BAK:
- %systemroot%\system32\catroot2

Type the following commands at a command prompt. Press ENTER after you type each command.
- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak
- Ren %systemroot%\SoftwareDistribution\Download \*.bak
- Ren %systemroot%\system32\catroot2 \*.bak | + +## 0x80070BC9 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. | + +## 0x80200053 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.

If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).| + +## 0x80072EFD or 0x80072EFE or 0x80D02002 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs.
Take a network monitor trace to understand better. \ | + +## 0X8007000D + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_INVALID_DATA | Indicates data that isn't valid was downloaded or corruption occurred.| Attempt to re-download the update and start installation. | + +## 0x8024A10A + +| Message | Description | Mitigation | +|---------|-------------|------------| +| USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity. The system fails to respond, leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the installation. | + +## 0x80240020 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_NO_INTERACTIVE_USER | Operation did not complete because no interactive user is signed in. | Sign in to the device to start the installation and allow the device to restart. | + +## 0x80242014 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows updates require the device to be restarted. Restart the device to complete update installation. | + +## 0x80246017 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).| + +## 0x8024000B + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we're unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. | + +## 0x8024000E + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_XML_INVALID | Windows Update Agent found information in the update's XML data that isn't valid. | Certain drivers contain additional metadata information in Update.xml, which Orchestrator can interpret as data that isn't valid. Ensure that you have the latest Windows Update Agent installed on the device. | + +## 0x8024D009 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.

Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. | + +## 0x80244007 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows can't renew the cookies for Windows Update.

Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. | + +## 0x80070422 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running.
| + +## 0x800f0821 + + +| Message | Description | Mitigation | +|---------|-------------|------------| +| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.| + +## 0x800f0825 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | + +## 0x800F0920 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.| + +## 0x800f081f + +| Message | Description | Mitigation | +|---------|-------------|------------| +| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | + +## 0x800f0831 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component Store. | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | + +## 0x80070005 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.
Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. | + +## 0x80070570 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device.| + + +## 0x80070003 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for “, error” and match with the timestamp. | + + +## 0x80070020 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus.
1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/)
2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon).
3. Run Procmon.exe. It will start data capture automatically.
4. Install the update package again
5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture.
6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file
7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error
8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”).
9. Try to stop it or uninstall the process causing the error. | + +## 0x80073701 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | + +## 0x8007371b + +| Message | Description | Mitigation | +|---------|-------------|------------| +| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | + +## 0x80072EFE + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.
From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE*
Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure you’re using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. | + +## 0x80072F8F + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/help/3140245/). + +## 0x80072EE2 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager.
Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures).
If you’re using the public Microsoft update servers, check that your device can access the following Windows Update endpoints:
`http://windowsupdate.microsoft.com`
https://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
https://*.update.microsoft.com
https://*.update.microsoft.com
https://*.windowsupdate.com
https://download.windowsupdate.com
https://download.microsoft.com
https://*.download.windowsupdate.com
https://wustat.windows.com
https://ntservicepack.microsoft.com | + +## 0x80240022 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. | + +## 0x8024401B + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error.
Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN.
Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. | + + +## 0x80244022 + +| Message | Description | Mitigation | +|---------|-------------|------------| +| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. | diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 9b9c40977d..f191ffdf77 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -1,5 +1,5 @@ --- -title: Active Directory Security Groups (Windows 10) +title: Active Directory Security Groups description: Active Directory Security Groups ms.prod: w10 ms.mktglfcycl: deploy @@ -12,14 +12,15 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 04/19/2017 +ms.date: 09/21/2021 ms.reviewer: --- # Active Directory Security Groups **Applies to** -- Windows Server 2016 +- Windows Server 2016 or later +- Windows 10 or later This reference topic for the IT professional describes the default Active Directory security groups. @@ -1489,7 +1490,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-<domain>-512

+

S-1-5-21-<domain>-512

Type

@@ -1885,7 +1886,7 @@ This security group has not changed since Windows Server 2008.

Well-Known SID/RID

-

S-1-5-21-<domain>-498

+

S-1-5-21-<root domain>-498

Type

diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index 9d0f10190e..46ae044e8f 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -15,31 +15,31 @@ localizationpriority: medium ms.date: 02/15/2019 ms.reviewer: --- -# WebAuthn APIs for password-less authentication on Windows 10 +# WebAuthn APIs for password-less authentication on Windows -### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can leverage password-less authentication. +### Passwords leave your customers vulnerable. With the new WebAuthn APIs, your sites and apps can use password-less authentication. Microsoft has long been a proponent to do away with passwords. While working towards that goal, we'd like to introduce you to the latest Windows 10 (version 1903) W3C/FIDO2 Win32 WebAuthn platform APIs! -These APIs allow Microsoft developer partners and the developer community to leverage Windows Hello and FIDO2 security keys -as a password-less authentication mechanism for their applications on Windows 10 devices. +These APIs allow Microsoft developer partners and the developer community to use Windows Hello and FIDO2 security keys +as a password-less authentication mechanism for their applications on Windows devices. #### What does this mean? -This opens opportunities for developers or relying parties (RPs) to enable password-less authentication. -They can now leverage [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md) +This opens opportunities for developers or relying parties (RPs') to enable password-less authentication. +They can now use [Windows Hello](./index.yml) or [FIDO2 Security Keys](./microsoft-compatible-security-key.md) as a password-less multi-factor credential for authentication.
Users of these sites can use any browser that supports WebAuthn Windows 10 APIs for password-less authentication - and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs site! + and will have a familiar and consistent experience on Windows 10, no matter which browser they use to get to the RPs' site!

The native Windows 10 WebAuthn APIs are currently supported by Microsoft Edge on Windows 10 1809 or later and latest versions of other browsers.

