From 6fe75560490053a09545ccb973aaf58ee36969a5 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Fri, 8 Mar 2019 22:23:59 +0000 Subject: [PATCH 001/117] Draft --- ...ecurity-settings-with-tamper-protection.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md new file mode 100644 index 0000000000..4a79a4cae8 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -0,0 +1,39 @@ + + + + +Prevent security settings changes with Tamper Protection + +Tamper Protection helps prevent malicious apps from changing important security settings. These settings include: + +• Real-time protection +• Cloud-delivered protection +• IOfficeAntivirus (IOAV) +• Behavior monitoring +• Scheduled scans +• Policy override settings + +With Tamper Protection set to On, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: + +• Mobile device management (MDM) apps like Intune +• Enterprise configuration management apps like System Center Configuration Manager (SCCM) +• Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures +• Windows System Image Manager (Windows SIM) settings DisableAntiSpyware ad DisableAntiMalware (used in Windows unattended setup) +• Group Policy +• Other Windows Management Instrumentation (WMI) apps + +The Tamper Protection setting doesn't affect how third party antivirus apps register with the Windows Security app. + +On computers running Windows 10 Enterprise E5, users can't change the Tamper Protection setting. + +Tamper Protection is On by default. If you set Tamper Protection to Off, you will see a yellow warning in the Windows Security app under Virus & threat protection. + +Configure Tamper Protection + +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender. +2. Select Virus & threat protection, then select Virus & threat protection settings. +3. Set Tamper Protection to On or Off. + +Note +If your computer is running Windows 10 Enterprise E5, you can't change the Tamper Protection setting. + From a82e95f29fd3f6c571db912a82298c77061f3d98 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Fri, 8 Mar 2019 22:36:13 +0000 Subject: [PATCH 002/117] Formatting --- ...ecurity-settings-with-tamper-protection.md | 65 ++++++++++++------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 4a79a4cae8..66d5e0fe86 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -1,39 +1,54 @@ +--- +title: Prevent security settings changes with Tamper Protection +description: Use tamper protection to prevent malicious apps from changing important security settings. +keywords: malware, defender, antivirus, tamper protection +search.product: eADQiWindows 10XVcnh +ms.pagetype: security +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: andreabichsel +ms.author: v-anbic +--- +# Prevent security settings changes with tamper protection +**Applies to:** +- Windows 10 -Prevent security settings changes with Tamper Protection +Tamper protection helps prevent malicious apps from changing important security settings. These settings include: -Tamper Protection helps prevent malicious apps from changing important security settings. These settings include: +- Real-time protection +- Cloud-delivered protection +- IOfficeAntivirus (IOAV) +- Behavior monitoring +- Scheduled scans +- Policy override settings -• Real-time protection -• Cloud-delivered protection -• IOfficeAntivirus (IOAV) -• Behavior monitoring -• Scheduled scans -• Policy override settings +With tamper protection set to **On**, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: -With Tamper Protection set to On, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: +- Mobile device management (MDM) apps like Intune +- Enterprise configuration management apps like System Center Configuration Manager (SCCM) +- Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures +- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware ad DisableAntiMalware (used in Windows unattended setup) +- Group Policy +- Other Windows Management Instrumentation (WMI) apps -• Mobile device management (MDM) apps like Intune -• Enterprise configuration management apps like System Center Configuration Manager (SCCM) -• Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures -• Windows System Image Manager (Windows SIM) settings DisableAntiSpyware ad DisableAntiMalware (used in Windows unattended setup) -• Group Policy -• Other Windows Management Instrumentation (WMI) apps +The tamper protection setting doesn't affect how third party antivirus apps register with the Windows Security app. -The Tamper Protection setting doesn't affect how third party antivirus apps register with the Windows Security app. +On computers running Windows 10 Enterprise E5, users can't change the tamper protection setting. -On computers running Windows 10 Enterprise E5, users can't change the Tamper Protection setting. +Tamper protection is On by default. If you set tamper protection to **Off**, you will see a yellow warning in the Windows Security app under **Virus & threat protection**. -Tamper Protection is On by default. If you set Tamper Protection to Off, you will see a yellow warning in the Windows Security app under Virus & threat protection. +##Configure tamper protection -Configure Tamper Protection +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +2. Select **Virus & threat protection**, then select **Virus & threat protection settings**. +3. Set **Tamper Protection** to **On** or **Off**. -1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for Defender. -2. Select Virus & threat protection, then select Virus & threat protection settings. -3. Set Tamper Protection to On or Off. - -Note -If your computer is running Windows 10 Enterprise E5, you can't change the Tamper Protection setting. +>[!NOTE] +>If your computer is running Windows 10 Enterprise E5, you can't change the tamper protection setting. From 8de2be98e03365fe164d7754f582fa992793dfe1 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Fri, 8 Mar 2019 22:37:36 +0000 Subject: [PATCH 003/117] Fixed typo --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 66d5e0fe86..930eb2406a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -33,7 +33,7 @@ With tamper protection set to **On**, you can still change these settings in the - Mobile device management (MDM) apps like Intune - Enterprise configuration management apps like System Center Configuration Manager (SCCM) - Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures -- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware ad DisableAntiMalware (used in Windows unattended setup) +- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware and DisableAntiMalware (used in Windows unattended setup) - Group Policy - Other Windows Management Instrumentation (WMI) apps From 11ae2c3f71a0d29d8e8cad5915266a31b7cd7c6c Mon Sep 17 00:00:00 2001 From: botmoto <42125490+botmoto@users.noreply.github.com> Date: Sun, 7 Apr 2019 16:23:10 -0700 Subject: [PATCH 004/117] Update credential-guard-manage.md --- .../credential-guard-manage.md | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 0edce00395..c5e98ffb47 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -20,6 +20,7 @@ ms.date: 03/01/2019 **Applies to** - Windows 10 - Windows Server 2016 +- Windows Server 2019 Prefer video? See [Windows Defender Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Windows Defender Credential Guard video series. @@ -150,9 +151,13 @@ To disable Windows Defender Credential Guard, you can use the following set of p 1. If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). 2. Delete the following registry settings: - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures - + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags +> [!NOTE] +> If you also wish to disable virtualization-based security delete the following registry settings: +```syntax +HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity +HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures +``` > [!IMPORTANT] > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. @@ -164,9 +169,8 @@ To disable Windows Defender Credential Guard, you can use the following set of p bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - bcdedit /set hypervisorlaunchtype off mountvol X: /d ``` @@ -175,7 +179,11 @@ To disable Windows Defender Credential Guard, you can use the following set of p 4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. > [!NOTE] -> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS +> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: +```syntax +bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS +bcdedit /set vsmlaunchtype off +``` > [!NOTE] > Credential Guard and Device Guard are not currently supported when using Azure IaaS VMs. These options will be made available with future Gen 2 VMs. From 573f21284ce3d693bbf5e4d985513290c4c4e81f Mon Sep 17 00:00:00 2001 From: botmoto <42125490+botmoto@users.noreply.github.com> Date: Sun, 7 Apr 2019 19:15:27 -0700 Subject: [PATCH 005/117] Update credential-guard-manage.md Formatting Update credential-guard-manage.md --- .../credential-guard-manage.md | 24 ++++++++----------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index c5e98ffb47..e02b561b04 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -152,16 +152,13 @@ To disable Windows Defender Credential Guard, you can use the following set of p 2. Delete the following registry settings: - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags -> [!NOTE] -> If you also wish to disable virtualization-based security delete the following registry settings: -```syntax -HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity -HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures -``` +3. If you also wish to disable virtualization-based security delete the following registry settings: + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures > [!IMPORTANT] > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. -3. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: +4. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: ``` syntax mountvol X: /s @@ -174,16 +171,15 @@ HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\Requi mountvol X: /d ``` -2. Restart the PC. -3. Accept the prompt to disable Windows Defender Credential Guard. -4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. +5. Restart the PC. +6. Accept the prompt to disable Windows Defender Credential Guard. +7. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. > [!NOTE] > The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: -```syntax -bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS -bcdedit /set vsmlaunchtype off -``` + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + bcdedit /set vsmlaunchtype off > [!NOTE] > Credential Guard and Device Guard are not currently supported when using Azure IaaS VMs. These options will be made available with future Gen 2 VMs. From 03d24fad2d232e17851a51ba9f5b872d829fd6d6 Mon Sep 17 00:00:00 2001 From: botmoto <42125490+botmoto@users.noreply.github.com> Date: Sun, 7 Apr 2019 16:23:10 -0700 Subject: [PATCH 006/117] Update credential-guard-manage.md Update credential-guard-manage.md Formatting Update credential-guard-manage.md --- .../credential-guard-manage.md | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 0edce00395..e02b561b04 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -20,6 +20,7 @@ ms.date: 03/01/2019 **Applies to** - Windows 10 - Windows Server 2016 +- Windows Server 2019 Prefer video? See [Windows Defender Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Windows Defender Credential Guard video series. @@ -150,13 +151,14 @@ To disable Windows Defender Credential Guard, you can use the following set of p 1. If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). 2. Delete the following registry settings: - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags +3. If you also wish to disable virtualization-based security delete the following registry settings: - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures - > [!IMPORTANT] > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. -3. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: +4. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: ``` syntax mountvol X: /s @@ -164,18 +166,20 @@ To disable Windows Defender Credential Guard, you can use the following set of p bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - bcdedit /set hypervisorlaunchtype off mountvol X: /d ``` -2. Restart the PC. -3. Accept the prompt to disable Windows Defender Credential Guard. -4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. +5. Restart the PC. +6. Accept the prompt to disable Windows Defender Credential Guard. +7. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. > [!NOTE] -> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS +> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Windows Defender Credential Guard and virtualization-based security, run the following bcdedit commands after turning off all virtualization-based security Group Policy and registry settings: + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + bcdedit /set vsmlaunchtype off > [!NOTE] > Credential Guard and Device Guard are not currently supported when using Azure IaaS VMs. These options will be made available with future Gen 2 VMs. From 900a8d0c28fb44f2ac52ac1d36b3a91ac2ba4d02 Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Wed, 24 Apr 2019 18:47:47 +0530 Subject: [PATCH 007/117] Added Azure AD MFA Auth with O365 --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index f59a78c750..c191cc7a49 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -97,7 +97,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat ## Multifactor Authentication ## Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication. -Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provides by Windows Server 2012 R2 or later Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multi-factor authentication into AD FS. +Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provides by Windows Server 2012 R2 or later Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multi-factor authentication into AD FS. The Multi-factor authentication enabled in Office 365 license is sufficient for direct Multi-factor Authentication against Azure AD. ### Section Review > [!div class="checklist"] From 7d8272272e88665e0ca5bc441f51c94f5c4fbdb5 Mon Sep 17 00:00:00 2001 From: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> Date: Thu, 25 Apr 2019 18:54:11 +0530 Subject: [PATCH 008/117] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Malind19 --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index c191cc7a49..a4a1cc41b4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -97,7 +97,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat ## Multifactor Authentication ## Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication. -Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provides by Windows Server 2012 R2 or later Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multi-factor authentication into AD FS. The Multi-factor authentication enabled in Office 365 license is sufficient for direct Multi-factor Authentication against Azure AD. +Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provided by Windows Server 2012 R2 or later Active Directory Federation Services, which include an adapter model that enables third parties to integrate their multi-factor authentication into AD FS. The Multi-factor authentication enabled in Office 365 license is sufficient for direct Multi-factor Authentication against Azure AD. ### Section Review > [!div class="checklist"] From 4e534972c11a14e238e7b022290435c41bb7961f Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 26 Apr 2019 16:13:26 +0500 Subject: [PATCH 009/117] update hello-cert-trust-deploy-mfa.md --- .../hello-for-business/hello-cert-trust-deploy-mfa.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md index 561df3ca7b..afee1b6159 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md @@ -23,7 +23,7 @@ ms.date: 08/19/2018 - Certificate trust -On-premises deployments must use the On-premises Azure MFA Server using the AD FS adapter model Optionally, you can use a third-party MFA server that provides an AD FS Multifactor authentication adapter. +On-premises deployments must use on-premises MFA Server that provides an AD FS Multifactor authentication adapter. It could be Azure Multi-Factor Authentication Server or third-party MFA solution. >[!TIP] >Please make sure you've read [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) before proceeding any further. From 94c56a08ecf1eceec1d2ce0d1a0852ac5cc6cbf8 Mon Sep 17 00:00:00 2001 From: illfated Date: Sun, 28 Apr 2019 18:23:56 +0200 Subject: [PATCH 010/117] Windows/Privacy: URL correction update This is a follow-up to my previous PR #3305 (Windows/Privacy: change formatting code to text). I found one URL that I missed in my previous solution. This is a 1 line change, making the starting and ending asterisk show up on the page, instead of formatting the text as italics. Addendum: For future web page documentation, it may be a good idea to use the HTML codes `*` + `\` for `*` and `\` respectively, to avoid situations where pages look OK on Github, but not translating well to the docs.microsoft.com pages. Ref. issue ticket #3304 (Domain misspelling) --- .../privacy/windows-endpoints-1809-non-enterprise-editions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index b6be3b5acd..1df90d39e0 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -98,7 +98,7 @@ We used the following methodology to derive these network endpoints: | *.e-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. | | *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. | | *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. | -| *.tlu.dl.delivery.mp.microsoft.com/* | HTTP | Enables connections to Windows Update. | +| \*.tlu.dl.delivery.mp.microsoft.com/\* | HTTP | Enables connections to Windows Update. | | *geo-prod.dodsp.mp.microsoft.com.nsatc.net | HTTPS | Enables connections to Windows Update. | | arc.msn.com.nsatc.net | HTTPS | Used to retrieve Windows Spotlight metadata. | | au.download.windowsupdate.com/* | HTTP | Enables connections to Windows Update. | From 8d32eea85633ce5d7f70731f7602bc1851ca9c6f Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 30 Apr 2019 16:17:49 -0700 Subject: [PATCH 011/117] Updates per bug 3122154 --- windows/client-management/mdm/devicestatus-csp.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index a20317c21f..568485b1b6 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/26/2018 +ms.date: 04/30/2019 --- # DeviceStatus CSP @@ -157,6 +157,12 @@ Valid values: Supported operation is Get. +If more than one antivirus provider is active, the **DeviceStatus/Antivirus/SignatureStatus** node returns: +- 1 – If every active antivirus provider has a valid signature status +- 0 – If any of the active antivirus providers has an invalid signature status + +The **DeviceStatus/Antivirus/SignatureStatus** node also returns 0 when no antivirus provider is active. + **DeviceStatus/Antivirus/Status** Added in Windows, version 1607. Integer that specifies the status of the antivirus. @@ -186,6 +192,12 @@ Valid values: Supported operation is Get. +If more than one antispyware provider is active, the **DeviceStatus/Antispyware/SignatureStatus** node returns: +- 1 – If every active antispyware provider has a valid signature status +- 0 – If any of the active antispyware providers has an invalid signature status + +The **DeviceStatus/Antispyware/SignatureStatus** node also returns 0 when no antispyware provider is active. + **DeviceStatus/Antispyware/Status** Added in Windows, version 1607. Integer that specifies the status of the antispyware. From cc151d53a7e4e511dc8dc79e11499c72e268ac88 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 30 Apr 2019 16:53:19 -0700 Subject: [PATCH 012/117] Updater per bug 3122154 --- .../client-management/mdm/devicestatus-csp.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 568485b1b6..d286f6f918 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -157,11 +157,11 @@ Valid values: Supported operation is Get. -If more than one antivirus provider is active, the **DeviceStatus/Antivirus/SignatureStatus** node returns: -- 1 – If every active antivirus provider has a valid signature status -- 0 – If any of the active antivirus providers has an invalid signature status +If more than one antivirus provider is active, this node returns: +- 1 – If every active antivirus provider has a valid signature status. +- 0 – If any of the active antivirus providers has an invalid signature status. -The **DeviceStatus/Antivirus/SignatureStatus** node also returns 0 when no antivirus provider is active. +This node also returns 0 when no antivirus provider is active. **DeviceStatus/Antivirus/Status** Added in Windows, version 1607. Integer that specifies the status of the antivirus. @@ -192,11 +192,11 @@ Valid values: Supported operation is Get. -If more than one antispyware provider is active, the **DeviceStatus/Antispyware/SignatureStatus** node returns: -- 1 – If every active antispyware provider has a valid signature status -- 0 – If any of the active antispyware providers has an invalid signature status +If more than one antispyware provider is active, this node returns: +- 1 – If every active antispyware provider has a valid signature status. +- 0 – If any of the active antispyware providers has an invalid signature status. -The **DeviceStatus/Antispyware/SignatureStatus** node also returns 0 when no antispyware provider is active. +This node also returns 0 when no antispyware provider is active. **DeviceStatus/Antispyware/Status** Added in Windows, version 1607. Integer that specifies the status of the antispyware. From 516a00b153a899ba80256385771790a00cfd92c9 Mon Sep 17 00:00:00 2001 From: Michael Niehaus Date: Wed, 1 May 2019 10:26:12 -0400 Subject: [PATCH 013/117] Update user-driven-hybrid.md Adjusted the AD DC requirements to make them more clear. --- windows/deployment/windows-autopilot/user-driven-hybrid.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md index d69c5869ba..c75f3e2df4 100644 --- a/windows/deployment/windows-autopilot/user-driven-hybrid.md +++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md @@ -29,7 +29,8 @@ To perform a user-driven hybrid AAD joined deployment using Windows Autopilot: - **Hybrid Azure AD joined** must be specified as the selected option under **Join to Azure AD as** in the Autopilot profile. - If using Intune, a device group in Azure Active Directory must exist with the Windows Autopilot profile assigned to that group. - The device must be running Windows 10, version 1809 or later. -- The device must be connected to the Internet and have access to an Active Directory domain controller. +- The device must be able to access an Active Directory domain controller, so it must be connected to the organization's network (where it can resolve the DNS records for the AD domain and the AD domain controller, and communicate with the domain controller to authenticate the user). +- The device must be able to access the Internet, following the [documented Windows Autopilot network requirements](windows-autopilot-requirements-network.md). - The Intune Connector for Active Directory must be installed. - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf. - If using Proxy, WPAD Proxy settings option must be enabled and configured. From 33f1c7e37a5e64a7b30c5214c8aea7b1fbcd46bc Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 2 May 2019 15:39:26 +0500 Subject: [PATCH 014/117] update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 1700566e52..a936892039 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -274,7 +274,7 @@ Public key infrastructure prerequisites already exist in your planning worksheet If box **1a** on your planning worksheet reads **cloud only**, ignore the public key infrastructure section of your planning worksheet. Cloud only deployments do not use a public key infrastructure. -If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet. +If box **1b** on your planning worksheet reads **key trust**, write **N/A** in box **5b** on your planning worksheet. Key trust doesn't require any change in public key infrastructure, skip this part and go to **Cloud** section. The registration authority only relates to certificate trust deployments and the management used for domain and non-domain joined devices. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. From 38811a81906227c6da50e83308f429cd4bc87f84 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 2 May 2019 17:02:24 +0500 Subject: [PATCH 015/117] update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index a936892039..05fb09a45a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -77,7 +77,7 @@ A deployment's trust type defines how each Windows Hello for Business client aut The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more. -The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers. Users can authenticate using their certificate to any Windows Server 2008 R2 or later domain controller. +The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can authenticate using their certificate to any Windows Server 2008 R2 or later domain controller. #### Device registration @@ -101,7 +101,6 @@ Cloud only and hybrid deployments provide many choices for multi-factor authenti > * Azure Active Directory Premium > * Enterprise Mobility Suite > * Enterprise Cloud Suite ->* A per-user and per-authentication consumption-based model that is billed monthly against Azure monetary commitment (Read [Multi-Factor Authentication Pricing](https://azure.microsoft.com/pricing/details/multi-factor-authentication/) for more information) #### Directory synchronization From 9584215fd34e27cfa6c5a264f536a7a31f6d9f1a Mon Sep 17 00:00:00 2001 From: msjbja <49055479+msjbja@users.noreply.github.com> Date: Thu, 2 May 2019 08:50:14 -0500 Subject: [PATCH 016/117] Update windows-local-autopilot-reset.md Addition of the permission required to perform this task --- .../windows-autopilot/windows-autopilot-reset-local.