From 79be99f04f6adb67b1be8945b1e40a0d993cd9a7 Mon Sep 17 00:00:00 2001 From: roh-kan Date: Fri, 8 Oct 2021 00:02:51 +0800 Subject: [PATCH 1/9] Fix Typo in command Related Issue: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10014 --- windows/deployment/update/windows-update-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index ac67414ec6..b30011a355 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -173,7 +173,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | +| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | ## 0x8007371b From 62d0a8c423f70fac274770653d98535e165136d5 Mon Sep 17 00:00:00 2001 From: David Mebane Date: Thu, 7 Oct 2021 16:53:37 -0700 Subject: [PATCH 2/9] Update update-compliance-get-started.md --- windows/deployment/update/update-compliance-get-started.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index bb55b0dff1..b50e741721 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -23,7 +23,8 @@ ms.topic: article - Windows 11 > [!IMPORTANT] -> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. +> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. +> Devices must have this policy configured by January 31st, 2022 to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. From ae9a36ec88363e39c94af2714a228ce7e8e60d18 Mon Sep 17 00:00:00 2001 From: roh-kan Date: Fri, 8 Oct 2021 18:49:03 +0800 Subject: [PATCH 3/9] Update punctuation Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/windows-update-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index b30011a355..fc07839d42 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -173,7 +173,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | +| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt, run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | ## 0x8007371b From 69e1bbd3d1f64537cbe625f1af5415b069330545 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Sun, 10 Oct 2021 15:21:37 -0700 Subject: [PATCH 4/9] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 468313fb87..546bdf3f0c 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - Disable Microsoft Defender Application Guard - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY -- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY -- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments +- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (Added in Windows 10, version 2004) +- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (Added in Windows 10, version 2004) **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. @@ -279,7 +279,7 @@ Value type is integer. Supported operation is Get. - Bit 6 - Set to 1 when system reboot is required. **PlatformStatus** -Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. +Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. Value type is integer. Supported operation is Get. From c66f5f99b1ee002661c50a9faa0adebe380d5c7f Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 11 Oct 2021 15:42:03 +0300 Subject: [PATCH 5/9] Update Best practices https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9916 --- ...ntrol-behavior-of-the-elevation-prompt-for-standard-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index de0490479f..37b331657f 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -46,7 +46,7 @@ This policy setting determines the behavior of the elevation prompt for standard ### Best practices 1. Configure the **User Account Control: Behavior of the elevation prompt for standard users** to **Automatically deny elevation requests**. This setting requires the user to log on with an administrative account to run programs that require elevation of privilege. -2. As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account. +2. As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials on the secure desktop** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account. ### Location From f5bd247967a1e8f05ee132a989ef0d6909671be4 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 11 Oct 2021 08:10:56 -0700 Subject: [PATCH 6/9] Update windows/client-management/mdm/windowsdefenderapplicationguard-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 546bdf3f0c..946c8013d8 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - Disable Microsoft Defender Application Guard - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY -- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (Added in Windows 10, version 2004) -- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (Added in Windows 10, version 2004) +- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004) +- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004) **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. From 69d27ba5c9f625fd8fc9c3b9d50b369bb6ece943 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 11 Oct 2021 08:16:48 -0700 Subject: [PATCH 7/9] Update windows/deployment/update/update-compliance-get-started.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/update-compliance-get-started.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index b50e741721..c01d76b407 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -24,7 +24,8 @@ ms.topic: article > [!IMPORTANT] > **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. -> Devices must have this policy configured by January 31st, 2022 to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. +> +> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. From 111b18461fe8d3def2f69d6f3de704bb3cae543a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Oct 2021 10:05:18 -0700 Subject: [PATCH 8/9] Update user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md --- ...ntrol-behavior-of-the-elevation-prompt-for-standard-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index 37b331657f..688bce1b38 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 10/11/2021 ms.technology: mde --- From 3db37ef4d18ceb33b0bac31bd302baa68b447db2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Oct 2021 10:06:31 -0700 Subject: [PATCH 9/9] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 946c8013d8..ccd89eb916 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -5,8 +5,8 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 07/07/2020 +author: dansimp +ms.date: 10/11/2021 ms.reviewer: manager: dansimp ---