Developers of FIDO2 authentication keys should use the new Windows 10 APIs, to enable these scenarios in a consistent way for users. - Moreover, this enables the use of all the transports available per FIDO2 specifications - USB, NFC and BLE + Moreover, this enables the use of all the transports available per FIDO2 specifications - USB, NFC, and BLE without having to deal with the interaction and management overhead. -This also implies browsers or apps on Windows 10 will no longer have direct access to above transports for FIDO related messaging. +This also implies browsers or apps on Windows 10 will no longer have direct access to above transports for FIDO-related messaging. #### Where can developers learn more? The new Windows 10 APIs are documented on [GitHub](https://github.com/Microsoft/webauthn) \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index f80ffec25c..d1e93b59ef 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -1,6 +1,6 @@ --- title: Multi-factor Unlock -description: Learn how Windows 10 offers multifactor device unlock by extending Windows Hello with trusted signals. +description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, multi, factor, multifactor, multi-factor ms.prod: w10 ms.mktglfcycl: deploy @@ -19,17 +19,19 @@ ms.reviewer: # Multi-factor Unlock **Applies to:** -- Windows 10 + +- Windows 10 +- Windows 11 **Requirements:** * Windows Hello for Business deployment (Hybrid or On-premises) * Azure AD, Hybrid Azure AD, or Domain Joined (Cloud, Hybrid, or On-Premises deployments) -* Windows 10, version 1709 or newer +* Windows 10, version 1709 or newer, or Windows 11 * Bluetooth, Bluetooth capable phone - optional Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system. -Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. +Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure their Windows to request a combination of factors and trusted signals to unlock their devices. Which organizations can take advantage of Multi-factor unlock? Those who: * Have expressed that PINs alone do not meet their security needs. @@ -92,13 +94,13 @@ You represent signal rules in XML. Each signal rule has an starting and ending ``` ### Signal element -Each rule element has a **signal** element. All signal elements have a **type** element and value. Windows 10, version 1709 supports the **ipConfig** and **bluetooth** type values. +Each rule element has a **signal** element. All signal elements have a **type** element and value. Windows 10, version 1709 or later supports the **ipConfig** and **bluetooth** type values. |Attribute|Value| |---------|-----| -| type| "bluetooth" or "ipConfig" (Windows 10, version 1709)| -| type| "wifi" (Windows 10, version 1803) +| type| "bluetooth" or "ipConfig" (Windows 10, version 1709) or later| +| type| "wifi" (Windows 10, version 1803 or later) #### Bluetooth You define the bluetooth signal with additional attributes in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>". @@ -133,7 +135,7 @@ The **classofDevice** attribute defaults to Phone and uses the values from the f |Health|2304| |Uncategorized|7936| -The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range". The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device. The **rssiMaxDelta** has a default value of **-10**, which instruct Windows 10 to lock the device once the signal strength weakens by more than measurement of 10. +The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range". The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device. The **rssiMaxDelta** has a default value of **-10**, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10. RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other. @@ -220,7 +222,7 @@ The fully qualified domain name of your organization's internal DNS suffix where #### Wi-Fi **Applies to:** -- Windows 10, version 1803 +- Windows 10, version 1803 or later You define Wi-Fi signals using one or more wifi elements. Each element has a string value. Wifi elements do not have attributes or nested elements. @@ -322,7 +324,7 @@ This example configures the same as example 2 using compounding And elements. T ``` #### Example 4 -This example configures Wi-Fi as a trusted signal (Windows 10, version 1803) +This example configures Wi-Fi as a trusted signal (Windows 10, version 1803 or later) ```xml @@ -343,11 +345,10 @@ This example configures Wi-Fi as a trusted signal (Windows 10, version 1803) ### How to configure Multifactor Unlock policy settings -You need a Windows 10, version 1709 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1709. +You need at least a Windows 10, version 1709 or later workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1709 or later. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. - ### Create the Multifactor Unlock Group Policy object The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed. diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 850b4b5214..aa4d0faa2f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -1,6 +1,6 @@ --- title: Azure Active Directory join cloud only deployment -description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 device. +description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. keywords: identity, Hello, Active Directory, cloud, ms.prod: w10 ms.mktglfcycl: deploy @@ -20,7 +20,7 @@ ms.reviewer: ## Introduction -When you Azure Active Directory (Azure AD) join a Windows 10 device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud only environment, then there's no additional configuration needed. +When you Azure Active Directory (Azure AD) join a Windows 10 or Windows 11 device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud only environment, then there's no additional configuration needed. You may wish to disable the automatic Windows Hello for Business enrollment prompts if you aren't ready to use it in your environment. Instructions on how to disable Windows Hello for Business enrollment in a cloud only environment are included below. diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index 25d27e28d3..b317356b81 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -20,7 +20,7 @@ ms.reviewer: **Applies to** -- Windows 10, version 1703 or later +- Windows 10, version 1703 or later, or Windows 11 - Windows Server, versions 2016 or later - Hybrid or On-Premises deployment - Key trust @@ -32,7 +32,7 @@ ms.reviewer: How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic. Windows Server 2016 and above includes the KDC AS Requests performance counter. You can use this counter to determine how much of a domain controller's load is due to initial Kerberos authentication. It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication - it remains unchanged. -Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys. This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 or later domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers and above. Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 and above domain controller. +Windows 10 or Windows 11 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys. This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 or later domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers and above. Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 and above domain controller. Determining an adequate number of Windows Server domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding a domain controller that supports public key mapping (in this case Windows Server 2016 or later) to a deployment of existing domain controllers which do not support public key mapping (Windows Server 2008R2, Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on". To illustrate the "piling on" concept, consider the following scenario: diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index 2eb9365b7b..1933fad122 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -1,5 +1,5 @@ --- -title: Windows Hello and password changes (Windows 10) +title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55 ms.reviewer: @@ -19,7 +19,9 @@ ms.date: 07/27/2017 # Windows Hello and password changes **Applies to** -- Windows 10 + +- Windows 10 +- Windows 11 When you set up Windows Hello, the PIN or biometric gesture that you use is specific to that device. You can set up Hello for the same account on multiple devices. If the PIN or biometric is configured as part of Windows Hello for Business, changing the account password will not impact sign-in or unlock with these gestures since it uses a key or certificate. However, if Windows Hello for Business is not deployed and the password for that account changes, you must provide the new password on each device to continue to use Hello. diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index d0857ccd72..7dc20cb316 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -1,5 +1,5 @@ --- -title: Windows Hello biometrics in the enterprise (Windows 10) +title: Windows Hello biometrics in the enterprise (Windows) description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition. ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc ms.reviewer: @@ -21,7 +21,9 @@ ms.date: 01/12/2021 # Windows Hello biometrics in the enterprise **Applies to:** -- Windows 10 + +- Windows 10 +- Windows 11 Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index f354ae19d4..958d349b3e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -1,6 +1,6 @@ --- -title: Prepare & Deploy Windows AD FS certificate trust (Windows Hello for Business) -description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. +title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business) +description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy @@ -16,11 +16,12 @@ localizationpriority: medium ms.date: 01/14/2021 ms.reviewer: --- -# Prepare and Deploy Windows Server 2016 Active Directory Federation Services +# Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Certificate trust @@ -123,7 +124,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. 8. Click **Next** on the **Active Directory Federation Service** page. 9. Click **Install** to start the role installation. -## Review +## Review & validate Before you continue with the deployment, validate your deployment progress by reviewing the following items: @@ -265,7 +266,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. Th 3. In the details pane, click **Configure Device Registration**. 4. In the **Configure Device Registration** dialog, click **OK**. -## Review +## Review to validate Before you continue with the deployment, validate your deployment progress by reviewing the following items: * Confirm you followed the correct procedures based on the domain controllers used in your deployment. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 7f7f59156a..4f529da2a1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -16,15 +16,17 @@ localizationpriority: medium ms.date: 08/20/2018 ms.reviewer: --- -# Configure Windows Hello for Business Policy settings +# Configure Windows Hello for Business Policy settings - Certificate Trust **Applies to** -- Windows 10, version 1703 or later -- On-premises deployment -- Certificate trust -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). -Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. +- Windows 10, version 1703 or later +- Windows 11 +- On-premises deployment +- Certificate trust + +You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). +Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. On-premises certificate-based deployments of Windows Hello for Business needs three Group Policy settings: * Enable Windows Hello for Business @@ -116,9 +118,9 @@ The default Windows Hello for Business enables users to enroll and use biometric ### PIN Complexity -PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. +PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. -Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: +Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: * Require digits * Require lowercase letters * Maximum PIN length diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 57f12a0692..f468cbe23f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -16,13 +16,14 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate Active Directory prerequisites +# Validate Active Directory prerequisites for cert-trust deployment **Applies to** -- Windows 10, version 1703 or later -- On-premises deployment -- Certificate trust +- Windows 10, version 1703 or later +- Windows 11 +- On-premises deployment +- Certificate trust The key registration process for the On-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the **Updating the Schema** and **Create the KeyCredential Admins Security Global Group** steps. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 373a03c97c..6a840d43c6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -16,19 +16,20 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multi-factor Authentication (MFA) +# Validate and Deploy Multifactor Authentication (MFA) **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Certificate trust -Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option. +Windows Hello for Business requires all users perform multifactor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option. For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method) -Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies). +Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multifactor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies). ## Follow the Windows Hello for Business on premises certificate trust deployment guide 1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index e4950a9581..2f2d3bcf5b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -16,12 +16,14 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Configure Public Key Infrastructure +# Validate and Configure Public Key Infrastructure - Certificate Trust Model **Applies to** -- Windows 10, version 1703 or later -- On-premises deployment -- Certificate trust + +- Windows 10, version 1703 or later +- Windows 11 +- On-premises deployment +- Certificate trust Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate. @@ -94,7 +96,7 @@ The certificate template is configured to supersede all the certificate template ### Configure an Internal Web Server Certificate template -Windows 10 clients use the https protocol when communicating with Active Directory Federation Services. To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. +Windows 10 or Windows 11 clients use the https protocol when communicating with Active Directory Federation Services. To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index c8f3f83f76..db310a19e8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 1a07013ef3..80a1ca91b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -21,6 +21,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on an asymmetric key pair. @@ -41,7 +42,7 @@ This guide assumes that baseline infrastructure exists which meets the requireme - Proper name resolution, both internal and external names - Active Directory and an adequate number of domain controllers per site to support authentication - Active Directory Certificate Services 2012 or later -- One or more workstation computers running Windows 10, version 1703 +- One or more workstation computers running Windows 10, version 1703 or later If you are installing a server role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain. This document provides guidance to install and configure the specific roles on that server. diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index a95d9212e0..30dbcc8929 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -27,16 +27,17 @@ Applies to: - Azure AD joined deployments - Windows 10, version 1803 and later +- Windows 11 PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will shows a page with the error message "We can't open that page right now". ### Identifying Azure AD joined PIN Reset Allowed Domains Issue -The user can launch the PIN reset flow from above lock using the "I forgot my PIN" link in the PIN credential provider. Selecting this link will launch a full screen UI for the PIN experience on Azure AD Join devices. Typically, this UI will display an Azure authentication server page where the user will authenticate using Azure AD credentials and complete multi-factor authentication. +The user can launch the PIN reset flow from above lock using the "I forgot my PIN" link in the PIN credential provider. Selecting this link will launch a full screen UI for the PIN experience on Azure AD Join devices. Typically, this UI will display an Azure authentication server page where the user will authenticate using Azure AD credentials and complete multifactor authentication. -In federated environments authentication may be configured to route to AD FS or a third party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it will fail and display the "We can't open that page right now" error if the domain for the server page is not included in an allow list. +In federated environments authentication may be configured to route to AD FS or a third-party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it will fail and display the "We can't open that page right now" error if the domain for the server page is not included in an allow list. -If you are a customer of Azure US Government cloud, PIN reset will also attempt to navigate to a domain that is not included in the default allow list. This results in "We can't open that page right now". +If you are a customer of Azure US Government cloud, PIN reset will also attempt to navigate to a domain that is not included in the default allowlist. This results in "We can't open that page right now". ### Resolving Azure AD joined PIN Reset Allowed Domains Issue diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index e748408fb5..5a5f0334f7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 0bbce98b00..260463cdb8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -22,6 +22,7 @@ ms.reviewer: **Applies To** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 48a0d130df..f6d78686a8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -1,5 +1,5 @@ --- -title: Windows Hello errors during PIN creation (Windows 10) +title: Windows Hello errors during PIN creation (Windows) description: When you set up Windows Hello in Windows 10, you may get an error during the Create a work PIN step. ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502 ms.reviewer: @@ -21,7 +21,9 @@ ms.date: 05/05/2018 # Windows Hello errors during PIN creation **Applies to** -- Windows 10 + +- Windows 10 +- Windows 11 When you set up Windows Hello in Windows 10, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support. diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index fd2d0dbe71..a41f3c8418 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -1,5 +1,5 @@ --- -title: Event ID 300 - Windows Hello successfully created (Windows 10) +title: Event ID 300 - Windows Hello successfully created (Windows) description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04 ms.reviewer: @@ -21,19 +21,21 @@ ms.date: 07/27/2017 # Event ID 300 - Windows Hello successfully created **Applies to** -- Windows 10 + +- Windows 10 +- Windows 11 This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request. ## Event details -| **Product:** | Windows 10 operating system | +| **Product:** | Windows 10 or Windows 11 operating system | |--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Log:** | Event Viewer > Applications and Service Logs\Microsoft\Windows\User Device Registration\Admin | | **ID:** | 300 | | **Source:** | Microsoft Azure Device Registration Service | -| **Version:** | 10 | +| **Version:** | 10 or 11 | | **Message:** | The NGC key was successfully registered. Key ID: {4476694e-8e3b-4ef8-8487-be21f95e6f07}. UPN:test@contoso.com. Attestation: ATT\_SOFT. Client request ID: . Server request ID: db2da6bd-3d70-4b9b-b26b-444f669902da.
Server response: {"kid":"4476694e-8e3b-4ef8-8487-be21f95e6f07","upn":"test@contoso.com"} | ## Resolve diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index f62a626f0a..82cb73cd43 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -23,7 +23,7 @@ ms.reviewer: * Hybrid and On-premises Windows Hello for Business deployments * Enterprise joined or Hybrid Azure joined devices -* Windows 10, version 1709 +* Windows 10, version 1709 or later * Certificate trust > [!NOTE] @@ -34,12 +34,12 @@ ms.reviewer: Dual enrollment enables administrators to perform elevated, administrative functions by enrolling both their non-privileged and privileged credentials on their device. -By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session. Using the computer Group Policy setting, **Allow enumeration of emulated smart card for all users**, you can configure a device to enumerate all enrolled Windows Hello for Business credentials on selected devices. +By design, Windows does not enumerate all Windows Hello for Business users from within a user's session. Using the computer Group Policy setting, **Allow enumeration of emulated smart card for all users**, you can configure a device to enumerate all enrolled Windows Hello for Business credentials on selected devices. -With this setting, administrative users can sign in to Windows 10, version 1709 using their non-privileged Windows Hello for Business credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN. Administrators can also take advantage of this feature with command-line applications by using **runas.exe** combined with the **/smartcard** argument. This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and non-privileged workloads. +With this setting, administrative users can sign in to Windows 10, version 1709 or later using their non-privileged Windows Hello for Business credentials for normal work flow such as email, but can launch Microsoft Management Consoles (MMCs), Remote Desktop Services clients, and other applications by selecting **Run as different user** or **Run as administrator**, selecting the privileged user account, and providing their PIN. Administrators can also take advantage of this feature with command-line applications by using **runas.exe** combined with the **/smartcard** argument. This enables administrators to perform their day-to-day operations without needing to sign in and out, or use fast user switching when alternating between privileged and non-privileged workloads. > [!IMPORTANT] -> You must configure a Windows 10 computer for Windows Hello for Business dual enrollment before either user (privileged or non-privileged) provisions Windows Hello for Business. Dual enrollment is a special setting that is configured on the Windows Hello container during creation. +> You must configure a Windows computer for Windows Hello for Business dual enrollment before either user (privileged or non-privileged) provisions Windows Hello for Business. Dual enrollment is a special setting that is configured on the Windows Hello container during creation. ## Configure Windows Hello for Business Dual Enrollment @@ -69,7 +69,7 @@ where **DC=domain,DC=com** is the LDAP path of your Active Directory domain and ### Configuring Dual Enrollment using Group Policy -You configure Windows 10 to support dual enrollment using the computer configuration portion of a Group Policy object. +You configure Windows 10 or Windows 11 to support dual enrollment using the computer configuration portion of a Group Policy object. 1. Using the Group Policy Management Console (GPMC), create a new domain-based Group Policy object and link it to an organizational Unit that contains Active Directory computer objects used by privileged users. 2. Edit the Group Policy object from step 1. diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 53985965fb..6a880c9a9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -1,6 +1,6 @@ --- title: Dynamic lock -description: Learn how to set Dynamic lock on Windows 10 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. +description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access ms.prod: w10 ms.mktglfcycl: deploy @@ -21,9 +21,9 @@ ms.reviewer: **Requirements:** -* Windows 10, version 1703 +* Windows 10, version 1703 or later -Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. +Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**. @@ -54,7 +54,7 @@ For this policy setting, the **type** and **scenario** attribute values are stat |Health|2304| |Uncategorized|7936| -The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range". The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device. The **rssiMaxDelta** has a default value of **-10**, which instruct Windows 10 to lock the device once the signal strength weakens by more than measurement of 10. +The **rssiMin** attribute value signal indicates the strength needed for the device to be considered "in-range". The default value of **-10** enables a user to move about an average size office or cubicle without triggering Windows to lock the device. The **rssiMaxDelta** has a default value of **-10**, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10. RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other. diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 2fbed0b012..25b4269de7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -22,6 +22,7 @@ ms.reviewer: **Applies to:** - Windows 10, version 1709 or later +- Windows 11 Windows Hello for Business provides the capability for users to reset forgotten PINs using the "I forgot my PIN link" from the Sign-in options page in Settings or from above the lock screen. User's are required to authenticate and complete multifactor authentication to reset their PIN. @@ -81,7 +82,7 @@ Visit the [Windows Hello for Business Videos](./hello-videos.md) page and watch When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication to Azure, and completes multifactor authentication, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory. -Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. +Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. >[!IMPORTANT] > The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and newer. @@ -114,7 +115,7 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se ### Configure Windows devices to use PIN reset using Group Policy -You configure Windows 10 to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object. +You can configure Windows to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object. 1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory. 1. Edit the Group Policy object from Step 1. @@ -188,6 +189,7 @@ The PIN reset configuration for a user can be viewed by running [**dsregcmd /sta **Applies to:** - Windows 10, version 1803 or later +- Windows 11 - Azure AD joined The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset. diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 550cddc3cc..8ed00949b2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -22,6 +22,7 @@ ms.reviewer: **Requirements** - Windows 10 +- Windows 11 - Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices @@ -36,9 +37,9 @@ Microsoft continues to investigate supporting using keys trust for supplied cred - Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices - Biometric enrollments -- Windows 10, version 1809 +- Windows 10, version 1809 or later -Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture. Windows 10, version 1809 introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture. The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809. +Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture. Windows 10, version 1809 or later introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture. The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809. ### How does it work @@ -48,7 +49,7 @@ A certificate on a smart card starts with creating an asymmetric key pair using This same concept applies to Windows Hello for Business. Except, the keys are created using the Microsoft Passport KSP and the user's private key remains protected by the device's security module (TPM) and the user's gesture (PIN/biometric). The certificate APIs hide this complexity. When an application uses a certificate, the certificate APIs locate the keys using the saved key storage provider. The key storage providers directs the certificate APIs on which provider they use to find the private key associated with the certificate. This is how Windows knows you have a smart card certificate without the smart card inserted (and prompts you to insert the smart card). -Windows Hello for Business emulates a smart card for application compatibility. Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN. Windows 10, version 1809 no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows 10 to prompt the user for their biometric gesture or PIN. +Windows Hello for Business emulates a smart card for application compatibility. Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN. Windows 10, version 1809 or later no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows to prompt the user for their biometric gesture or PIN. ### Compatibility diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 1efcc90b24..d6cff27980 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -18,7 +18,9 @@ ms.reviewer: # Windows Hello for Business and Authentication **Applies to:** -- Windows 10 + +- Windows 10 +- Windows 11 Windows Hello for Business authentication is passwordless, two-factor authentication. Authenticating with Windows Hello for Business provides a convenient sign-in experience that authenticates the user to both Azure Active Directory and Active Directory resources.
Azure Active Directory joined devices authenticate to Azure during sign-in and can optional authenticate to Active Directory. Hybrid Azure Active Directory joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background.
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 20008e7565..9e1ddf66b7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -16,9 +16,10 @@ ms.date: 08/19/2018 ms.reviewer: --- # Windows Hello for Business Provisioning - -Applies to: -- Windows 10 + +**Applies to:** +- Windows 10 +- Windows 11 Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication. Provisioning experience vary based on: - How the device is joined to Azure Active Directory @@ -48,7 +49,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Azure AD joined provisioning in a Federated environment -![Azure AD joined provisioning in a Managed environment.](images/howitworks/prov-aadj-federated.png) +![Azure AD joined provisioning in Managed environment.](images/howitworks/prov-aadj-federated.png) | Phase | Description | | :----: | :----------- | diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index af9083a431..cae576ab66 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -19,6 +19,7 @@ ms.reviewer: **Applies to:** - Windows 10 +- Windows 11 - [Attestation Identity Keys](#attestation-identity-keys) - [Azure AD Joined](#azure-ad-joined) @@ -44,15 +45,15 @@ ms.reviewer:
## Attestation Identity Keys -Because the endorsement certificate is unique for each device and does not change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows 10 issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service. +Because the endorsement certificate is unique for each device and does not change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service. > [!NOTE] -> The AIK certificate must be provisioned in conjunction with a third-party service like the Microsoft Cloud CA service. After it is provisioned, the AIK private key can be used to report platform configuration. Windows 10 creates a signature over the platform log state (and a monotonic counter value) at each boot by using the AIK. +> The AIK certificate must be provisioned in conjunction with a third-party service like the Microsoft Cloud CA service. After it is provisioned, the AIK private key can be used to report platform configuration. Windows creates a signature over the platform log state (and a monotonic counter value) at each boot by using the AIK. > The AIK is an asymmetric (public/private) key pair that is used as a substitute for the EK as an identity for the TPM for privacy purposes. The private portion of an AIK is never revealed or used outside the TPM and can only be used inside the TPM for a limited set of operations. Furthermore, it can only be used for signing, and only for limited, TPM-defined operations. -Windows 10 creates AIKs protected by the TPM, if available, that are 2048-bit RSA signing keys. Microsoft hosts a cloud service called Microsoft Cloud CA to establish cryptographically that it is communicating with a real TPM and that the TPM possesses the presented AIK. After the Microsoft Cloud CA service has established these facts, it will issue an AIK certificate to the Windows 10 device. +Windows creates AIKs protected by the TPM, if available, that are 2048-bit RSA signing keys. Microsoft hosts a cloud service called Microsoft Cloud CA to establish cryptographically that it is communicating with a real TPM and that the TPM possesses the presented AIK. After the Microsoft Cloud CA service has established these facts, it will issue an AIK certificate to the Windows device. -Many existing devices that will upgrade to Windows 10 will not have a TPM, or the TPM will not contain an endorsement certificate. **To accommodate those devices, Windows 10 allows the issuance of AIK certificates without the presence of an endorsement certificate.** Such AIK certificates are not issued by Microsoft Cloud CA. Note that this is not as trustworthy as an endorsement certificate that is burned into the device during manufacturing, but it will provide compatibility for advanced scenarios like Windows Hello for Business without TPM. +Many existing devices that will upgrade to Windows 10 will not have a TPM, or the TPM will not contain an endorsement certificate. **To accommodate those devices, Windows 10 or Windows 11 allows the issuance of AIK certificates without the presence of an endorsement certificate.** Such AIK certificates are not issued by Microsoft Cloud CA. Note that this is not as trustworthy as an endorsement certificate that is burned into the device during manufacturing, but it will provide compatibility for advanced scenarios like Windows Hello for Business without TPM. In the issued AIK certificate, a special OID is added to attest that endorsement certificate was used during the attestation process. This information can be leveraged by a relying party to decide whether to reject devices that are attested using AIK certificates without an endorsement certificate or accept them. Another scenario can be to not allow access to high-value assets from devices that are attested by an AIK certificate that is not backed by an endorsement certificate. @@ -102,7 +103,7 @@ The Windows Hello for Business Cloud deployment is exclusively for organizations [Return to Top](hello-how-it-works-technology.md) ## Cloud Experience Host -In Windows 10, Cloud Experience Host is an application used while joining the workplace environment or Azure AD for rendering the experience when collecting your company-provided credentials. Once you enroll your device to your workplace environment or Azure AD, your organization will be able to manage your PC and collect information about you (including your location). It might add or remove apps or content, change settings, disable features, prevent you from removing your company account, or reset your PC. +In Windows 10 and Windows 11, Cloud Experience Host is an application used while joining the workplace environment or Azure AD for rendering the experience when collecting your company-provided credentials. Once you enroll your device to your workplace environment or Azure AD, your organization will be able to manage your PC and collect information about you (including your location). It might add or remove apps or content, change settings, disable features, prevent you from removing your company account, or reset your PC. ### Related topics [Windows Hello for Business](./hello-identity-verification.md), [Managed Windows Hello in Organization](./hello-manage-in-organization.md) @@ -138,7 +139,7 @@ The endorsement key is often accompanied by one or two digital certificates: - One certificate is produced by the TPM manufacturer and is called the **endorsement certificate**. The endorsement certificate is used to prove the authenticity of the TPM (for example, that it's a real TPM manufactured by a specific chip maker) to local processes, applications, or cloud services. The endorsement certificate is created during manufacturing or the first time the TPM is initialized by communicating with an online service. - The other certificate is produced by the platform builder and is called the **platform certificate** to indicate that a specific TPM is integrated with a certain device. -For certain devices that use firmware-based TPM produced by Intel or Qualcomm, the endorsement certificate is created when the TPM is initialized during the OOBE of Windows 10. +For certain devices that use firmware-based TPM produced by Intel or Qualcomm, the endorsement certificate is created when the TPM is initialized during the OOBE of Windows 10 and Windows 11. ### Related topics [Attestation Identity Keys](#attestation-identity-keys), [Storage Root Key](#storage-root-key), [Trusted Platform Module](#trusted-platform-module) @@ -279,15 +280,15 @@ The trust type determines how a user authenticates to the Active Directory to ac A Trusted Platform Module (TPM) is a hardware component that provides unique security features.
-Windows 10 leverages security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation. +Windows leverages security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation. A TPM implements controls that meet the specification described by the Trusted Computing Group (TCG). At the time of this writing, there are two versions of TPM specification produced by TCG that are not compatible with each other: - The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard. - The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015. -Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](../../information-protection/tpm/tpm-recommendations.md). +Windows 10 and Windows 11 use the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows](../../information-protection/tpm/tpm-recommendations.md). -Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. +Windows recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 and Windows 11 support only TPM 2.0. TPM 2.0 provides a major revision to the capabilities over TPM 1.2: diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 609a2a0954..657611e55f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -15,11 +15,12 @@ localizationpriority: medium ms.date: 05/05/2018 ms.reviewer: --- -# How Windows Hello for Business works +# How Windows Hello for Business works in Windows Devices **Applies to** - Windows 10 +- Windows 11 Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices. @@ -34,7 +35,7 @@ Windows Hello for Business is a distributed system that uses several components Registration is a fundamental prerequisite for Windows Hello for Business. Without registration, Windows Hello for Business provisioning cannot start. Registration is where the device **registers** its identity with the identity provider. For cloud and hybrid deployments, the identity provider is Azure Active Directory and the device registers with the Azure Device Registration Service (ADRS). For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the enterprise device registration service hosted on the federation servers (AD FS). -For more information read [how device registration works](/azure/active-directory/devices/device-registration-how-it-works). +For more information, read [how device registration works](/azure/active-directory/devices/device-registration-how-it-works). ### Provisioning @@ -44,11 +45,11 @@ Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business pr > [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s] -For more information read [how provisioning works](hello-how-it-works-provisioning.md). +For more information, read [how provisioning works](hello-how-it-works-provisioning.md). ### Authentication -With the device registered and provisioning complete, users can sign-in to Windows 10 using biometrics or a PIN. PIN is the most common gesture and is available on all computers unless restricted by policy requiring a TPM. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. Neither the PIN nor the private portion of the credential are ever sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential. +With the device registered and provisioning complete, users can sign-in to Windows using biometrics or a PIN. PIN is the most common gesture and is available on all computers unless restricted by policy requiring a TPM. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. Neither the PIN nor the private portion of the credential are ever sent to the identity provider, and the PIN is not stored on the device. It is user provided entropy when performing operations that use the private portion of the credential. Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 13246cec6f..eeb8ee8626 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -21,6 +21,7 @@ ms.reviewer: **Applies to** - Windows 10 +- Windows 11 - Azure Active Directory joined - Hybrid Deployment - Key trust model @@ -50,7 +51,7 @@ You can use the **dsregcmd.exe** command to determine if your device is register ### CRL Distribution Point (CDP) -Certificates issued by a certificate authority can be revoked. When a certificate authority revokes as certificate, it writes information about the certificate into a revocation list. During certificate validation, Windows 10 consults the CRL distribution point within the certificate to get a list of revoked certificates. Validation compares the current certificate with information in the certificate revocation list to determine if the certificate remains valid. +Certificates issued by a certificate authority can be revoked. When a certificate authority revokes as certificate, it writes information about the certificate into a revocation list. During certificate validation, Windows consults the CRL distribution point within the certificate to get a list of revoked certificates. Validation compares the current certificate with information in the certificate revocation list to determine if the certificate remains valid. ![Domain Controller Certificate with LDAP CDP.](images/aadj/Certificate-CDP.png) @@ -75,7 +76,7 @@ Certificate authorities write CRL distribution points in certificates as they ar #### Why does Windows need to validate the domain controller certificate? -Windows Hello for Business enforces the strict KDC validation security feature when authenticating from an Azure AD joined device to a domain. This enforcement imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business on an Azure AD joined device, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met: +Windows Hello for Business enforces the strict KDC validation security feature when authenticating from an Azure AD joined device to a domain. This enforcement imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business on an Azure AD joined device, the Windows client validates the reply from the domain controller by ensuring all of the following are met: - The domain controller has the private key for the certificate provided. - The root CA that issued the domain controller's certificate is in the device's **Trusted Root Certificate Authorities**. @@ -212,7 +213,7 @@ The web server is ready to host the CRL distribution point. Now, configure the 4. On the **Extensions** tab, click **Add**. Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share). For example, **\\\app\cdp$\\** (do not forget the trailing backwards slash). 5. Select **\** from the **Variable** list and click **Insert**. Select **\** from the **Variable** list and click **Insert**. Select **\** from the **Variable** list and click **Insert**. 6. Type **.crl** at the end of the text in **Location**. Click **OK**. -7. Select the CDP you just created. +7. Select the CDP you just created.