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md index ac25a597f7..2df22358c3 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md @@ -19,6 +19,8 @@ ms.topic: article **Applies to: Windows 10, version 1709 and above +The Microsoft Intune Service Administrator Directory role is required to perform this task. The process of adding directory roles is documented at https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal + IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state. To enable local Autopilot Reset in Windows 10: From 4336fb97432614ec0cfe4b69e2c61bbb200e404c Mon Sep 17 00:00:00 2001 From: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> Date: Thu, 2 May 2019 12:13:50 -0500 Subject: [PATCH 017/117] Update windows/deployment/windows-autopilot/windows-autopilot-reset-local.md Adjusting the wording based on suggestion by JohnFreelancer9 Co-Authored-By: msjbja <49055479+msjbja@users.noreply.github.com> --- .../windows-autopilot/windows-autopilot-reset-local.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md index 2df22358c3..5f82790f46 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md @@ -19,7 +19,7 @@ ms.topic: article **Applies to: Windows 10, version 1709 and above -The Microsoft Intune Service Administrator Directory role is required to perform this task. The process of adding directory roles is documented at https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal +The Microsoft Intune Service Administrator Directory role is required to perform this task. To learn more about the process of adding directory roles, refer to https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state. From b37b1b9e69ebd787de443bc26d601baa6d431bf2 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Thu, 2 May 2019 12:44:43 -0500 Subject: [PATCH 018/117] Update windows/deployment/windows-autopilot/windows-autopilot-reset-local.md Changes committed to fit Microsoft style Co-Authored-By: msjbja <49055479+msjbja@users.noreply.github.com> --- .../windows-autopilot/windows-autopilot-reset-local.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md index 5f82790f46..c94be655bb 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md @@ -19,7 +19,7 @@ ms.topic: article **Applies to: Windows 10, version 1709 and above -The Microsoft Intune Service Administrator Directory role is required to perform this task. To learn more about the process of adding directory roles, refer to https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal +The Intune Service Administrator role is required to perform this task. Learn more about how to [Assign Azure Active Directory roles](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). IT admins can perform a local Windows Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With a local Autopilot Reset, devices are returned to a fully configured or known IT-approved state. From 07120081bf9e857679d3206b06f47f00adb65b01 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 3 May 2019 12:25:57 +0500 Subject: [PATCH 019/117] update hello-planning-guide.md --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 05fb09a45a..77945e6f69 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -77,7 +77,7 @@ A deployment's trust type defines how each Windows Hello for Business client aut The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more. -The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can authenticate using their certificate to any Windows Server 2008 R2 or later domain controller. +The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller. #### Device registration From 355c7ccc34fd830e040373cd7156aa1a33ae36d7 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 3 May 2019 16:11:27 +0500 Subject: [PATCH 020/117] update nodecache-csp.md removed DFType value, as it is out of the scope of this article --- windows/client-management/mdm/nodecache-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index 28bcf637f6..d04fa8b63b 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -30,7 +30,7 @@ The following diagram shows the NodeCache configuration service provider in tree ![nodecache csp](images/provisioning-csp-nodecache.png) **./Device/Vendor/MSFT and ./User/Vendor/MSFT** -Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax. Starting in Windows 10, version 1607 the value is com.microsoft/\/MDM/NodeCache. +Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This is a predefined MIME type to identify this managed object in OMA DM syntax. ***ProviderID*** Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one *ProviderID* node under **NodeCache**. Scope is dynamic. From 621e845fe599d4e1b7f4f94be41ac938c7328a46 Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Mon, 6 May 2019 15:02:11 +0530 Subject: [PATCH 021/117] added skipping auto enrollment info --- windows/deployment/windows-autopilot/enrollment-status.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md index d2e6471454..895cf49881 100644 --- a/windows/deployment/windows-autopilot/enrollment-status.md +++ b/windows/deployment/windows-autopilot/enrollment-status.md @@ -20,6 +20,8 @@ ms.topic: article The Windows Autopilot Enrollment Status page displaying the status of the complete device configuration process. Incorporating feedback from customers, this provides information to the user to show that the device is being set up and can be configured to prevent access to the desktop until the configuration is complete. ![Enrollment status page](images/enrollment-status-page.png) + +From Windows 10 version 1803 onwards, you can opt-out of the account setup phase. When it is skipped, the settings will be applied for the users when as they access their desktop for the first time. ## Available settings From 9873e82524118009a405dc1c5f523587aef8bcca Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 6 May 2019 14:56:41 +0500 Subject: [PATCH 022/117] update hello-cert-trust-deploy-mfa.md --- .../hello-for-business/hello-cert-trust-deploy-mfa.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md index afee1b6159..3c90a6c465 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md @@ -23,7 +23,7 @@ ms.date: 08/19/2018 - Certificate trust -On-premises deployments must use on-premises MFA Server that provides an AD FS Multifactor authentication adapter. It could be Azure Multi-Factor Authentication Server or third-party MFA solution. +On-premises deployments must use an on-premises MFA Server that provides an AD FS Multifactor authentication adapter. It can be an Azure Multi-Factor Authentication Server or a third-party MFA solution. >[!TIP] >Please make sure you've read [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) before proceeding any further. From 80b15d0cc524e910cb285465199a5b765e87f121 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 6 May 2019 17:34:28 +0500 Subject: [PATCH 023/117] update activate-using-active-directory-based-activation-client.md source: [KMS Activation for Windows Server 2016](https://blogs.technet.microsoft.com/askpfeplat/2016/10/24/kms-activation-for-windows-server-2016/) --- .../activate-using-active-directory-based-activation-client.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 03e0029f83..ddbabe01f8 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -20,6 +20,7 @@ ms.topic: article - Windows 8 - Windows Server 2012 R2 - Windows Server 2012 +- Windows Server 2016 **Looking for retail activation?** - [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) From e177eeff58aac8b8445d5c425016e9e74dac7f68 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 6 May 2019 22:38:39 +0200 Subject: [PATCH 024/117] Update hello-adequate-domain-controllers.md Typo and grammar fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3203 --- .../hello-adequate-domain-controllers.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index ebb6eed030..680fe15627 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -24,21 +24,21 @@ ms.date: 08/20/2018 ## How many is adequate -How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic. Windows Server 2016 includes the KDC AS Requests performance counter. You can use these counters to determine how much of a domain controllers load is due to initial Kerberos authentication. It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication--it remains unchanged. +How can you find out how many domain controllers are needed? You can use performance monitoring on your domain controllers to determine existing authentication traffic. Windows Server 2016 includes the KDC AS Requests performance counter. You can use these counters to determine how much of a domain controller's load is due to initial Kerberos authentication. It's important to remember that authentication for a Windows Hello for Business key trust deployment does not affect Kerberos authentication--it remains unchanged. Windows 10 accomplishes Windows Hello for Business key trust authentication by mapping an Active Directory user account to one or more public keys. This mapping occurs on the domain controller, which is why the deployment needs Windows Server 2016 domain controllers. Public key mapping is only supported by Windows Server 2016 domain controllers. Therefore, users in a key trust deployment must authenticate to a Windows Server 2016 domain controller. -Determining an adequate number of Windows Server 2016 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2016) to a deployment of existing domain controllers (Windows Server 2008R2 or Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on". To illustrate the "piling on" concept, consider the following scenario. +Determining an adequate number of Windows Server 2016 domain controllers is important to ensure you have enough domain controllers to satisfy all authentication requests, including users mapped with public key trust. What many administrators do not realize is that adding the most current version of a domain controller (in this case Windows Server 2016) to a deployment of existing domain controllers (Windows Server 2008R2 or Windows Server 2012R2) instantly makes that single domain controller susceptible to carrying the most load, or what is commonly referred to as "piling on". To illustrate the "piling on" concept, consider the following scenario: -Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment. The Kerberos AS requests load would look something like the following. +Consider a controlled environment where there are 1000 client computers and the authentication load of these 1000 client computers is evenly distributed across 10 domain controllers in the environment. The Kerberos AS requests load would look something like the following: ![dc-chart1](images/plan/dc-chart1.png) -The environment changes. The first change includes DC1 upgraded to Windows Server 2016 to support Windows Hello for Business key-trust authentication. Next, 100 clients enroll for Windows Hello for Business using the public key trust deployment. Given all other factors stay constant, the authentication would now look like the following. +The environment changes. The first change includes DC1 upgraded to Windows Server 2016 to support Windows Hello for Business key-trust authentication. Next, 100 clients enroll for Windows Hello for Business using the public key trust deployment. Given all other factors stay constant, the authentication would now look like the following: ![dc-chart2](images/plan/dc-chart2.png) -The Windows Server 2016 domain controller is handling 100 percent of all public key trust authentication. However, it is also handling 10 percent of the password authentication. Why? This behavior occurs because domain controllers 2- 10 only support password and certificate trust authentication; only a Windows Server 2016 domain controller supports authentication public key trust authentication. The Windows Server 2016 domain controller understands how to authenticate password and certificate trust authentication and will continue to share the load of authenticating those clients. Because DC1 can handle all forms of authentication, it will be bear more of the authentication load, and easily become overloaded. What if another Windows Server 2016 domain controller is added, but without deploying Windows Hello for Business to anymore clients. +The Windows Server 2016 domain controller is handling 100 percent of all public key trust authentication. However, it is also handling 10 percent of the password authentication. Why? This behavior occurs because domain controllers 2- 10 only support password and certificate trust authentication; only a Windows Server 2016 domain controller supports authentication public key trust authentication. The Windows Server 2016 domain controller understands how to authenticate password and certificate trust authentication and will continue to share the load of authenticating those clients. Because DC1 can handle all forms of authentication, it will be bear more of the authentication load, and easily become overloaded. What if another Windows Server 2016 domain controller is added, but without deploying Windows Hello for Business to anymore clients? ![dc-chart3](images/plan/dc-chart3.png) @@ -63,7 +63,7 @@ The preceding was an example to show why it's unrealistic to have a "one-size-fi ## Determining total AS Request load -Each organization needs to have an baseline of the AS request load that occurs in their environment. Windows Server provides the KDC AS Requests performance counter that helps you determine this. +Each organization needs to have a baseline of the AS request load that occurs in their environment. Windows Server provides the KDC AS Requests performance counter that helps you determine this. Pick a site where you plan to upgrade the clients to Windows Hello for Business public key trust. Pick a time when authentication traffic is most significant--Monday morning is great time as everyone is returning to the office. Enable the performance counter on *all* the domain controllers in that site. Collect KDC AS Requests performance counters for two hours: * A half-hour before you expect initial authentication (sign-ins and unlocks) to be significant @@ -75,29 +75,29 @@ For example, if employees are scheduled to come into the office at 9:00am. Your > [!NOTE] > To capture all the authentication traffic. Ensure that all computers are powered down to get the most accurate authentication information (computers and services authenticate at first power up--you need to consider this authentication in your evaluation). -Aggregate the performance data of all domain controllers. Look for the maximum KDC AS Requests for each domain controller. Find the median time when the maximum number of requests occurred for the site, this should represent when the site is experience the highest amount of authentication. +Aggregate the performance data of all domain controllers. Look for the maximum KDC AS Requests for each domain controller. Find the median time when the maximum number of requests occurred for the site, this should represent when the site is experiencing the highest amount of authentication. -Add the number of authentications for each domain controller for the median time. You now have the total authentication for the site during a peak time. Using this metric, you can determine the distribution of authentication across the domain controllers in the site by dividing the domain controller's authentication number for the median time by the total authentication. Multiple the quotient by 10 to convert the distribution to a percentage. To validate your math, all the distributions should equal 100 percent. +Add the number of authentications for each domain controller for the median time. You now have the total authentication for the site during a peak time. Using this metric, you can determine the distribution of authentication across the domain controllers in the site by dividing the domain controller's authentication number for the median time by the total authentication. Multiply the quotient by 10 to convert the distribution to a percentage. To validate your math, all the distributions should equal 100 percent. -Review the distribution of authentication. Hopefully, none of these are above 70 percent. It's always good to reserve some capacity for the unexpected. Also, the primary purposes of a domain controller is to provide authentication and handle Active Directory operations. Identify domain controllers with lower distributions of authentication as potential candidates for the initial domain controller upgrades in conjunction with a reasonable distribution of clients provisioned for Windows Hello for Business. +Review the distribution of authentication. Hopefully, none of these are above 70 percent. It's always good to reserve some capacity for the unexpected. Also, the primary purposes of a domain controller are to provide authentication and handle Active Directory operations. Identify domain controllers with lower distributions of authentication as potential candidates for the initial domain controller upgrades in conjunction with a reasonable distribution of clients provisioned for Windows Hello for Business. ## Monitoring Authentication -Using the same methods previously described above, monitor the Kerberos authentication after upgrading a domain controller and your first phase of Windows Hello for Business deployments. Make note of the delta of authentication before and after upgrading the domain controller to Windows Server 2016. This delta is representative of authentication resulting from the first phase of your Windows Hello for Business clients. This gives you a baseline for your environment to where you can form a statement such as +Using the same methods previously described above, monitor the Kerberos authentication after upgrading a domain controller and your first phase of Windows Hello for Business deployments. Make note of the delta of authentication before and after upgrading the domain controller to Windows Server 2016. This delta is representative of authentication resulting from the first phase of your Windows Hello for Business clients. This gives you a baseline for your environment from which you can form a statement such as ```"Every n Windows Hello for Business clients results in x percentage of key-trust authentication."``` -Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment. +Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment. Remember, increasing the number of clients changes the volume of authentication distributed across the Windows Server 2016 domain controllers. If there is only one Windows Server 2016 domain controller, there's no distribution and you are simply increasing the volume of authentication for which THAT domain controller is responsible. -Increasing the number of number of domain controllers distributes the volume of authentication, but doesn't change it. Therefore, as you add more domain controllers, the burden of authentication for which each domain controller is responsible decrease. Upgrading two domain controller changes the distribution to 50 percent. Upgrading three domain controllers changes the distribution to 33 percent, and so on. +Increasing the number of domain controllers distributes the volume of authentication, but doesn't change it. Therefore, as you add more domain controllers, the burden of authentication, for which each domain controller is responsible, decreases. Upgrading two domain controller changes the distribution to 50 percent. Upgrading three domain controllers changes the distribution to 33 percent, and so on. ## Strategy The simplest strategy you can employ is to upgrade one domain controller and monitor the single domain controller as you continue to phase in new Windows Hello for Business key-trust clients until it reaches a 70 or 80 percent threshold. -Then, upgrade a second domain controller. Monitor the authentication on both domain controllers to determine how the authentication distributes between the two domain controllers. Introduce more Windows Hello for Business clients while monitoring the authentication on the two upgraded domain controllers. Once those reach your environments designated capacity, then upgrade another domain controller. +Then, upgrade a second domain controller. Monitor the authentication on both domain controllers to determine how the authentication distributes between the two domain controllers. Introduce more Windows Hello for Business clients while monitoring the authentication on the two upgraded domain controllers. Once those reach your environment's designated capacity, you can upgrade another domain controller. Repeat until your deployment for that site is complete. Now, monitor authentication across all your domain controllers like you did the very first time. Determine the distribution of authentication for each domain controller. Identify the percentage of distribution for which it is responsible. If a single domain controller is responsible for 70 percent of more of the authentication, you may want to consider adding a domain controller to reduce the distribution of authentication volume. -However, before considering this, ensure the high load of authentication is not a result of applications and services where their configuration has a statically configured domain controller. Adding domain controllers will not resolve the additional authentication load problem in this scenario. Instead, manually distribute the authentication to different domain controllers among all the services or applications. Alternatively, try simply using the domain name rather than a specific domain controller. Each domain controller has an A record registered in DNS for the domain name, which DNS will round robin with each DNS query. It's not the best load balancer, however, it is a better alternative to static domain controller configurations, provided the configuration is compatible with your service or application. +However, before considering this, ensure the high load of authentication is not a result of applications and services where their configuration has a statically-configured domain controller. Adding domain controllers will not resolve the additional authentication load problem in this scenario. Instead, manually distribute the authentication to different domain controllers among all the services or applications. Alternatively, try simply using the domain name rather than a specific domain controller. Each domain controller has an A record registered in DNS for the domain name, which DNS will round robin with each DNS query. It's not the best load balancer, however, it is a better alternative to static domain controller configurations, provided the configuration is compatible with your service or application. From 7556ea14b48f3b3bc481507b95395b3a9c3560ad Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 6 May 2019 22:42:41 +0200 Subject: [PATCH 025/117] Update hello-hybrid-key-trust.md Typo https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3203 --- .../hello-for-business/hello-hybrid-key-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 303b6ce403..d74bd02a0e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -34,7 +34,7 @@ The new deployment baseline helps organizations who are moving to Azure and Offi This baseline provides detailed procedures to move your environment from an on-premises only environment to a hybrid environment using Windows Hello for Business to authenticate to Azure Active Directory and to your on-premises Active Directory using a single Windows sign-in. -You’re next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. +Your next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. > [!div class="nextstepaction"] > [Prerequistes](hello-hybrid-key-trust-prereqs.md) From 52f92056d8658810a2cfa33861389b441956b207 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 6 May 2019 22:48:13 +0200 Subject: [PATCH 026/117] Update hello-hybrid-key-new-install.md Typos https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3203 --- .../hello-for-business/hello-hybrid-key-new-install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index d9874f88c3..831a9879cb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -80,7 +80,7 @@ If you do not have an existing public key infrastructure, please review [Certifi > [!IMPORTANT] > For Azure AD joined device to authenticate to and use on-premises resources, ensure you: > * Install the root certificate authority certificate for your organization in the user's trusted root certificate store. -> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url. +> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based URL. ### Section Review ### @@ -135,7 +135,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation > * Review the overview and uses of Azure Multifactor Authentication. > * Review your Azure Active Directory subscription for Azure Multifactor Authentication. > * Create an Azure Multifactor Authentication Provider, if necessary. -> * Configure Azure Multifactor Authentiation features and settings. +> * Configure Azure Multifactor Authentication features and settings. > * Understand the different User States and their effect on Azure Multifactor Authentication. > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server Active Directory Federation Services, if necessary. From e486b2536bf6035772818f7579d5618c8b662771 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 6 May 2019 22:53:20 +0200 Subject: [PATCH 027/117] Update hello-hybrid-key-trust-devreg.md Typos https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3203 --- .../hello-for-business/hello-hybrid-key-trust-devreg.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 9a49d7ab15..f7ec72d697 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -38,7 +38,7 @@ Begin configuring device registration to support Hybrid Windows Hello for Busine To do this, follow the **Configure device settings** steps under [Setting up Azure AD Join in your organization](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-setup/) -Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup) page. In the **Configuration steps** section, identify you configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark. +Next, follow the guidance on the [How to configure hybrid Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup) page. In the **Configuration steps** section, identify your configuration at the top of the table (either **Windows current and password hash sync** or **Windows current and federation**) and perform only the steps identified with a check mark.

@@ -47,7 +47,7 @@ Next, follow the guidance on the [How to configure hybrid Azure Active Directory ## Follow the Windows Hello for Business hybrid key trust deployment guide 1. [Overview](hello-hybrid-cert-trust.md) -2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. Configure Azure Device Registration (*You are here*) From 83a316f4dfa239f785f48abf9ea612ebb056841a Mon Sep 17 00:00:00 2001 From: yoosi Date: Mon, 6 May 2019 14:06:22 -0700 Subject: [PATCH 028/117] correct typo in bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index c9ba5464a6..9ea0ddd3dc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -529,7 +529,7 @@ Disable-BitLocker -MountPoint E:,F:,G: ``` ## See also -- [Prepare your organization for BitLocker: Planning and p\\olicies](prepare-your-organization-for-bitlocker-planning-and-policies.md) +- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md) - [BitLocker recovery guide](bitlocker-recovery-guide-plan.md) - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) - [BitLocker overview](bitlocker-overview.md) From 68c1c54c477b45cfb1f12eeb9831de1c349c2650 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 6 May 2019 23:13:19 +0200 Subject: [PATCH 029/117] Update hello-planning-guide.md Typos https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3203 --- .../hello-for-business/hello-planning-guide.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 1700566e52..462ce37ed5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -136,7 +136,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in ### Cloud -Some deployment combinations require an Azure account and some require Azure Active Directory for user identities. These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional. +Some deployment combinations require an Azure account, and some require Azure Active Directory for user identities. These cloud requirements may only need an Azure account while other features need an Azure Active Directory Premium subscription. The planning process identifies and differentiates the components that are needed from the those that are optional. ## Planning a Deployment @@ -150,13 +150,13 @@ Choose the deployment model based on the resources your users access. Use the f If your organization does not have on-premises resources, write **Cloud Only** in box **1a** on your planning worksheet. -If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet. +If your organization is federated with Azure or uses any online service, such as Office365 or OneDrive, or your users' access cloud and on-premises resources, write **Hybrid** in box **1a** on your planning worksheet. If your organization does not have cloud resources, write **On-Premises** in box **1a** on your planning worksheet. >[!NOTE] >If you’re unsure if your organization is federated, run the following Active Directory Windows PowerShell command from an elevated Windows PowerShell prompt and evaluate the results. >```Get-AdObject “CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=[forest_root_CN_name],DC=com" -Properties keywords``` ->* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS. Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**. If the object truly does not exist, then you environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type. +>* If the command returns an error stating it could not find the object, then you have yet to configured AAD Connect or on-premises Device Registration Services using AD FS. Ensure the name is accurate and validate the object does not exist with another Active Directory Management tool such as **ADSIEdit.msc**. If the object truly does not exist, then your environment does not bind you to a specific deployment or require changes to accommodate the desired deployment type. >* If the command returns a value, compare that value with the values below. The value indicates the deployment model you should implement > * If the value begins with **azureADName:** – write **Hybrid** in box **1a**on your planning worksheet. > * If the value begins with **enterpriseDrsName:** – write **On-Premises** in box **1a** on your planning worksheet. @@ -197,7 +197,7 @@ If box **1a** on your planning worksheet reads **cloud only**, write **N/A** in If box **1a** on your planning worksheet reads **hybrid**, then write **Azure AD Connect** in box **1e** on your planning worksheet. -If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**. This deployment exclusively uses Active Directory for user information with the exception of the multi-factor authentication. The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multi-factor authentication while the user’s credential remain on the on-premises network. +If box **1a** on your planning worksheet reads **on-premises**, then write **Azure MFA Server**. This deployment exclusively uses Active Directory for user information with the exception of the multi-factor authentication. The on-premises Azure MFA server synchronizes a subset of the user information, such as phone number, to provide multi-factor authentication while the user’s credentials remain on the on-premises network. ### Multifactor Authentication From f3d02254eb14dddf1734357306dd5d6a73d869e5 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 6 May 2019 23:23:32 +0200 Subject: [PATCH 030/117] Update hello-hybrid-key-trust.md Typo "prerequisites" --- .../hello-for-business/hello-hybrid-key-trust.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 303b6ce403..1c42c615c5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -37,7 +37,7 @@ This baseline provides detailed procedures to move your environment from an on-p You’re next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. > [!div class="nextstepaction"] -> [Prerequistes](hello-hybrid-key-trust-prereqs.md) +> [Prerequisites](hello-hybrid-key-trust-prereqs.md)

@@ -45,7 +45,7 @@ You’re next step is to familiarize yourself with the prerequisites needed for ## Follow the Windows Hello for Business hybrid key trust deployment guide 1. Overview (*You are here*) -2. [Prerequistes](hello-hybrid-key-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-key-new-install.md) 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) From 6ee5d7c96f8b0cb7104bd52e67fd3b3c9ec656a4 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 7 May 2019 05:27:22 +0200 Subject: [PATCH 031/117] Update hello-hybrid-key-trust.md Prerequisites typo --- .../hello-for-business/hello-hybrid-key-trust.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index d74bd02a0e..129be903cb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -37,7 +37,7 @@ This baseline provides detailed procedures to move your environment from an on-p Your next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. > [!div class="nextstepaction"] -> [Prerequistes](hello-hybrid-key-trust-prereqs.md) +> [Prerequisites](hello-hybrid-key-trust-prereqs.md)

@@ -45,7 +45,7 @@ Your next step is to familiarize yourself with the prerequisites needed for the ## Follow the Windows Hello for Business hybrid key trust deployment guide 1. Overview (*You are here*) -2. [Prerequistes](hello-hybrid-key-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-key-new-install.md) 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) From 1e39927854b20f76169b9f32d18468f1617ea401 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 7 May 2019 05:30:27 +0200 Subject: [PATCH 032/117] Update hello-hybrid-key-new-install.md Typo Prerequisites --- .../hello-for-business/hello-hybrid-key-new-install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 831a9879cb..4a4a80eced 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -124,7 +124,7 @@ If your organization uses Azure MFA on a per-consumption model (no licenses), th Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings. Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings. #### Azure MFA User States #### -After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users. +After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users. ### Azure MFA via ADFS ### Alternatively, you can configure Windows Server 2016 Active Directory Federation Services (AD FS) to provide additional multi-factor authentication. To configure, read the [Configure AD FS 2016 and Azure MFA](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa) section. @@ -148,7 +148,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation ## Follow the Windows Hello for Business hybrid key trust deployment guide 1. [Overview](hello-hybrid-key-trust.md) -2. [Prerequistes](hello-hybrid-key-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. New Installation Baseline (*You are here*) 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) From 9cd14c4a4cab864228c727e44dff1e1184c5849c Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 7 May 2019 05:41:47 +0200 Subject: [PATCH 033/117] Update hello-hybrid-key-trust-dirsync.md Typos https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3203 --- .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 2c4dc3093c..617e922f94 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -26,7 +26,7 @@ ms.date: 08/19/2018 You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. ## Deploy Azure AD Connect -Next, you need to synchronizes the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771). +Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771). > [!NOTE] @@ -38,7 +38,7 @@ Next, you need to synchronizes the on-premises Active Directory with Azure Activ ## Follow the Windows Hello for Business hybrid key trust deployment guide 1. [Overview](hello-hybrid-key-trust.md) -2. [Prerequistes](hello-hybrid-key-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-key-new-install.md) 4. Configure Directory Synchronization (*You are here*) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) From 322c28aa7290a18f3f4fcc861e91e1625646d7f4 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 7 May 2019 05:48:08 +0200 Subject: [PATCH 034/117] Update hello-hybrid-cert-trust.md Typos --- .../hello-for-business/hello-hybrid-cert-trust.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index f8613819f5..c622ab65bb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -37,10 +37,10 @@ This baseline provides detailed procedures to move your environment from an on-p ## Federated Baseline ## The federated baseline helps organizations that have completed their federation with Azure Active Directory and Office 365 and enables them to introduce Windows Hello for Business into their hybrid environment. This baseline exclusively focuses on the procedures needed to add Azure Device Registration and Windows Hello for Business to an existing hybrid deployment. -Regardless of the baseline you choose, you’re next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. +Regardless of the baseline you choose, your next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. > [!div class="nextstepaction"] -> [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +> [Prerequisites](hello-hybrid-cert-trust-prereqs.md)

@@ -48,7 +48,7 @@ Regardless of the baseline you choose, you’re next step is to familiarize your ## Follow the Windows Hello for Business hybrid certificate trust deployment guide 1. Overview (*You are here*) -2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. [Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) From 91e9e7b8089f61f08260c8c101090f457372bc4b Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 7 May 2019 06:14:48 +0200 Subject: [PATCH 035/117] Update hello-hybrid-cert-new-install.md Typos lines 83,131,144, --- .../hello-for-business/hello-hybrid-cert-new-install.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 2e3ac6b145..81a325489b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -80,7 +80,7 @@ If you do have an existing public key infrastructure, please review [Certificati ### Section Review ### > [!div class="checklist"] -> * Miniumum Windows Server 2012 Certificate Authority. +> * Minimum Windows Server 2012 Certificate Authority. > * Enterprise Certificate Authority. > * Functioning public key infrastructure. @@ -128,7 +128,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation > * Review the overview and uses of Azure Multifactor Authentication. > * Review your Azure Active Directory subscription for Azure Multifactor Authentication. > * Create an Azure Multifactor Authentication Provider, if necessary. -> * Configure Azure Multufactor Authentiation features and settings. +> * Configure Azure Multifactor Authentication features and settings. > * Understand the different User States and their effect on Azure Multifactor Authentication. > * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server 2016 Active Directory Federation Services, if necessary. @@ -141,7 +141,7 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation ## Follow the Windows Hello for Business hybrid certificate trust deployment guide 1. [Overview](hello-hybrid-cert-trust.md) -2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. New Installation Baseline (*You are here*) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) From b6816dedf09d7422aa581f96e5a8880c252c90ec Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 7 May 2019 06:32:48 +0200 Subject: [PATCH 036/117] Update hello-hybrid-cert-trust-devreg.md Typos lines 37, 103, 517 --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index bab9bcf458..273991ec82 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -28,13 +28,13 @@ Your environment is federated and you are ready to configure device registration > [!IMPORTANT] > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment. -Use this three phased approach for configuring device registration. +Use this three-phased approach for configuring device registration. 1. [Configure devices to register in Azure](#configure-azure-for-device-registration) 2. [Synchronize devices to on-premises Active Directory](#configure-active-directory-to-support-azure-device-syncrhonization) 3. [Configure AD FS to use cloud devices](#configure-ad-fs-to-use-azure-registered-devices) > [!NOTE] -> Before proceeding, you should familiarize yourself with device regisration concepts such as: +> Before proceeding, you should familiarize yourself with device registration concepts such as: > * Azure AD registered devices > * Azure AD joined devices > * Hybrid Azure AD joined devices @@ -100,7 +100,7 @@ Federation server proxies are computers that run AD FS software that have been c Use the [Setting of a Federation Proxy](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/checklist--setting-up-a-federation-server-proxy) checklist to configure AD FS proxy servers in your environment. ### Deploy Azure AD Connect -Next, you need to synchronizes the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771). +Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](http://go.microsoft.com/fwlink/?LinkId=615771). When you are ready to install, follow the **Configuring federation with AD FS** section of [Custom installation of Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-get-started-custom). Select the **Federation with AD FS** option on the **User sign-in** page. At the **AD FS Farm** page, select the use an existing option and click **Next**. @@ -514,7 +514,7 @@ For your reference, below is a comprehensive list of the AD DS devices, containe ## Follow the Windows Hello for Business hybrid certificate trust deployment guide 1. [Overview](hello-hybrid-cert-trust.md) -2. [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +2. [Prerequisites](hello-hybrid-cert-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. Configure Azure Device Registration (*You are here*) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) From e350e7b5cc557ce0802338590f6edcd5f1999979 Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 7 May 2019 13:13:08 -0400 Subject: [PATCH 037/117] split & updated mdatp-mac.md into 4 new pages --- ...osoft-defender-atp-mac-install-manually.md | 145 ++++++ ...ft-defender-atp-mac-install-with-intune.md | 173 +++++++ ...soft-defender-atp-mac-install-with-jamf.md | 145 ++++++ .../microsoft-defender-atp-mac-resources.md | 136 +++++ .../microsoft-defender-atp-mac.md | 487 ++---------------- 5 files changed, 631 insertions(+), 455 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md create mode 100644 windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md new file mode 100644 index 0000000000..27b3a8f924 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -0,0 +1,145 @@ +--- +title: Installing Microsoft Defender ATP for Mac with JAMF +description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Manual deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + + ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721152 + -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + inflating: WindowsDefenderATPOnboarding.py + ``` + +## Application installation + +To complete this process, you must have admin privileges on the machine. + +1. Navigate to the downloaded wdav.pkg in Finder and open it. + + ![App install screenshot](images/MDATP_28_AppInstall.png) + +2. Select **Continue**, agree with the License terms, and enter the password when prompted. + + ![App install screenshot](images/MDATP_29_AppInstallLogin.png) + + > [!IMPORTANT] + > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. + + ![App install screenshot](images/MDATP_30_SystemExtension.png) + +3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: + + ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) + +The installation will proceed. + +> [!NOTE] +> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. + +## Client configuration + +1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. + + The client machine is not associated with orgId. Note that the orgid is blank. + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : + ``` + +2. Install the configuration file on a client machine: + + ```bash + mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py + Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) + ``` + +3. Verify that the machine is now associated with orgId: + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 + ``` + +After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Configuring from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | +|Health |Check the product's health |`mdatp --health` | +|Protection |Scan a path |`mdatp scan --path [path]` | +|Protection |Do a quick scan |`mdatp scan --quick` | +|Protection |Do a full scan |`mdatp scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | +|Protection |Request a definition update |`mdatp --signature-update` | + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md new file mode 100644 index 0000000000..8af90fded1 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -0,0 +1,173 @@ +--- +title: Installing Microsoft Defender ATP for Mac with Microsoft Intune +description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Microsoft Intune-based deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. +5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos). + + ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) + +6. From a command prompt, verify that you have the three files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721688 + -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ + ``` + +7. Make IntuneAppUtil an executable: + + ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` + +8. Create the wdav.pkg.intunemac package from wdav.pkg: + + ```bash + mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" + Microsoft Intune Application Utility for Mac OS X + Version: 1.0.0.0 + Copyright 2018 Microsoft Corporation + + Creating intunemac file for /Users/test/Downloads/wdav.pkg + Composing the intunemac file output + Output written to ./wdav.pkg.intunemac. + + IntuneAppUtil successfully processed "wdav.pkg", + to deploy refer to the product documentation. + ``` + +## Client Machine Setup + +You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). + +1. You'll be asked to confirm device management. + +![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png) + +Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: + +![Management profile screenshot](images/MDATP_4_ManagementProfile.png) + +2. Select the **Continue** button and complete the enrollment. + +You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. + +3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: + +![Add Devices screenshot](images/MDATP_5_allDevices.png) + +## Create System Configuration profiles + +1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. +2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. +3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. +4. Select **OK**. + + ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png) + +5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. +6. Repeat