![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png) 8. Select **Publish CRLs to this location**. 9. Select **Publish Delta CRLs to this location**. @@ -261,7 +262,6 @@ With the CA properly configured with a valid HTTP-based CRL distribution point, 5. Review the information below the list of fields to confirm the new URL for the CRL distribution point is present in the certificate. Click **OK**.
![New Certificate with updated CDP.](images/aadj/dc-cert-with-new-cdp.png) - ## Configure and Assign a Trusted Certificate Device Configuration Profile Your domain controllers have new certificate that include the new CRL distribution point. Next, you need your enterprise root certificate so you can deploy it to Azure AD joined devices. Deploying the enterprise root certificates to the device, ensures the device trusts any certificates issued by the certificate authority. Without the certificate, Azure AD joined devices do not trust domain controller certificates and authentication fails. @@ -281,7 +281,7 @@ Steps you will perform include: ![Details tab and copy to file.](images/aadj/certlm-root-cert-details-tab.png) 6. In the **Certificate Export Wizard**, click **Next**. 7. On the **Export File Format** page of the wizard, click **Next**. -8. On the **File to Export** page in the wizard, type the name and location of the root certificate and click **Next**. Click **Finish** and then click **OK** to close the success dialog box. +8. On the **File to Export** page in the wizard, type the name and location of the root certificate and click **Next**. Click **Finish** and then click **OK** to close the success dialog box.
![Export root certificate.](images/aadj/certlm-export-root-certificate.png) 9. Click **OK** two times to return to the **Certificate Manager** for the local computer. Close the **Certificate Manager**. @@ -315,7 +315,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys. 8. Enter the desired **Minimum PIN length** and **Maximum PIN length**. > [!IMPORTANT] - > The default minimum PIN length for Windows Hello for Business on Windows 10 is six. Microsoft Intune defaults the minimum PIN length to four, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to six. + > The default minimum PIN length for Windows Hello for Business on Windows 10 and Windows 11 is six. Microsoft Intune defaults the minimum PIN length to four, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to six. 9. Select the appropriate configuration for the following settings: * **Lowercase letters in PIN** @@ -325,7 +325,7 @@ Sign-in a workstation with access equivalent to a _domain user_. * **Remember PIN history** > [!NOTE] - > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. + > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. 10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. 11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index e4ada9da90..61eb44f8f8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -20,7 +20,9 @@ ms.reviewer: # Using Certificates for AADJ On-premises Single-sign On **Applies to:** + - Windows 10 +- Windows 11 - Azure Active Directory joined - Hybrid Deployment - Certificate trust @@ -45,7 +47,7 @@ You need to install and configure additional infrastructure to provide Azure AD - An existing Windows Server 2012 R2 or later Enterprise Certificate Authority - A Windows Server 2012 R2 domain joined server that hosts the Network Device Enrollment Services role -### High Availaibilty +### High Availability The Network Device Enrollment Services (NDES) server role acts as a certificate registration authority. Certificate registration servers enroll certificates on behalf of the user. Users request certificates from the NDES service rather than directly from the issuing certificate authority. The architecture of the NDES server prevents it from being clustered or load balanced for high availability. To provide high availability, you need to install more than one identically configured NDES servers and use Microsoft Intune to load balance then (in round-robin fashion). @@ -205,7 +207,7 @@ Sign-in to the issuing certificate authority or management workstations with _Do 10. Click on the **Apply** to save changes and close the console. ### Create an Azure AD joined Windows Hello for Business authentication certificate template -During Windows Hello for Business provisioning, Windows 10 requests an authentication certificate from Microsoft Intune, which requests the authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You use the name of the certificate template when configuring the NDES Server. +During Windows Hello for Business provisioning, Windows requests an authentication certificate from Microsoft Intune, which requests the authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You use the name of the certificate template when configuring the NDES Server. Sign in a certificate authority or management workstations with _Domain Admin equivalent_ credentials. @@ -321,7 +323,7 @@ Sign-in a domain controller with a minimum access equivalent to _Domain Admins_. 3. Select **Trust this user for delegation to specified services only**. 4. Select **Use any authentication protocol**. 5. Click **Add**. -6. Click **Users or Computers...** Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD joined devices. From the **Avaiable services** list, select **HOST**. Click **OK**. +6. Click **Users or Computers...** Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD joined devices. From the **Available services** list, select **HOST**. Click **OK**. ![NDES Service delegation to NDES host.](images/aadjcert/ndessvcdelegation-host-ndes-spn.png) 7. Repeat steps 5 and 6 for each NDES server using this service account. Click **Add**. 8. Click **Users or computers...** Type the name of the issuing certificate authority this NDES service account uses to issue Windows Hello for Business authentication certificates to Azure AD joined devices. From the **Available services** list, select **dcom**. Hold the **CTRL** key and select **HOST**. Click **OK**. @@ -414,11 +416,11 @@ Sign-in a workstation with access equivalent to a _domain user_. 6. Start **AADApplicationProxyConnectorInstaller.exe**. 7. Read the license terms and then select **I agree to the license terms and conditions**. Click **Install**. - ![Azure Application Proxy Connector.](images/aadjcert/azureappproxyconnectorinstall-01.png) + ![Azure Application Proxy Connector: license terms](images/aadjcert/azureappproxyconnectorinstall-01.png) 8. Sign-in to Microsoft Azure with access equivalent to **Global Administrator**. - ![Azure Application Proxy Connector.](images/aadjcert/azureappproxyconnectorinstall-02.png) + ![Azure Application Proxy Connector: sign-in](images/aadjcert/azureappproxyconnectorinstall-02.png) 9. When the installation completes. Read the information regarding outbound proxy servers. Click **Close**. - ![Azure Application Proxy Connector.](images/aadjcert/azureappproxyconnectorinstall-03.png) + ![Azure Application Proxy Connector: read](images/aadjcert/azureappproxyconnectorinstall-03.png) 10. Repeat steps 5 - 10 for each device that will run the Azure AD Application Proxy connector for Windows Hello for Business certificate deployments. #### Create a Connector Group @@ -478,12 +480,12 @@ Sign-in the NDES server with access equivalent to _local administrator_. 1. Start **Internet Information Services (IIS) Manager** from **Administrative Tools**. 2. Expand the node that has the name of the NDES server. Expand **Sites** and select **Default Web Site**. - ![NDES IIS Console.](images/aadjcert/ndes-iis-console.png) + ![NDES IIS Console](images/aadjcert/ndes-iis-console.png) 3. Click **Bindings...*** under **Actions**. Click **Add**. - ![NDES IIS Console.](images/aadjcert/ndes-iis-bindings.png) + ![NDES IIS Console: Add](images/aadjcert/ndes-iis-bindings.png) 4. Select **https** from **Type**. Confirm the value for **Port** is **443**. 5. Select the certificate you previously enrolled from the **SSL certificate** list. Select **OK**. - ![NDES IIS Console.](images/aadjcert/ndes-iis-bindings-add-443.png) + ![NDES IIS Console: Certificate List](images/aadjcert/ndes-iis-bindings-add-443.png) 6. Select **http** from the **Site Bindings** list. Click **Remove**. 7. Click **Close** on the **Site Bindings** dialog box. 8. Close **Internet Information Services (IIS) Manager**. @@ -507,12 +509,12 @@ Sign-in the NDES server with access equivalent to _local administrator_. ``` where **[fqdnHostName]** is the fully qualified internal DNS host name of the NDES server. -A web page similar to the following should appear in your web browser. If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights. You can also review the application event log for events with the **NetworkDeviceEnrollmentSerice** source. +A web page similar to the following should appear in your web browser. If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights. You can also review the application event log for events with the **NetworkDeviceEnrollmentService** source. -![NDES IIS Console.](images/aadjcert/ndes-https-website-test-01.png) +![NDES IIS Console: Source](images/aadjcert/ndes-https-website-test-01.png) Confirm the web site uses the server authentication certificate. -![NDES IIS Console.](images/aadjcert/ndes-https-website-test-01-show-cert.png) +![NDES IIS Console: Confirm](images/aadjcert/ndes-https-website-test-01-show-cert.png) ## Configure Network Device Enrollment Services to work with Microsoft Intune diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 4eed2e7435..cb23b1e6a7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10 +- Windows 11 - Azure Active Directory joined - Hybrid deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 00aa120b98..c9afa19802 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -1,6 +1,6 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business) -description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust depoyments rely on. +description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on. keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: w10 ms.mktglfcycl: deploy @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 9e100bc146..ba0f914fa0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -20,10 +20,10 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust - Your environment is federated and you are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication. > [!IMPORTANT] @@ -33,15 +33,17 @@ Your environment is federated and you are ready to configure device registration >Refer to the [Tutorial: Configure hybrid Azure Active Directory join for federated domains](/azure/active-directory/devices/hybrid-azuread-join-federated-domains) to learn more about setting up Azure Active Directory Connect for a simplified join flow for Azure AD device registration. Use this three-phased approach for configuring device registration. + 1. [Configure devices to register in Azure](#configure-azure-for-device-registration) 2. [Synchronize devices to on-premises Active Directory](#configure-active-directory-to-support-azure-device-synchronization) 3. [Configure AD FS to use cloud devices](#configure-ad-fs-to-use-azure-registered-devices) > [!NOTE] > Before proceeding, you should familiarize yourself with device registration concepts such as: -> * Azure AD registered devices -> * Azure AD joined devices -> * Hybrid Azure AD joined devices +> +> - Azure AD registered devices +> - Azure AD joined devices +> - Hybrid Azure AD joined devices > > You can learn about this and more by reading [Introduction to Device Management in Azure Active Directory.](/azure/active-directory/device-management-introduction) @@ -49,7 +51,8 @@ Use this three-phased approach for configuring device registration. > To use hybrid identity with Azure Active Directory and device WriteBack features, you must use the built-in GUI with the [latest updates for ADConnect](https://www.microsoft.com/download/details.aspx?id=47594). ## Configure Azure for Device Registration -Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD. + +Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD. To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](/azure/active-directory/devices/device-management-azure-portal) @@ -59,7 +62,7 @@ Azure Active Directory is now configured for device registration. Next, you need ### Upgrading Active Directory to the Windows Server 2016 or later Schema -To use Windows Hello for Business with Hybrid Azure AD joined devices, you must first upgrade your Active Directory schema to Windows Server 2016 or later. +To use Windows Hello for Business with Hybrid Azure AD joined devices, you must first upgrade your Active Directory schema to Windows Server 2016 or later. > [!IMPORTANT] > If you already have a Windows Server 2016 or later domain controller in your forest, you can skip **Upgrading Active Directory to the Windows Server 2016 or later Schema** (this section). @@ -82,110 +85,107 @@ Manually updating Active Directory uses the command-line utility **adprep.exe** Sign-in to the domain controller hosting the schema master operational role using enterprise administrator equivalent credentials. -1. Open an elevated command prompt. -2. Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO. -3. To update the schema, type ```adprep /forestprep```. -4. Read the Adprep Warning. Type the letter **C*** and press **Enter** to update the schema. -5. Close the Command Prompt and sign-out. +1. Open an elevated command prompt. +2. Type ```cd /d x:\support\adprep``` where *x* is the drive letter of the DVD or mounted ISO. +3. To update the schema, type ```adprep /forestprep```. +4. Read the Adprep Warning. Type the letter **C*** and press **Enter** to update the schema. +5. Close the Command Prompt and sign-out. > [!NOTE] > If you installed Azure AD Connect prior to upgrading the schema, you will need to re-run the Azure AD Connect installation and refresh the on-premises AD schema to ensure the synchronization rule for msDS-KeyCredentialLink is configured. - ### Setup Active Directory Federation Services + If you are new to AD FS and federation services, you should review [Understanding Key AD FS Concepts](/windows-server/identity/ad-fs/technical-reference/understanding-key-ad-fs-concepts) to prior to designing and deploying your federation service. Review the [AD FS Design guide](/windows-server/identity/ad-fs/design/ad-fs-design-guide-in-windows-server-2012-r2) to plan your federation service. Once you have your AD FS design ready, review [Deploying a Federation Server farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) to configure AD FS in your environment. > [!IMPORTANT] -> During your AD FS deployment, skip the **Configure a federation server with Device Registration Service** and the **Configure Corporate DNS for the Federation Service and DRS** procedures. +> During your AD FS deployment, skip the **Configure a federation server with Device Registration Service** and the **Configure Corporate DNS for the Federation Service and DRS** procedures. The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) #### ADFS Web Proxy ### + Federation server proxies are computers that run AD FS software that have been configured manually to act in the proxy role. You can use federation server proxies in your organization to provide intermediary services between an Internet client and a federation server that is behind a firewall on your corporate network. Use the [Setting of a Federation Proxy](/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment. ### Deploy Azure AD Connect + Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771). When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](/azure/active-directory/connect/active-directory-aadconnect-get-started-custom). Select the **Federation with AD FS** option on the **User sign-in** page. At the **AD FS Farm** page, select the use an existing option and click **Next**. -### Create AD objects for AD FS Device Authentication -If your AD FS farm is not already configured for Device Authentication (you can see this in the AD FS Management console under Service -> Device Registration), use the following steps to create the correct AD DS objects and configuration. +### Create AD objects for AD FS Device Authentication -![Device Registration.](images/hybridct/device1.png) +If your AD FS farm is not already configured for Device Authentication (you can see this in the AD FS Management console under Service -> Device Registration), use the following steps to create the correct AD DS objects and configuration. +![Device Registration: AD FS](images/hybridct/device1.png) > [!NOTE] > The below commands require Active Directory administration tools, so if your federation server is not also a domain controller, first install the tools using step 1 below. Otherwise you can skip step 1. -1. Run the **Add Roles & Features** wizard and select feature **Remote Server Administration Tools** -> **Role Administration Tools** -> **AD DS and AD LDS Tools** -> Choose both the **Active Directory module for Windows PowerShell** and the **AD DS Tools**. - -![Device Registration.](images/hybridct/device2.png) - +1. Run the **Add Roles & Features** wizard and select feature **Remote Server Administration Tools** -> **Role Administration Tools** -> **AD DS and AD LDS Tools** -> Choose both the **Active Directory module for Windows PowerShell** and the **AD DS Tools**. + ![Device Registration: Overview](images/hybridct/device2.png) 2. On your AD FS primary server, ensure you are logged in as AD DS user with enterprise administrator privileges and open an elevated Windows PowerShell prompt. Then, run the following commands: - `Import-module activedirectory` `PS C:\> Initialize-ADDeviceRegistration -ServiceAccountName ""` 3. On the pop-up window click **Yes**. -> [!NOTE] -> If your AD FS service is configured to use a GMSA account, enter the account name in the format "domain\accountname$" + > [!NOTE] + > If your AD FS service is configured to use a GMSA account, enter the account name in the format "domain\accountname$" -![Device Registration.](images/hybridct/device3.png) + ![Device Registration: Domain](images/hybridct/device3.png) + The above PSH creates the following objects: -The above PSH creates the following objects: - -- RegisteredDevices container under the AD domain partition -- Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration -- Device Registration Service DKM container and object under Configuration --> Services --> Device Registration Configuration - -![Device Registration.](images/hybridct/device4.png) + - RegisteredDevices container under the AD domain partition + - Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration + - Device Registration Service DKM container and object under Configuration --> Services --> Device Registration Configuration + ![Device Registration: Tests](images/hybridct/device4.png)
4. Once this is done, you will see a successful completion message. -![Device Registration.](images/hybridct/device5.png) + ![Device Registration: Completion](images/hybridct/device5.png) ### Create Service Connection Point (SCP) in Active Directory -If you plan to use Windows 10 domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS -1. Open Windows PowerShell and execute the following: +If you plan to use Windows domain join (with automatic registration to Azure AD) as described here, execute the following commands to create a service connection point in AD DS + +1. Open Windows PowerShell and execute the following: `PS C:>Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"` -> [!NOTE] -> If necessary, copy the AdSyncPrep.psm1 file from your Azure AD Connect server. This file is located in Program Files\Microsoft Azure Active Directory Connect\AdPrep - -![Device Registration.](images/hybridct/device6.png) + > [!NOTE] + > If necessary, copy the AdSyncPrep.psm1 file from your Azure AD Connect server. This file is located in Program Files\Microsoft Azure Active Directory Connect\AdPrep + ![Device Registration AdPrep](images/hybridct/device6.png) 2. Provide your Azure AD global administrator credentials - `PS C:>$aadAdminCred = Get-Credential` - -![Device Registration.](images/hybridct/device7.png) + `PS C:>$aadAdminCred = Get-Credential` + ![Device Registration: Credential](images/hybridct/device7.png) 3. Run the following PowerShell command `PS C:>Initialize-ADSyncDomainJoinedComputerSync -AdConnectorAccount [AD connector account name] -AzureADCredentials $aadAdminCred` -Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory. + Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory. -The above commands enable Windows 10 clients to find the correct Azure AD domain to join by creating the serviceConnectionpoint object in AD DS. +The above commands enable Windows clients to find the correct Azure AD domain to join by creating the serviceConnectionpoint object in AD DS. ### Prepare AD for Device Write Back To ensure AD DS objects and containers are in the correct state for write back of devices from Azure AD, do the following. -1. Open Windows PowerShell and execute the following: +1. Open Windows PowerShell and execute the following: `PS C:>Initialize-ADSyncDeviceWriteBack -DomainName -AdConnectorAccount [AD connector account name]` -Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory in domain\accountname format + Where the [AD connector account name] is the name of the account you configured in Azure AD Connect when adding your on-premises AD DS directory in domain\accountname format The above command creates the following objects for device write back to AD DS, if they do not exist already, and allows access to the specified AD connector account name - RegisteredDevices container in the AD domain partition - Device Registration Service container and object under Configuration --> Services --> Device Registration Configuration -### Enable Device Write Back in Azure AD Connect +### Enable Device Write Back in Azure AD Connect + If you have not done so before, enable device write back in Azure AD Connect by running the wizard a second time and selecting **"Customize Synchronization Options"**, then checking the box for device write back and selecting the forest in which you have run the above cmdlets ## Configure AD FS to use Azure registered devices @@ -212,17 +212,17 @@ When you're using AD FS, you need to enable the following WS-Trust endpoints: The following claims must exist in the token received by Azure DRS for device registration to complete. Azure DRS will create a device object in Azure AD with some of this information which is then used by Azure AD Connect to associate the newly created device object with the computer account on-premises. -* `http://schemas.microsoft.com/ws/2012/01/accounttype` -* `http://schemas.microsoft.com/identity/claims/onpremobjectguid` -* `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid` +- `http://schemas.microsoft.com/ws/2012/01/accounttype` +- `http://schemas.microsoft.com/identity/claims/onpremobjectguid` +- `http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid` If you have more than one verified domain name, you need to provide the following claim for computers: -* `http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid` +- `http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid` If you are already issuing an ImmutableID claim (e.g., alternate login ID) you need to provide one corresponding claim for computers: -* `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID` +- `http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID` In the following sections, you find information about: @@ -238,6 +238,8 @@ The definition helps you to verify whether the values are present or if you need **`http://schemas.microsoft.com/ws/2012/01/accounttype`** - This claim must contain a value of **DJ**, which identifies the device as a domain-joined computer. In AD FS, you can add an issuance transform rule that looks like this: +```powershell + @RuleName = "Issue account type for domain-joined computers" c:[ Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", @@ -248,11 +250,14 @@ The definition helps you to verify whether the values are present or if you need Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Value = "DJ" ); +``` #### Issue objectGUID of the computer account on-premises **`http://schemas.microsoft.com/identity/claims/onpremobjectguid`** - This claim must contain the **objectGUID** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this: +```powershell + @RuleName = "Issue object GUID for domain-joined computers" c1:[ Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", @@ -270,11 +275,14 @@ The definition helps you to verify whether the values are present or if you need query = ";objectguid;{0}", param = c2.Value ); +``` #### Issue objectSID of the computer account on-premises **`http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid`** - This claim must contain the **objectSid** value of the on-premises computer account. In AD FS, you can add an issuance transform rule that looks like this: +```powershell + @RuleName = "Issue objectSID for domain-joined computers" c1:[ Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", @@ -287,11 +295,14 @@ The definition helps you to verify whether the values are present or if you need Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$" ] => issue(claim = c2); +``` #### Issue issuerID for computer when multiple verified domain names in Azure AD **`http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`** - This claim must contain the Uniform Resource Identifier (URI) of any of the verified domain names that connect with the on-premises federation service (AD FS or 3rd party) issuing the token. In AD FS, you can add issuance transform rules that look like the ones below in that specific order after the ones above. Please note that one rule to explicitly issue the rule for users is necessary. In the rules below, a first rule identifying user vs. computer authentication is added. +```powershell + @RuleName = "Issue account type with the value User when it is not a computer" NOT EXISTS( @@ -333,7 +344,7 @@ The definition helps you to verify whether the values are present or if you need Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = "http:///adfs/services/trust/" ); - +``` In the claim above, @@ -341,12 +352,14 @@ In the claim above, - `` is a placeholder you need to replace with one of your verified domain names in Azure AD For more details about verified domain names, see [Add a custom domain name to Azure Active Directory](/azure/active-directory/active-directory-add-domain). -To get a list of your verified company domains, you can use the [Get-MsolDomain](/powershell/module/msonline/get-msoldomain?view=azureadps-1.0) cmdlet. +To get a list of your verified company domains, you can use the [Get-MsolDomain](/powershell/module/msonline/get-msoldomain?view=azureadps-1.0&preserve-view=true) cmdlet. #### Issue ImmutableID for computer when one for users exist (e.g. alternate login ID is set) **`http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID`** - This claim must contain a valid value for computers. In AD FS, you can create an issuance transform rule as follows: +```powershell + @RuleName = "Issue ImmutableID for computers" c1:[ Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", @@ -364,11 +377,14 @@ To get a list of your verified company domains, you can use the [Get-MsolDomain] query = ";objectguid;{0}", param = c2.Value ); +``` #### Helper script to create the AD FS issuance transform rules The following script helps you with the creation of the issuance transform rules described above. +```powershell + $multipleVerifiedDomainNames = $false $immutableIDAlreadyIssuedforUsers = $false $oneOfVerifiedDomainNames = 'example.com' # Replace example.com with one of your verified domains @@ -487,28 +503,29 @@ The following script helps you with the creation of the issuance transform rules $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString +``` - -#### Remarks +#### Remarks - This script appends the rules to the existing rules. Do not run the script twice because the set of rules would be added twice. Make sure that no corresponding rules exist for these claims (under the corresponding conditions) before running the script again. - If you have multiple verified domain names (as shown in the Azure AD portal or via the Get-MsolDomains cmdlet), set the value of **$multipleVerifiedDomainNames** in the script to **$true**. Also make sure that you remove any existing issuerid claim that might have been created by Azure AD Connect or via other means. Here is an example for this rule: - -~~~ + ```Claims Rule Language c:[Type == "http://schemas.xmlsoap.org/claims/UPN"] => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid", Value = regexreplace(c.Value, ".+@(?.+)", "http://${domain}/adfs/services/trust/")); -~~~ + ``` - If you have already issued an **ImmutableID** claim for user accounts, set the value of **$immutableIDAlreadyIssuedforUsers** in the script to **$true**. -#### Configure Device Authentication in AD FS +#### Configure Device Authentication in AD FS + Using an elevated PowerShell command window, configure AD FS policy by executing the following command `PS C:>Set-AdfsGlobalAuthenticationPolicy -DeviceAuthenticationEnabled $true -DeviceAuthenticationMethod SignedToken` -#### Check your configuration +#### Check your configuration + For your reference, below is a comprehensive list of the AD DS devices, containers and permissions required for device write-back and authentication to work - object of type ms-DS-DeviceContainer at CN=RegisteredDevices,DC=<domain> @@ -517,7 +534,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe - Container CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=<domain> - Container Device Registration Service DKM under the above container -![Device Registration.](images/hybridct/device8.png) + ![Device Registration: Container](images/hybridct/device8.png) - object of type serviceConnectionpoint at CN=<guid>, CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=<domain> - read/write access to the specified AD connector account name on the new object @@ -531,9 +548,10 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
## Follow the Windows Hello for Business hybrid certificate trust deployment guide + 1. [Overview](hello-hybrid-cert-trust.md) 2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. Configure Azure Device Registration (*You are here*) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) -6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) \ No newline at end of file +6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 28ff8d49c6..228747d35b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust @@ -56,7 +57,7 @@ Review these requirements and those from the Windows Hello for Business planning
## Public Key Infrastructure ## -The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller. +The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows devices to trust the domain controller. Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 4de8c1ff50..9cd1d4350b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 35bd16ed3e..e7082740c2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -1,6 +1,6 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business) -description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Businesss. +description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index eeb5ed60a9..2a261013b9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 880a1fa1cc..398d31c3d6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -21,6 +21,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index b835c4fad1..c48e5ae621 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -17,10 +17,11 @@ ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization +# Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 98cb3003ec..53d6fd45a0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -17,11 +17,12 @@ ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure +# Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid Deployment - Certificate Trust @@ -164,7 +165,7 @@ Sign-in to a certificate authority or management workstation with *Domain Admin* ### Creating Windows Hello for Business authentication certificate template -During Windows Hello for Business provisioning, a Windows 10 client requests an authentication certificate from the Active Directory Federation Service, which requests an authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You set the name of the certificate template when configuring it. +During Windows Hello for Business provisioning, a Windows client requests an authentication certificate from the Active Directory Federation Service, which requests an authentication certificate on behalf of the user. This task configures the Windows Hello for Business authentication certificate template. You set the name of the certificate template when configuring it. Sign-in to a certificate authority or management workstation with _Domain Admin equivalent_ credentials. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 9ddd57ccd7..519afac582 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -16,18 +16,19 @@ localizationpriority: medium ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy +# Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust ## Policy Configuration -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). -Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. +You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). +Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. @@ -161,9 +162,9 @@ The default Windows Hello for Business enables users to enroll and use biometric ### PIN Complexity -PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. +PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. -Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: +Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: * Require digits * Require lowercase letters * Maximum PIN length diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 73d00fcc58..a56e989ba6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Certificate trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index a72c7e9f5e..bb3de61241 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 741d1cd8fc..713fcd89a5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index a74ecbe0cb..5acfb06f68 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index b245d6282d..95442ae6dd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust @@ -31,7 +32,7 @@ The distributed systems on which these technologies were built involved several * [Public Key Infrastructure](#public-key-infrastructure) * [Directory Synchronization](#directory-synchronization) * [Federation](#federation-with-azure) -* [MultiFactor Authentication](#multifactor-authentication) +* [Multifactor authentication](#multifactor-authentication) * [Device Registration](#device-registration) ## Directories @@ -61,7 +62,7 @@ Review these requirements and those from the Windows Hello for Business planning
## Public Key Infrastructure -The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller. +The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows devices to trust the domain controller. Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index d8a1b0a961..93903312e5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -21,6 +21,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index e60e0b15f0..8d412b86f0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index c34af8b4ca..0f8a916c18 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index b5a7d75097..28f3658a43 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 11ea807b5c..bc2ae4f46c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -22,6 +22,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid Deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 4e90347c72..3cdd96f898 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -20,20 +20,21 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust ## Policy Configuration -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). -Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. +You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). +Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. -Hybrid Azure AD joined devices needs one Group Policy settings: +Hybrid Azure AD joined devices needs one Group Policy setting: * Enable Windows Hello for Business ### Configure Domain Controllers for Automatic Certificate Enrollment @@ -75,7 +76,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory > [!NOTE] -> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows 10 device settings to enable Windows Hello for Business in Intune](/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources) +> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more details about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune](/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more details about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources) #### Enable Windows Hello for Business @@ -139,12 +140,12 @@ The default Windows Hello for Business enables users to enroll and use biometric ### PIN Complexity -PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. +PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. >[!IMPORTANT] -> Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under **Computer Configuration\Administrative Templates\System\PIN Complexity** of the Group Policy editor. +> Starting from Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under **Computer Configuration\Administrative Templates\System\PIN Complexity** of the Group Policy editor. -Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: +Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: * Require digits * Require lowercase letters * Maximum PIN length diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 72ae9b3df4..b4a6ed10da 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later +- Windows 11 - Hybrid deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index ddb05b73ac..3660d85201 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -24,10 +24,10 @@ This article lists the infrastructure requirements for the different deployment ## Cloud Only Deployment -* Windows 10, version 1511 or later +* Windows 10, version 1511 or later, or Windows 11 * Microsoft Azure Account * Azure Active Directory -* Azure AD Multi-Factor Authentication +* Azure AD Multifactor Authentication * Modern Management (Intune or supported third-party MDM), *optional* * Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 4e83f31ec3..7423caec53 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -16,10 +16,11 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Prepare and Deploy Windows Server 2016 Active Directory Federation Services +# Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Key trust @@ -101,7 +102,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. 