these steps with the second profile. +7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. +8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. + +After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: + +![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png) + +## Publish application + +1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. +2. Select **App type=Other/Line-of-business app**. +3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. +4. Select **Configure** and add the required information. +5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. + + ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) + +6. Select **OK** and **Add**. + + ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png) + +7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. + + ![Client apps screenshot](images/MDATP_10_ClientApps.png) + +8. Change **Assignment type=Required**. +9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. + + ![Intune assignments info screenshot](images/MDATP_11_Assignments.png) + +10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: + + ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png) + +## Verify client machine state + +1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. + + ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png) + ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png) + +2. Verify the three profiles listed there: + ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png) + +3. The **Management Profile** should be the Intune system profile. +4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. +5. You should also see the Microsoft Defender icon in the top-right corner: + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md new file mode 100644 index 0000000000..27b3a8f924 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -0,0 +1,145 @@ +--- +title: Installing Microsoft Defender ATP for Mac with JAMF +description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Manual deployment + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Prerequisites and system requirements + +Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. + +## Download installation and onboarding packages + +Download the installation and onboarding packages from Windows Defender Security Center: + +1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. +3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. +4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. + + ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) + +5. From a command prompt, verify that you have the two files. + Extract the contents of the .zip files: + + ```bash + mavel-macmini:Downloads test$ ls -l + total 721152 + -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip + -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg + mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip + Archive: WindowsDefenderATPOnboardingPackage.zip + inflating: WindowsDefenderATPOnboarding.py + ``` + +## Application installation + +To complete this process, you must have admin privileges on the machine. + +1. Navigate to the downloaded wdav.pkg in Finder and open it. + + ![App install screenshot](images/MDATP_28_AppInstall.png) + +2. Select **Continue**, agree with the License terms, and enter the password when prompted. + + ![App install screenshot](images/MDATP_29_AppInstallLogin.png) + + > [!IMPORTANT] + > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. + + ![App install screenshot](images/MDATP_30_SystemExtension.png) + +3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: + + ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) + +The installation will proceed. + +> [!NOTE] +> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. + +## Client configuration + +1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. + + The client machine is not associated with orgId. Note that the orgid is blank. + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : + ``` + +2. Install the configuration file on a client machine: + + ```bash + mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py + Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) + ``` + +3. Verify that the machine is now associated with orgId: + + ```bash + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 + ``` + +After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + + ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +## Configuring from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | +|Health |Check the product's health |`mdatp --health` | +|Protection |Scan a path |`mdatp scan --path [path]` | +|Protection |Do a quick scan |`mdatp scan --quick` | +|Protection |Do a full scan |`mdatp scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | +|Protection |Request a definition update |`mdatp --signature-update` | + +## Logging installation issues + +See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. + +## Uninstallation + +See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md new file mode 100644 index 0000000000..09a4dcceae --- /dev/null +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -0,0 +1,136 @@ +--- +title: Microsoft Defender ATP for Mac Resources +description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, and known issues with the product. +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra +search.product: eADQiWindows 10XVcnh +search.appverid: #met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: v-maave +author: martyav +ms.localizationpriority: #medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: #conceptual +--- + +# Resources + +**Applies to:** + +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) + +>[!IMPORTANT] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +This topic describes how to use, and details about, Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## Collecting diagnostic information + +If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. + +1) Increase logging level: + +```bash + mavel-mojave:~ testuser$ mdatp log-level --verbose + Creating connection to daemon + Connection established + Operation succeeded +``` + +2) Reproduce the problem + +3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. + + ```bash + mavel-mojave:~ testuser$ mdatp --diagnostic + Creating connection to daemon + Connection established + "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" + ``` + +4) Restore logging level: + + ```bash + mavel-mojave:~ testuser$ mdatp log-level --info + Creating connection to daemon + Connection established + Operation succeeded + ``` + +## Logging installation issues + +If an error occurs during installation, the installer will only report a general failure. + +The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. + +## Uninstalling + +There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune. + +### Within the GUI + +- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. + +### From the command line + +- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` + +### With a script + +Create a script in **Settings > Computer Management > Scripts**. + +![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) + +For example, this script removes Microsoft Defender ATP from the /Applications directory: + +```bash + echo "Is WDAV installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Uninstalling WDAV..." + rm -rf '/Applications/Microsoft Defender ATP.app' + + echo "Is WDAV still installed?" + ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null + + echo "Done!" +``` + +### With a JAMF policy + +If you are running JAMF, your policy should contain a single script: + +![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) + +Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. + +## What to expect in the ATP portal + +- AV alerts: + - Severity + - Scan type + - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) + - File information (name, path, size, and hash) + - Threat information (name, type, and state) +- Device information: + - Machine identifier + - Tenant identifier + - App version + - Hostname + - OS type + - OS version + - Computer model + - Processor architecture + - Whether the device is a virtual machine + +## Known issues + +- Not fully optimized for performance or disk space yet. +- Full Windows Defender ATP integration is not available yet. +- Mac devices that switch networks may appear multiple times in the APT portal. +- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index cccde77573..af6205c2ca 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -22,15 +22,40 @@ ms.topic: conceptual >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to install and use Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +This topic describes how to install and use Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. +Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. + +## What’s new in the public preview + +We've been working hard through the private preview period, and we've heard your concerns. We've reduced the delay for when new Mac devices appear in the ATP console after they've been deployed. We've improved threat handling, and enhanced the user experience. We've also made numerous bug fixes. Other updates to Microsoft Defender ATP for Mac include: + +- Full accessibility +- Improved performance +- Localization for 37 languages +- Improved anti-tampering protections +- Feedback and samples can now be submitted via the GUI. +- Product health can be queried with JAMF or the command line. +- Admins can set their cloud preference for any location, not just for those in the US. + +## Installing and configuring + +There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. +In general you'll need to take the following steps: + +- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal +- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: + - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune) + - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf) + - [Manual deployment](microsoft-defender-atp-mac-install-manually) + +### Prerequisites -## Prerequisites You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine. You should also have access to Windows Defender Security Center. ### System Requirements + - macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra) - Disk space during preview: 1GB @@ -49,462 +74,14 @@ The following table lists the services and their associated URLs that your netwo To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/api/report` and `https://wu-cdn.x.cp.wd.microsoft.com/` in a browser, or run the following command in Terminal: -``` +```bash mavel-mojave:~ testuser$ curl 'https://x.cp.wd.microsoft.com/api/report' OK ``` -We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. +We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS. -## Installation and configuration overview -There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. -In general you'll need to take the following steps: - - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal - - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - * [Microsoft Intune based deployment](#microsoft-intune-based-deployment) - * [JAMF based deployment](#jamf-based-deployment) - * [Manual deployment](#manual-deployment) +## Resources -## Microsoft Intune based deployment - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. -5. Download IntuneAppUtil from https://docs.microsoft.com/en-us/intune/lob-apps-macos. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -6. From a command prompt, verify that you have the three files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721688 - -rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` -7. Make IntuneAppUtil an executable: - - ```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil``` - -8. Create the wdav.pkg.intunemac package from wdav.pkg: - - ``` - mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0" - Microsoft Intune Application Utility for Mac OS X - Version: 1.0.0.0 - Copyright 2018 Microsoft Corporation - - Creating intunemac file for /Users/test/Downloads/wdav.pkg - Composing the intunemac file output - Output written to ./wdav.pkg.intunemac. - - IntuneAppUtil successfully processed "wdav.pkg", - to deploy refer to the product documentation. - ``` - -### Client Machine Setup -You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp). - -1. You'll be asked to confirm device management. - -![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png) - -Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**: - -![Management profile screenshot](images/MDATP_4_ManagementProfile.png) - -2. Select the **Continue** button and complete the enrollment. - -You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned. - -3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine: - -![Add Devices screenshot](images/MDATP_5_allDevices.png) - -### Create System Configuration profiles -1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**. -2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**. -3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above. -4. Select **OK**. - - ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png) - -5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. -7. Repeat these steps with the second profile. -8. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file. -9. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**. - -After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade: - -![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png) - -### Publish application - -1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**. -2. Select **App type=Other/Line-of-business app**. -3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. -4. Select **Configure** and add the required information. -5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value. - - ![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png) - -6. Select **OK** and **Add**. - - ![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png) - -7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**. - - ![Client apps screenshot](images/MDATP_10_ClientApps.png) - -8. Change **Assignment type=Required**. -9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. - - ![Intune assignments info screenshot](images/MDATP_11_Assignments.png) - -10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade: - - ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png) - -### Verify client machine state -1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**. - - ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png) - ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png) - -2. Verify the three profiles listed there: - ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png) - -3. The **Management Profile** should be the Intune system profile. -4. wdav-config and wdav-kext are system configuration profiles that we added in Intune. -5. You should also see the Microsoft Defender icon in the top-right corner: - - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -## JAMF based deployment -### Prerequsites -You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow. - - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721160 - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - mavel-macmini:Downloads test$ - ``` - -### Create JAMF Policies -You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. - -#### Configuration Profile -The configuration profile contains one custom settings payload that includes: - -- Microsoft Defender ATP for Mac onboarding information -- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run - - -1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. - - >[!NOTE] - > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. - - ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) - -#### Approved Kernel Extension - -To approve the kernel extension: -1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. -2. Use **UBF8T346G9** for Team Id. - -![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) - -#### Configuration Profile's Scope -Configure the appropriate scope to specify the machines that will receive this configuration profile. - -Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. - -![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) - -Save the **Configuration Profile**. - -Use the **Logs** tab to monitor deployment status for each enrolled machine. - -#### Package -1. Create a package in **Settings > Computer Management > Packages**. - - ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) - -2. Upload wdav.pkg to the Distribution Point. -3. In the **filename** field, enter the name of the package. For example, wdav.pkg. - -#### Policy -Your policy should contain a single package for Microsoft Defender. - -![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) - -Configure the appropriate scope to specify the computers that will receive this policy. - -After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. - -### Client machine setup -You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. - -> [!NOTE] -> After a computer is enrolled, it will show up in the Computers inventory (All Computers). - -1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. - -![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) -![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) - -After some time, the machine's User Approved MDM status will change to Yes. - -![MDM status screenshot](images/MDATP_23_MDMStatus.png) - -You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. - -### Deployment -Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. - -#### Status on server -You can monitor the deployment status in the Logs tab: - - **Pending** means that the deployment is scheduled but has not yet happened - - **Completed** means that the deployment succeeded and is no longer scheduled - -![Status on server screenshot](images/MDATP_24_StatusOnServer.png) - - -#### Status on client machine -After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. - -![Status on client screenshot](images/MDATP_25_StatusOnClient.png) - -After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - -![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -You can monitor policy installation on a machine by following the JAMF's log file: - -``` -mavel-mojave:~ testuser$ tail -f /var/log/jamf.log -Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. -Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... -Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV -Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... -Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. -``` - -You can also check the onboarding status: -``` -mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py -uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 -orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 -``` - -- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. - -- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. - -### Uninstalling Microsoft Defender ATP for Mac -#### Uninstalling with a script - -Create a script in **Settings > Computer Management > Scripts**. - -![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png) - -For example, this script removes Microsoft Defender ATP from the /Applications directory: - -``` -echo "Is WDAV installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Uninstalling WDAV..." -rm -rf '/Applications/Microsoft Defender ATP.app' - -echo "Is WDAV still installed?" -ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - -echo "Done!" -``` - -#### Uninstalling with a policy -Your policy should contain a single script: - -![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png) - -Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. - -### Check onboarding status - -You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: - -``` -sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' -``` - -This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. - -## Manual deployment - -### Download installation and onboarding packages -Download the installation and onboarding packages from Windows Defender Security Center: -1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. -3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. -4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. - - ![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png) - -5. From a command prompt, verify that you have the two files. - Extract the contents of the .zip files: - - ``` - mavel-macmini:Downloads test$ ls -l - total 721152 - -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py - ``` - -### Application installation -To complete this process, you must have admin privileges on the machine. - -1. Navigate to the downloaded wdav.pkg in Finder and open it. - - ![App install screenshot](images/MDATP_28_AppInstall.png) - -2. Select **Continue**, agree with the License terms, and enter the password when prompted. - - ![App install screenshot](images/MDATP_29_AppInstallLogin.png) - - > [!IMPORTANT] - > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. - - ![App install screenshot](images/MDATP_30_SystemExtension.png) - -3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: - - ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) - - -The installation will proceed. - -> [!NOTE] -> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. - -### Client configuration -1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. - - The client machine is not associated with orgId. Note that the orgid is blank. - - ``` - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : - ``` -2. Install the configuration file on a client machine: - - ``` - mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py - Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) - ``` - -3. Verify that the machine is now associated with orgId: - - ``` - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 - ``` -After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. - - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) - -## Uninstallation -### Removing Microsoft Defender ATP from Mac devices -To remove Microsoft Defender ATP from your macOS devices: - -- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**. - -Or, from a command line: - -- ```sudo rm -rf '/Applications/Microsoft Defender ATP'``` - -## Known issues -- Microsoft Defender ATP is not yet optimized for performance or disk space. -- Centrally managed uninstall using Intune is still in development. To uninstall (as a workaround) a manual uninstall action has to be completed on each client device). -- Geo preference for telemetry traffic is not yet supported. Cloud traffic (definition updates) routed to US only. -- Full Windows Defender ATP integration is not yet available -- Not localized yet -- There might be accessibility issues - -## Collecting diagnostic information -If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. - -1) Increase logging level: -``` - mavel-mojave:~ testuser$ mdatp log-level --verbose - Creating connection to daemon - Connection established - Operation succeeded -``` - -2) Reproduce the problem - -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. - - ``` - mavel-mojave:~ testuser$ mdatp --diagnostic - Creating connection to daemon - Connection established - "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" - ``` - -4) Restore logging level: -``` - mavel-mojave:~ testuser$ mdatp log-level --info - Creating connection to daemon - Connection established - Operation succeeded -``` - - -### Installation issues -If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. +For further information on logging, uninstalling, the ATP portal, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page. \ No newline at end of file From 73d487b39303c6ead5a2e35423f581d895d543f4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 7 May 2019 11:22:51 -0700 Subject: [PATCH 038/117] Update create-wip-policy-using-intune-azure.md --- .../create-wip-policy-using-intune-azure.md | 23 +++++-------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 2a82682a3c..6bd2b66834 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/29/2019 +ms.date: 05/07/2019 --- # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune @@ -586,13 +586,13 @@ After you've decided where your protected apps can access enterprise data on you - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu. - - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. + - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. - - **Use Azure RMS for WIP.** Determines whether to use Azure Rights Management encryption with Windows Information Protection. + - **Use Azure RMS for WIP.** Determines whether WIP encrypts [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) Files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. You must already have Azure Rights Management set up. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. - - **On.** Starts using Azure Rights Management encryption with WIP. By turning this option on, you can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. For more info about setting up Azure Rights management and using a template ID with WIP, see the [Choose to set up Azure Rights Management with WIP](#choose-to-set-up-azure-rights-management-with-wip) section of this topic. + - **On.** Starts protecting Azure Rights Management files that are copied to a removable drive. You can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces -- {} -- are required around the RMS Template ID. The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with access to that template will be able to read it off of the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. - - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP. + - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. @@ -600,18 +600,7 @@ After you've decided where your protected apps can access enterprise data on you - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. -## Choose to set up Azure Rights Management with WIP -WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. - -To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. - -Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that is copied to a removable drive. - ->[!IMPORTANT] ->Curly braces -- {} -- are required around the RMS Template ID. - ->[!NOTE] ->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. +For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates). WIP can also integrate with AZure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). ## Related topics From b9be7905f38301508a50fd86b724ef14308ac73d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 7 May 2019 12:02:56 -0700 Subject: [PATCH 039/117] --- .../create-wip-policy-using-intune-azure.md | 8 +++++++- .../images/wip-encrypted-file-extensions.png | Bin 0 -> 10846 bytes 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 6bd2b66834..9701e21082 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -403,7 +403,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor ![Add protected domains](images/add-protected-domains.png) ## Choose where apps can access enterprise data -After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include policy that defines your enterprise network locations. +After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include your enterprise network locations. There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT). @@ -602,6 +602,12 @@ After you've decided where your protected apps can access enterprise data on you For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates). WIP can also integrate with AZure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). +## Encrypted file extensions + +You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. When this policy is not specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted. + +![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png) + ## Related topics - [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md) diff --git a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png new file mode 100644 index 0000000000000000000000000000000000000000..1a0ec5397d87e4b1f8af36ddd7fa49b20a528a64 GIT binary patch literal 10846 zcmc(FXH*ky+iegLMZtm;saB9K0@4Wz2uO*P(3>JgLhn5w76hbs2t_)f2STrp6p@|~ zsubw~A+*o~XLz3Towd$;&iVDO_d7qh$;_IW`?|}u_rCT_@Jmf)S{fD_5C}x8s-mb3 z0#RNEfhcZVJa=}6uD=TSN8zHa{0vmm$3_4S&cmK+JOzQuBQ77mq5_UDIjR`CfIv4~ z&;BT;-g0_^Ks?*3icfVt&DJJOW7zS2#LY%?c|lj7brY8;8~xtP5>41ip6LSKPF3V+ zxkz}-42>YK0x}@XHX3Us?^^{+O0iPKEyDWRkJH zN?J98X?PGDcYB5rEPh}y46GP`iWr@=DLx@mhe;&}nyvtWWq_B|z0ZR{@_f!*AW(qJ z|D$afTvSg@5V{E#Py1s=PV44%_4h>cpDs+K9*u--DcDR3HB5R5pPzO`ABEksY7tYe zSL6PGaHPA3;@vloaBtS9I_;HC^-BW+`+lO=PmUG_X`UcOTtQHeM@o9?THPd9~H2 z-?iDf=F0x==6dy%Q1|JE{n9Q@=^*K9$c(bTaV$}Cg6z!T`+ajA1Kj{OP1K5=Fa0>9 z{A{BUR_}kLd23^mUdqSnAU(p>UJe?Yep+@Bu`jOVHC?;TR5(LSA8_O8uG6l6wsHB6 zr~k#KQPmAYq?=4bhSmdC zk9J}l#rDz!c9#Q)MMUmupoc#er7r~7@|9J(w`l~Korfw6lrCYP(k;YSk zrhGC98N#h!Y=vAMgbXdQmx)Y3`WRqc6w}7j5ceQ8e~U7Nv(80?lOK5S%1i(!-7v(A zmql!1XPx^umUvZv`%@KSi@buhnd;t+A?mfV@K}QlFD0A|w;pzh+}YnHk>@9%W$WjB zzTaLv~|9dV;% zF%+1&pJYzhq_D9D-LPziUy^%CMZDbVae}_$nJKVe%ey~i&e-Y! zZG}`*fsLuA=>v%+f$7$lhZ#+#SOfh{s7f2gZXCa1Xy877I!}5m-``GQy)g&fU=IqJ zIYP}ajR(5PnKlWW2fw6h9%3xwTi6n~v;U2EA3P1egs9;q(zSLw#8U7Uwp+DJNSF%m z#sodVLR{x*rcBOugFMTx!t`Y$iQBZ{WW^D!)+B_sX@(J4tDX`&V@6i=ag}FbI|>fh zYqeZHTXK~TtK{suoe!j#%p&Euqdj`N-UW>vdfCg=J49|NZkpi(C;3xEW<~J~Es5S# z=j`mt9U47{zt1-1%?y(0!`P{p`6d7E@19mG%MoB$WwAcKY(ktaD>}b zuA8VU@`ARqu5j0NOIrZ99=B2yliL>hn;-K@;=;JyYODb4v}lM8ddSMd_x+Y#-w+x5 z$|@thad$b&<+Smr<)Dy5qVT!?9{JCA4P9{cwn5e5d|`7aeq`#XMh|LKSBv^tet2NY zZCq&Hu1abE;Kiu)ol=wysT8q@y2o0KI(<{fYg_4kGRuuw zaf>L&LJ?}IQqK*aTRd*VyKaup=+?ti zT0$+0_3#_NOrQ$}c$qOH{3BaE(lY$C%RTY`(yv(IPled9d?(MW-Xtj@^HI{c5_=^V z6O{C8M1GA4?=zNBt$?6;!tOU(uXsej(O zW_8cXN&@KocTS zN5Us^^aGuz`-k-a^81laT&x;<8&9kECu+>en@Q-j<%)O1BrkX&?BvLwy!d(>zVpo*+D|C*Wj0rczH_JBh0}Z~ z<2~Me*_9S2#>(Q}k$!2(EEpB*7-x+ow$r0<9XKaxZ1fjBK}Z$>N=R^y=r{Ax_4F(jrhW$xTJR<#uwP!PxtR4ujR0z|9>U6C}aylmG-B@iMFZK%q1cer!%?lRm~_Q|dJ z0x#*4!RJ_++<06z=WoJ6)!Uq6VYw%qsB^B7@LR{h5@^zWzNxT7t)~LTokh?g=KgPO zkJj4N{NCR;RZ1v@Y|)xn_n9Bhcj^0!OHae<7MHhJ+s$*ADkL+WS1U};`-!_IK?u%LbQt+}lS`5U~w z#ww4l4(8)l3}lG{SPnEf;`YcWXQZ5Vf9U37nFOH+)^-w;uoiZP)NGas&E2Hd5FHd zxQRNn7`iBbOk4~hikRwLS^6Dz55~&}x`FUf*qby6_foA>ah2A^SL1<+rwQG&9$Yhr zGWbgG70c@RCEy!nOxxj`vy7amy>+w;*Yu1M71Yn7X}X@jG2E^tk83KSo6vzn>qlJr z$N~+6jUKku6oJ@{eGe(+u9r@DM?+s4&AFG3%Dk2Ryr2~DBr#V{uoE?cMYyfazG^!M zN=ZU?rT3bWS`4RP=d|m}bE@TG%yrcDsCo;N`xw?YrAj<71`H=AZ;xmM{p1PK5-^L! z<+u9`t$~}C=4I<_g^S!H|A~aqge|KC;MWFBppTLhu9NqMqjCuoeK`RHgZhiS02 z)LpWr>mwtSf*Z6_)ZW}%_PWFH!dqy zxWSdtG5u64JaZz=-`8UYW-Qq0lNaB?`X*h8$D!Hl$kn&OKMy)-A4gI7mO*$5xpBZM z z_Q*}MQJB`xJ>9iuuXtDKijT_284BDn68y!7pVtIdJBgC`+1@>8I}=rfG2I1WGt(69 z00gj;wn>@XC$+b7Jy2gb9h9c`$6?cZ;}}5i*Nf_^ z4^EP?z1nMiBCgV|&^=pj`c1?bOzTCcujO#WdQ%gLR~wp;0%ec3Z-H;x)!(`%=Fs2N zYLhn=h$1kRkgGxvzec@nGbd@ch8lztF!oo}x-LGsw@8YZ-Q&pqC_YXHQV=++&P5)X6pI=MY-y2W}*ni883A;_wS7RaBeSM07xmZ zcW4@Ri2Y6JfS3o1W>j`1;bL{k!%X<6s7{OYfu0K#9_4-y?m7Pwe$`p@~CG(rMU*$P{Y(pxN>`NoEA^qqt5CeVQDNOL6pAS<6V;UW3Tp&i^1!=T zRG|iM7P8c`7Q^Lgzd~t$%Rw1Tpk6LeyE4qmEz5smh%qT#x$?CRmBo^aIvHz5g^w6P zIUS+0URhAmff1Cl%pa;?tpE*MHTrv?Vss8|lDKZBli9edZZ(HvfIuK;FPwT8@)P~% zGQB5ygMJ1mj|ZBU1akT|UTnh9ASwm++r_)L$bgjQ-7h!Coadu-^D@8Kw4Gqp5@Xle z4{hB$L0@btq(RgP?2qy8r(N^)U^rGcE~}c^n!0v8$LqP!8*jm$((UtX17apbxnsf> zc>!!jHSLstv8j{>@lC*B3AZruY=aWIp=Q@wr!6>rBajmnc)DF2KND2AwSKMP`1!32 zw2_J4*AF-bOR(3wdt^oBk~4{!%1OQa^&c?_GyYplDpSD@Ro&jh$%<=$TJ<5(uMGmi z@(;I^5tTzp`rpcP9S?CmVUN53s7{+a3sYt4E5ncwGzWBj8d52i02CwK?2mvdpu$n! z20W*J-Y%hqrd&|6Ovev)&A-Hmw{MSS(lfs4ucm1@4 z_5~A{%6ivK{!@~4>QNuV!ouw7n`O3#nonVS1?y1gMl;76qLk(&#Y1ZE^H~k*!g+JS zSkvv4F!|VGlf2$HXLXY%VNRTdVq71M6MgtOF|a>+f~gKoHW-ZYPA(v$Z1Jd^iq zWA2V8F=<_&E`efNuH+t1w^Y>xglPdL_b`x?Y^T+$;l8%7SaYIcN7fzGZZoB-9bg8U%l=G=@!6)A>%R!mO2 zqF~@LCPDJ|)uZ6F1j;S)ysJ|Oo1>jE*vqvHffhdxmQy^djY^0><(o6@Q#G1J*;LV# z{)UN~6t-)Sg=cnZiz+Sv2htmBw^~Weu z*11=#JwDFliBCZgMkIQY7xkYa5>T#>kYZfc$co$B>(_iOzWlxWz-&e74Z5Q6D#GMh zyqqO(ZNLWzH-Z?^E;s#SVJ+Ye6f5k+IOw<5UH(I>zrE=wW_;A;hR+!xKUm|2e4MF2 z1dISeI-UM@xg&vSHVru`uG=x^%t+_gYpt8eCC{IJR6C6U3TMY#i4>Z(hA>tyd{1H(|4#ZZcI~K*#4Us0iCvj=xP|{o1b; zG|$YrCN^R+x0_spQ!##LpY3joA*0&4Wn>#fx$GRO_9fwYyd!FJ)0qux{ zM~#*YKY5u^xlSo1OxVfs95Zt1>5{sA@bhGm9Lgt+5#BFD3t5Ox)+Y1D4&Ij|_IwzS zv=Y@Dv9o?TM{b%k%&Ov6jda>;B^}6n9C2RV)|N6=Mv@^1iiYN;wNF*k9kySl6n-3i zOo8z{o;A(u)SJldSND!LVRR5FSxv3u-@MYflxVM58EOV$i-~S>3~>$aO6uSarNoU4$u0*yvm|44E*Cf%L>40Rm)U>ZRej;$}PzD=m3`%=B; z+MMP%G^<3&EgE^+0d1pZtah;98G0j}o*$Q$2#F<;l36QjJizhAPhA+G?cANd7ua~< zsu8`A=BlwBz$BUcl;F+4(8jvA9nwGeDw^X;E{&v)@P%Uu9;dR}jLz}%^Vf3JanNqi62Hv=Kdse zq_7I4#qaQYML}|NmO9mNw1<+11+{}AV!~EGl0p!YV^d>NqdUtKi{Ikna}0`;YhMRk z9#0m}?_{RW`Oe&O8!j2sJbcY17lXkJ_~TG@LJv&764 z=cXRCz0{wOqn02?-ocHS`#FInU~*`St<770_38of`a36U>PexaOO5~Ez>$>1;$ z6KIJYqiu_I zZ!}Z80)xYSj?d!H`a~B*kHxNj;rb|${z!FDhulpHR-sO5)5;!XrZ#3%=_Ry;{z?ot zknKo($i4=8(rb-d&`8Xdw2+<0n?2Y4U@Eg~Q}{)%pqDp1I4Nixhmw%zizg}C>0noH z+hCzRN2H-QP9bXDQQ>8~ndR{co*$z6qp$Y+Y_`@z-CEwrL`}_$JpRu{HPDbKLh#QI$CphaKt76S$&(tiwh!)Q@U40215bmU9wBbq| zcrOQ6P{l&lWS2#erpw>~8Rxk~w>XN67PyeE{}mz=6JXe$&-RG!oB=A;0EwCL*9A9v~H!ItLO4vHb^aDlv!0Gion%b1@1q2`hYG7_T>rA{`+K82w=;)mZaLX+1(Wm@gJv*slczkw=hP%&a>v;1~&-HE8 zD0Z-H{2cEP_2TTVxp3drYPSq)=a-fh?4T#8#23fiBq!e8$trUgc$4+YY{3BWPB7Qg z-e?-fukm$K=44CpI0m9eF+8~fWxQiBOn>t7Hlkyxe-W8~Ns``i%&V*o(r*mD7Qva| zlW{=rWlbmQ|0GX2!bC2G^3j!EZk+@X)otk+Va^-e&}52KhJ!gt=p2*GWTqk3{AOHD z-A|*~K9v2Sr6FYBMcyuNRFU)vml$Fv3d0I7dtyx~^EWMmKaA)+WqZNl$`TB}{;7ba zGu8dq!a|1j1IQO|T}i+9%cX*J9m@py&%mY>x?}u2~nN%v+X)*`qP< z7oFMSIDQaDsUOM8?7Gzpt-fa!i|_WHNsz~MYz`o}<3%Xs!}5NZC57QK(B~{J^I)Sg zim0t{hmx(^^2JUvA&rL#tDr|u=ha){tc8!GZUbg%z|%7;$Y@?2lzS1-@dZl%23(#2 zAMl2~B|FZm%kg=NNF(q9{=W_Q&LDLvE?R`4Kc?YYq8NZrLq8^){Co_l1G;!bf;X4w z0Z_zg>g(%wALgj}?EWdx2)D7ZfhVP;@U1EgxMvrE60e_4gL0DUS8%$4fx&=gLPEmX z#mS7JS*qc0tgMvq?d|PoxsT)V6g}sGSMRv2p8Fl?kcY-t%{a;0mFigaifq<6fdW)d z7ygxJw-r^(*W0jjk7R$Uzdk-tTyv@3kB{a^h>!oZ?2&epfWj6X9C%@VgtJS(hChI7 zIo2J1QwU;fu$y?Y1e>)0;nXShL_S<7;z;2f+e@Mr)nB$s1n=#&jL2j-BVi^FC@IS% z+Z*P9gpA>q^UvubgwrGwhB)FAk|Mk52JYr4^7+& zU7*<)o2a3DczZkG1{Z`UnYuyuAbuRGm$k(mhhZ;{Mugn}UC8Tt^IB3zD#1ErNbNbp zPX2QZe*|Qz!pv8P7qHB8%#?J8b(hheuSxOkg`tI@T)ji>7szLluoduCPr1#nQQBpC zgU2%(Vw4~Y`D6vIc##7?=f;Oa$IMHQA4u`qxNl!s){jiPg}*V(SMZ?eP`x`7ZS?cS zfGx$NPjE}a*J`I;EtWF5Iy|M!_b4n}LcH1liV5>dnV7`t+pEJr z_a`0CVu0n-!<7Hoi~sdlrEk82rCBC43It4$%o$>hJ=+hZO#Tro8K?2vMGE3i*o)EC zu$1xX06DZ-ZBqO4;lVYbBDugY;>~!h^E;|Tj{|>Z)t}1DbY+jgTxP3F4s7XKa;@o- z-t^5wX79fR&pO;wJ$@ElBTQb;YZH=vrs*CD~IaBP;4|9C%_)z>?Fo2^QFt6NrQP>T; zf!1U*uk=facZ8wXM|-xBe?R6YBEnE~15;uy*N#syrhN23v{Fn4C;qZ6toP_B`vQ7b zx(j&;_)0`YIS|betI@?-&uFFA+p+m@cg4Jf5(N611b)8cclPB-(!cK({QpmPy}l$m z4w?KVOl76+FhvhP?HgJc?FyO>WGUW-EEwJMPVjhk|IG9Ta+O~H4e!aqp#;Mbouo!( zU7e9&J=>3@009L`!|zGROD*Ra3`6~E_t!m2LK`X zOpGqc2VVk@qG|sOnsFYuFJdYgd=RFQlxAe^<;_M-26 z4;$_1@Nc5~)wNHbsN&+D6rhwNoFY5~LRvQ$=s_lo$p&0Vk(^%~=J((~b>`A!eSYOL zVn)m)q&h^3-g!gu+gv~xE=EDk*^)8NJaKa)oO8%B%T79sjZ$$5nw4V4dGLw|AkuVR z=?dm!*@GRpYL!ZPOv5VU@9CI@A}=K>_5K#(AoL|2$5%WQb`Cv=iyJ2y_&8C4zVj`z zpE~;?L;UteOPf1yV~_<&ATKU_s1}u?k!h&zJ5#C_Q5!mcRTnNpQ&Up|1IN!d&0ieI z@?s)ID40LJe!caN#+*RNZmRYK4J}`t95P6uA%|2PoWuZ^h~&BLt0jxHtIAV}@hUju z(|f%%XDTE?38{6tqnHYlr?kiLMbp2TBO#I(rh2MyRIitj|^&wI!6IFH$t7 zVm6f$MP=S19PShJ~@~a;fSOvWu z3(qLp5%atcy5ayZOSUWQM#>dB(#wg3m>oQ(tmy)O1$uB5~D&l|P75DvSsZzThsONT=d4zYE zE5k8Mmw=#6q78?Esi|Gq`G6=a5=c}W5QVP>PhZgSgFIQE-Ta~ht-^;LL~yXqLrgu5 zMXt5PQCzfjwoL;c6ubIR04wuS@SWnh78PI+CCCDajL-Y)Q6F%OcK{f=LAzwcH7`76 z>re%1S-y#j1n>sYi?l`{%yi!HHs#Eh3J0@H-sLU)guFD$B8s$0ifrx}`rod`Agu+D z3GWl{=NykAImqo?fU2#!PrD>azXfy26kflTVFH-J77e0H>iT{2Z9lfNfZ+=A^XL1y zxj_rC$HxsnySuwXHa%L}C1c`wdAOl}D?hA#u#s604+W^Xu*6F~?#X z1{(J!&sjVd_#_@}V>uS)^dn_jyg)2GXjl6889AB!4spHzaP{d}<%wDk;%d&Y1V_6W zx!VmOCE@KQrG|dM%YL*Cyu$>6w*H+K5TK^OGZHJ$zAJm@lB*9S9#?UX+GmmRvoI`d r0DuR9e%$*%+N0C6${ggq;(EflePYHe+VkBXI0mUIX)2aHvk3ejDV@d2 literal 0 HcmV?d00001 From 9aad02aa689ca7a518a1177ab0132412abb4bebb Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 7 May 2019 12:06:43 -0700 Subject: [PATCH 040/117] edits --- .../create-wip-policy-using-intune-azure.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 9701e21082..dfb3d3f4cf 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -590,7 +590,7 @@ After you've decided where your protected apps can access enterprise data on you - **Use Azure RMS for WIP.** Determines whether WIP encrypts [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) Files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. You must already have Azure Rights Management set up. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. - - **On.** Starts protecting Azure Rights Management files that are copied to a removable drive. You can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces -- {} -- are required around the RMS Template ID. The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with access to that template will be able to read it off of the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. + - **On.** Starts protecting Azure Rights Management files that are copied to a removable drive. You can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces -- {} -- are required around the RMS Template ID. The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with permission to that template will be able to read it from the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. @@ -600,7 +600,7 @@ After you've decided where your protected apps can access enterprise data on you - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. -For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates). WIP can also integrate with AZure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). +For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates). WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). ## Encrypted file extensions From e75744fbb5ad7dc5f756a80d590931e9aa86e06f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 7 May 2019 12:45:06 -0700 Subject: [PATCH 041/117] edits --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index dfb3d3f4cf..0e53bed956 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -604,7 +604,7 @@ For more info about setting up and using a custom template, see [Configuring cus ## Encrypted file extensions -You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. When this policy is not specified, the existing auto-encryption behavior is applied. When this policy is configured, only files with the extensions in the list will be encrypted. +You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this settings is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. ![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png) From 7ec392d52df5200ca97d355d52f559a40c06cc94 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 7 May 2019 16:03:33 -0700 Subject: [PATCH 042/117] fixed link --- .../create-wip-policy-using-sccm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index 6edf443eb3..84ebcf1861 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -480,7 +480,7 @@ After you've decided where your protected apps can access enterprise data on you - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions. - - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Choose to set up Azure Rights Management with WIP](create-wip-policy-using-intune-azure.md#choose-to-set-up-azure-rights-management-with-wip). To confirm what templates your tenant has, run [Get-AadrmTemplate](https://docs.microsoft.com/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](https://docs.microsoft.com/azure/information-protection/administer-powershell). + - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Create a WIP policy using Intune](create-wip-policy-using-intune-azure.md). To confirm what templates your tenant has, run [Get-AadrmTemplate](https://docs.microsoft.com/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](https://docs.microsoft.com/azure/information-protection/administer-powershell). If you don’t specify a template, WIP uses a key from a default RMS template that everyone in the tenant will have access to. 2. After you pick all of the settings you want to include, click **Summary**. From 42b878163fe6c35d274c36ee3107938ba214604b Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 8 May 2019 11:25:01 +0530 Subject: [PATCH 043/117] Update windows/deployment/windows-autopilot/enrollment-status.md Co-Authored-By: Malind19 --- windows/deployment/windows-autopilot/enrollment-status.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md index 895cf49881..fd2778c09b 100644 --- a/windows/deployment/windows-autopilot/enrollment-status.md +++ b/windows/deployment/windows-autopilot/enrollment-status.md @@ -21,7 +21,7 @@ The Windows Autopilot Enrollment Status page displaying the status of the comple ![Enrollment status page](images/enrollment-status-page.png) -From Windows 10 version 1803 onwards, you can opt-out of the account setup phase. When it is skipped, the settings will be applied for the users when as they access their desktop for the first time. +From Windows 10 version 1803 onwards, you can opt out of the account setup phase. If it is skipped, settings will be applied for users when they access their desktop for the first time. ## Available settings From 14bdb0323bca915ff22c511e8949652c340ad568 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 8 May 2019 12:43:56 -0700 Subject: [PATCH 044/117] edits from Michael H --- .../create-wip-policy-using-intune-azure.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 0e53bed956..c20462e84f 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/07/2019 +ms.date: 05/08/2019 --- # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune @@ -590,7 +590,7 @@ After you've decided where your protected apps can access enterprise data on you - **Use Azure RMS for WIP.** Determines whether WIP encrypts [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) Files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. You must already have Azure Rights Management set up. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. - - **On.** Starts protecting Azure Rights Management files that are copied to a removable drive. You can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces -- {} -- are required around the RMS Template ID. The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with permission to that template will be able to read it from the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. + - **On.** Protects files that are copied to a removable drive. You can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces -- {} -- are required around the RMS Template ID, but they are omitted when you view the saved settings. The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with permission to that template will be able to read it from the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. @@ -604,7 +604,7 @@ For more info about setting up and using a custom template, see [Configuring cus ## Encrypted file extensions -You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this settings is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. +You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. ![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png) From 8c69ffb1b9b212067b87a180f2817d00973e3a1d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 8 May 2019 12:46:18 -0700 Subject: [PATCH 045/117] edits --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index c20462e84f..cbae7321c4 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -21,7 +21,7 @@ ms.date: 05/08/2019 - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) -Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune only manages the apps on a user's personal device. +Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device. ## Differences between MDM and MAM for WIP From 3ead1b57077ad38bc245e538c0a19605a1a02e1a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 8 May 2019 14:04:00 -0700 Subject: [PATCH 046/117] Added 19H1 policies --- .../policy-configuration-service-provider.md | 42 ++ .../mdm/policy-csp-update.md | 409 +++++++++++++++++- 2 files changed, 449 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a27926a537..8a7e1f0050 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3336,9 +3336,24 @@ The following diagram shows the Policy configuration service provider in tree fo
Update/AutoRestartRequiredNotificationDismissal
+
+ Update/AutomaticMaintenanceWakeUp +
Update/BranchReadinessLevel
+
+ Update/ConfigureDeadlineForFeatureUpdates +
+
+ Update/ConfigureDeadlineForQualityUpdates +
+
+ Update/ConfigureDeadlineGracePeriod +
+
+ Update/ConfigureDeadlineNoAutoReboot +
Update/ConfigureFeatureUpdateUninstallPeriod
@@ -4881,7 +4896,12 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates](./policy-csp-update.md#update-autorestartdeadlineperiodindaysforfeatureupdates) - [Update/AutoRestartNotificationSchedule](./policy-csp-update.md#update-autorestartnotificationschedule) - [Update/AutoRestartRequiredNotificationDismissal](./policy-csp-update.md#update-autorestartrequirednotificationdismissal) +- [Update/AutomaticMaintenanceWakeUp](./policy-csp-update.md#update-automaticmaintenancewakeup) - [Update/BranchReadinessLevel](./policy-csp-update.md#update-branchreadinesslevel) +- [Update/ConfigureDeadlineForFeatureUpdates](./policy-csp-update.md#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](./policy-csp-update.md#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](./policy-csp-update.md#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](./policy-csp-update.md#update-configuredeadlinenoautoreboot) - [Update/DeferFeatureUpdatesPeriodInDays](./policy-csp-update.md#update-deferfeatureupdatesperiodindays) - [Update/DeferQualityUpdatesPeriodInDays](./policy-csp-update.md#update-deferqualityupdatesperiodindays) - [Update/DeferUpdatePeriod](./policy-csp-update.md#update-deferupdateperiod) @@ -5025,6 +5045,10 @@ The following diagram shows the Policy configuration service provider in tree fo - [System/AllowTelemetry](#system-allowtelemetry) - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) @@ -5072,6 +5096,10 @@ The following diagram shows the Policy configuration service provider in tree fo - [System/AllowLocation](#system-allowlocation) - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) @@ -5152,12 +5180,26 @@ The following diagram shows the Policy configuration service provider in tree fo - [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon) - [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword) - [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) - [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots) - [Wifi/AllowInternetSharing](#wifi-allowinternetsharing) - [Wifi/AllowWiFi](#wifi-allowwifi) - [Wifi/WLANScanMode](#wifi-wlanscanmode) + +## Policies supported by Windows 10 IoT Enterprise + +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) + + + ## Policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index ab8f25ac1d..9d1af07791 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/01/2019 +ms.date: 05/08/2019 --- # Policy CSP - Update @@ -57,9 +57,24 @@ ms.date: 05/01/2019
Update/AutoRestartRequiredNotificationDismissal
+
+ Update/AutomaticMaintenanceWakeUp +
Update/BranchReadinessLevel
+
+ Update/ConfigureDeadlineForFeatureUpdates +
+
+ Update/ConfigureDeadlineForQualityUpdates +
+
+ Update/ConfigureDeadlineGracePeriod +
+
+ Update/ConfigureDeadlineNoAutoReboot +
Update/ConfigureFeatureUpdateUninstallPeriod
@@ -189,6 +204,7 @@ ms.date: 05/01/2019
+ > [!NOTE] > If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). @@ -933,6 +949,78 @@ The following list shows the supported values:
+ +**Update/AutomaticMaintenanceWakeUp** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark6check mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to configure Automatic Maintenance wake up policy. + +The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. + +> [!Note] +> If the OS power wake policy is explicitly disabled, then this setting has no effect. + +If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required. + +If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies. + + + +ADMX Info: +- GP English name: *Automatic Maintenance WakeUp Policy* +- GP category English path: *Windows Components/Maintenance Scheduler* +- GP name: *WakeUpPolicy* +- GP path: *Windows Components/Maintenance Scheduler* +- GP ADMX file name: *msched.admx* + + + +Supported values: +- true: Enable +- false: Disable (Default) + + + + + + + + + +
+ **Update/BranchReadinessLevel** @@ -995,6 +1083,298 @@ The following list shows the supported values:
+ +**Update/ConfigureDeadlineForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark6check mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. + + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP category English path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP name: *ConfigureDeadlineForFeatureUpdates* +- GP element: *ConfigureDeadlineForFeatureUpdates* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. + +Default value is 7. + + + + + + + + + +
+ + +**Update/ConfigureDeadlineForQualityUpdates** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark6check mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP category English path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP name: *ConfigureDeadlineForQualityUpdates* +- GP element: *ConfigureDeadlineForQualityUpdates* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. + +Default value is 7. + + + + + + + + + +
+ + +**Update/ConfigureDeadlineGracePeriod** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark6check mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Added in Windows 10, version 1903. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies. + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP category English path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP name: *ConfigureDeadlineGracePeriod* +- GP element: *ConfigureDeadlineGracePeriod* +- GP ADMX file name: *WindowsUpdate.admx* + + + +Supports a numeric value from 0 - 5, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. + +Default value is 2. + + + + + + + + + +
+ + +**Update/ConfigureDeadlineNoAutoReboot** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark6check mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Added in Windows 10, version 1903. If enabled (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)), devices will not automatically restart outside of active hours until the deadline is reached, even if applicable updates are already installed and pending a restart. + +When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. + + +ADMX Info: +- GP English name: *Specify deadlines for automatic updates and restarts* +- GP category English path: *Administrative Templates\Windows Components\WindowsUpdate* +- GP name: *ConfigureDeadlineNoAutoReboot* +- GP element: *ConfigureDeadlineNoAutoReboot* +- GP ADMX file name: *WindowsUpdate.admx* + + + + + + + + + + + + + +
+ + +**Update/ConfigureFeatureUpdateUninstallPeriod** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark4check mark4check mark4check mark4cross markcross mark
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Added in Windows 10, version 1803. Enable IT admin to configure feature update uninstall period. Values range 2 - 60 days. Default is 10 days. + + + + +
+ **Update/ConfigureFeatureUpdateUninstallPeriod** @@ -3579,6 +3959,10 @@ ADMX Info: - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) @@ -3591,6 +3975,10 @@ ADMX Info: - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) @@ -3598,6 +3986,23 @@ ADMX Info: - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) + +## Update policies supported by IoT Core + +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) + + + +## Update policies supported by IoT Enterprise + +- [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) +- [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates) +- [Update/ConfigureDeadlineGracePeriod](#update-configuredeadlinegraceperiod) +- [Update/ConfigureDeadlineNoAutoReboot](#update-configuredeadlinenoautoreboot) +
Footnotes: @@ -3607,4 +4012,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. \ No newline at end of file From d180e8329794c9bbbb17d655cc8ac977823a1e49 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 8 May 2019 14:57:42 -0700 Subject: [PATCH 047/117] Moved supportedvalues after description --- .../mdm/policy-csp-update.md | 56 ++++++++++++------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 9d1af07791..812ce661cb 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -995,8 +995,14 @@ The maintenance wakeup policy specifies if Automatic Maintenance should make a w If you enable this policy setting, Automatic Maintenance attempts to set OS wake policy and make a wake request for the daily scheduled time, if required. If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies. - + + +Supported values: +- true: Enable +- false: Disable (Default) + + ADMX Info: - GP English name: *Automatic Maintenance WakeUp Policy* @@ -1006,11 +1012,7 @@ ADMX Info: - GP ADMX file name: *msched.admx* - -Supported values: -- true: Enable -- false: Disable (Default) - + @@ -1122,6 +1124,13 @@ The following list shows the supported values: Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before feature updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. + + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. + +Default value is 7. + + ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1131,11 +1140,7 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* - -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required feature update. -Default value is 7. - @@ -1184,6 +1189,13 @@ Default value is 7. Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. + + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. + +Default value is 7. + + ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1193,11 +1205,7 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* - -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. -Default value is 7. - @@ -1246,6 +1254,13 @@ Default value is 7. Added in Windows 10, version 1903. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies. + + +Supports a numeric value from 0 - 5, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. + +Default value is 2. + + ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1255,11 +1270,7 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* - -Supports a numeric value from 0 - 5, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. -Default value is 2. - @@ -1310,6 +1321,13 @@ Added in Windows 10, version 1903. If enabled (when used with [Update/ConfigureD When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. + + +Supported values: +- 1 - Enabled. Device does not attempt to automatically reboot outside of active hours until the compliance deadline is reached. +- 0 - Disabled. Device may reboot outside of active hours before the deadline. + + ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1319,9 +1337,7 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* - - From 6e185405095303a8cb6cababbf7906885df17688 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 8 May 2019 15:21:26 -0700 Subject: [PATCH 048/117] Minor updates --- windows/client-management/mdm/policy-csp-update.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 812ce661cb..587b602fde 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -985,9 +985,7 @@ The following list shows the supported values: -This policy setting allows you to configure Automatic Maintenance wake up policy. - -The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. +This policy setting allows you to configure if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. > [!Note] > If the OS power wake policy is explicitly disabled, then this setting has no effect. @@ -1324,8 +1322,8 @@ When disabled, if the device has installed the required updates and is outside o Supported values: -- 1 - Enabled. Device does not attempt to automatically reboot outside of active hours until the compliance deadline is reached. -- 0 - Disabled. Device may reboot outside of active hours before the deadline. +- 1 - Enabled +- 0 - Disabled From c88375348dda4e2dd36ecfb28f5151e3710d6171 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 8 May 2019 16:02:39 -0700 Subject: [PATCH 049/117] Minor update --- windows/client-management/mdm/policy-csp-update.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 587b602fde..9d7ac6f259 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -997,8 +997,8 @@ If you disable or do not configure this policy setting, the wake setting as spec Supported values: -- true: Enable -- false: Disable (Default) +- true - Enable +- false - Disable (Default) From 3e80f2b5777a6ba91c4f8701338bdb1045212e83 Mon Sep 17 00:00:00 2001 From: botmoto <42125490+botmoto@users.noreply.github.com> Date: Thu, 9 May 2019 04:57:14 -0700 Subject: [PATCH 050/117] Update credential-guard-manage.md Cosmetic formatting --- .../credential-guard/credential-guard-manage.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index e02b561b04..59b6865e4e 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -128,8 +128,7 @@ DG_Readiness_Tool_v3.5.ps1 -Ready ``` > [!NOTE] - -For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features. +> For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features. - We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard will not help to secure a device or identity that has already been compromised, which is why we recommend turning on Credential Guard as early as possible. From 99f5ae268f16739cf7a0a224eab6860068a1b893 Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 9 May 2019 09:25:20 -0400 Subject: [PATCH 051/117] refining text, linting, CL commands in resources --- ...osoft-defender-atp-mac-install-manually.md | 40 +--- ...ft-defender-atp-mac-install-with-intune.md | 16 +- ...soft-defender-atp-mac-install-with-jamf.md | 197 ++++++++++++------ .../microsoft-defender-atp-mac-resources.md | 32 ++- .../microsoft-defender-atp-mac.md | 6 +- 5 files changed, 177 insertions(+), 114 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 27b3a8f924..eecb31f9e4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -1,27 +1,27 @@ --- -title: Installing Microsoft Defender ATP for Mac with JAMF -description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. +title: Installing Microsoft Defender ATP for Mac manually +description: Describes how to install Microsoft Defender ATP for Mac manually, from the command line. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra search.product: eADQiWindows 10XVcnh -search.appverid: #met150 +search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.author: v-maave author: martyav -ms.localizationpriority: #medium +ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: #conceptual +ms.topic: conceptual --- # Manual deployment **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,7 +31,7 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp.md) for a description of prerequisites and system requirements for the current software version. ## Download installation and onboarding packages @@ -114,32 +114,10 @@ After installation, you'll see the Microsoft Defender icon in the macOS status b ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) -## Configuring from the command line - -Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: - -|Group |Scenario |Command | -|-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | -|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| -|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp scan --path [path]` | -|Protection |Do a quick scan |`mdatp scan --quick` | -|Protection |Do a full scan |`mdatp scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | -|Protection |Request a definition update |`mdatp --signature-update` | - ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +See [Uninstalling](microsoft-defender-atp-mac-resources.md#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 8af90fded1..bf6854e899 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -3,25 +3,25 @@ title: Installing Microsoft Defender ATP for Mac with Microsoft Intune description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra search.product: eADQiWindows 10XVcnh -search.appverid: #met150 +search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.author: v-maave author: martyav -ms.localizationpriority: #medium +ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: #conceptual +ms.topic: conceptual --- # Microsoft Intune-based deployment **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,7 +31,7 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp.md) for a description of prerequisites and system requirements for the current software version. ## Download installation and onboarding packages @@ -47,7 +47,7 @@ Download the installation and onboarding packages from Windows Defender Security 6. From a command prompt, verify that you have the three files. Extract the contents of the .zip files: - + ```bash mavel-macmini:Downloads test$ ls -l total 721688 @@ -166,8 +166,8 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +See [Uninstalling](microsoft-defender-atp-mac-resources.md#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 27b3a8f924..eead3818a7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -3,25 +3,25 @@ title: Installing Microsoft Defender ATP for Mac with JAMF description: Describes how to install Microsoft Defender ATP for Mac, using JAMF. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra search.product: eADQiWindows 10XVcnh -search.appverid: #met150 +search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.author: v-maave author: martyav -ms.localizationpriority: #medium +ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: #conceptual +ms.topic: conceptual --- -# Manual deployment +# JAMF-based deployment **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,14 +31,16 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp.md) for a description of prerequisites and system requirements for the current software version. + +In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. ## Download installation and onboarding packages Download the installation and onboarding packages from Windows Defender Security Center: 1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**. -2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**. +2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**. 