8. Click **Next** on the **Active Directory Federation Service** page. 9. Click **Install** to start the role installation. -## Review +## Review to validate Before you continue with the deployment, validate your deployment progress by reviewing the following items: * Confirm the AD FS farm uses the correct database configuration. @@ -213,7 +214,7 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. Th 3. In the details pane, click **Configure Device Registration**. 4. In the **Configure Device Registration** dialog, click **OK**. -## Review +## Review and validate Before you continue with the deployment, validate your deployment progress by reviewing the following items: * Confirm you followed the correct procedures based on the domain controllers used in your deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 8042bad1d8..116c9ba6ab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -16,16 +16,17 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Configure Windows Hello for Business Policy settings +# Configure Windows Hello for Business Policy settings - Key Trust **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Key trust -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). -Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. +You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). +Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows 10, version 1703 installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. @@ -35,7 +36,7 @@ On-premises certificate-based deployments of Windows Hello for Business needs on The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users. -If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows 10. +If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows. ## Create the Windows Hello for Business Group Policy object @@ -92,9 +93,9 @@ The default Windows Hello for Business enables users to enroll and use biometric ### PIN Complexity -PIN complexity is not specific to Windows Hello for Business. Windows 10 enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. +PIN complexity is not specific to Windows Hello for Business. Windows enables users to use PINs outside of Windows Hello for Business. PIN Complexity Group Policy settings apply to all uses of PINs, even when Windows Hello for Business is not deployed. -Windows 10 provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: +Windows provides eight PIN Complexity Group Policy settings that give you granular control over PIN creation and management. You can deploy these policy settings to computers, where they affect all users creating PINs on that computer; or, you can deploy these settings to users, where they affect those users creating PINs regardless of the computer they use. If you deploy both computer and user PIN complexity Group Policy settings, the user policy settings have precedence over computer policy settings. Also, this conflict resolution is based on the last applied policy. Windows does not merge the policy settings automatically; however, you can deploy Group Policy to provide to accomplish a variety of configurations. The policy settings included are: * Require digits * Require lowercase letters * Maximum PIN length diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index c2c52074f8..943e611e93 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -16,10 +16,11 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate Active Directory prerequisites +# Validate Active Directory prerequisites - Key Trust **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 90a492218c..349b328807 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -16,14 +16,15 @@ localizationpriority: medium ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Deploy Multi-factor Authentication (MFA) +# Validate and Deploy Multifactor Authentication (MFA) > [!IMPORTANT] -> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. +> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Key trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 08e787ef60..d4e87e620e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -17,10 +17,11 @@ ms.date: 08/19/2018 ms.reviewer: --- -# Validate and Configure Public Key Infrastructure +# Validate and Configure Public Key Infrastructure - Key Trust **Applies to** - Windows 10, version 1703 or later +- Windows 11 - On-premises deployment - Key trust @@ -114,7 +115,7 @@ The certificate template is configured to supersede all the certificate template ### Configure an Internal Web Server Certificate template -Windows 10 clients use the https protocol when communicating with Active Directory Federation Services. To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. +Windows clients use the https protocol when communicating with Active Directory Federation Services. To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index ab8e875aaa..5c7129efd6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -1,5 +1,5 @@ --- -title: Manage Windows Hello in your organization (Windows 10) +title: Manage Windows Hello in your organization (Windows) description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10. ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8 ms.reviewer: @@ -22,6 +22,7 @@ ms.date: 1/20/2021 **Applies to** - Windows 10 +- Windows 11 You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10. diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 1a2b17c308..cd38c11105 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -1,7 +1,7 @@ --- -title: Windows Hello for Business Overview (Windows 10) +title: Windows Hello for Business Overview (Windows) ms.reviewer: An overview of Windows Hello for Business -description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10. +description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy @@ -20,6 +20,7 @@ localizationpriority: medium **Applies to** - Windows 10 +- Windows 11 In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. @@ -47,7 +48,7 @@ As an administrator in an enterprise or educational organization, you can create Windows Hello provides reliable, fully integrated biometric authentication based on facial recognition or fingerprint matching. Windows Hello uses a combination of special infrared (IR) cameras and software to increase accuracy and guard against spoofing. Major hardware vendors are shipping devices that have integrated Windows Hello-compatible cameras. Fingerprint reader hardware can be used or added to devices that don't currently have it. On devices that support Windows Hello, an easy biometric gesture unlocks users' credentials. - **Facial recognition**. This type of biometric recognition uses special cameras that see in IR light, which allows them to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major laptop manufacturers are incorporating it into their devices, as well. -- **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10. +- **Fingerprint recognition**. This type of biometric recognition uses a capacitive fingerprint sensor to scan your fingerprint. Fingerprint readers have been available for Windows computers for years, but the current generation of sensors is significantly more reliable and less error-prone. Most existing fingerprint readers (whether external or integrated into laptops or USB keyboards) work with Windows 10 and Windows 11. Windows stores biometric data that is used to implement Windows Hello securely on the local device only. The biometric data doesn't roam and is never sent to external devices or servers. Because Windows Hello only stores biometric identification data on the device, there's no single collection point an attacker can compromise to steal biometric data. For more information about biometric authentication with Windows Hello for Business, see [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md). diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 9bec345719..617be85699 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -21,6 +21,7 @@ ms.reviewer: **Applies to** - Windows 10 +- Windows 11 Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure. @@ -145,9 +146,9 @@ Modern management is an emerging device management paradigm that leverages the c ### Client -Windows Hello for Business is an exclusive Windows 10 feature. As part of the Windows as a Service strategy, Microsoft has improved the deployment, management, and user experience with each new release of Windows 10 and introduced support for new scenarios. +Windows Hello for Business is an exclusive Windows 10 and Windows 11 feature. As part of the Windows as a Service strategy, Microsoft has improved the deployment, management, and user experience with each new release of Windows and introduced support for new scenarios. -Most deployment scenarios require a minimum of Windows 10, version 1511, also known as the November Update. The client requirement may change based on different components in your existing infrastructure, or other infrastructure choices made later in planning your deployment. Those components and choices may require a minimum client running Windows 10, version 1703, also known as the Creators Update. +Most deployment scenarios require a minimum of Windows 10, version 1511, also known as the November Update. The client requirement may change based on different components in your existing infrastructure, or other infrastructure choices made later in planning your deployment. Those components and choices may require a minimum client running Windows 10, version 1703, also known as the Creators Update. ### Active Directory @@ -156,7 +157,7 @@ Hybrid and on-premises deployments include Active Directory as part of their inf ### Public Key Infrastructure -The Windows Hello for Business deployment depends on an enterprise public key infrastructure as a trust anchor for authentication. Domain controllers for hybrid and on-premises deployments need a certificate in order for Windows 10 devices to trust the domain controller as legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources. +The Windows Hello for Business deployment depends on an enterprise public key infrastructure as a trust anchor for authentication. Domain controllers for hybrid and on-premises deployments need a certificate in order for Windows devices to trust the domain controller as legitimate. Deployments using the certificate trust type need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. Hybrid deployments may need to issue VPN certificates to users to enable connectivity on-premises resources. ### Cloud @@ -267,7 +268,7 @@ If you use modern management for both domain and non-domain joined devices, writ ### Client -Windows Hello for Business is a feature exclusive to Windows 10. Some deployments and features are available using earlier versions of Windows 10. Others need the latest versions. +Windows Hello for Business is a feature exclusive to Windows 10 and Windows 11. Some deployments and features are available using earlier versions of Windows 10. Others need the latest versions. If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in box **3a** on your planning worksheet. Optionally, you may write **1511 or later** in box **3b** on your planning worksheet if you plan to manage non-domain joined devices. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index e7d6a0cea8..bf0a6af0ea 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -1,5 +1,5 @@ --- -title: Prepare people to use Windows Hello (Windows 10) +title: Prepare people to use Windows Hello (Windows) description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization. ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B ms.reviewer: @@ -22,6 +22,7 @@ ms.date: 08/19/2018 **Applies to** - Windows 10 +- Windows 11 When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization by explaining how to use Hello. diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index c53586ff18..0f47042799 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -1,6 +1,6 @@ --- title: Windows Hello for Business Videos -description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10. +description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: w10 ms.mktglfcycl: deploy @@ -20,6 +20,7 @@ ms.reviewer: **Applies to** - Windows 10 +- Windows 11 ## Overview of Windows Hello for Business and Features diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index d74bd61baa..738db8c9bd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -1,5 +1,5 @@ --- -title: Why a PIN is better than a password (Windows 10) +title: Why a PIN is better than a password (Windows) description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password . ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212 ms.reviewer: @@ -23,6 +23,7 @@ ms.date: 10/23/2017 **Applies to** - Windows 10 +- Windows 11 Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password? On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works. diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index a17d30b55f..73aab32a55 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,6 +1,6 @@ --- title: Microsoft-compatible security key -description: Learn how a Microsoft-compatible security key for Windows 10 is different (and better) than any other FIDO2 security key. +description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. keywords: FIDO2, security key, CTAP, Hello, WHFB ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 2b1c101fc0..f7bb6e7722 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -1,6 +1,6 @@ --- title: Passwordless Strategy -description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10. +description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11. keywords: identity, PIN, biometric, Hello, passport, video, watch, passwordless ms.prod: w10 ms.mktglfcycl: deploy @@ -25,7 +25,7 @@ Over the past few years, Microsoft has continued their commitment to enabling a ### 1. Develop a password replacement offering -Before you move away from passwords, you need something to replace them. With Windows 10, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory. +Before you move away from passwords, you need something to replace them. With Windows 10 and Windows 11, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory. Deploying Windows Hello for Business is the first step towards a passwordless environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it. @@ -38,7 +38,7 @@ Once the user-visible password surface has been eliminated, your organization ca - the users never change their password - the users do not know their password -In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. +In this world, the user signs in to Windows using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business. ### 4. Eliminate passwords from the identity directory The final step of the passwordless story is where passwords simply do not exist. At this step, identity directories no longer persist any form of the password. This is where Microsoft achieves the long-term security promise of a truly passwordless environment. @@ -139,7 +139,7 @@ The journey to password freedom is to take each work persona through each step o After successfully moving a work persona to password freedom, you can prioritize the remaining work personas and repeat the process. ### Passwordless replacement offering (Step 1) -The first step to password freedom is providing an alternative to passwords. Windows 10 provides an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. +The first step to password freedom is providing an alternative to passwords. Windows 10 and Windows 11 provide an affordable and easy in-box alternative to passwords, Windows Hello for Business, a strong, two-factor authentication to Azure Active Directory and Active Directory. #### Identify test users that represent the targeted work persona A successful transition relies on user acceptance testing. It is impossible for you to know how every work persona goes about their day-to-day activities, or how to accurately validate them. You need to enlist the help of users who fit the targeted work persona. You only need a few users from the targeted work persona. As you cycle through step 2, you may want to change a few of the users (or add a few) as part of your validation process. diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 732dff8677..92a7af375c 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -1,6 +1,6 @@ --- title: Reset-security-key -description: Windows�10 enables users to sign in to their device using a security key. How to reset a security key +description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key keywords: FIDO2, security key, CTAP, Microsoft-compatible security key ms.prod: w10 ms.mktglfcycl: deploy @@ -24,14 +24,14 @@ ms.reviewer: >This operation will wipe everything from your security key and reset it to factory defaults.
**All data and credentials will be cleared.** -A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app ( Settings > Accounts > Sign-in options > Security key ). +A [Microsoft-compatible security key](./microsoft-compatible-security-key.md) can be reset via Settings app (Settings > Accounts > Sign-in options > Security key).
Follow the instructions in the Settings app and look for specific instructions based on your security key manufacturer below: |Security key manufacturer
| Reset instructions
| | --- | --- | -|Yubico | **USB:** Remove and re-insert the security key. When the LED on the security key begins flashing, touch the metal contact
**NFC:** Tap the security key on the reader
| +|Yubico | **USB:** Remove and reinsert the security key. When the LED on the security key begins flashing, touch the metal contact
**NFC:** Tap the security key on the reader
| |Feitian | Touch the blinking fingerprint sensor twice to reset the key| |HID | Tap the card on the reader twice to reset it | diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 2ad3bb1f3b..d90093aab8 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -1,5 +1,5 @@ --- -title: How Windows Hello for Business works (Windows 10) +title: How Windows Hello for Business works (Windows) description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business. ms.prod: w10 ms.mktglfcycl: deploy @@ -13,11 +13,13 @@ ms.reviewer: manager: dansimp ms.topic: article --- -# How Windows Hello for Business works +# How Windows Hello for Business works in Windows devices **Applies to** -- Windows 10 -- Windows 10 Mobile + +- Windows 10 +- Windows 11 +- Windows 10 Mobile Windows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process. @@ -30,15 +32,15 @@ A goal of device registration is to allow a user to open a brand-new device, sec The registration process works like this: -1. The user configures an account on the device. This account can be a local account on the device, a domain account stored in the on-premises Active Directory domain, a Microsoft account, or an Azure AD account. For a new device, this step may be as simple as signing in with a Microsoft account. Signing in with a Microsoft account on a Windows 10 device automatically sets up Windows Hello on the device; users don’t have to do anything extra to enable it. +1. The user configures an account on the device. This account can be a local account on the device, a domain account stored in the on-premises Active Directory domain, a Microsoft account, or an Azure AD account. For a new device, this step may be as simple as signing in with a Microsoft account. Signing in with a Microsoft account on a Windows 10 or Windows 11 device automatically sets up Windows Hello on the device; users don’t have to do anything extra to enable it. 2. To sign in using that account, the user has to enter the existing credentials for it. The identity provider (IDP) that “owns” the account receives the credentials and authenticates the user. This IDP authentication may include the use of an existing second authentication factor, or proof. For example, a user who registers a new device by using an Azure AD account will have to provide an SMS-based proof that Azure AD sends. 3. When the user has provided the proof to the IDP, the user enables PIN authentication. The PIN will be associated with this particular credential. When the user sets the PIN, it becomes usable immediately The PIN chosen is associated with the combination of the active account and that specific device. The PIN must comply with whatever length and complexity policy the account administrator has configured; this policy is enforced on the device side. Other registration scenarios that Windows Hello supports are: - A user who upgrades from the Windows 8.1 operating system will sign in by using the existing enterprise password. That triggers a second authentication factor from the IDP side (if required); after receiving and returning a proof, such as a text message or voice code, the IDP authenticates the user to the upgraded Windows 10 device, and the user can set his or her PIN. -- A user who typically uses a smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 device the user has not previously signed in to. -- A user who typically uses a virtual smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 device the user has not previously signed in to. +- A user who typically uses a smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 or Windows 11 device the user has not previously signed in to. +- A user who typically uses a virtual smart card to sign in will be prompted to set up a PIN the first time he or she signs in to a Windows 10 and Windows 11 device the user has not previously signed in to. When the user has completed this process, Windows Hello generates a new public–private key pair on the device. The TPM generates and protects this private key; if the device doesn’t have a TPM, the private key is encrypted and stored in software. This initial key is referred to as the protector key. It’s associated only with a single gesture; in other words, if a user registers a PIN, a fingerprint, and a face on the same device, each of those gestures will have a unique protector key. Each unique gesture generates a unique protector key. The protector key securely wraps the authentication key. The container has only one authentication key, but there can be multiple copies of that key wrapped with different unique protector keys. Windows Hello also generates an administrative key that the user or administrator can use to reset credentials, when necessary. In addition to the protector key, TPM-enabled devices generate a block of data that contains attestations from the TPM. @@ -46,7 +48,7 @@ At this point, the user has a PIN gesture defined on the device and an associate ## What’s a container? -You’ll often hear the term *container* used in reference to mobile device management (MDM) solutions. Windows Hello uses the term, too, but in a slightly different way. Container in this context is shorthand for a logical grouping of key material or data. Windows 10 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user’s Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. +You’ll often hear the term *container* used in reference to mobile device management (MDM) solutions. Windows Hello uses the term, too, but in a slightly different way. Container in this context is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user’s Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. The container holds enterprise credentials only on devices that have been registered with an organization; it contains key material for the enterprise IDP, such as on-premises Active Directory or Azure AD. diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index b1b0dbf35b..f45d596295 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -14,15 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Advanced security audit policy settings -**Applies to** -- Windows 10 - This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate. The security audit policy settings under **Security Settings\\Advanced Audit Policy Configuration** can help your organization audit compliance with important business-related and security-related rules by tracking precisely defined activities, such as: diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 61dfe3d07c..92cfb0b820 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -15,14 +15,13 @@ metadata: audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual - ms.date: 04/19/2017 + ms.date: 09/06/2021 ms.technology: mde title: Advanced security auditing FAQ -summary: | - **Applies to** - - Windows 10 - + + + This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 691956d81c..2e9d3a84f1 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -14,15 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/6/2021 ms.technology: mde --- # Advanced security audit policies -**Applies to** -- Windows 10 - Advanced security audit policy settings are found in **Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies** and appear to overlap with basic security audit policies, but they are recorded and applied differently. When you apply basic audit policy settings to the local computer by using the Local Security Policy snap-in, you are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe. In Windows 7 and later, advanced security audit policies can be controlled by using Group Policy. diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index c892db7b11..d092d91f72 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # Appendix A: Security monitoring recommendations for many audit events -**Applies to** -- Windows 10 -- Windows Server 2016 - This document, the [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) reference, provides information about individual audit events, and lists them within audit categories and subcategories. However, there are many events for which the following overall recommendations apply. There are links throughout this document from the “Recommendations” sections of the relevant events to this appendix. diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 2d63b25eb8..331e40c490 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -14,15 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 07/25/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Apply a basic audit policy on a file or folder -**Applies to** -- Windows 10 - You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. To complete this procedure, you must be signed in as a member of the built-in Administrators group or have **Manage auditing and security log** rights. diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 77f8126a98..4837398076 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -11,17 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 07/16/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Account Lockout -**Applies to** -- Windows 10 -- Windows Server 2016 - - Audit Account Lockout enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index 7e8adee87d..c2f603a680 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Application Generated -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Application Generated generates events for actions related to Authorization Manager [applications](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770563(v=ws.11)). Audit Application Generated subcategory is out of scope of this document, because [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)) is very rarely in use and it is deprecated starting from Windows Server 2012. diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 647f8e28b6..7fefa5c73c 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Application Group Management -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Application Group Management generates events for actions related to [application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)), such as group creation, modification, addition or removal of group member and some other actions. [Application groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771579(v=ws.11)) are used by [Authorization Manager](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc726036(v=ws.11)). diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 1ac2a40f94..3828ec83b4 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Audit Policy Change -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Audit Policy Change determines whether the operating system generates audit events when changes are made to audit policy. diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 8bf74ed78f..07e3af496b 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -11,17 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Authentication Policy Change -**Applies to** -- Windows 10 -- Windows Server 2016 - - Audit Authentication Policy Change determines whether the operating system generates audit events when changes are made to authentication policy. Changes made to authentication policy include: diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index c00445582a..20750fbbe9 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -11,17 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Authorization Policy Change -**Applies to** -- Windows 10 -- Windows Server 2016 - - Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects. | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index d63d07634a..ed8737a5d1 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -11,17 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Central Access Policy Staging -**Applies to** -- Windows 10 -- Windows Server 2016 - - Audit Central Access Policy Staging allows you to audit access requests where a permission granted or denied by a proposed policy differs from the current central access policy on an object. If you configure this policy setting, an audit event is generated each time a user accesses an object and the permission granted by the current central access policy on the object differs from that granted by the proposed policy. The resulting audit event is generated as follows: diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 82fe1eac16..655f1fbbbc 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Certification Services -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Certification Services determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed. Examples of AD CS operations include: diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 677244f857..1a3c91c1a9 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Computer Account Management -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Computer Account Management determines whether the operating system generates audit events when a computer account is created, changed, or deleted. diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index 4fdf9060db..4bde8f1ddb 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Credential Validation -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Credential Validation determines whether the operating system generates audit events on credentials that are submitted for a user account logon request. diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index a6f472d018..593eb8718d 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Detailed Directory Service Replication -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers. diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 4428aad464..92b53125a2 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Detailed File Share -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Detailed File Share allows you to audit attempts to access files and folders on a shared folder. diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index 608ddbfc4f..bceb0bc1d1 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Directory Service Access -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Directory Service Access determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed. diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index 2141bbae5e..a2290c487c 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Directory Service Changes -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Directory Service Changes determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS). diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index df8ddc7f12..8bbcc73020 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Directory Service Replication -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Directory Service Replication determines whether the operating system generates audit events when replication between two domain controllers begins and ends. diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 352eea4cfe..18f52d6dea 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Distribution Group Management -**Applies to** -- Windows 10 -- Windows Server 2016 Audit Distribution Group Management determines whether the operating system generates audit events for specific distribution-group management tasks. diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index 9661ffe602..ce489d62ac 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit DPAPI Activity -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit [DPAPI](/previous-versions/ms995355(v=msdn.10)) Activity determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface ([DPAPI](/previous-versions/ms995355(v=msdn.10))). diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 88b51b6a3f..97c2332179 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit File Share -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit File Share allows you to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 98f61fc786..17787cf470 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit File System -**Applies to** -- Windows 10 -- Windows Server 2016 > [!NOTE] > For more details about applicability on older operating system versions, read the article [Audit File System](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn319068(v=ws.11)). diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index e4829f1e56..7e0478f79f 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Filtering Platform Connection -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Filtering Platform Connection determines whether the operating system generates audit events when connections are allowed or blocked by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page). diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index d6131681ec..dae76cc66f 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Filtering Platform Packet Drop -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Filtering Platform Packet Drop determines whether the operating system generates audit events when packets are dropped by the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page). diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index b3a9837cd5..8a77aee208 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Filtering Platform Policy Change -**Applies to** -- Windows 10 -- Windows Server 2016 Audit Filtering Platform Policy Change allows you to audit events generated by changes to the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) (WFP), such as the following: diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index 37a86a6424..904bc669cb 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Group Membership -**Applies to** -- Windows 10 -- Windows Server 2016 By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer. diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index e82188ac78..1003455f12 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Handle Manipulation -**Applies to** -- Windows 10 -- Windows Server 2016 Audit Handle Manipulation enables generation of “4658: The handle to an object was closed” in [Audit File System](audit-file-system.md), [Audit Kernel Object](audit-kernel-object.md), [Audit Registry](audit-registry.md), [Audit Removable Storage](audit-removable-storage.md) and [Audit SAM](audit-sam.md) subcategories, and shows object’s handle duplication and close actions. diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 606acf77a3..108d9f2155 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 10/02/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Audit IPsec Driver -**Applies to** -- Windows 10 -- Windows Server 2016 Audit IPsec Driver allows you to audit events generated by IPSec driver such as the following: diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 179c4e5e22..502f29b57d 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 10/02/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Audit IPsec Extended Mode -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit IPsec Extended Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index 092717cc70..c3f71a182d 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 10/02/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Audit IPsec Main Mode -**Applies to** -- Windows 10 -- Windows Server 2016 Audit IPsec Main Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index fefab72132..0424935c98 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 10/02/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Audit IPsec Quick Mode -**Applies to** -- Windows 10 -- Windows Server 2016 Audit IPsec Quick Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index 14495b2794..ac184cba5f 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Kerberos Authentication Service -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Kerberos Authentication Service determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests. diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 3bbaa165ef..788a0eccd6 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Kerberos Service Ticket Operations -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Kerberos Service Ticket Operations determines whether the operating system generates security audit events for Kerberos service ticket requests. diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index f93ad96e33..f0329f57a4 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Kernel Object -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Kernel Object determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores. diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index a07a10fd9a..eadeed6ed8 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 07/16/2018 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Logoff -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated. diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index e87dd6ad1d..b6b71c23f6 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Logon -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Logon determines whether the operating system generates audit events when a user attempts to log on to a computer. diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index 5107277a3d..ff61afa77f 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit MPSSVC Rule-Level Policy Change -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit MPSSVC Rule-Level Policy Change determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe). diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index d6ac9d53e5..016e6d53d7 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Network Policy Server -**Applies to** -- Windows 10 -- Windows Server 2016 Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 8cf59016dd..7ef4be2fc3 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Non-Sensitive Privilege Use -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges: diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 39fa1e83de..774bedd202 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -1,6 +1,6 @@ --- title: Audit Other Account Logon Events (Windows 10) -description: The policy setting, Audit Other Account Logon Events, allows you to audit events generated by responses to credential requests for certain kinds of user logons. +description: The policy setting, Audit Other Account Logon Events allows you to audit events when generated by responses to credential requests for certain kinds of user logons. ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3 ms.reviewer: manager: dansimp @@ -11,24 +11,19 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other Account Logon Events -**Applies to** -- Windows 10 -- Windows Server 2016 - - **General Subcategory Information:** This auditing subcategory does not contain any events. It is intended for future use. | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | No | No | No | No | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. | -| Member Server | No | No | No | No | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. | -| Workstation | No | No | No | No | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. | +| Domain Controller | No | No | No | No | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. | +| Member Server | No | No | No | No | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. | +| Workstation | No | No | No | No | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. | diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index bb5d7120a3..bab6689283 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other Account Management Events -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Other Account Management Events determines whether the operating system generates user account management audit events. diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index c123e22ef8..032d65589e 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other Logon/Logoff Events -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events. diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index a485aa2d07..1a82bd54e1 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 05/29/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other Object Access Events -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Other Object Access Events allows you to monitor operations with scheduled tasks, COM+ objects and indirect object access requests. diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 5f55e34285..61ed449132 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other Policy Change Events -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Other Policy Change Events contains events about EFS Data Recovery Agent policy changes, changes in Windows Filtering Platform filter, status on Security policy settings updates for local Group Policy settings, Central Access Policy changes, and detailed troubleshooting events for Cryptographic Next Generation (CNG) operations. diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index 7e8dea77c3..ed0e6fde50 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other Privilege Use Events -**Applies to** -- Windows 10 -- Windows Server 2016 This auditing subcategory should not have any events in it, but for some reason Success auditing will enable the generation of event [4985(S): The state of a transaction has changed](/windows/security/threat-protection/auditing/event-4985). diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index 7554066d42..8762fb22fc 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -11,17 +11,13 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Other System Events -**Applies to** -- Windows 10 -- Windows Server 2016 - - + Audit Other System Events contains Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures. Audit Other System Events determines whether the operating system audits various system events. diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 16b696e3a2..23779f6a95 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit PNP Activity -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit PNP Activity determines when Plug and Play detects an external device. diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 456c7082b1..1e0c857ede 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Process Creation -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Process Creation determines whether the operating system generates audit events when a process is created (starts). diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 97b0a91741..7206647a67 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Process Termination -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Process Termination determines whether the operating system generates audit events when process has exited. diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 70a672e969..b942488455 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Registry -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Registry allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists ([SACL](/windows/win32/secauthz/access-control-lists)s) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL. diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index b0ec0466fe..9a0d27b1c2 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Removable Storage -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Removable Storage allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated for all objects and all types of access requested, with no dependency on object’s [SACL](/windows/win32/secauthz/access-control-lists). diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 59202d82fa..6be5c9a222 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit RPC Events -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit RPC Events determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made. diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 022b451082..020c87b6c0 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit SAM -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager ([SAM](/previous-versions/windows/it-pro/windows-server-2003/cc756748(v=ws.10))) objects. diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index c80fe834a9..045ce6d2cd 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -11,15 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 02/28/2019 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Security Group Management -**Applies to** -- Windows 10 -- Windows Server 2016 Audit Security Group Management determines whether the operating system generates audit events when specific security group management tasks are performed. diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 19614087bb..81d52226a4 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Security State Change -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Security State Change contains Windows startup, recovery, and shutdown events, and information about changes in system time. diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index b787507ef4..06a62bc211 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Security System Extension -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Security System Extension contains information about the loading of an authentication package, notification package, or security package, plus information about trusted logon process registration events. @@ -36,9 +32,9 @@ Attempts to install or load security system extensions or services are critical | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Member Server | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Workstation | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Domain Controller | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Member Server | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Workstation | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.”
For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | **Events List:** diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index fe6ad3206b..d2929dbc8b 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Sensitive Privilege Use -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Sensitive Privilege Use contains events that show the usage of sensitive privileges. This is the list of sensitive privileges: diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index c852e45990..a2c7e6fe4c 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit Special Logon -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Special Logon determines whether the operating system generates audit events under special sign on (or log on) circumstances. diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index f9be77c1eb..d88432587a 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit System Integrity -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit System Integrity determines whether the operating system audits events that violate the integrity of the security subsystem. diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md index c53c887d1f..51362e65a8 100644 --- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md +++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md @@ -11,10 +11,6 @@ ms.technology: mde # Audit Token Right Adjusted -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit Token Right Adjusted allows you to audit events generated by adjusting the privileges of a token. diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 145e04e477..97b551d31a 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit User Account Management -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit User Account Management determines whether the operating system generates audit events when specific user account management tasks are performed. diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 6051e50d2f..f5b3b71fa8 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -11,16 +11,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit User/Device Claims -**Applies to** -- Windows 10 -- Windows Server 2016 - Audit User/Device Claims allows you to audit user and device claims information in the account’s logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 7e9d098f5d..9e83b22f8e 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit account logon events -**Applies to** -- Windows 10 Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account. diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index 5541fc0f63..e438366e30 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit account management -**Applies to** -- Windows 10 Determines whether to audit each event of account management on a device. diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index e52e2e7382..fb18731a64 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit directory service access -**Applies to** -- Windows 10 Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index c730790cfa..569a8335dd 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit logon events -**Applies to** -- Windows 10 Determines whether to audit each instance of a user logging on to or logging off from a device. diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 7bb1357af3..3cc432b64b 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit object access -**Applies to** -- Windows 10 Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index a04167e8c2..3e7cc6a8ea 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit policy change -**Applies to** -- Windows 10 Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 4b6a28a415..ff6e5dff98 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit privilege use -**Applies to** -- Windows 10 Determines whether to audit each instance of a user exercising a user right. diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index c2e1ff94ca..a7f08b9c20 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit process tracking -**Applies to** -- Windows 10 Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 8c5e33028e..4201c2447f 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Audit system events -**Applies to** -- Windows 10 Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index fd291c792a..012b98550f 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Basic security audit policies -**Applies to** -- Windows 10 Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization. diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 0ddb0a6152..0b56e07522 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/06/2021 ms.technology: mde --- # Basic security audit policy settings -**Applies to** -- Windows 10 Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy. diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 526946d4b5..054ff9b595 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- # Create a basic audit policy for an event category -**Applies to** -- Windows 10 By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default. diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index f3fbd46308..c8ac91b393 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 1100(S): The event logging service has shut down. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 1100 illustration diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index fecf1badde..02ac9384e5 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 1102(S): The audit log was cleared. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 1102 illustration diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 8d6a8dfd16..0c5e2917af 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 1104(S): The security log is now full. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 1104 illustration diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index ca327249e4..1aeaa58c8e 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 1105(S): Event log automatic backup -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 1105 illustration diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 440e411f38..1a7f0cbd1e 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 1108(S): The event logging service encountered an error while processing an incoming event published from %1. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 1108 illustration diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 6372e6acc2..255036037d 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4608(S): Windows is starting up. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4608 illustration diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index aba324fd61..2249612819 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4610(S): An authentication package has been loaded by the Local Security Authority. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4610 illustration diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index 50583e6f70..b4ce0a9d8d 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4611(S): A trusted logon process has been registered with the Local Security Authority. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4611 illustration diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index c4561550d5..aa8b9ecc61 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk. diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index ca4c161420..959ef959e9 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4614(S): A notification package has been loaded by the Security Account Manager. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4614 illustration diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index 6c8f9cd7ac..82dbd7d648 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4615(S): Invalid use of LPC port. -**Applies to** -- Windows 10 -- Windows Server 2016 - It appears that this event never occurs. diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 690bde945f..2fc4b43b2c 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4616(S): The system time was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4616 illustration diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index c1bc41f942..baa0727774 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4618(S): A monitored security event pattern has occurred. -**Applies to** -- Windows 10 -- Windows Server 2016 - ***Subcategory:*** [Audit System Integrity](audit-system-integrity.md) diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index 9ffb0fee15..d3475dbb08 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,9 +16,6 @@ ms.technology: mde # 4621(S): Administrator recovered system from CrashOnAuditFail. -**Applies to** -- Windows 10 -- Windows Server 2016 This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2. diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index 46f54afcca..5404c4491b 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4622(S): A security package has been loaded by the Local Security Authority. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4622 illustration @@ -101,4 +97,4 @@ These are some Security Package DLLs loaded by default in Windows 10: For 4622(S): A security package has been loaded by the Local Security Authority. -- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allow list or not. \ No newline at end of file +- Typically this event has an informational purpose. If you defined the list of allowed Security Packages in the system, then you can check is “**Security Package Name”** field value in the allowlist or not. \ No newline at end of file diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index a61449dada..6a36fda6d7 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4624(S): An account was successfully logged on. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4624 illustration diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index d613787ba3..ec92960ecc 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4625(F): An account failed to log on. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4625 illustration diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index 667de4c561..1aba2f1f3b 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4626(S): User/Device claims information. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4626 illustration diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 4a4fce1919..8ad79efcb2 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4627(S): Group membership information. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4627 illustration diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index b0541e2dbb..16bf3e049d 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 11/20/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4634(S): An account was logged off. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4634 illustration diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index 14dc2a7083..01428dba45 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4647(S): User initiated logoff. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4647 illustration diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index 44eb565de4..8d81d41573 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4648(S): A logon was attempted using explicit credentials. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4648 illustration diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index 06ae9ca1aa..75f1bf3c96 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4649(S): A replay attack was detected. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client. diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 7332ad06b8..7aee847e93 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4656(S, F): A handle to an object was requested. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4656 illustration diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index e0d0985203..39cb4e6052 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4657(S): A registry value was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4657 illustration diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index 85b56fb6d0..0acb8a0b2f 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4658(S): The handle to an object was closed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4658 illustration diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 7a921090fd..871435d568 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4660(S): An object was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4660 illustration diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index 27afd56d00..77da9a1780 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4661(S, F): A handle to an object was requested. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4661 illustration diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index b9d488c090..7950f49912 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4662(S, F): An operation was performed on an object. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4662 illustration diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index efa297ac08..d85a14bddf 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4663(S): An attempt was made to access an object. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4663 illustration diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index 9c99e5f2bc..36c3d8aa08 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4664(S): An attempt was made to create a hard link. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4664 illustration diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index ea7d4dcf1e..0f070cd8f8 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4670(S): Permissions on an object were changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4670 illustration diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index fb46f1fb5a..cc53508b8f 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,11 +16,7 @@ ms.technology: mde # 4671(-): An application attempted to access a blocked ordinal through the TBS. -**Applies to** -- Windows 10 -- Windows Server 2016 - - +* Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. ***Subcategory:*** [Audit Other Object Access Events](audit-other-object-access-events.md) diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index 479e31207b..3e563025ba 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 12/20/2018 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4672(S): Special privileges assigned to new logon. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4672 illustration
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index cf5ef8d500..82e7ac1332 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4673(S, F): A privileged service was called. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4673 illustration diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 734ce174c2..7a4b1a3654 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4674(S, F): An operation was attempted on a privileged object. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4674 illustration diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index 0af7742f2c..f2a5d0c97e 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4675(S): SIDs were filtered. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when SIDs were filtered for specific Active Directory trust. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index fbb93d7b9b..12b9206a7f 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4688(S): A new process has been created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4688 illustration diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 99bee451d9..49ec3f5924 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4689(S): A process has exited. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4689 illustration diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index d7a23d1da4..14d2dcb02d 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4690(S): An attempt was made to duplicate a handle to an object. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4690 illustration diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index c7ea74bdd7..30a869d7fc 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4691(S): Indirect access to an object was requested. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4691 illustration diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index 064c922cb4..7e1e0b5ab9 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4692(S, F): Backup of data protection master key was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4692 illustration diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 1359ef1968..1bf4eef838 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4693(S, F): Recovery of data protection master key was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4693 illustration diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index 0b35bda1ba..c6e3ca0a8c 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4694(S, F): Protection of auditable protected data was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates if [DPAPI](/previous-versions/ms995355(v=msdn.10))  [**CryptProtectData**](/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata)() function was used with **CRYPTPROTECT\_AUDIT** flag (dwFlags) enabled. diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index 9acd287be1..55d37910f6 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4695(S, F): Unprotection of auditable protected data was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates if [DPAPI](/previous-versions/ms995355(v=msdn.10)) [CryptUnprotectData](/windows/win32/api/dpapi/nf-dpapi-cryptunprotectdata)() function was used to unprotect “auditable” data that was encrypted using [**CryptProtectData**](/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata)() function with **CRYPTPROTECT\_AUDIT** flag (dwFlags) enabled. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index f156dc723b..c426f2bd9e 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4696(S): A primary token was assigned to process. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4696 illustration diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 870352146b..4c6103a175 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4697(S): A service was installed in the system. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4697 illustration diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index 9ca662fa59..e3f0385c69 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4698(S): A scheduled task was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4698 illustration diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index dd814dd942..b48820c643 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4699(S): A scheduled task was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4699 illustration diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index e72f7d19f0..6c44dbfa8d 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4700(S): A scheduled task was enabled. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4700 illustration diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index e407e2bbbb..0fa78f8923 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4701(S): A scheduled task was disabled. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4701 illustration diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 15d128ceef..2ae3e2b5e3 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4702(S): A scheduled task was updated. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4702 illustration diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index e8b7ecded9..a2d0ea1520 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4703(S): A user right was adjusted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4703 illustration diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index cb6b95669b..04357bb664 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4704(S): A user right was assigned. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4704 illustration diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index 5588e33560..0da39782ac 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4705(S): A user right was removed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4705 illustration diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index e0abbded89..5bceee43f2 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4706(S): A new trust was created to a domain. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4706 illustration diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index f16f66bdcd..66c5a3a235 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4707(S): A trust to a domain was removed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4707 illustration diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index 032446b19b..1fc0eda8ae 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4713(S): Kerberos policy was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4713 illustration diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index d7c176a754..c95647f342 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4714(S): Encrypted data recovery policy was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4714 illustration diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index d4e9d14839..54836c643a 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4715(S): The audit policy (SACL) on an object was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4715 illustration diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 1cd47c82c4..3b035321b0 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/04/2019 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4716(S): Trusted domain information was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4716 illustration diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index bd3378f122..0d79674053 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4717(S): System security access was granted to an account. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4717 illustration diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index 4c8c676ce4..22f9f3a64a 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4718(S): System security access was removed from an account. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4718 illustration diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 98469b6945..dc67d391cf 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4719(S): System audit policy was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4719 illustration diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 1569aebb53..1500cd23c9 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4720(S): A user account was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4720 illustration diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index e156a9bedf..6b10efb7c8 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4722(S): A user account was enabled. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4722 illustration diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 8a2eb1aa9b..2208f2ae0e 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4723(S, F): An attempt was made to change an account's password. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4723 illustration diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index f360a13828..104704dc32 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4724(S, F): An attempt was made to reset an account's password. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4724 illustration diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index 5be795b261..0b6ed0593a 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4725(S): A user account was disabled. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4725 illustration diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index f8f7ffba8c..03f7cab6c8 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4726(S): A user account was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4726 illustration diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index 78d8e0e0c8..ecbe498b31 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4731(S): A security-enabled local group was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4731 illustration diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index 2619367fa3..b837e2da3a 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4732(S): A member was added to a security-enabled local group. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4732 illustration diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index 219ebdc036..1ff01f46dd 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4733(S): A member was removed from a security-enabled local group. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4733 illustration diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index df33b3726f..7fc762a800 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4734(S): A security-enabled local group was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4734 illustration diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index 14d1e6df28..ebd05f8b62 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4735(S): A security-enabled local group was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4735 illustration diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index f62d7e4ba8..1beea8a564 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4738(S): A user account was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4738 illustration diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index e3268f4c69..d8417cef87 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4739(S): Domain Policy was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4739 illustration diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index db7139e935..095b90641e 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4740(S): A user account was locked out. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4740 illustration diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index 6c83f23d1e..c09ba86137 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4741(S): A computer account was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4741 illustration diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 5d0cda5110..b838e77a00 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4742(S): A computer account was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4742 illustration diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 3402a5e1d7..064855d936 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4743(S): A computer account was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4743 illustration diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index 478ae9e021..e1990c4f1e 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4749(S): A security-disabled global group was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4749 illustration diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index 1a8a03f92a..9ebd361c00 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4750(S): A security-disabled global group was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4750 illustration diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index cc06f2ae5d..c187c0da6a 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4751(S): A member was added to a security-disabled global group. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4751 illustration diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index ef79c01bca..642eb6b948 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4752(S): A member was removed from a security-disabled global group. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4752 illustration diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index 45b9de0d33..cf4ada677c 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4753(S): A security-disabled global group was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4753 illustration diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 3b50ba9bf1..073049f2bf 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,9 +16,6 @@ ms.technology: mde # 4764(S): A group’s type was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 Event 4764 illustration diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index ff685d9081..472f9a92d0 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4765(S): SID History was added to an account. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when [SID History](/windows/win32/adschema/a-sidhistory) was added to an account. diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index 7593423b22..bf5820689e 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4766(F): An attempt to add SID History to an account failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when an attempt to add [SID History](/windows/win32/adschema/a-sidhistory) to an account failed. diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index cf7b13e4f0..4b580f7dc0 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4767(S): A user account was unlocked. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4767 illustration diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 64156ecd85..9509c1486b 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4768(S, F): A Kerberos authentication ticket (TGT) was requested. -**Applies to** -- Windows 10 -- Windows Server 2016 - :::image type="content" alt-text="Event 4768 illustration." source="images/event-4768.png"::: diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index 5c460724b8..1790274e2c 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4769(S, F): A Kerberos service ticket was requested. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4769 illustration diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index ac38dc82f9..6a1627d7df 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4770(S): A Kerberos service ticket was renewed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4770 illustration diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index c5aea23ecb..9891a617a0 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 07/23/2020 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4771(F): Kerberos pre-authentication failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4771 illustration diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index 2124b16bb1..c93994b2ed 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4772(F): A Kerberos authentication ticket request failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4768](event-4768.md) failure event is generated instead. diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index ba672478d8..3d4e1fe09b 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4773(F): A Kerberos service ticket request failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4769](event-4769.md) failure event is generated instead. diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 08eb0fe72f..4c01962461 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,9 +16,6 @@ ms.technology: mde # 4774(S, F): An account was mapped for logon. -**Applies to** -- Windows 10 -- Windows Server 2016 Success events do not appear to occur. Failure event [has been reported](http://forum.ultimatewindowssecurity.com/Topic7313-282-1.aspx). diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index cf27ccdf2a..c9e4a319e8 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4775(F): An account could not be mapped for logon. -**Applies to** -- Windows 10 -- Windows Server 2016 - It appears that this event never occurs. diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index 8b9727aaa0..4fde7cba9b 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -16,10 +16,6 @@ ms.technology: mde # 4776(S, F): The computer attempted to validate the credentials for an account. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4776 illustration diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index 28a4b42d08..f5b01ce6aa 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4777(F): The domain controller failed to validate the credentials for an account. -**Applies to** -- Windows 10 -- Windows Server 2016 - Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. [4776](event-4776.md) failure event is generated instead. diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index 8293e41487..f7278c0017 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4778(S): A session was reconnected to a Window Station. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4778 illustration diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 29836498cc..3f34f106e4 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4779(S): A session was disconnected from a Window Station. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4779 illustration diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index 00faedae10..94b8733eab 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4780(S): The ACL was set on accounts which are members of administrators groups. -**Applies to** -- Windows 10 -- Windows Server 2016 - Every hour, the domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principal accounts (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative or security-sensitive groups and which have AdminCount attribute = 1 against the ACL on the [AdminSDHolder](/previous-versions/technet-magazine/ee361593(v=msdn.10)) object. If the ACL on the principal account differs from the ACL on the AdminSDHolder object, then the ACL on the principal account is reset to match the ACL on the AdminSDHolder object and this event is generated. diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 2adb3bcac5..0e7051d0c0 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4781(S): The name of an account was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4781 illustration diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index e0ecc19336..0d7d285e29 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4782(S): The password hash of an account was accessed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4782 illustration diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index 4b75a802d5..d471201647 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4793(S): The Password Policy Checking API was called. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4793 illustration diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index 6e585048c1..6901d09cbe 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4794 illustration diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index 3fddfd9b65..15a1328384 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4798(S): A user's local group membership was enumerated. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4798 illustration diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 18b337fcdc..92441ae64b 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4799(S): A security-enabled local group membership was enumerated. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4799 illustration diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 92c543f8b0..2e468c9d92 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4800(S): The workstation was locked. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4800 illustration diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index ed7c8ec85c..7da15cbbe7 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4801(S): The workstation was unlocked. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4801 illustration diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 9f5fa2b8e3..7ea6add001 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4802(S): The screen saver was invoked. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4802 illustration diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 20304e4527..4971789fd3 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4803(S): The screen saver was dismissed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4803 illustration diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index 9e36c52bb1..a2c127435d 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4816(S): RPC detected an integrity violation while decrypting an incoming message. -**Applies to** -- Windows 10 -- Windows Server 2016 - This message generates if RPC detected an integrity violation while decrypting an incoming message. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 0b0fc16bf7..3744b68704 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4817(S): Auditing settings on object were changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4817 illustration diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index 05266e39e5..c71a145e05 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4818 illustration diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index 3751b39e45..f3acc685b2 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4819(S): Central Access Policies on the machine have been changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4819 illustration diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index 2e78b4c653..27f8cbeb41 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4826(S): Boot Configuration Data loaded. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4826 illustration diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index ca1995291e..aec977eddd 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4864(S): A namespace collision was detected. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event is generated when a namespace collision was detected. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index 063eb88afc..994d2407a3 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4865(S): A trusted forest information entry was added. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4865 illustration diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index 922d662887..ad75bb1d68 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4866(S): A trusted forest information entry was removed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4866 illustration diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index a8fdb4a693..e82918ba71 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4867(S): A trusted forest information entry was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4867 illustration diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index d5a7640b84..67d2817434 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4902(S): The Per-user audit policy table was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4902 illustration diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 268606eab6..0a72ca6e45 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4904(S): An attempt was made to register a security event source. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4904 illustration diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index 65338f9f64..2bc2194af3 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4905(S): An attempt was made to unregister a security event source. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4905 illustration diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index 49269c1eb3..5f8556c594 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4906(S): The CrashOnAuditFail value has changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4906 illustration diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index e8f78c11b1..54960760dd 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4907(S): Auditing settings on object were changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4907 illustration diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 3a12a949e0..4b00b7dc48 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4908(S): Special Groups Logon table modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4908 illustration diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index 9c3b067418..77f5ddd123 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4909(-): The local policy settings for the TBS were changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index 948c3a6dab..0c3e27cbcd 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4910(-): The group policy settings for the TBS were changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Currently this event doesn’t generate. It is a defined event, but it is never invoked by the operating system. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index cf47c889e0..34506e27c7 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4911(S): Resource attributes of the object were changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4911 illustration diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index e4bc6d9d43..cd13c3c6ed 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4912(S): Per User Audit Policy was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4912 illustration diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index 51ff7291cb..88f5b9912c 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4913(S): Central Access Policy on the object was changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4913 illustration diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index 166bc42cf3..c771de77c7 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4928(S, F): An Active Directory replica source naming context was established. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4928 illustration diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index ab04f9ab17..8befaf8042 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4929(S, F): An Active Directory replica source naming context was removed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4929 illustration diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index 3897b1bd01..9b7133cbec 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4930(S, F): An Active Directory replica source naming context was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4930 illustration diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index dfb00ceb91..9be2c0b308 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4931(S, F): An Active Directory replica destination naming context was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4931 illustration diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index 13f42ce386..2fe1488145 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4932(S): Synchronization of a replica of an Active Directory naming context has begun. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4932 illustration diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index b4f0784a45..763c17876e 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4933 illustration diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index ffc4b9b4a3..edfe9bb645 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4934(S): Attributes of an Active Directory object were replicated. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when attributes of an Active Directory object were replicated. diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index f2910784e6..6473cffbe6 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4935(F): Replication failure begins. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4935 illustration diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index 3f808bf11d..e87cf4d53e 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4936(S): Replication failure ends. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when Active Directory replication failure ends. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 2775be1c5d..6c1f85f0a7 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4937(S): A lingering object was removed from a replica. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when a [lingering object](https://support.microsoft.com/kb/910205) was removed from a replica. diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index 3821d18e1b..046a35e163 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4944(S): The following policy was active when the Windows Firewall started. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4944 illustration diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index da8105bffc..c76d313b14 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4945(S): A rule was listed when the Windows Firewall started. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4945 illustration diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index 30ae25fd28..4279a425ff 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4946(S): A change has been made to Windows Firewall exception list. A rule was added. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4946 illustration diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index b38eef6371..48613fd427 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4947 illustration diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index 5f92a37c6a..6d0290f772 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4948 illustration diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index e304844bc8..50b400ce2d 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4949(S): Windows Firewall settings were restored to the default values. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4949 illustration diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index 54ead99c65..90fdd4b72d 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4950(S): A Windows Firewall setting has changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4950 illustration diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index 4a2c32b9e2..65357fc8cf 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4951 illustration diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index 150a0ac97d..abd1012a90 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. -**Applies to** -- Windows 10 -- Windows Server 2016 - When you create or edit a Windows Firewall rule, the settings that you can include depend upon the version of Windows you use when creating the rule. As new settings are added to later versions of Windows or to service packs for existing versions of Windows, the version number of the rules processing engine is updated, and that version number is stamped into rules that are created by using that version of Windows. For example, Windows Vista produces firewall rules that are stamped with version "v2.0". Future versions of Windows might use "v2.1", or "v3.0" to indicate, respectively, minor or major changes and additions. diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index 38d9aa6a3d..d35205d2e8 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4953(F): Windows Firewall ignored a rule because it could not be parsed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4953 illustration diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index 99bb6457e2..f671cef1ef 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4954 illustration diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index 34d36fa5d0..c56a466f9f 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4956(S): Windows Firewall has changed the active profile. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4956 illustration diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index 8b822ee84c..a34de9e92f 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4957(F): Windows Firewall did not apply the following rule. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4957 illustration diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index 05922fd7a7..7bb37f579a 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. -**Applies to** -- Windows 10 -- Windows Server 2016 - Windows Firewall with Advanced Security processed a rule that contains parameters that cannot be resolved on the local computer. The rule is therefore not enforceable on the computer and so is excluded from the runtime state of the firewall. This is not necessarily an error. Examine the rule for applicability on the computers to which it was applied. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index 0ee97ac194..b83f63788a 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4964(S): Special groups have been assigned to a new logon. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4964 illustration diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index c57db1916e..ee97d237fc 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 4985(S): The state of a transaction has changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 4985 illustration diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index b24cd95e31..6f42905b26 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5024(S): The Windows Firewall Service has started successfully. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5024 illustration diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index a9a3c5e14b..51c4600f15 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5025(S): The Windows Firewall Service has been stopped. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5025 illustration diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 4ea2177c6b..85afaa1f92 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5027 illustration diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 9ab51ca985..8835c0a855 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5028 illustration diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index 46d9b7b3e7..6e8bfab573 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - Windows logs an error if either the Windows Firewall service or its driver fails to start, or if they unexpectedly terminate. The error message indicates the cause of the service failure by including an error code in the text of the message. diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index de68bc30db..175e125235 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5030(F): The Windows Firewall Service failed to start. -**Applies to** -- Windows 10 -- Windows Server 2016 - Windows logs this event if the Windows Firewall service fails to start, or if it unexpectedly terminates. The error message indicates the cause of the service failure by including an error code in the text of the message. diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index df9881e050..8a10a69008 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -10,17 +10,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp +ms.date: 09/08/2021 ms.technology: mde --- # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network. -**Applies to** -- Windows 10 -- Windows Server 2016 -- Windows Server 2012 R2 -- Windows Server 2012 - Event 5031 illustration diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index a356c6ba72..235d9fd8d3 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. -**Applies to** -- Windows 10 -- Windows Server 2016 - Windows Firewall with Advanced Security can be configured to notify the user when an application is blocked by the firewall, and ask if the application should continue to be blocked in the future. diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index 05552da629..e664ac846b 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5033(S): The Windows Firewall Driver has started successfully. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5033 illustration diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index 7cef4c54e0..e447aeb0e7 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5034(S): The Windows Firewall Driver was stopped. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5034 illustration diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index 6b9d8a9488..0bc400131b 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5035(F): The Windows Firewall Driver failed to start. -**Applies to** -- Windows 10 -- Windows Server 2016 - Windows logs this event if Windows Firewall driver fails to start, or if it unexpectedly terminates. The error message indicates the cause of the failure by including an error code in the text of the message. diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index a189ce3f21..c36c375902 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating. -**Applies to** -- Windows 10 -- Windows Server 2016 - Windows logs this event if Windows Firewall driver fails to start, or if it unexpectedly terminates. The error message indicates the cause of the failure by including an error code in the text of the message. diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 2dc28bef2e..996a74d7b5 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. -**Applies to** -- Windows 10 -- Windows Server 2016 - The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index fda19e5f16..09baf51880 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5039(-): A registry key was virtualized. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event should be generated when registry key was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx). diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index 3ac07671d2..e9e1bea6c6 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5051(-): A file was virtualized. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event should be generated when file was virtualized using [LUAFV](https://blogs.msdn.com/b/alexcarp/archive/2009/06/25/the-deal-with-luafv-sys.aspx). diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index a717d05e4a..96af867108 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5056(S): A cryptographic self-test was performed. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in CNG Self-Test function. This function is a Cryptographic Next Generation (CNG) function. diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index c83ca8bd2e..5d686b4510 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5057(F): A cryptographic primitive operation failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in case of CNG primitive operation failure. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index b351ee93e6..319ffe99f0 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5058(S, F): Key file operation. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5058 illustration diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 5881e672d5..ff33eba467 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5059(S, F): Key migration operation. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5059 illustration diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index 11b9903d5d..23fa5c78d9 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5060(F): Verification operation failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates when the Cryptographic Next Generation (CNG) verification operation fails. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 7612017713..919d66a79c 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5061(S, F): Cryptographic operation. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5061 illustration diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index e397844d41..242721afc4 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5062(S): A kernel-mode cryptographic self-test was performed. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event occurs rarely, and in some situations may be difficult to reproduce. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index e06e3118a6..020b7ebc4c 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5063(S, F): A cryptographic provider operation was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in BCryptUnregisterProvider() and BCryptRegisterProvider() functions. These are Cryptographic Next Generation (CNG) functions. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 077fadf9f7..2532a3b70b 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5064(S, F): A cryptographic context operation was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in [BCryptCreateContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptcreatecontext)() and [BCryptDeleteContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptdeletecontext)() functions. These are Cryptographic Next Generation (CNG) functions. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 3a64e39e7f..0bbc9ae5c7 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5065(S, F): A cryptographic context modification was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in [BCryptConfigureContext](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontext)() function. This is a Cryptographic Next Generation (CNG) function. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index 52fca7414b..eebc61873d 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5066(S, F): A cryptographic function operation was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in [BCryptAddContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptaddcontextfunction)() and [BCryptRemoveContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptremovecontextfunction)() functions. These are Cryptographic Next Generation (CNG) functions. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index 245b241e69..a3ca03be65 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5067(S, F): A cryptographic function modification was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in [BCryptConfigureContextFunction](/windows/win32/api/bcrypt/nf-bcrypt-bcryptconfigurecontextfunction)() function. This is a Cryptographic Next Generation (CNG) function. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index 1cb02be991..645868eeca 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5068(S, F): A cryptographic function provider operation was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in BCryptAddContextFunctionProvider() and BCryptRemoveContextFunctionProvider() functions. These are Cryptographic Next Generation (CNG) functions. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index 742188905d..50d95a9aff 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5069(S, F): A cryptographic function property operation was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index 9893a7116b..e279ab685d 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5070(S, F): A cryptographic function property modification was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event generates in [BCryptSetContextFunctionProperty](/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty)() function. This is a Cryptographic Next Generation (CNG) function. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index 1b62c11bab..d83424aac5 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5136(S): A directory service object was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5136 illustration diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 0146958e61..65f8370ad0 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5137(S): A directory service object was created. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5137 illustration diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 2553251b75..4fa35c7f07 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5138(S): A directory service object was undeleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5138 illustration diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index c7f306eab0..43eacd93d9 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5139(S): A directory service object was moved. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5139 illustration diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index 199e5a4cd7..eb389fe767 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5140(S, F): A network share object was accessed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5140 illustration diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index 7d85f444d4..8da8b7d590 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5141(S): A directory service object was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5141 illustration diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index d29c26ddc4..b72ef6d776 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5142(S): A network share object was added. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5142 illustration diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index bc8f827e03..d173059b23 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5143(S): A network share object was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5143 illustration diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 886dc70759..937bc39ce4 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5144(S): A network share object was deleted. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5144 illustration diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 933ab84191..1bf796cf9f 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5145(S, F): A network share object was checked to see whether client can be granted desired access. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5145 illustration diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 23a31eb1a6..1946129b9b 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 05/29/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. -**Applies to** -- Windows 10 -- Windows Server 2016 - In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack starts or was detected. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 04f6c8747a..467c7145cc 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 05/29/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5149(F): The DoS attack has subsided and normal processing is being resumed. -**Applies to** -- Windows 10 -- Windows Server 2016 - In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack ended. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 7e8b6a5cc1..9d9c830f21 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5150(-): The Windows Filtering Platform blocked a packet. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event is logged if the Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 611541553e..6601b86883 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event is logged if a more restrictive Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index cb8da40be3..d4bcbf8042 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5152(F): The Windows Filtering Platform blocked a packet. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5152 illustration diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index ce3f53f60d..eee4621b4d 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event is logged if a more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index ea9c8ea638..6d0b939b64 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5154 illustration diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index d00134db41..166520ef13 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. -**Applies to** -- Windows 10 -- Windows Server 2016 - By default Windows firewall won't prevent a port from being listened by an application. In the other word, Windows system will not generate Event 5155 by itself. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index b7aa9709b2..d0af703c34 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5156(S): The Windows Filtering Platform has permitted a connection. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5156 illustration diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index 73d84e9d53..c20c64f670 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5157(F): The Windows Filtering Platform has blocked a connection. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5157 illustration diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index d863b08c36..f35938a490 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5158 illustration diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index fb896131ac..95ac21b41a 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5159 illustration diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index bb9371baff..5d1e8bf0d8 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5168(F): SPN check for SMB/SMB2 failed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5168 illustration diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index 3cbb58cf29..1b77d59d7e 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5376(S): Credential Manager credentials were backed up. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5376 illustration diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index 3be670da7b..82af29b1d7 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5377(S): Credential Manager credentials were restored from a backup. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5377 illustration diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index 0025f40837..7880067fb3 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5378(F): The requested credentials delegation was disallowed by policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5378 illustration diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index 2b5c265e83..c7e89a3513 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5447(S): A Windows Filtering Platform filter has been changed. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5447 illustration diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index ad0e108238..fd3345a565 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5632(S, F): A request was made to authenticate to a wireless network. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5632 illustration diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index ba78854b75..d72afb75da 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5633(S, F): A request was made to authenticate to a wired network. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5633 illustration diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index 5bb81e6f09..48363c3beb 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5712(S): A Remote Procedure Call (RPC) was attempted. -**Applies to** -- Windows 10 -- Windows Server 2016 - It appears that this event never occurs. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 8d2ea38fcb..4a22ab0013 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5888(S): An object in the COM+ Catalog was modified. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5888 illustration diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index e3d65ee453..d0d9842512 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5889(S): An object was deleted from the COM+ Catalog. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5889 illustration diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index 9b7a9f515c..f7bf90b524 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 5890(S): An object was added to the COM+ Catalog. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 5890 illustration diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 7565e8f794..0ed126dc60 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6144(S): Security policy in the group policy objects has been applied successfully. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6144 illustration diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index b70a0844a2..ff67ad627d 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6145(F): One or more errors occurred while processing security policy in the group policy objects. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6145 illustration diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index e6ec5bea59..28b9c2e509 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. -**Applies to** -- Windows 10 -- Windows Server 2016 - The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index 511aeb3ae9..214d0c5b93 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 829c3215c9..7ae7c5a3ab 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 2aee0f9232..ca0ea21dbe 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index ec9028c852..dfa11c62ac 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index eaa912b6e3..fb4bccd26f 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index fc188cce3b..557c8ebabe 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index 689085b2fd..dbaeb0e873 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 3273efaba1..28612dacba 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6407(-): 1%. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index 7b29a0468c..c36f520a60 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 6855ea810d..1ac08c75f1 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6409(-): BranchCache: A service connection point object could not be parsed. -**Applies to** -- Windows 10 -- Windows Server 2016 - [BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document. diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index a306a98882..a9f5e5111f 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process. -**Applies to** -- Windows 10 -- Windows Server 2016 - [Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed. diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 4b85673aa7..337a5395be 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6416(S): A new external device was recognized by the System. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6416 illustration diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 90c145ff77..69a6f30def 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6419(S): A request was made to disable a device. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6419 illustration diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index 51570d3ab3..3a2dc5c9d9 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6420(S): A device was disabled. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6420 illustration diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index ef4e0b856f..8ac5372312 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6421(S): A request was made to enable a device. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6421 illustration diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 2b2f45d1b8..7e577f25c3 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6422(S): A device was enabled. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6422 illustration diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index 3332a01011..5f8278b20e 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6423(S): The installation of this device is forbidden by system policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - Event 6423 illustration diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index 8ca1ce36d6..ba3fcbffe7 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy. -**Applies to** -- Windows 10 -- Windows Server 2016 - This event occurs rarely, and in some situations may be difficult to reproduce. diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md index 1093140e38..9c7941df2b 100644 --- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # File System (Global Object Access Auditing) -**Applies to** -- Windows 10 This topic for the IT professional describes the Advanced Security Audit policy setting, **File System (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the file system for an entire computer. diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md index 1efc819647..cc3bf79488 100644 --- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md +++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: dansimp -ms.date: 10/22/2018 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,8 +16,6 @@ ms.technology: mde # How to get a list of XML data name elements in EventData -**Applies to** -- Windows 10 The Security log uses a manifest where you can get all of the event schema. diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md index 3c07a1dae0..c446bdec67 100644 --- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor central access policy and rule definitions -**Applies to** -- Windows 10 This article for IT professionals describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects. diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md index baf7d9e8a7..b9e1ea714f 100644 --- a/windows/security/threat-protection/auditing/monitor-claim-types.md +++ b/windows/security/threat-protection/auditing/monitor-claim-types.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor claim types -**Applies to** -- Windows 10 This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options. diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md index ed4d03037f..791549bb4f 100644 --- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor resource attribute definitions -**Applies to** -- Windows 10 This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects. Resource attribute definitions define the basic properties of resource attributes, such as what it means for a resource to be defined as “high business value.” Resource attribute definitions are stored in AD DS under the Resource Properties container. Changes to these definitions could significantly change the protections that govern a resource, even if the resource attributes that apply to the resource remain unchanged. Changes can be monitored like any other AD DS object. diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index f034f7c0fc..ece759aeb6 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor the central access policies associated with files and folders -**Applies to** -- Windows 10 This article for IT professionals describes how to monitor changes to the central access policies that are associated with files and folders when you're using advanced security auditing options to monitor dynamic access control objects. diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 12dedf0d60..2d50a5c7db 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor the central access policies that apply on a file server -**Applies to** -- Windows 10 This article describes how to monitor changes to the central access policies (CAPs) that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. CAPs are created on a domain controller and then applied to file servers through Group Policy management. diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md index f1676a1640..f223b3433d 100644 --- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor the resource attributes on files and folders -**Applies to** -- Windows 10 This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects. diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 04ac1c7929..af897bbd62 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: +ms.date: 09/09/2021 ms.technology: mde --- # Monitor the use of removable storage devices -**Applies to** -- Windows 10 This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects. diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md index edaf8e590f..7f950dd7b1 100644 --- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md +++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Monitor user and device claims during sign-in -**Applies to** -- Windows 10 This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects. diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index e74cf80553..a54f6a6f1c 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium author: dansimp -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -16,10 +16,6 @@ ms.technology: mde # Other Events -**Applies to** -- Windows 10 -- Windows Server 2016 - Events in this section generate automatically and are enabled by default. diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md index 068c8792d4..d47efbedbf 100644 --- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Plan and deploy advanced security audit policies -**Applies to** -- Windows 10 This article for IT professionals explains the options that security policy planners should consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies. diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index 3c5c1ece1e..a01a3a3514 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Registry (Global Object Access Auditing) -**Applies to** -- Windows 10 This topic for the IT professional describes the Advanced Security Audit policy setting, **Registry (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the registry of a computer. diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index ec89d5ef53..fb1184eed7 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Security auditing -**Applies to** -- Windows 10 Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network. diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md index 6e90c989e0..dd8bb6516d 100644 --- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md +++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Using advanced security auditing options to monitor dynamic access control objects -**Applies to** -- Windows 10 This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012. diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md index 84a296e182..5b89a3802e 100644 --- a/windows/security/threat-protection/auditing/view-the-security-event-log.md +++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # View the security event log -**Applies to** -- Windows 10 The security log records each event as defined by the audit policies you set on each object. diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md index 4b20841dd8..8e1db3e1b0 100644 --- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md +++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md @@ -14,14 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/09/2021 ms.technology: mde --- # Which editions of Windows support advanced audit policy configuration -**Applies to** -- Windows 10 Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista. There is no difference in security auditing support between 32-bit and 64-bit versions. diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 0365837d1b..d9e8974465 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -151,7 +151,7 @@ Select the correct version of each .dll for the Windows release you plan to supp - + @@ -181,7 +181,7 @@ Select the correct version of each .dll for the Windows release you plan to supp - + diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md index 9995f497a4..22c00f87cc 100644 --- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md @@ -1,5 +1,5 @@ --- -title: Add Production Devices to the Membership Group for a Zone (Windows 10) +title: Add Production Devices to the Membership Group for a Zone (Windows) description: Learn how to add production devices to the membership group for a zone and refresh the group policy on the devices in the membership group. ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you test the GPOs for your design on a small set of devices, you can deploy them to the production devices. diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md index 30d809e60c..14eaf54184 100644 --- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md @@ -1,5 +1,5 @@ --- -title: Add Test Devices to the Membership Group for a Zone (Windows 10) +title: Add Test Devices to the Membership Group for a Zone (Windows) description: Learn how to add devices to the group for a zone to test whether your Windows Defender Firewall with Advanced Security implementation works as expected. ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Before you deploy your rules to large numbers of devices, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between devices. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of devices only to be sure that the correct GPOs are being processed by each device. diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md index 0345da06fe..7a8c114351 100644 --- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md @@ -1,5 +1,5 @@ --- -title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10) +title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows) description: Use sample template files import an XML file containing customized registry preferences into a Group Policy Object (GPO). ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md index 08a9798526..2fe271c315 100644 --- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md @@ -1,5 +1,5 @@ --- -title: Assign Security Group Filters to the GPO (Windows 10) +title: Assign Security Group Filters to the GPO (Windows) description: Learn how to use Group Policy Management MMC to assign security group filters to a GPO to make sure that the GPO is applied to the correct computers. ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/02/2019 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO. diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 76378c3a0f..0eda99ff36 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -1,5 +1,5 @@ --- -title: Basic Firewall Policy Design (Windows 10) +title: Basic Firewall Policy Design (Windows) description: Protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses by using basic firewall policy design. ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418 ms.reviewer: @@ -20,8 +20,9 @@ ms.technology: mde # Basic Firewall Policy Design **Applies to** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows 11 +- Windows Server 2016 and above Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each device in the organization. @@ -37,7 +38,7 @@ Many network administrators do not want to tackle the difficult task of determin For example, when you install a server role, the appropriate firewall rules are created and enabled automatically. -- For other standard network behavior, the predefined rules that are built into Windows 10, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, and Windows 7 can easily be configured in a GPO and deployed to the devices in your organization. +- For other standard network behavior, the predefined rules that are built into Windows 11, Windows 10, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, and Windows 7 can easily be configured in a GPO and deployed to the devices in your organization. For example, by using the predefined groups for Core Networking and File and Printer Sharing you can easily configure GPOs with rules for those frequently used networking protocols. diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md index 5819f886fd..fde3e3850b 100644 --- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md +++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md @@ -20,9 +20,10 @@ ms.technology: mde **Applies to** -- Windows operating systems including Windows 10 +- Windows 10 +- Windows 11 +- Windows Server 2016 and above -- Windows Server Operating Systems Windows Defender Firewall with Advanced Security provides host-based, two-way network traffic filtering and blocks unauthorized network traffic flowing into diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md index 50e2f66e16..d17a0d6cac 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md @@ -1,5 +1,5 @@ --- -title: Boundary Zone GPOs (Windows 10) +title: Boundary Zone GPOs (Windows) description: Learn about GPOs to create that must align with the group you create for the boundary zone in Windows Defender Firewall with Advanced Security. ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above All the devices in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section. diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md index 37d7edb647..9c0d1186eb 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md @@ -1,5 +1,5 @@ --- -title: Boundary Zone (Windows 10) +title: Boundary Zone (Windows) description: Learn how a boundary zone supports devices that must receive traffic from beyond an isolated domain in Windows Defender Firewall with Advanced Security. ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,15 +22,16 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above -In most organizations, some devices must be able to receive network traffic from devices that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain. +In most organizations, some devices can receive network traffic from devices that aren't part of the isolated domain, and therefore can't authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain. Devices in the boundary zone are trusted devices that can accept communication requests both from other isolated domain member devices and from untrusted devices. Boundary zone devices try to authenticate any incoming request by using IPsec, initiating an IKE negotiation with the originating device. -The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but do not require it. +The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but don't require it. -Because these boundary zone devices can receive unsolicited inbound communications from untrusted devices that use plaintext, they must be carefully managed and secured in other ways. Mitigating this additional risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone can help ensure that the additional risk is minimized. The following illustration shows a sample process that can help make such a decision. +These boundary zone devices might receive unsolicited inbound communications from untrusted devices that use plaintext and must be carefully managed and secured in other ways. Mitigating this extra risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone minimizes the additional risk. The following illustration shows a sample process that can help make such a decision. ![design flowchart.](images/wfas-designflowchart1.gif) @@ -38,7 +39,7 @@ The goal of this process is to determine whether the risk of adding a device to You must create a group in Active Directory to contain the members of the boundary zones. The settings and rules for the boundary zone are typically very similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. The primary difference is that the authentication connection security rule must be set to request authentication for both inbound and outbound traffic, instead of requiring inbound authentication and requesting outbound authentication as used by the isolated domain. -Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section. + [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section discusses creation of the group and how to link it to the GPOs that apply the rules to members of the group. ## GPO settings for boundary zone servers running at least Windows Server 2008 @@ -49,13 +50,13 @@ The boundary zone GPO for devices running at least Windows Server 2008 should i 1. Exempt all ICMP traffic from IPsec. - 2. Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems. + 2. Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES, and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems. - 3. Data protection (quick mode) algorithm combinations. We recommend that you do not include DES or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.. + 3. Data protection (quick mode) algorithm combinations. We recommend that you don't include DES or MD5 in any setting. They're included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems. If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies. - 4. Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5, you must include certificate-based authentication as an optional authentication method. + 4. Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers, then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members can't use Kerberos V5, you must include certificate-based authentication as an optional authentication method. - The following connection security rules: diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index 1b369d6c5e..be336a726b 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -1,5 +1,5 @@ --- -title: Certificate-based Isolation Policy Design Example (Windows 10) +title: Certificate-based Isolation Policy Design Example (Windows) description: This example uses a fictitious company to illustrate certificate-based isolation policy design in Windows Defender Firewall with Advanced Security. ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md). diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index 7c427d50e7..a59ba99025 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -1,5 +1,5 @@ --- -title: Certificate-based Isolation Policy Design (Windows 10) +title: Certificate-based Isolation Policy Design (Windows) description: Explore the methodology behind Certificate-based Isolation Policy Design and how it defers from Domain Isolation and Server Isolation Policy Design. ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic. diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md index cbea6cabc0..eb09b78b9f 100644 --- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md +++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md @@ -1,5 +1,5 @@ --- -title: Change Rules from Request to Require Mode (Windows 10) +title: Change Rules from Request to Require Mode (Windows) description: Learn how to convert a rule from request to require mode and apply the modified GPOs to the client devices. ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that are not part of the isolated domain. diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md index a3164b6f45..ec2429b56d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md @@ -1,5 +1,5 @@ --- -title: Checklist Configuring Basic Firewall Settings (Windows 10) +title: Checklist Configuring Basic Firewall Settings (Windows) description: Configure Windows Firewall to set inbound and outbound behavior, display notifications, record log files and more of the necessary function for Firewall. ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules. diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md index 2ecb358ade..5e8cd7d149 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md @@ -1,5 +1,5 @@ --- -title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10) +title: Checklist Configuring Rules for an Isolated Server Zone (Windows) description: Use these tasks to configure connection security rules and IPsec settings in GPOs for servers in an isolated server zone that are part of an isolated domain. ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md). diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md index c07a12c977..c464183424 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md @@ -1,5 +1,5 @@ --- -title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows 10) +title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows) description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or devices that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client devices that connect to them. For the GPOs for the client devices, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md). diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md index e10ef7fc18..2a908f4267 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md @@ -1,5 +1,5 @@ --- -title: Checklist Configuring Rules for the Boundary Zone (Windows 10) +title: Checklist Configuring Rules for the Boundary Zone (Windows) description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain. ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain. diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md index 180c4f2168..fc6329d478 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md @@ -1,5 +1,5 @@ --- -title: Checklist Configuring Rules for the Encryption Zone (Windows 10) +title: Checklist Configuring Rules for the Encryption Zone (Windows) description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain. ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain. diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md index 2bccefd09c..2a0fe73601 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md @@ -1,5 +1,5 @@ --- -title: Checklist Configuring Rules for the Isolated Domain (Windows 10) +title: Checklist Configuring Rules for the Isolated Domain (Windows) description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain. ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain. diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md index d2ba4b5a27..b5113224e7 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md @@ -1,5 +1,5 @@ --- -title: Checklist Creating Group Policy Objects (Windows 10) +title: Checklist Creating Group Policy Objects (Windows) description: Learn to deploy firewall settings, IPsec settings, firewall rules, or connection security rules, by using Group Policy in AD DS. ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a device into a membership group. @@ -30,7 +31,7 @@ The checklists for firewall, domain isolation, and server isolation include a li ## About membership groups -For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied. +For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied. ## About exclusion groups diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md index 834016bd7b..53822035a9 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md @@ -1,5 +1,5 @@ --- -title: Checklist Creating Inbound Firewall Rules (Windows 10) +title: Checklist Creating Inbound Firewall Rules (Windows) description: Use these tasks for creating inbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security. ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist includes tasks for creating firewall rules in your GPOs. diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md index b20cb735f9..445f1e1eda 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md @@ -1,5 +1,5 @@ --- -title: Checklist Creating Outbound Firewall Rules (Windows 10) +title: Checklist Creating Outbound Firewall Rules (Windows) description: Use these tasks for creating outbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security. ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist includes tasks for creating outbound firewall rules in your GPOs. diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md index 4a4c525867..d57f7d5a5d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md @@ -1,5 +1,5 @@ --- -title: Create Rules for Standalone Isolated Server Zone Clients (Windows 10) +title: Create Rules for Standalone Isolated Server Zone Clients (Windows) description: Checklist for when creating rules for clients of a Standalone Isolated Server Zone ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client devices that must connect to servers in an isolated server zone. diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md index 1aa6060a8c..1d50c40f3d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md @@ -1,5 +1,5 @@ --- -title: Checklist Implementing a Basic Firewall Policy Design (Windows 10) +title: Checklist Implementing a Basic Firewall Policy Design (Windows) description: Follow this parent checklist for implementing a basic firewall policy design to ensure successful implementation. ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design. @@ -35,7 +36,7 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co | Task | Reference | | - | - | | Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization. | [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
[Basic Firewall Policy Design](basic-firewall-policy-design.md)
[Firewall Policy Design Example](firewall-policy-design-example.md)
[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)| -| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 10 and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| +| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 11, Windows 10, and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10 or Windows 11, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| | If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the devices for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)| | Configure the GPO with firewall default settings appropriate for your design.| [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)| | Create one or more inbound firewall rules to allow unsolicited inbound network traffic.| [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)| diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md index 52c11e99ed..1166334bca 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md @@ -1,5 +1,5 @@ --- -title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10) +title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows) description: Use these references to learn about using certificates as an authentication option and configure a certificate-based isolation policy design. ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design. diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md index 1261adcbb9..cf988d2a7d 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md @@ -1,5 +1,5 @@ --- -title: Checklist Implementing a Domain Isolation Policy Design (Windows 10) +title: Checklist Implementing a Domain Isolation Policy Design (Windows) description: Use these references to learn about the domain isolation policy design and links to other checklists to complete tasks require to implement this design. ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design. diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md index 1d53748cc1..b571f7dce4 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md @@ -1,5 +1,5 @@ --- -title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10) +title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows) description: Use these tasks to create a server isolation policy design that is not part of an isolated domain. See references to concepts and links to other checklists. ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md). diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md index e6fd6b4090..1841e7d9f5 100644 --- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md +++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md @@ -1,5 +1,5 @@ --- -title: Configure Authentication Methods (Windows 10) +title: Configure Authentication Methods (Windows) description: Learn how to configure authentication methods for devices in an isolated domain or standalone server zone in Windows Defender Firewall with Advanced Security. ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone. diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md index 41b2b78f6c..2ef49bcb9e 100644 --- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md @@ -1,5 +1,5 @@ --- -title: Configure Data Protection (Quick Mode) Settings (Windows 10) +title: Configure Data Protection (Quick Mode) Settings (Windows) description: Learn how to configure the data protection settings for connection security rules in an isolated domain or a standalone isolated server zone. ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone. diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md index cfc3364fe7..064de062cf 100644 --- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md +++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md @@ -1,5 +1,5 @@ --- -title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10) +title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows) description: Learn how to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate. diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md index f1b75a3291..3164f07dea 100644 --- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md @@ -1,5 +1,5 @@ --- -title: Configure Key Exchange (Main Mode) Settings (Windows 10) +title: Configure Key Exchange (Main Mode) Settings (Windows) description: Learn how to configure the main mode key exchange settings used to secure the IPsec authentication traffic in Windows Defender Firewall with Advanced Security. ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic. diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md index 561ea0f380..e3d4f8f8b6 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md @@ -1,5 +1,5 @@ --- -title: Configure the Rules to Require Encryption (Windows 10) +title: Configure the Rules to Require Encryption (Windows) description: Learn how to configure rules to add encryption algorithms and delete the algorithm combinations that do not use encryption for zones that require encryption. ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md index 4c82249ccd..a4a7b01573 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md @@ -1,5 +1,5 @@ --- -title: Configure the Windows Defender Firewall Log (Windows 10) +title: Configure the Windows Defender Firewall Log (Windows) description: Learn how to configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections by using Group Policy Management MMC. ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in. diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md index 7ff2117797..58fdd2dd8a 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md @@ -1,5 +1,5 @@ --- -title: Configure the Workstation Authentication Template (Windows 10) +title: Configure the Workstation Authentication Template (Windows) description: Learn how to configure a workstation authentication certificate template, which is used for device certificates that are enrolled and deployed to workstations. ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6 ms.reviewer: @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: dansimp -ms.date: 07/30/2018 +ms.date: 09/07/2021 ms.technology: mde --- @@ -19,7 +19,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for device certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements. diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md index 200675b11a..ee29ef81e8 100644 --- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md +++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md @@ -1,5 +1,5 @@ --- -title: Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program is Blocked (Windows 10) +title: Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program is Blocked (Windows) description: Configure Windows Defender Firewall with Advanced Security to suppress notifications when a program is Bbocked ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To configure Windows Defender Firewall with Advanced Security to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console. diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md index 8af8ad2d89..6e1c2f5c0b 100644 --- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md +++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md @@ -1,5 +1,5 @@ --- -title: Confirm That Certificates Are Deployed Correctly (Windows 10) +title: Confirm That Certificates Are Deployed Correctly (Windows) description: Learn how to confirm that a Group Policy is being applied as expected and that the certificates are being properly installed on the workstations. ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation devices. diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md index 4020fab006..ac157cc912 100644 --- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md +++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md @@ -1,5 +1,5 @@ --- -title: Copy a GPO to Create a New GPO (Windows 10) +title: Copy a GPO to Create a New GPO (Windows) description: Learn how to make a copy of a GPO by using the Active Directory Users and devices MMC snap-in to create a GPO for boundary zone devices. ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To create the GPO for the boundary zone devices, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and devices MMC snap-in. @@ -56,4 +57,4 @@ To complete this procedure, you must be a member of the Domain Administrators gr 12. Type the name of the group that contains members of the boundary zone, for example **CG\_DOMISO\_Boundary**, and then click **OK**. -13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10, and the new boundary zone GPO is for devices running Windows Server 2016, then select a WMI filter that allows only those devices to read and apply the GPO. +13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10 or Windows 11, and the new boundary zone GPO is for devices running Windows Server 2016, then select a WMI filter that allows only those devices to read and apply the GPO. diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md index 3511ad7f7f..844bf1db69 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md @@ -1,5 +1,5 @@ --- -title: Create a Group Account in Active Directory (Windows 10) +title: Create a Group Account in Active Directory (Windows) description: Learn how to create a security group for the computers that are to receive Group Policy settings by using the Active Directory Users and Computers console. ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers console. diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md index e6e1e18867..b7b3944df5 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md @@ -1,5 +1,5 @@ --- -title: Create a Group Policy Object (Windows 10) +title: Create a Group Policy Object (Windows) description: Learn how to use the Active Directory Users and Computers MMC snap-in to create a GPO. You must be a member of the Domain Administrators group. ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To create a new GPO, use the Active Directory Users and Computers MMC snap-in. diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md index 35cb8d066a..c28612d61c 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Authentication Exemption List Rule (Windows 10) +title: Create an Authentication Exemption List Rule (Windows) description: Learn how to create rules that exempt devices that cannot communicate by using IPSec from the authentication requirements of your isolation policies. ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above In almost any isolated server or isolated domain scenario, there are some devices or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those devices from the authentication requirements of your isolation policies. diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md index 43156e1bc5..b3a12b2ba9 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Authentication Request Rule (Windows 10) +title: Create an Authentication Request Rule (Windows) description: Create a new rule for Windows Defender Firewall with Advanced Security so devices on the network use IPsec protocols and methods before they can communicate. ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to:** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have configured IPsec algorithms and authentication methods, you can create the rule that requires the devices on the network to use those protocols and methods before they can communicate. diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md index c56953f28c..53f49581bd 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Inbound ICMP Rule (Windows 10) +title: Create an Inbound ICMP Rule (Windows) description: Learn how to allow inbound ICMP traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security. ms.assetid: 267b940a-79d9-4322-b53b-81901e357344 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To allow inbound Internet Control Message Protocol (ICMP) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows ICMP requests and responses to be sent and received by computers on the network. diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md index 05df6a67cc..452b942ae5 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Inbound Port Rule (Windows 10) +title: Create an Inbound Port Rule (Windows) description: Learn to allow traffic on specific ports by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security. ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port. diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md index bd01350eee..c3db4fccfa 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Inbound Program or Service Rule (Windows 10) +title: Create an Inbound Program or Service Rule (Windows) description: Learn how to allow inbound traffic to a program or service by using the Group Policy Management MMC snap-in to create firewall rules. ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To allow inbound network traffic to a specified program or service, use the Windows Defender Firewall with Advanced Securitynode in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port. diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md index a463162a4d..ebce547b94 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Outbound Port Rule (Windows 10) +title: Create an Outbound Port Rule (Windows) description: Learn to block outbound traffic on a port by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security. ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers. diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md index fe0b68eb1d..d3c40f879a 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md @@ -1,5 +1,5 @@ --- -title: Create an Outbound Program or Service Rule (Windows 10) +title: Create an Outbound Program or Service Rule (Windows) description: Use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port. diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md index 59cb4d71cb..07e8a14728 100644 --- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md +++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md @@ -1,5 +1,5 @@ --- -title: Create Inbound Rules to Support RPC (Windows 10) +title: Create Inbound Rules to Support RPC (Windows) description: Learn how to allow RPC network traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security. ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To allow inbound remote procedure call (RPC) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your device by allowing network traffic only from devices that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper. diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index 479b2e67af..587339f4f2 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -1,5 +1,5 @@ --- -title: Create Windows Firewall rules in Intune (Windows 10) +title: Create Windows Firewall rules in Intune (Windows) description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune. ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431 ms.reviewer: @@ -21,12 +21,14 @@ ms.technology: mde **Applies to** - Windows 10 +- Windows 11 +- Windows Server 2016 and above >[!IMPORTANT] >This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. To get started, open Device Configuration in Intune, then create a new profile. -Choose Windows 10 as the platform, and Endpoint Protection as the profile type. +Choose Windows 10 or Windows 11 as the platform, and Endpoint Protection as the profile type. Select Windows Defender Firewall. ![Windows Defender Firewall in Intune.](images/windows-firewall-intune.png) @@ -35,7 +37,7 @@ Select Windows Defender Firewall. ## Firewall rule components -The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](/windows/client-management/mdm/firewall-csp). +The firewall rule configurations in Intune use the Windows CSP for Firewall. For more information, see [Firewall CSP](/windows/client-management/mdm/firewall-csp). ## Application Control connections for an app or program. diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 78d50e3732..725f75af51 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -1,5 +1,5 @@ --- -title: Create WMI Filters for the GPO (Windows 10) +title: Create WMI Filters for the GPO (Windows) description: Learn how to use WMI filters on a GPO to make sure that each GPO for a group can only be applied to devices running the correct version of Windows. ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/16/2021 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device. @@ -58,13 +59,13 @@ First, create the WMI filter and configure it to look for a specified version (o select * from Win32_OperatingSystem where Version like "6.%" ``` - This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". For Windows 10 and Windows Server 2016, use "10.%". To specify multiple versions, combine them with or, as shown in the following: + This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". For Windows 11, Windows 10, and Windows Server 2016, use "10.%". To specify multiple versions, combine them with or, as shown in the following: ``` syntax ... where Version like "6.1%" or Version like "6.2%" ``` - To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network. + To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers and for Windows 10 and Windows 11 multi-session, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network. The following clause returns **true** for all devices that are not domain controllers: @@ -72,7 +73,7 @@ First, create the WMI filter and configure it to look for a specified version (o ... where ProductType="1" or ProductType="3" ``` - The following complete query returns **true** for all devices running Windows 10, and returns **false** for any server operating system or any other client operating system. + The following complete query returns **true** for all devices running Windows 10 and Windows 11, and returns **false** for any server operating system or any other client operating system. ``` syntax select * from Win32_OperatingSystem where Version like "10.%" and ProductType="1" diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index 68a9281a43..52f4ad1566 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -1,5 +1,5 @@ --- -title: Designing a Windows Defender Firewall Strategy (Windows 10) +title: Designing a Windows Defender Firewall Strategy (Windows) description: Answer the question in this article to design an effective Windows Defender Firewall with Advanced Security Strategy. ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the devices on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the devices. diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index 89fca32581..fe567b13bf 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -1,5 +1,5 @@ --- -title: Determining the Trusted State of Your Devices (Windows 10) +title: Determining the Trusted State of Your Devices (Windows) description: Learn how to define the trusted state of devices in your enterprise to help design your strategy for using Windows Defender Firewall with Advanced Security. ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status. diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index e8f37ee452..990d2c4fec 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -1,5 +1,5 @@ --- -title: Documenting the Zones (Windows 10) +title: Documenting the Zones (Windows) description: Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security. ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Defender Firewall with Advanced Security Strategy section. A sample is shown here: diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index 8f27c49ab5..dffc684c37 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -1,5 +1,5 @@ --- -title: Domain Isolation Policy Design Example (Windows 10) +title: Domain Isolation Policy Design Example (Windows) description: This example uses a fictitious company to illustrate domain isolation policy design in Windows Defender Firewall with Advanced Security. ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams. diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md index 659827d1c6..6d6e93c035 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md @@ -1,5 +1,5 @@ --- -title: Domain Isolation Policy Design (Windows 10) +title: Domain Isolation Policy Design (Windows) description: Learn how to design a domain isolation policy, based on which devices accept only connections from authenticated members of the same isolated domain. ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above In the domain isolation policy design, you configure the devices on your network to accept only connections coming from devices that are authenticated as members of the same isolated domain. diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md index 0a1b0212b6..e8cd903c18 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md @@ -1,5 +1,5 @@ --- -title: Enable Predefined Inbound Rules (Windows 10) +title: Enable Predefined Inbound Rules (Windows) description: Learn the rules for Windows Defender Firewall with Advanced Security for common networking roles and functions. ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Windows Defender Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a device or enable a network feature on a client device, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the devices on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use. diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md index 28e4f8649e..8a3aa2796f 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md @@ -1,5 +1,5 @@ --- -title: Enable Predefined Outbound Rules (Windows 10) +title: Enable Predefined Outbound Rules (Windows) description: Learn to deploy predefined firewall rules that block outbound network traffic for common network functions in Windows Defender Firewall with Advanced Security. ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/07/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above By default, Windows Defender Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Defender Firewall includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically does not enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use. diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index 9dc32a7f67..c57c92edcd 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -1,5 +1,5 @@ --- -title: Encryption Zone GPOs (Windows 10) +title: Encryption Zone GPOs (Windows) description: Learn how to add a device to an encryption zone by adding the device account to the encryption zone group in Windows Defender Firewall with Advanced Security. ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section. diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index 3fba99acba..31176e0204 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -1,5 +1,5 @@ --- -title: Encryption Zone (Windows 10) +title: Encryption Zone (Windows) description: Learn how to create an encryption zone to contain devices that host very sensitive data and require that the sensitive network traffic be encrypted. ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Some servers in the organization host data that's very sensitive, including medical, financial, or other personal data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices. diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md index 2f7a20377f..4aea9e2010 100644 --- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md +++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md @@ -1,5 +1,5 @@ --- -title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows 10) +title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows) description: Evaluating Windows Defender Firewall with Advanced Security Design Examples ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The following Windows Defender Firewall with Advanced Security design examples illustrate how you can use Windows Defender Firewall to improve the security of the devices connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Defender Firewall designs and to determine which design or combination of designs best suits the goals of your organization. diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md index 38c6fd67c7..2dfe9fd103 100644 --- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md +++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md @@ -1,5 +1,5 @@ --- -title: Exempt ICMP from Authentication (Windows 10) +title: Exempt ICMP from Authentication (Windows) description: Learn how to add exemptions for any network traffic that uses the ICMP protocol in Windows Defender Firewall with Advanced Security. ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol. diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index b923df309c..e4569e0cf8 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -1,5 +1,5 @@ --- -title: Exemption List (Windows 10) +title: Exemption List (Windows) description: Learn about reasons to add devices to an exemption list in Windows Defender Firewall with Advanced Security and the trade-offs of having too many exemptions. ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all devices on the internal network, yet secured from network attacks. However, if they must remain available to all devices on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic. diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md index faa8a0d788..8482ee05ce 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md +++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md @@ -1,5 +1,5 @@ --- -title: Firewall GPOs (Windows 10) +title: Firewall GPOs (Windows) description: In this example, a Group Policy Object is linked to the domain container because the domain controllers are not part of the isolated domain. ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters. diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index 5a6acfea96..85ce84a2a9 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -1,5 +1,5 @@ --- -title: Basic Firewall Policy Design Example (Windows 10) +title: Basic Firewall Policy Design Example (Windows) description: This example features a fictitious company and illustrates firewall policy design for Windows Defender Firewall with Advanced Security. ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above In this example, the fictitious company Woodgrove Bank is a financial services institution. @@ -67,7 +68,7 @@ Other traffic notes: Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy the firewall settings and rules to the devices on their network. They know that they must deploy policies to the following collections of devices: -- Client devices that run Windows 10, Windows 8, or Windows 7 +- Client devices that run Windows 11, Windows 10, Windows 8, or Windows 7 - WGBank front-end servers that run Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 35ed36b193..07fea715ef 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -1,5 +1,5 @@ --- -title: Gathering Information about Your Active Directory Deployment (Windows 10) +title: Gathering Information about Your Active Directory Deployment (Windows) description: Learn about gathering Active Directory information, including domain layout, organizational unit architecture, and site topology, for your firewall deployment. ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Active Directory is another important item about which you must gather information. You must understand the forest structure. This includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where devices are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Defender Firewall with Advanced Security. Review the following list for information needed: diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index 97aed509bc..08f2987678 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -1,5 +1,5 @@ --- -title: Gathering Info about Your Network Infrastructure (Windows 10) +title: Gathering Info about Your Network Infrastructure (Windows) description: Learn how to gather info about your network infrastructure so that you can effectively plan for Windows Defender Firewall with Advanced Security deployment. ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Perhaps the most important aspect of planning for Windows Defender Firewall with Advanced Security deployment is the network architecture, because IPsec is layered on the Internet Protocol itself. An incomplete or inaccurate understanding of the network can prevent any Windows Defender Firewall solution from being successful. Understanding subnet layout, IP addressing schemes, and traffic patterns are part of this effort, but accurately documenting the following components are important to completing the planning phase of this project: diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index 1e9b7fee54..c5f34e8ce7 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -1,5 +1,5 @@ --- -title: Gathering Information about Your Devices (Windows 10) +title: Gathering Information about Your Devices (Windows) description: Learn what information to gather about the devices in your enterprise to plan your Windows Defender Firewall with Advanced Security deployment. ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server devices on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned. diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index e75e426e2c..a34c386f5c 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -1,5 +1,5 @@ --- -title: Gathering Other Relevant Information (Windows 10) +title: Gathering Other Relevant Information (Windows) description: Learn about additional information you may need to gather to deploy Windows Defender Firewall with Advanced Security policies in your organization. ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This topic discusses several other things that you should examine to see whether they will cause any complications in your ability to deploy Windows Defender Firewall with Advanced Security policies in your organization. diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md index fbdf23f73f..aad5e33e18 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md +++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md @@ -1,5 +1,5 @@ --- -title: Gathering the Information You Need (Windows 10) +title: Gathering the Information You Need (Windows) description: Collect and analyze information about your network, directory services, and devices to prepare for Windows Defender Firewall with Advanced Security deployment. ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Before starting the planning process for a Windows Defender Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the devices that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and devices that were not considered during the planning phase are encountered during implementation. diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index 4ea713f793..3eb3e0fb2b 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -1,5 +1,5 @@ --- -title: GPO\_DOMISO\_Boundary (Windows 10) +title: GPO\_DOMISO\_Boundary (Windows) description: This example GPO supports devices that are not part of the isolated domain to access specific servers that must be available to those untrusted devices. ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose. diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index 7c81975bea..bf33747880 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -1,5 +1,5 @@ --- -title: GPO\_DOMISO\_Encryption\_WS2008 (Windows 10) +title: GPO\_DOMISO\_Encryption\_WS2008 (Windows) description: This example GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests. ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446 ms.reviewer: @@ -14,7 +14,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index 7799c8484f..f625255685 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -1,5 +1,5 @@ --- -title: GPO\_DOMISO\_Firewall (Windows 10) +title: GPO\_DOMISO\_Firewall (Windows) description: Learn about the settings and rules in this example GPO, which is authored by using the Group Policy editing tools. ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to devices that are running at least Windows 7 or Windows Server 2008. diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index c5c16902b2..ce42bb0dd3 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -1,5 +1,5 @@ --- -title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows 10) +title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows) description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to client devices that are running Windows 8, Windows 7, or Windows Vista. diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index a7e5651251..ca3da60412 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -1,5 +1,5 @@ --- -title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows 10) +title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows) description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This GPO is authored by using the Windows Defender Firewall interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to server devices that are running at least Windows Server 2008. diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md index 738e348ccd..a3648e301a 100644 --- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md +++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md @@ -1,5 +1,5 @@ --- -title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows 10) +title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows) description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba ms.reviewer: @@ -14,14 +14,15 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- # Identifying Windows Defender Firewall with Advanced Security implementation goals **Applies to** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows 11 +- Windows Server 2016 and above Correctly identifying your Windows Defender Firewall with Advanced Security implementation goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your implementation goals. Prioritize and, if possible, combine your implementation goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall implementation goals presented in this guide that are relevant to your scenarios. diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md index 265019f489..adb0db7bd9 100644 --- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md +++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md @@ -1,5 +1,5 @@ --- -title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows 10) +title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows) description: Implementing Your Windows Defender Firewall with Advanced Security Design Plan ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The following are important factors in the implementation of your Windows Defender Firewall design plan: diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md index 878839f37f..72632250e3 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md @@ -1,5 +1,5 @@ --- -title: Isolated Domain GPOs (Windows 10) +title: Isolated Domain GPOs (Windows) description: Learn about GPOs for isolated domains in this example configuration of Windows Defender Firewall with Advanced Security. ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above All of the devices in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section. diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index b9656fd06d..037bf1f77b 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -1,5 +1,5 @@ --- -title: Isolated Domain (Windows 10) +title: Isolated Domain (Windows) description: Learn about the isolated domain, which is the primary zone for trusted devices, which use connection security and firewall rules to control communication. ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e ms.reviewer: @@ -14,16 +14,16 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- # Isolated Domain **Applies to:** -- Windows 10 -- Windows Server 2016 -- Windows Server 2019 +- Windows 10 +- Windows 11 +- Windows Server 2016 and above The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone. diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md index bfd7f19f0a..6e2fcee3e3 100644 --- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md +++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md @@ -1,5 +1,5 @@ --- -title: Isolating Microsoft Store Apps on Your Network (Windows 10) +title: Isolating Microsoft Store Apps on Your Network (Windows) description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network. ms.prod: m365-security ms.mktglfcycl: deploy @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 10/13/2017 +ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp ms.technology: mde @@ -21,7 +21,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above When you add new devices to your network, you may want to customize your Windows Defender Firewall with Advanced Security configuration to isolate the network access of the new Microsoft Store apps that run on them. Developers who build Microsoft Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app. @@ -65,7 +66,7 @@ To isolate Microsoft Store apps on your network, you need to use Group Policy to - The Remote Server Administration Tools (RSAT) are installed on your client device. When you perform the following steps from your client device, you can select your Microsoft Store app when you create Windows Defender Firewall rules. - >**Note:**  You can install the RSAT on your device running Windows 10 from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). + >**Note:**  You can install the RSAT on your device running Windows from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).   ## Step 1: Define your network diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md index 7759669531..c50865a29b 100644 --- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md +++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md @@ -1,5 +1,5 @@ --- -title: Link the GPO to the Domain (Windows 10) +title: Link the GPO to the Domain (Windows) description: Learn how to link a GPO to the Active Directory container for the target devices, after you configure it in Windows Defender Firewall with Advanced Security. ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target devices. diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index ee043c54a0..048875eafd 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -1,5 +1,5 @@ --- -title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows 10) +title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows) description: Mapping your implementation goals to a Windows Firewall with Advanced Security design ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design. > [!IMPORTANT] diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md index 2f2ec6ad54..037b3a66d6 100644 --- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md +++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md @@ -1,5 +1,5 @@ --- -title: Modify GPO Filters (Windows 10) +title: Modify GPO Filters (Windows) description: Learn how to modify GPO filters to apply to a different zone or version of windows in Windows Defender Firewall with Advanced Security. ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#to-block-members-of-a-group-from-applying-a-gpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain. diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md index 7046b6230b..43485b62d6 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md @@ -1,5 +1,5 @@ --- -title: Open the Group Policy Management Console to IP Security Policies (Windows 10) +title: Open the Group Policy Management Console to IP Security Policies (Windows) description: Learn how to open the Group Policy Management Console to IP Security Policies to configure GPOs for earlier versions of the Windows operating system. ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Procedures in this guide that refer to GPOs for earlier versions of the Windows operating system instruct you to work with the IP Security Policy section in the Group Policy Management Console (GPMC). diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md index 5c3d340ea4..1239f18bf3 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md @@ -1,5 +1,5 @@ --- -title: Group Policy Management of Windows Firewall with Advanced Security (Windows 10) +title: Group Policy Management of Windows Firewall with Advanced Security (Windows) description: Group Policy Management of Windows Firewall with Advanced Security ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Most of the procedures in this guide instruct you to use Group Policy settings for Windows Firewall with Advanced Security. diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index 2c7d2f500b..a4cba8e7c3 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -1,5 +1,5 @@ --- -title: Group Policy Management of Windows Defender Firewall (Windows 10) +title: Group Policy Management of Windows Defender Firewall (Windows) description: Group Policy Management of Windows Defender Firewall with Advanced Security ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/02/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To open a GPO to Windows Defender Firewall: diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index 1b99cfae07..8dda8bcf96 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -1,5 +1,5 @@ --- -title: Open Windows Defender Firewall with Advanced Security (Windows 10) +title: Open Windows Defender Firewall with Advanced Security (Windows) description: Learn how to open the Windows Defender Firewall with Advanced Security console. You must be a member of the Administrators group. ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This procedure shows you how to open the Windows Defender Firewall with Advanced Security console. diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 0f8b7c455f..2291806174 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -1,5 +1,5 @@ --- -title: Planning Certificate-based Authentication (Windows 10) +title: Planning Certificate-based Authentication (Windows) description: Learn how a device unable to join an Active Directory domain can still participate in an isolated domain by using certificate-based authentication. ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Sometimes a device cannot join an Active Directory domain, and therefore cannot use Kerberos V5 authentication with domain credentials. However, the device can still participate in the isolated domain by using certificate-based authentication. diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md index af5214261c..0a5d687d62 100644 --- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md @@ -1,5 +1,5 @@ --- -title: Planning Domain Isolation Zones (Windows 10) +title: Planning Domain Isolation Zones (Windows) description: Learn how to use information you have gathered to make decisions about isolation zones for your environment in Windows Defender Firewall with Advanced Security. ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have the required information about your network, Active Directory, and client and server devices, you can use that information to make decisions about the isolation zones you want to use in your environment. diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md index 0f0993409e..fd986acbbd 100644 --- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md +++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md @@ -1,5 +1,5 @@ --- -title: Planning GPO Deployment (Windows 10) +title: Planning GPO Deployment (Windows) description: Learn how to use security group filtering and WMI filtering to provide the most flexible options for applying GPOs to devices in Active Directory. ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above You can control which GPOs are applied to devices in Active Directory in a combination of three ways: diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md index 7899c1c091..47d3282978 100644 --- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md @@ -1,5 +1,5 @@ --- -title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10) +title: Planning Group Policy Deployment for Your Isolation Zones (Windows) description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design for your isolation environment. ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have decided on the best logical design of your isolation environment for the network and device security requirements, you can start the implementation plan. diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index c4fff5ce81..6ac5c58afd 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -1,5 +1,5 @@ --- -title: Planning Isolation Groups for the Zones (Windows 10) +title: Planning Isolation Groups for the Zones (Windows) description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs. ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A device is assigned to a zone by adding its device account to the group which represents that zone. diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index 57d452edac..d767a7db71 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -1,5 +1,5 @@ --- -title: Planning Network Access Groups (Windows 10) +title: Planning Network Access Groups (Windows) description: Learn how to implement a network access group for users and devices that can access an isolated server in Windows Defender Firewall with Advanced Security. ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above A network access group (NAG) is used to identify users and devices that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a device, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required. diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index a89145ab4a..2a5a06d873 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -1,5 +1,5 @@ --- -title: Planning Server Isolation Zones (Windows 10) +title: Planning Server Isolation Zones (Windows) description: Learn how to restrict access to a server to approved users by using a server isolation zone in Windows Defender Firewall with Advanced Security. ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any devices that are outside the isolated domain, and encrypts all network connections to server. diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index ce989c23c6..e843a202ac 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -1,5 +1,5 @@ --- -title: Planning Settings for a Basic Firewall Policy (Windows 10) +title: Planning Settings for a Basic Firewall Policy (Windows) description: Learn how to design a basic policy for Windows Defender Firewall with Advanced Security, the settings and rules that enforce your requirements on devices. ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have identified your requirements, and have the information about the network layout and devices available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the devices. diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md index 8bb1208626..67f3121c36 100644 --- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md +++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md @@ -1,5 +1,5 @@ --- -title: Planning the GPOs (Windows 10) +title: Planning the GPOs (Windows) description: Learn about planning Group Policy Objects for your isolation zones in Windows Defender Firewall with Advanced Security, after you design the zone layout. ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the devices to the zones. @@ -42,7 +43,7 @@ A few things to consider as you plan the GPOs: - Windows Defender Firewall* in Windows Vista and Windows Server 2008 only support one network location profile at a time. If you add a second network adapter that is connected to a different network, or not connected at all, you could unintentionally change the profile that is currently active on the device. If your GPO specifies different firewall and connection security rules based on the current network location profile, the behavior of how the device handles network traffic will change accordingly. We recommend for stationary devices, such as desktops and servers, that you assign any rule for the device to all profiles. Apply GPOs that change rules per network location to devices that must move between networks, such as your portable devices. Consider creating a separate domain isolation GPO for your servers that uses the same settings as the GPO for the clients, except that the server GPO specifies the same rules for all network location profiles. -*Windows Defender Firewall is now called Windows Defender Firewall with Advanced Security in Windows 10. +*Windows Defender Firewall is now called Windows Defender Firewall with Advanced Security in Windows 10 and Windows 11. > [!NOTE] > Devices running Windows 7, Windows Server 2008 R2, and later support different network location types, and therefore profiles, for each network adapter at the same time. Each network adapter is assigned the network location appropriate for the network to which it is connected. Windows Defender Firewall then enforces only those rules that apply to that network type’s profile. So certain types of traffic are blocked when coming from a network adapter connected to a public network, but those same types might be permitted when coming from a private or domain network. diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md index 7dabf87126..8d60afedaf 100644 --- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md @@ -1,5 +1,5 @@ --- -title: Plan to Deploy Windows Defender Firewall with Advanced Security (Windows 10) +title: Plan to Deploy Windows Defender Firewall with Advanced Security (Windows) description: Use the design information in this article to plan for the deployment of Windows Defender Firewall with Advanced Security in your organization. ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you collect information about your environment and decide on a design by following the guidance in the [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Defender Firewall with Advanced Security in your organization. diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index 437bb3fbeb..8459640ec7 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -1,5 +1,5 @@ --- -title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows 10) +title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows) description: After you gather the relevant information, select the design or combination of designs for Windows Defender Firewall with Advanced Security in your environment. ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs. diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md index e301390ef9..305d69aef6 100644 --- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md @@ -1,5 +1,5 @@ --- -title: Procedures Used in This Guide (Windows 10) +title: Procedures Used in This Guide (Windows) description: Refer to this summary of procedures for Windows Defender Firewall with Advanced Security from checklists in this guide. ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order. diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 233776996f..f0fc035973 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -1,5 +1,5 @@ --- -title: Protect devices from unwanted network traffic (Windows 10) +title: Protect devices from unwanted network traffic (Windows) description: Learn how running a host-based firewall on every device in your organization can help protect against attacks as part of a defense-in-depth security strategy. ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable device are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats. diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md index bd087a2124..17ab51f503 100644 --- a/windows/security/threat-protection/windows-firewall/quarantine.md +++ b/windows/security/threat-protection/windows-firewall/quarantine.md @@ -14,7 +14,7 @@ ms.localizationpriority: normal audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/17/2020 +ms.date: 09/08/2021 ms.technology: mde --- diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index 8fbeb35412..a3963db1f2 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -1,5 +1,5 @@ --- -title: Require Encryption When Accessing Sensitive Network Resources (Windows 10) +title: Require Encryption When Accessing Sensitive Network Resources (Windows) description: Windows Defender Firewall with Advanced Security allows you to require that all network traffic in an isolated domain be encrypted. ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The use of authentication in the previously described goal ([Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it does not prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets are not encrypted. diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index 1a7c288575..e546bbf39d 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -1,5 +1,5 @@ --- -title: Restrict Access to Only Specified Users or Devices (Windows 10) +title: Restrict Access to Only Specified Users or Devices (Windows) description: Restrict access to devices and users that are members of domain groups authorized to access that device using Windows Defender Firewall with Advanced Security. ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) prevents devices that are members of the isolated domain from accepting network traffic from untrusted devices. However, some devices on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data. diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index 5285e56ad9..d3d0f94001 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -1,5 +1,5 @@ --- -title: Restrict access to only trusted devices (Windows 10) +title: Restrict access to only trusted devices (Windows) description: Windows Defender Firewall with Advanced Security enables you to isolate devices you trust and restrict access of untrusted devices to trusted devices. ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach devices that are not owned by your organization to your network. Because you do not manage those devices, you cannot trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy devices both on and outside of your physical network must not be permitted to access your organization's devices except where it is truly required. diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md index a9a24aa516..c0d7282746 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md +++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md @@ -1,5 +1,5 @@ --- -title: Restrict Server Access to Members of a Group Only (Windows 10) +title: Restrict Server Access to Members of a Group Only (Windows) description: Create a firewall rule to access isolated servers running Windows Server 2008 or later and restrict server access to members of a group. ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have configured the IPsec connection security rules that force client devices to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those devices or users who have been identified through the authentication process as members of the isolated server’s access group. diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 8cb2a35d50..aa6d7c5117 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -1,5 +1,5 @@ --- -title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10) +title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows) description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 ms.prod: m365-security ms.mktglfcycl: deploy @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp ms.technology: mde @@ -21,7 +21,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above IKEv2 offers the following: diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index bb23429112..74da744d30 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -1,5 +1,5 @@ --- -title: Server Isolation GPOs (Windows 10) +title: Server Isolation GPOs (Windows) description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security. ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Each set of devices that have different users or devices accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on devices in the zone. The Woodgrove Bank example has an isolation zone for their devices that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose. diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index a0070cf114..fd8fad7308 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -1,5 +1,5 @@ --- -title: Server Isolation Policy Design Example (Windows 10) +title: Server Isolation Policy Design Example (Windows) description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company. ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section. diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 7d44e7c17c..3d5d5e9694 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -1,5 +1,5 @@ --- -title: Server Isolation Policy Design (Windows 10) +title: Server Isolation Policy Design (Windows) description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group. ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above In the server isolation policy design, you assign servers to a zone that allows access only to users and devices that authenticate as members of an approved network access group (NAG). diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md index b6a468447e..8f2dd62bfc 100644 --- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md +++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md @@ -1,5 +1,5 @@ --- -title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows 10) +title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows) description: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above To enable Windows Defender Firewall with Advanced Security and configure its default behavior, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console. diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md index 6a77eda3f7..6f83b6d42d 100644 --- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md +++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md @@ -1,5 +1,5 @@ --- -title: Understand WFAS Deployment (Windows 10) +title: Understand WFAS Deployment (Windows) description: Resources for helping you understand the Windows Defender Firewall with Advanced Security (WFAS) Design Process ms.prod: m365-security ms.mktglfcycl: deploy @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp ms.technology: mde diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md index 113c3c0cc2..633bcb4aed 100644 --- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md +++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md @@ -1,5 +1,5 @@ --- -title: Verify That Network Traffic Is Authenticated (Windows 10) +title: Verify That Network Traffic Is Authenticated (Windows) description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication. ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the devices on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the devices have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot. diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index bf70a3a3b7..c4e919e41a 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows 10) +title: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell (Windows) description: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell ms.prod: m365-security ms.mktglfcycl: deploy @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.reviewer: ms.author: dansimp ms.technology: mde @@ -21,7 +21,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above The Windows Defender Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Defender Firewall management. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Defender Firewall management in Windows. diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md index 9a3954cc03..8e4af001ae 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Firewall with Advanced Security deployment overview (Windows 10) +title: Windows Defender Firewall with Advanced Security deployment overview (Windows) description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network. ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 08/17/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above You can use the Windows Defender Firewall with Advanced Security MMC snap-in with devices running at least Windows Vista or Windows Server 2008 to help protect the devices and the data that they share across a network. diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index e1a438412f..702acc0dcf 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Firewall with Advanced Security design guide (Windows 10) +title: Windows Defender Firewall with Advanced Security design guide (Windows) description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise. ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51 ms.reviewer: @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 10/05/2017 +ms.date: 09/08/2021 ms.technology: mde --- @@ -22,7 +22,8 @@ ms.technology: mde **Applies to** - Windows 10 -- Windows Server 2016 +- Windows 11 +- Windows Server 2016 and above Windows Defender Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Defender Firewall supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot authenticate cannot communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices. @@ -87,7 +88,7 @@ The following table identifies and defines terms used throughout this guide. | Certificate-based isolation | A way to add devices that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every device in the isolated domain and the devices that cannot use Kerberos V5 are provided with a device certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).| | Domain isolation | A technique for helping protect the devices in an organization by requiring that the devices authenticate each other's identity before exchanging information, and refusing connection requests from devices that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see "Isolated domain" in this table.| | Encryption zone | A subset of the devices in an isolated domain that process sensitive data. Devices that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Devices that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.| -| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.
By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. | +| Firewall rule | A rule in Windows Defender Firewall that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.
By default, the firewall rules in Windows Server 2016. Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 11, Windows 10, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. | | Internet Protocol security (IPsec) | A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).| | IPsec policy | A collection of connection security rules that provide the required protection to network traffic entering and leaving the device. The protection includes authentication of both the sending and receiving device, integrity protection of the network traffic exchanged between them, and can include encryption.| | Isolated domain | An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member devices by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).
In this guide, the term *isolated domain* refers to the IPsec concept of a group of devices that can share authentication. The term *Active Directory domain* refers to the group of devices that share a security database by using Active Directory.| diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md index e3becc881c..7a9d7305a5 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Firewall with Advanced Security (Windows 10) +title: Windows Defender Firewall with Advanced Security (Windows) description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features. ms.prod: m365-security ms.mktglfcycl: deploy @@ -12,7 +12,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 10/21/2020 +ms.date: 09/08/2021 ms.reviewer: ms.custom: asr ms.technology: mde @@ -21,9 +21,9 @@ ms.technology: mde # Windows Defender Firewall with Advanced Security **Applies to** -- Windows 10 -- Windows Server 2016 -- Windows Server 2019 +- Windows 10 +- Windows 11 +- Windows Server 2016 and above This is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.