3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory. 4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory. @@ -46,100 +48,161 @@ Download the installation and onboarding packages from Windows Defender Security 5. From a command prompt, verify that you have the two files. Extract the contents of the .zip files: - + ```bash - mavel-macmini:Downloads test$ ls -l - total 721152 - -rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip + mavel-macmini:Downloads test$ ls -l + total 721160 + -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py + warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators + inflating: intune/kext.xml + inflating: intune/WindowsDefenderATPOnboarding.xml + inflating: jamf/WindowsDefenderATPOnboarding.plist + mavel-macmini:Downloads test$ ``` -## Application installation +## Create JAMF Policies -To complete this process, you must have admin privileges on the machine. +You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines. -1. Navigate to the downloaded wdav.pkg in Finder and open it. +### Configuration Profile - ![App install screenshot](images/MDATP_28_AppInstall.png) +The configuration profile contains one custom settings payload that includes: -2. Select **Continue**, agree with the License terms, and enter the password when prompted. +- Microsoft Defender ATP for Mac onboarding information +- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run - ![App install screenshot](images/MDATP_29_AppInstallLogin.png) +1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File. - > [!IMPORTANT] - > You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. + >[!NOTE] + > You must use exactly "com.microsoft.wdav.atp" as the Preference Domain. - ![App install screenshot](images/MDATP_30_SystemExtension.png) + ![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png) -3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: +### Approved Kernel Extension - ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png) +To approve the kernel extension: -The installation will proceed. +1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. +2. Use **UBF8T346G9** for Team Id. + +![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png) + +#### Configuration Profile's Scope + +Configure the appropriate scope to specify the machines that will receive this configuration profile. + +Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers. + +![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png) + +Save the **Configuration Profile**. + +Use the **Logs** tab to monitor deployment status for each enrolled machine. + +### Package + +1. Create a package in **Settings > Computer Management > Packages**. + + ![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png) + +2. Upload wdav.pkg to the Distribution Point. +3. In the **filename** field, enter the name of the package. For example, wdav.pkg. + +### Policy + +Your policy should contain a single package for Microsoft Defender. + +![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png) + +Configure the appropriate scope to specify the computers that will receive this policy. + +After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine. + +## Client machine setup + +You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment. > [!NOTE] -> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time. +> After a computer is enrolled, it will show up in the Computers inventory (All Computers). -## Client configuration +1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. -1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac. +![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png) +![MDM screenshot](images/MDATP_22_MDMProfileApproved.png) - The client machine is not associated with orgId. Note that the orgid is blank. +After some time, the machine's User Approved MDM status will change to Yes. - ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : - ``` +![MDM status screenshot](images/MDATP_23_MDMStatus.png) -2. Install the configuration file on a client machine: +You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. - ```bash - mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py - Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password) - ``` +## Deployment -3. Verify that the machine is now associated with orgId: +Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. - ```bash - mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py - uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 - orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 - ``` +### Status on server -After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. +You can monitor the deployment status in the Logs tab: - ![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) +- **Pending** means that the deployment is scheduled but has not yet happened +- **Completed** means that the deployment succeeded and is no longer scheduled -## Configuring from the command line +![Status on server screenshot](images/MDATP_24_StatusOnServer.png) -Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: +### Status on client machine -|Group |Scenario |Command | -|-------------|-------------------------------------------|-----------------------------------------------------------------------| -|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | -|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | -|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | -|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | -|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| -|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | -|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| -|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | -|Health |Check the product's health |`mdatp --health` | -|Protection |Scan a path |`mdatp scan --path [path]` | -|Protection |Do a quick scan |`mdatp scan --quick` | -|Protection |Do a full scan |`mdatp scan --full` | -|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | -|Protection |Request a definition update |`mdatp --signature-update` | +After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile. + +![Status on client screenshot](images/MDATP_25_StatusOnClient.png) + +After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner. + +![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png) + +You can monitor policy installation on a machine by following the JAMF's log file: + +```bash + mavel-mojave:~ testuser$ tail -f /var/log/jamf.log + Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. + Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... + Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV + Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... + Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. +``` + +You can also check the onboarding status: + +```bash + mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 + orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 + orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 + orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 +``` + +- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set. + +- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed. + +## Check onboarding status + +You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: + +```bash + sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' +``` + +This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +See [Uninstalling](microsoft-defender-atp-mac-resources.md#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 09a4dcceae..c7d8d338eb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -1,27 +1,27 @@ --- title: Microsoft Defender ATP for Mac Resources -description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, and known issues with the product. +description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra search.product: eADQiWindows 10XVcnh -search.appverid: #met150 +search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.author: v-maave author: martyav -ms.localizationpriority: #medium +ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: #conceptual +ms.topic: conceptual --- # Resources **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -109,6 +109,28 @@ If you are running JAMF, your policy should contain a single script: Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy. +## Configuring from the command line + +Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line: + +|Group |Scenario |Command | +|-------------|-------------------------------------------|-----------------------------------------------------------------------| +|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` | +|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` | +|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` | +|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` | +|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`| +|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` | +|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`| +|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` | +|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` | +|Health |Check the product's health |`mdatp --health` | +|Protection |Scan a path |`mdatp scan --path [path]` | +|Protection |Do a quick scan |`mdatp scan --quick` | +|Protection |Do a full scan |`mdatp scan --full` | +|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | +|Protection |Request a definition update |`mdatp --signature-update` | + ## What to expect in the ATP portal - AV alerts: diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index af6205c2ca..416840ac2d 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -44,9 +44,9 @@ In general you'll need to take the following steps: - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: - - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune) - - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf) - - [Manual deployment](microsoft-defender-atp-mac-install-manually) + - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md) + - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) + - [Manual deployment](microsoft-defender-atp-mac-install-manually.md) ### Prerequisites From b5c59e32bc4ac40a650f4c440abdb63dc26301fd Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 9 May 2019 09:59:38 -0400 Subject: [PATCH 052/117] typos in links --- .../microsoft-defender-atp-mac-install-manually.md | 8 ++++---- .../microsoft-defender-atp-mac-install-with-intune.md | 8 ++++---- .../microsoft-defender-atp-mac-install-with-jamf.md | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index eecb31f9e4..1df8b31e64 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -21,7 +21,7 @@ ms.topic: conceptual **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,7 +31,7 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp.md) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. ## Download installation and onboarding packages @@ -116,8 +116,8 @@ After installation, you'll see the Microsoft Defender icon in the macOS status b ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-mac-resources.md#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-mac-resources.md#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index bf6854e899..54e0829561 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -21,7 +21,7 @@ ms.topic: conceptual **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,7 +31,7 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp.md) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. ## Download installation and onboarding packages @@ -166,8 +166,8 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-mac-resources.md#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-mac-resources.md#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index eead3818a7..3e4122d3a0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -21,7 +21,7 @@ ms.topic: conceptual **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) >[!IMPORTANT] >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. @@ -31,7 +31,7 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only ## Prerequisites and system requirements -Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp.md) for a description of prerequisites and system requirements for the current software version. +Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. @@ -201,8 +201,8 @@ This script returns 0 if Microsoft Defender ATP is registered with the Windows D ## Logging installation issues -See [Logging installation issues](microsoft-defender-atp-mac-resources.md#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. +See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. ## Uninstallation -See [Uninstalling](microsoft-defender-atp-mac-resources.md#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file +See [Uninstalling](microsoft-defender-atp-mac-resources.md#uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices. \ No newline at end of file From 34e77a00035ef4617f6ffee4798cf68c5f311d24 Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 9 May 2019 11:59:32 -0400 Subject: [PATCH 053/117] corrected list of settings, updated note on E5 --- ...ecurity-settings-with-tamper-protection.md | 32 +++++++++---------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 930eb2406a..16fceaea85 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -20,35 +20,33 @@ ms.author: v-anbic - Windows 10 Tamper protection helps prevent malicious apps from changing important security settings. These settings include: - + - Real-time protection - Cloud-delivered protection - IOfficeAntivirus (IOAV) - Behavior monitoring -- Scheduled scans -- Policy override settings - +- Removing security intelligence updates + With tamper protection set to **On**, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: - + - Mobile device management (MDM) apps like Intune - Enterprise configuration management apps like System Center Configuration Manager (SCCM) - Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures - Windows System Image Manager (Windows SIM) settings DisableAntiSpyware and DisableAntiMalware (used in Windows unattended setup) - Group Policy - Other Windows Management Instrumentation (WMI) apps - + The tamper protection setting doesn't affect how third party antivirus apps register with the Windows Security app. - + On computers running Windows 10 Enterprise E5, users can't change the tamper protection setting. - + Tamper protection is On by default. If you set tamper protection to **Off**, you will see a yellow warning in the Windows Security app under **Virus & threat protection**. - -##Configure tamper protection - -1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. -2. Select **Virus & threat protection**, then select **Virus & threat protection settings**. -3. Set **Tamper Protection** to **On** or **Off**. - + +## Configure tamper protection + +1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. +2. Select **Virus & threat protection**, then select **Virus & threat protection settings**. +3. Set **Tamper Protection** to **On** or **Off**. + >[!NOTE] ->If your computer is running Windows 10 Enterprise E5, you can't change the tamper protection setting. - +>If your computer is running Windows 10 Enterprise E5, you can't change the tamper protection settings from within Windows Security App. \ No newline at end of file From 089238bd71ac1a5e82f177e147c1ea10b5605297 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Thu, 9 May 2019 10:24:07 -0700 Subject: [PATCH 054/117] Update assettag.md --- devices/surface/assettag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index 9771aacb0d..03a43060a5 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -27,7 +27,7 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices. To run Surface Asset Tag: 1. On the Surface device, download **Surface Pro 3 AssetTag.zip** from the [Microsoft Download - Center](http://www.microsoft.com/download/details.aspx?id=44076), + Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703), extract the zip file, and save AssetTag.exe in desired folder (in this example, C:\\assets). From aeb325db764df3de68061c8ecad1b01c22b08de7 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 9 May 2019 12:56:34 -0700 Subject: [PATCH 055/117] Update microsoft-defender-atp-mac.md Edits --- .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 416840ac2d..8a8a11ac75 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -84,4 +84,4 @@ SIP is a built-in macOS security feature that prevents low-level tampering with ## Resources -For further information on logging, uninstalling, the ATP portal, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page. \ No newline at end of file +For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page. From 0c7afd2190b914bf0d2899a961a48ec2411c097c Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 9 May 2019 13:00:14 -0700 Subject: [PATCH 056/117] Update microsoft-defender-atp-mac-resources.md Edits --- .../microsoft-defender-atp-mac-resources.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index c7d8d338eb..8af686d049 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -33,7 +33,7 @@ Microsoft Defender ATP for Mac is not yet widely available, and this topic only If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default. -1) Increase logging level: +1. Increase logging level: ```bash mavel-mojave:~ testuser$ mdatp log-level --verbose @@ -42,9 +42,9 @@ If you can reproduce a problem, please increase the logging level, run the syste Operation succeeded ``` -2) Reproduce the problem +2. Reproduce the problem -3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. +3. Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file. ```bash mavel-mojave:~ testuser$ mdatp --diagnostic @@ -53,7 +53,7 @@ If you can reproduce a problem, please increase the logging level, run the syste "/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip" ``` -4) Restore logging level: +4. Restore logging level: ```bash mavel-mojave:~ testuser$ mdatp log-level --info @@ -131,15 +131,15 @@ Important tasks, such as controlling product settings and triggering on-demand s |Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` | |Protection |Request a definition update |`mdatp --signature-update` | -## What to expect in the ATP portal - -- AV alerts: +## Microsoft Defender ATP portal information +In the Microsoft Defender ATP portal, you'll see two categories of information: +- AV alerts, including: - Severity - Scan type - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) - File information (name, path, size, and hash) - Threat information (name, type, and state) -- Device information: +- Device information, including: - Machine identifier - Tenant identifier - App version @@ -155,4 +155,4 @@ Important tasks, such as controlling product settings and triggering on-demand s - Not fully optimized for performance or disk space yet. - Full Windows Defender ATP integration is not available yet. - Mac devices that switch networks may appear multiple times in the APT portal. -- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. \ No newline at end of file +- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. From 8b6c29d5325aa3f5b15a61db64f46e515c7b9711 Mon Sep 17 00:00:00 2001 From: Jina Yoon <45857656+msft-jinayoon@users.noreply.github.com> Date: Thu, 9 May 2019 16:28:26 -0400 Subject: [PATCH 057/117] Updating Domain/ComputerName node info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Incorporating the following info: • This node edits the DNS hostname of the computer. • If using the %RAND:x% or %SERIAL% macros, the new name is limited to 15 characters • If the serial number generated from the %SERIAL% macro is too long, the serial number will be truncated from the beginning of the serial number sequence, not the end. (e.g. 123ABCDEF456 --> CDEF456) • If the new name is a constant string (i.e. not using any of the macros) the new name can be up to 63 characters long • Validation for accepted characters are based on the SetComputerNameEx function: https://docs.microsoft.com/en-us/windows/desktop/api/sysinfoapi/nf-sysinfoapi-setcomputernameexa • This node does not work properly for hybrid-joined AAD/AD devices (it only works for fully AAD joined devices) I would love feedback and additional edits on how to make the proposed changes more customer-doc-friendly. Thanks! --- windows/client-management/mdm/accounts-csp.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 19820b0309..18e6657277 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -26,9 +26,13 @@ Root node. Interior node for the account domain information. **Domain/ComputerName** -This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. +This node specifies the DNS hostname for a device. This setting can be managed remotely, but note that this not supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters. -Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect. +Available naming macros: +|Macro|Description|Example|Generated Name| +|:---|:---|:---|:---| +|%RAND:<# of digits>|Generates the specified number of random digits.|Test%RAND:6%|Test123456| +|%SERIAL%|Generates the serial number derived from the device. If the serial number causes the new name to exceed the 15 character limit, the serial number will be truncated from the beginning of the sequence.|Test-Device-%SERIAL%|Test-Device-456| Supported operation is Add. @@ -46,4 +50,4 @@ Supported operation is Add. **Users/_UserName_/LocalUserGroup** This optional node specifies the local user group that a local user account should be joined to. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely. -Supported operation is Add. \ No newline at end of file +Supported operation is Add. From 15fa5a43139094203763b0bcb8f43ac3902b65e6 Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 9 May 2019 16:29:44 -0400 Subject: [PATCH 058/117] reworded [!IMPORTANT] for redundancy --- .../microsoft-defender-atp-mac-install-manually.md | 6 +----- .../microsoft-defender-atp-mac-install-with-intune.md | 6 +----- .../microsoft-defender-atp-mac-install-with-jamf.md | 6 +----- .../microsoft-defender-atp-mac-resources.md | 7 ++----- .../microsoft-defender-atp-mac.md | 6 ++---- 5 files changed, 7 insertions(+), 24 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 1df8b31e64..13edfebf77 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -22,12 +22,8 @@ ms.topic: conceptual **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +>[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index 54e0829561..c1568dc518 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -23,11 +23,7 @@ ms.topic: conceptual [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +>[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index 3e4122d3a0..e3ff4b865a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -22,12 +22,8 @@ ms.topic: conceptual **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +>[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 8af686d049..d2f6dcffa8 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -22,12 +22,8 @@ ms.topic: conceptual **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to use, and details about, Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +>[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Collecting diagnostic information @@ -133,6 +129,7 @@ Important tasks, such as controlling product settings and triggering on-demand s ## Microsoft Defender ATP portal information In the Microsoft Defender ATP portal, you'll see two categories of information: + - AV alerts, including: - Severity - Scan type diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 8a8a11ac75..70ba7ddb6b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -19,11 +19,9 @@ ms.topic: conceptual # Microsoft Defender ATP for Mac ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. -This topic describes how to install and use Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change. -Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. +This topic describes how to install and use Microsoft Defender ATP for Mac. ## What’s new in the public preview From f654a356f4b7a1069f9abfbe6e34c433215a54b9 Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 9 May 2019 16:48:01 -0400 Subject: [PATCH 059/117] fixed spacing on [!IMPORTANT] to make build happy --- .../microsoft-defender-atp-mac-install-manually.md | 3 ++- .../microsoft-defender-atp-mac-install-with-intune.md | 3 ++- .../microsoft-defender-atp-mac-install-with-jamf.md | 3 ++- .../microsoft-defender-atp-mac-resources.md | 4 +++- .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 3 ++- 5 files changed, 11 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md index 13edfebf77..5652662325 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md @@ -23,7 +23,8 @@ ms.topic: conceptual [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) ->[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md index c1568dc518..15bfabbd53 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md @@ -23,7 +23,8 @@ ms.topic: conceptual [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) ->[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md index e3ff4b865a..d0ad4df2aa 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md @@ -23,7 +23,8 @@ ms.topic: conceptual [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) ->[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Prerequisites and system requirements diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index d2f6dcffa8..14853fbcd4 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -23,7 +23,8 @@ ms.topic: conceptual [Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) ->[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. ## Collecting diagnostic information @@ -128,6 +129,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Protection |Request a definition update |`mdatp --signature-update` | ## Microsoft Defender ATP portal information + In the Microsoft Defender ATP portal, you'll see two categories of information: - AV alerts, including: diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 70ba7ddb6b..ad6e81eb5a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -19,7 +19,8 @@ ms.topic: conceptual # Microsoft Defender ATP for Mac ->[!IMPORTANT]This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. +>[!IMPORTANT] +>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. This topic describes how to install and use Microsoft Defender ATP for Mac. From 6a1c728b1bb8f153042b2e51725d740a569a51db Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 9 May 2019 16:51:34 -0400 Subject: [PATCH 060/117] fixed links --- .../microsoft-defender-atp-mac-resources.md | 2 +- .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 14853fbcd4..7f138a6ca7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -21,7 +21,7 @@ ms.topic: conceptual **Applies to:** -[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp.md) +[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](microsoft-defender-atp-mac.md) >[!IMPORTANT] >This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index ad6e81eb5a..10fffbc787 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -83,4 +83,4 @@ SIP is a built-in macOS security feature that prevents low-level tampering with ## Resources -For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page. +For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources.md) page. From a40b57465652b271bf35ac02133670ba5935245a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 14:37:56 -0700 Subject: [PATCH 061/117] added new image --- .../wip-azure-advanced-settings-optional.png | Bin 14186 -> 23584 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png index cd8e0d0388c3d30f4e4288d6884302ee048c3bb1..02138b02a709d31ff3a1c22f09c939f907a810f9 100644 GIT binary patch literal 23584 zcmdRWWl)^awk7WFbV#t^+RzZ(-L3IJppiy`6G9+(a1HKmjavcebZzm`N3tYWd`xv(MgZt-ZdE($P{T!~@}>pr8<{swn88prEy*prC%j zK?B|?rCvM${zLWDQM))i7a&(iN=?ekoN-jto&9H;}bhc#500!#OI9J1d~7|6Gs2 zrhKyjy3e=%rLEl~Ke9sK#GQ%xSVH?Y}Wg1>)Ko5vEV@(*w>>e8dxmY zj+KfKcopmLMltmMZBr}cGvMjvLokbG&t=4CV zZDrc$iS`&z#&e{03j9hsxIUiD|1@CLsF4`~uk;z?s%!6cD-~dC71H5Mh$@p#-ImAZ%&XZ6uGoHwqa*acJsjceV=or!bN^?t3bLd zU4M+HOfdaDMK<=~h(cebggiG$YpgkYpl_^b6~h>!u|W`pK$uww=_V>_EDAu17~~q_iA$^{M>Tic ztA{ms9?^ndoo0MGEHoa{VQIvgPGQFBFDR8_6&SO!r^_*wEaU~@?68RQKcw|Un}TeW z;&`w>)2!#`i+dz$|DHc&(OSv0d$`?nl0dV6%&N-FygE)?J>7h6sd|w?+3*!Pz1%AT zjDc4e@+sk;C0Ejo{n^XbGdKJmPKe5BVDA`L4+)Ok&N4H~`!j8j?pCml`ZA1*nT9%4 z$y%l{z2Aa2x!UF#yu*(bjWeHBDB^$amC@>A8rSYsx+-!(r9W82>)YyBSQK+z&PdNd zt_zA^(ZO_GHoVx7b6fZoX)V@iB|L93Md3Me#uZCz=xRDK9<^;&V6yQW#Dx$w5b|o! zGHs^aQPMAf5mjWXNF`ZJ){?oyB3Bk}4)gL_;iu8OwS!a=0$6OhOjpAiS<0#}RvV zW0opMfM_n>JqXT!bctui8K>;a@E)gVj5$+<%mV{&cKxNPA#JQ^t6i37S!}7nVDS+9 zsNhi#5%Nho7rY3zm?fc*O5Eewy;Fn(KBLpr*P&(a>u+19MF*?3)Ps48D?TzQv&V_> ztd8>9BgSzO%awu=qo%6|Y%k+8k)T0}&$@XSWBSD$YxZt2!@ffG_`oWy!wkcQK55gq=J+9Wi{E;k?>eDbm$b<6OMrX!c<2aEm79I--=;oUICXAH1{7PKkSaYB%7PD3D#i#YukIEKYawkWtI(yVIs^HWl2 zY708vOG9FuHc}ocipB?0zER8+1{~0-6j=0iB!w^cG)k&0?G^(_S9GT8!`TU;dg=?z z*UZj&q*D|L(hMqE92H7Nh&EW_`u2$Mh>0!Yd#pOtHbcbA7)Ql~3u`aCirgOiadJB5 zPQ^+6cAFrHCg-+oCDTR&Q;JU5up`Kqf$520ek%n(&ng{%#>)hL!@dC--%)-ZY=$^a z0dR}L9wk?hy(MicE3kd|&bkqr$wfY)i9N8jf5)1X@?iUK<&#>p(3~?*@2m1?)HR)eS6QRuqqRgcZnkO}RJfdc%$Hi`g z@@ks1be=BFh7R_35=yIpZGe33{LUepd=|X zLlju2LOT*A0(|t!Snwl$N`<^uP{TV}i|DNr+_yX_xRglFjWIV+)?$Uyy8?|PrvAv8 zIYLC4U1E^Vm*m1KgUUVORpIBm0<9b!K^A)=%!J*_4>Jpt!g7c)nJVa}N8*R8RmrV0_Phz-H88F}cLIroJF z44FvK@axIxglD{DL;J~1Cw1Yj;k$;8kCRG2bfGk%g3G!^;v>oM(nfE|L$l<9TQAe1 z4R_~JQ-zq}L|ZE9aRGG5K|@31xCU)Y62=43g*p~0Y)HTgcNACjL~m6p z7$P`T0{TPV4v92e#m+LQxP%-YrEmzsQwI78+&_(A5R_nkh7^M))VTTl!q&E%y_wP6 z)ok?=gBZRDYMbjoU7%wQkR|J=6Oydf+n|Tq{zoMqQen?)tpryc`V|CbSl{T1$_v^H z7*sf(qIu8zGjG$*@8K)r(BmPaC09QC8yzh<7SXLOZv;Uqt8qxXUWHXss@=R?;j~{f$`k!{ zeQs!tR2#aUGRRSR@ScuMC(*5#KrOrsN5%3d7(!%FJRe&vU>YGYlfz%(S{a)T{+&do zLt9~(TqB3Ma9n^vpgqo{$I_93Db??s#+abkJgn9fYMds6u1MseZ=y+>Z}VAF8B0_{ zokpF8SrQM-mnQqGHQr9i>5yGD}fGif#*DhNox=&7_z; zc>Jt(%Z#=O#ot;;z($4q=@FeLG-@+y3N%x~K^EHX;(KD3C^N&6szh1A=~)Vrmw&`G zWxT4yYQU@tg<>sQ?*>(p3KAzB>za(nv{t5%@`Je|J2yzwgFQFWMqXeQxq9_XL~=T5 z_9nN%#gMt2M6-?+1mK$}7t*xVB04zSd$NDZ1LaGwM?aDTY@G*-U*uM%p3<8E4f=Pb zg_V*J7En@~wldTO6fnp(lnpg7ILA{J8z955$S#zqW-_i5qp_1Cl|v;Mv4e9wB~&re za^A_|{uJ3Z`~tHO{l)3bTE`C!7&He!k(AtvXB0xZdAU%M9|fGdLQU2<1Hlq>s0}Hj ztyx!E1T6J4pf6k5L>FZ;i?2@|(+WXcOt8-w%qrm)9_WOop!hnA_?&d6IZx}}RNXvN za8e%t&PIGV6I4?3-J1kj!9OI5r`^JiMq&)X&xM-bi5|CSKvww=4Z}(8Vq?r^x$0sC z9O8{R_2)FJ3I!mcHaIF(ShEmYYEkC^gYNzZs35JWben?ahh2rDs#83}z5p^BZmTO} zDB}^*%!*VZg`%PU$vOVXTWS@{-S)AJ zLyMw9g9#xjLeIXULbfrf<4g1(Q`g=#gj9rE+}212ZqQb^VxRAu4u*jIxlaVIpzpSG z&XF$2XA?|RguO*pF2;}?Bayz=reIg_w%89h>rI<~e%5nOC2H#7`~bnw;Nk||6Ob9a z7%br3!RFqg|M}xIEr^8QbzK}U@#7aEuAg_z#147xZuzgAynVs>8=w4ub5N-UDx%v% zPrVP$AFKoLH@?|_qGh{Tp>O-D?(gkHApIg zu2iWd6kbcjpIe~qvB75nv9ZrU#;6Es(FEX?5>h_<%N+qX zm#JJvwNF1Pt@easmjd@Y*1lT@AC9Of7!^%dE~o1v$&Vd~!OHE)dJ2xSa=b`Qb@-v7 zEDlZ=+?;jDVUO>kMobjg<}I(|0uhOVxz z#zv-88CgEz3cNXh|IJ`Njlz29>Q1v$A2p9Y$R<}g=ulEdLTG%{RvJ|5k%Pk$nJBI| zf$hdRh=#{$6s5S~KcPDzsvpmaX8^_W9b7eHkx#~&{n;BQP*DvjBDvTQY>lF7H(;%? z*d*z1JQf^83um6?oQN%*6H}-X8;rI}xNeeMNphf#cABrH3_kd*Ka9zJw!gx63O3ku z0BETNK<$ox^Hqeu>0`+EZR7Ci=b5Pash_muB{Hy!FXq(5GCV{!lo8KMrsHBzMGp2T z%SrBe6v2YJjuV!neN16cHJXH?R1}OLl@OPH>sW2KVkdz1(QdreH=ZU_F~0byxwOoW zG9R9WvoX-m!&+MyYMdO6P5g+$!L1(-`QWvyR~g&(>eTU2c#uYr?E@KM4n_`YsX(|q zQ+${Rn}U=Ud%uYy@J=#f}Y%>qf$Xe47SFQ>o!PSX3 z40y`}hO%Tz@ZL5~hU0*lhsh~Y<%1+wSZ(8Vodnzq1)A4180Q`jCvo(bcucTug)vW^ui1>?0DgS$5psf&uXw zj7RxMThJ4iMfT}u1ktGLOCNpIZ*W8(z+yA0fw+iI7NJy-5?Ie6Sy(?WBys8H=#_oL za%DuKsSMiC*Mv-diq(=D{vyE6Z0LR@n*K?~q&#;p+9s$OcH-|C&1p7zo~Ti4_%y6H zZS-*#QGbsyXR=G;F!Nhs+qbbP9=%QJS>K^t>Uf;w!b(G$QIZ~dvZrc&3P`uzX_kN8 zLoU0!+OEWuJ6apAi29mw5s5OsTeD8?>$DAWoJf+PM>-RzTq$e{ErbEGXJ_uWiZS7#p`p3Cxp8rEEiElQ&)hDKHla-^ZazBB*O#3g9Zy~IfMgcX zB!Ubwm*FZP3o3>?5uo*QGy42ql;v`EajC7VQ6TYBE4NK6H>uK6GxHHEr?{+ocBco7XP;LbfgwBs^6|prV!Qu^hpQz_27HkH z%KI{J7yq=cBm>0h#!pjSSLaj)l%H2}Mn$MKLDoCJ-k*w?PxjywjQ{A{zYO#0o0yo` z+e36|Tg8Gqinx&V4GqX`qx#7&P6QWn1P<}VU`}9D?V{&K-p{F2;M2A2{5wPMsk|oj zeAk6<-;QJMb1|0~DdDBdGMd!g`Ml*#wtvRb%Z6L~jKGs0^g{ug9r=ZH6PoWYj#hnM z%b|O_ceEWF(r&HxS>8H#IX)db?eUQ+$G{2=zOyI+51vG5DfC%ev4`)dW(;Sifl0t+V{Wlb8nrvVY(%DSxMOQacz&^Oy0jTH>P^AI}jch zN7y9~jOeD29LY~d^yJAC_0k6?jk1OWXv~_N%nXg;!8*Xj>P2{WP|EH((!?xwiL=4BawZz` z#L{5+#p5@%?o2}#$r)Dz5L&r?c?S_74!84waqR6m&gX~Z{INh+$}*@8!&F{EvvAl^ zfj9?PIelfLsh?4k^^moVisB30n03qEKdr>)BeS$@m&kc{zqnIT@bB*@YierrcCk`= z6foWPidOOIUy0J!9)Czgn^_JYE@HgWx&0kCUo5twUex2N4PceJ9R)~rO%0C>gnOHd zkWbR*{BW$zlE>0v*j3eF_QFCVdBh{VZ9c0NxPqrPTagtER{Wz2><_HcNC?BQ+^T_s zyz)xk`H`{(%ggLZh=P83QLuwRZI|TV2q8z-2TcySUwe8%SMmy?!6`kJkytxB`w)%m zKNx8*)r<6Sq2BTH*ee$~w;9cMT7W`(5)I5mPfrh;6n+%LcNF|3hJk}=WnxQV>T(uP z=gpCmnEAHfuHqXts%Im!2qB~Gm%CSKw`b%)Ts;Bes=l+cGsx$oYx_$s_oe=7Da>r)FmBw~qhVC=o@d;eA$Tzye;64yKhrsIP)j0jyx#eb1mJib&_P{Nr;xAto*^K8*RefbxEdk|z{H7Zw(bpFUNT z{F_I_-R6~wNkP5b@5bo=}F@5@WEX<7S8ATi~N`-sGidGs!Q`TBKD3kVX` zgNu)3z?^wfv4POynL79;bZye8njd-uix1o!U6BG=;5&uFU&Z_${sJ%m?Ta>n(J-(|Udq^8Yh|IwzAg|BVr`w<#gT4Jq2 z=${#av}s`@ZqOs@m~h|wCc*B5rRZ=y(XV4(( zm5Px-O>$l7?C9#U1VH~5cRd3VWm4*jdk9)NMjR79G*Dz^A&~}`p)a5WDqNlz5$L`| zjZFi^q+51i(3EqXlZXVH27zWk1$i^^oi0^+Lr{o57z9Bu1XeH^QIxN{fFuWNnBd%n ztR}r$LpiwLS+xVE5iq4Gb*WM*rHPja29G+r{9=53cYcIWTCMe9G)H8lVp)#-i1K@~ ztA(>fe^0>~vbibWeh1Qw04p$S8#A|Nl08u^In%3=+AwBq#knY^BK%^V_~4y9$p&R|or&ZciAqHE zY7ulqA)Gcu!yN1#_5HjeDnAK@-^Y7$=y8X2p@1M6fK{N)2V?xN9^)njjh;j!!u4sb z@njemQXecnJaM78$JhW+=so)06RJn=d3XET7X%vKr?Gws)es3>R=RCc;N3xxZAVgIG-jRsWj~# zFPhiF5f!XtQI$EKp^>WksTPoi5>nKZs8Iq6TiKRTL{^BB5$pONT!VeJSfyfs8KjP8 zR2kJ#8Np&rtby{+Y4iYWCOV7vYwLn83r+x^9n|E?7J=e9k_i}Y%qWhz6>|)ImZ3P( zO>+1;qVqI}qyLM%=qEIh6kO#rbF9&<0E=k`IWTXHDHutos9^@?*8Hr%F6u-<3k}aO z8u%HO{RztRlB77M9g$MS$V9JHXiloxPxq1jtsru3nCMse)YxPFk{%k2et-=En9E=f z#{Z9d0}u_vpDze=QhPlqnuVcbDn7RvR2eQ?x+4qX8Lfh7S{Ep}Eg|@jA=p0*qp`nT z!4tD0oFzTDu}u03WrpN@m}p$LznQYHg5`P0Q_-pS(UsK<#5{Iv)rQk)56hPDKiK#M zIP27g7a&afKL}N3d9b>tD_(Ix1V<I+>#-` z;*V&0YPzn zqV26#q^{Fjv)$Bnj2XjN$2`|JW#NIIYl+EYV=Ap}<}+j!tZ!X03UP`W3lQgDYKlgM z?Wcdvdf<&~2q;qDgXL?rQ1F(<{bv99`D?s)`{p|1{&(k2gQ`yBBSS4wt)%u(GhA{U zsLy|Q7hHVDwQD66X3NCxjj#~ok#V`e!R4Qhsb;5`c`4?rqo_}NBqQUb5nU#Mp}88B zROXnHq0Tx~u8uL^KuyXHw+PYk6)6B^j?p-o_V!O|%IH4=>sTLshA>BF8BiI(tT?u- zt;=YN2}G0IMT#~lvNCO=AvA)zkYRW%SbbtmA@rT!^EFOvkx$CcM*KRSrKbyS6tnCf zks4mLdf?bN3yjx@^&!?3?4uIRq~runMjy&5b65Dy;x+zw*2k0Y=DX-Tzj&EnBsB|S=| zV%cQ#-&%t-+sBruEJ6jE)`g9EZn>O=r z(v3B;$jZmZ$J5hOgs!%x=4q$D?<_ahVs6hfeo$PiA#kNo+H``+FuV2q8J~^{pnZn9tA8--!P(2@@ag zNcJi)ufE6KO4~)jD<;^Xs6~a79#-2u(p?8F9mM{J<@>bP=S%c{>l)@Im$#F*Va=)* zO*n@`lBolKF^nOEfkFf(EG$e!L=;_V@7#GSjC~OJ@^b%nDX_!m1s_KLAL2Vz!8MoK z+FH{mz#+uDI*@~yN(%YPvxNKe+dt*qh}nf({P^)>(c~|@e_bq(ET~gC`6Cp57Wjv4 zw$P8L)+g{M;dp$uI1PaTpc>4O1F8YQfmYLz%K`DL(?-jP_-~$`yQf&q-~UIF(Cu2( z@fv1*eENQJ<|ElSzyzkUDY6>>!mB9w!qU>_{1j&U_RYoJ>9K#t>kYoU1_<3D{oOa> z`n#|B*O49~PnNbm`C&=V$vibbd-2JK_Ir)xwfgLbj33g0=Wddx)}hj0fS&$6e6I%> z+`D&%oVkbM^UE73A1`j+tKY23BkndY0@+g=LN`KWWW0E&gI0Ri-EyxKuWPy_Blk|{ z1EMycNL?!3(*eJX(4J?Wp2u!q?-xV{fV>cp_sw#ch465+?6VS8TMUIclD0~5i}SB} z@w07~XD{wVxv-w@VEs&WN2Q*zX}t7H`WIXdwv_pJ8)?ph6H@;p4)^Ko73R^;$oNjk z;RAZf>#uUhif^2i^>#pP9zTVm+AO&_0-bn&aZf zf52>?o4 z|3vgNT8(%`T6Uv>V784 zyCj2Imfuzw$U$@WTP`kFN6#*_U(((Os{(-0CvO>WL^|Z2sDQ60TAo1fFMIGi!TTtJ z{G>>Z1;2j7aW<>Uv;8C(YsvQRqdKtLh;t*cXb7-?m@b{BrN8(TI2K`2imRm#@wzx(+WR%aua+{swtmFg^Tj%}7`zdPn@gF9A}d$d1WP6A1J;3Q zj|mIcXJUE;W@cuKUzTrIJb|n50Mvbo{%-g94)XPORoeTcZCKGlV>Pww_KjUh-JsXa z(8qgu;+_X2y3i0syuPI$Rf(YPe0O%g|7Xq!p5EsKVAC=Aj<0?H{_OSZrD#C6eWku# zg!;nAXMS!jk?8vEo=?vt)1pvEchLFqU%YPyRPwOfjd}}jKnW=M087gNhU%7ZGFg{| zzxWYgf=*Jv%?ZYk6Nb!0dg3fGpjxF-;bKytpE&_1^|)7ti~eDxnPC6_j~4vX^Ha_M z$^*E;s+%zC-DXmx8m z+xa7^eZo&F!iQE!e#@6rrhtV=qYT)os(pEW`^%D0Qj&%{UJVHUXw#&W8D}{g$T+N> z!ahE&D0uzAOS_*<<9qc=S=1sRW=)r>b8&HL#{m-T-mh=()w98a5>h~Q)cWBt+Fi8j zY=v~A`m(a3%%s9)06@hxn^*dhuw zWQ3vt3M9x>wIV7cm`9zA(q>ScyQ#34+R#DLHy40r?A#y&hzx4(~=hMf(?tNIZv zku9%yx0b_97X+H3;KG6u320?A=nU{oNBT*UrpO|3V5vF|k!J5*D5YVszH~sHaEGV9 z3PDHl`}sBnb~Q8cK)mIhM=sOP)KykL=f#C%)<@4`kI_GKaer-uVvQz|X|}=avL3w2 zA@huNZlQ3e3ei$a<>-&9NGZZ?HnbWMb*k~mOM&TRF-=# z8uk5(!J%9=9RsHX`XM}f&ouNQ)z#G!FAoY{K7eUB0V4>>)fInQnP62nmMtz0b8dtT zTrk4lzPSMlo6r`kT`$-RiVEnAXTrbD#%t(naXhiLYX$2(;<7hWEavb-s~OGzj#Sqf zXGWV4<2*NEQ8gAdV#cFYwEd^@xYv?R=vR<+ zi%N64%`|dV$7XV>LMaQsC{~pSgl?UVXi_d5f3_JL%VT)z;Uu&&cHegq6Je5?Bl)i1 z9tSQH0&+*s;7|ay_{$bSy}3NIUtdF>>-xQJ4!MTr0!+;0wIadeod+fyebFi+00Yur z?m4b32tKdmbXgA=nld2++!8rV#VVy(%Hihx zXDzWIq_B9=U{2LSlMUWX&Q8RKHqpikQ%{*#Q7x>GX;phn2n>ZkvA?aYNpxRlp}uxI z`@IBon^G<_e$3ZVy8_C>IFkbUMsbB0ThVS(Hmi$sR!|b>i%~D57Frb<(;ZrL=6FnF1=kH3xcrFMxaqySd^pzz4tOWB}I6&*LL z$fyO4*56di&6-3h*4Y!yV{W`=*d>!QAb#qnUdtAx69)(pq{G7Caj?Vdp|4mdK2ohYZpE2be zB5vQ~ub3W&tgmPG$!+9BkU)u;ChBP;Ov-4}GG<&z@^lAylS-Tk_L6oxe>O*hloY4d-Gaa`26rFg7CL3qnu0^Y&^dPWGz zBuD3+6c~M&e`F)upcWxyV2)tnkO2S6qgGhASuc|VWH4c(xfpNXsyobPC1o+o*#b={nm6e+q zwz&36V??5;I!**?mO8Y48YB_U35{hWFjCPED4GquvrmiFA3aH4*LT_Ko|J$K^(;O_ zxC_o=GiDd{(1$?=b7F}U(f!Ox#JQ(Zs#1R#*HeC#HRpwh{G=ZZ(iq$Q-|%~=5o z>#)vx;IPpTi2=lxo2D)VlUB$USf=-6fPHe&ln^yZKJ_tFR3~RJ#VM+ZchXp zK}+5*09%Z{ZU`@fANY|EW+Wq1;ryP#u+Zdcpag6Ogp?25-rf$xP_vM-o40weAW|H7 z0tRW0MT{ZbK;w8zwKd@8Ls*EhiOJy;o;a{}h+>}}?A}jm=UWdqcKpj8xQYKab&=Z? zLPtmU^XE@zXJX82RVVi#FeT@G!onfbIe4?`kOVMKxd? zoTjkFHc#xD`nI;V&Q4y!o(=$xah**AwTI6n435**?OIExVxS%>%3Q$M>hqRp04Nq^ zfnL0zM4VzI&OmpMzQ&ew@52o#fWnyk0RWZst|7$jgWI4?zU7yIt8MI+mCK$gK7SY> zM!w$bjj`WkGUJ_Qy%0z)ejr9eQ2hWnU4$1q=mdmrui;8ev(fwBGT@hX;MHWnnbGaJ zh9!N#JX?lJ=4@ZYqW+yCD*zyX#zgq|_&6}Yvp+&u6zE-*M&+4#2$1 z=@?Ap>rdPg0Tus~L5PTm>>SUtbY5JzLa~2|emuDd@92>1S^$=%qlg??u)oFg{Wu}; zX0~f2;!7O0Yg#z-?asV({LQGJw7h6ew#)J6eRBhAZ|#-mc8$PTUqsjSmw90TI2x8p{L3LWIu6#U)Mc$&PJkH4O%!`76oT z5GG}RDE@fHy1eMi^)Fg64=hgTh>NQ$F&4V!;$M1judEx@aLJN{J$2RC0o|^u>u$ZZ zSN1v~9oFvL_r!4RtVsN&g7r3ZD&-ks?Rp(}a(gBcb`pgjT{69hM&FalY; z`hBpT>Dgu4Ii0xjwgPe7k-?h0$?I7sn z(=m9d+}&@hpiZ?Dhtp>~H~VZr*t!B_27uhJQTJc0ygam%8spS-Gc7{>aODcU4<6d} z)xN#rq!?1d!!F*4zQUF4zY~xOHy(>2RR1J;%a`ujaVW@IkxmO>bsXl!A=FTg4)*)-?%m+ctOn4SJqZJnDM3VEULeap&{UfPdM4&T_pU95gP*j6 zE7+PQPHAy&c~thES^#zbMr{v$OWg8q83>(qVD%)-=D*HZzS?c83jhZ8m|7;-)rNP zm{aJ_ko#&t266?|xS*w_rPEXIlF*5~U%!6c^9fMqX4uE3mX?8BQ!}&V@5g_;65D`r z8G}yom1R!xFgFied;`rV`fBrx8K61c9Ff4qz=Ju8|0clvyLaaQ$&W?+%xR7RqksB` zd!9=IB&)vF1K>FTj#Op~-_6vrL)B*#@srt4T+=RlS2yNJc@bZ92VMfU8$InrLCp=z zJ>|5Z7EZz;-#=gM^UZllFw|@bRE4qQ8W0c42}1SF1A(cD*>H}*DjMi{!O8FSDA(o) zgTu4T&X(kRX0|acf{{-oob3;qwbl&zugY-r@V>X(Z*3L4*Xtv666btv)PN>Gpulwk zdRU9oyvt(iAs~@Y1L<+=r(3up`Vb}3>mB7xZ>2)$+o-;b6HZ#j4JCc{Q1d*^Z1T$_ z8(D@Fd#%(t>QqTY)vrUON5#^7MxytHkN&f7q1_IoBQC z1ppm`N<;{$ldDQbDE3}XW@kaaO_lB``4E{e1)iv>7M3{jh%pPMHnaf~C{X_mWzk60 zEfCWe8p_dDVS(BQ5u-v4>u`!@V+@tb#lX*p$xC8JMN1{p-AJGdj-&zrAsDX%?>voi zZgXD`2PEi0Zs~GX5Q5qKS*##2qKPv(yX@iK`LlB9tYbeNs(2n}%pz%7ZVb&Kfd@51 zXIXM~J-dM?W<9%BrFMwn0LI#sqOELqJ^y8Yj-mx*af5bgHp_G336oezT5Z-#H=yBC zL^P=LFixpd01H*u{Qi29!1dTY7Yw%JxG772iOfc+xA@9TKbbJ9_^@Gva26#M@?s@g z*PweZ6UK?ntrm3tMU%}XRXZqmH4CINMUfnRjtZqSDD$?yW}vec(ae#vpsPTf+eCYl zQS(`F?>!q!1($j#xC;T{dvcF4VM>rVI@62qg+U3Uf*CI>v_Xfy!?FQU%KlWcB*PqcP$267q*B~d<*-U2C;@0gat{4=X665J)@bthbWT5CWmE;zs_dkNz z>v;8$3K*)%DFM;^N!zH%YOPIN$|~XE22=cd*4rEE6NUvU=@Rz;Bi4BK%Z0UD-7_q60z0K!xXY4+x1Jz}gn=>Bn z1((xdvG)+nQ)yQXf}%`Xu3kxZLq;dSL~pR*O)|100iCJ49gyauCs; zk+K`v@Ofz1m~-8N+^AUf)b3wb)`6g~t(+ThQv9G%#Y>tLo+!6|s9%kn)9~ZxWPehn zARjrl+eWCi6i!qov0_s4BpF*Mampx7X}KV@c$f&I5&=Hs+-_%}Y~Es+CX}_HvYv=! zh72vLqgGvPwV=_NMu&g&*{5>gR~qC7UC-b59tn^&aDLXnU^GHhMiBeY{e5bHdxO;z z6hn7&uFrBq0LFEmp!xtd_610)+#y$I`^*mqS6bTzKyiRp4!!p*<~;nb<=1GyGXvy& z0N|~Kj1GR(%FGuNm5$IQc{rbUkn@FiC z$Ia*6`}ev8?(-FCet;LQES*~pPyv4tM#u+vKDD$w+po4K{mpQuH685Ha4(zF0!1jm z{viQYWVqC)H$apA%MRMYbzL z4V?1o?j=ww^Ss*<`O1oYYwGGe?Qf*s0N;osQVi{6LVla4={zV*uaZBbGY8x`MRr5u z!2SJozu^8uKRoyZcaLCDTe0z;d z(l@`PVO|{z-?fE-5*-M5Je;3D2b%t=YWD3X$U2Xpn}d(8DVKc_2GVC&fx4V9>=Df1 zpdC|Ql&&{Jt72y{=hCgOr4cI~hhk~>Xwu4Lp>*Gh2rCp=@ji!phYu=%oRIL(r+(zG zzA$iM1t+nll9HInZ$IRgsM=ts&tADYsrM#=3RB^WU*${n*j*OZpJtT>sra^zl~b zCiN_U^`GMSO29>nf9u4L%m2|NvwH6yYK^(b0=8WS%YEkpuu`3xEz#Z4J)M2eR$)zG z>&98M`YWG)$2j*&=C4+QQ#T>z>c%fFE&aeMW~CDHoj zZt-S5=e^D59M~7$jsFf{u|ZzxH~YMRIwXA$VgGu*($(x2{{zGp&UEdce9Hfo{(nOp zpU=CU{w6JbZMj{HjJ%5RnzFfvvcW`(eap*_x?*|1YetuD=5#D~dzH`t6W!X>anrR8 zqz*GN3c>>E+nMbMeKFD?+uQa3FCUazjD zQ<8{QuCL$U?@Q6wlT$5!PSP!2uReHOX9DnUz}sd9z6Y$k<`5JQE1=`y?VW0=cf)&b z685o-n&uVnEs%+}flP#RGh$T|dTa4`_F+>$z`P^;N&*Ao%)c)K$Cw-g^f})o2Tqcs zlq0``g^SbFtioPE(`pG=hSKnX%}d2|pGkq@)9_z&ga6ku?*Gn9{{O_$;TN9ATjPMo z=Ah{_y_7%j2yDH?)z7BV+YEvTd8U+6+TanXyX)gp>qi6RQgVP;0zT1#>?jc5gX3v_ zX-;JKmy587U`2V%D$*zM1IQYJi5z3!BV`p#RFeq5v)`$gy;fo$sEe|4V@o~gT(~qZ zOiY$m^m9_cSeGoIW|o1@zP5?95)YqxnAC6f^X=DZd&x23{!_dtN3NbPJ;jgI1$ZhI z&bju{-Qn1Ho_W#zrpk|j$Tv}E6mfOQ3*;*AK`0^DXvst`U`j)aN)l` z>1jX?s5!F<$EgZM8Sjh>PNT>;SBkrQrwvg z_`Qg{HAod3XvD2peN$ydrjouehtcIXOj6>{*;x|4wvdd>Vpm|72rVoxb~!5CfsNLT z@*7>fcGRBHto8Huxlt@5P`m|A`kRnHqu*!pZz0mhtn8DH3<9(t>E&qgO>~Emh+N2r z;jSXJP7U~9XRcvp zTE>UP8hlv2Y!8Myh%;Y=ey%bYJQI@^*sX{%Qm?VN*jh_2=g+RDVPENd{m~%rl_Nk7 zfJX@cv+gm*i8=&c9HFNT&yLU45-%Q|#qFP?dQkCaW;{h6^RoUZ9a{eb z?$l!4Ub%F-d=KYp$Yy+IJ2g5OMn6gZ+2xU@LNOhfL%}4EWTu>MriW*gqL=MkFfZ^B zNzJT)-H|z>1rKq7MFV?L&^DxrEMa|7jiskN&c(+{3SkzlAeikJJc+{yvRE}KRZeu+ zjmn{vWvwOHu<>{sB$>s&fn@Y~OlS(N?XJnvoiJfuBPo>0)E|DLC9jdK$f}MprH&7n zi#Siq^FDZNMgt^3TdqqX^ck@=+cXhnJ#>?Yz-?;ljpTmNPoF)rTs+y9%q`~NGLfgx ztbMwrT~iD^yZ!k!7JX+8lFqCv7IBJ1vYy(Mwrx0WSo+H4y_9+?AZQpQ=MuuX&G4^H@^Ej&x=_8cBtnz?2v-|VRB{+Mxx0TcB&S5lS&HUhBy+P^wx+fIcGW3d}Q=L@b zSjY@e7#2v?RRGvk-$9#0f}(z#sD7K+$5o2O zs^r0rS%UYst!Ch0kNA(9rre`ZVwzFZY#PZU&^;afA#wFW87))71a9|6dl8KxfIyZ} zJ2M{I?66@1p=Sd#NmC|{!F0H1AL80+bnS#N16v(z$R|8JLv#H2#1vBhWPnwr@N0s# zQ}#QkPy%6L$43LuH!tUuFXd==wAn3#P?yClI)zkiyg-G zNksas<%r}M*=BCBkX&{c2A(-NWG_Z-D7jQcx04z3hii(au>r2+rO>4y-vZN%lZ^Ce zNq^H6AF(jJuvA3t;`?A$$>di}|HuP&_#)19NwmzF3f7Tofk%sM`m}rfHYtaZJbMA_ z1MyY_r@WSiW|DELDnU6f9(%q-x}$r=)^+(f=KI!%UXv~$Yg6S4R^!qd!vI89l6|Z? z5h)unwV+8fJ|XRO4(oQwdiu*XG7nr5eJq6M ztR=r9n~xEc6m15BIs=7mUG^!Q(j4n`AydC;m!O1YZ{j!<1VoQB>K3g-5C{TaN5|;; z#3x>8TTRMDV`%vj)RChS~H>I;-sw270)L0XF3%U%d z%v}RPo`-`ZCB_MLj&D5JQ^P!Jx7e+xj6FkezHk_5W57K_cc4O~c!4!2ZzMR-453Sl zb`xJ}&{B0i_hbMq2}@rAJ6<4Ljuo`I`(XPq^`(wxDzdFLhfZZ+CU<#9DFmgaQbK`Z z#7S!v>nq0%!i%9GynaO0#h(9^8#LDFes_Db_kesS9PmRLgJ}f$fN$WF6N)*hZ*l`| zinQc!?_HTG?p>W{zn|WrI>5GK6y>c@ix`)SCF!wi?)&;Dg!ef4fAQ4XtH+?_!@Gb1 zz>nPNf3dd;CF*4>vn;YYkiLC!>__YmaKKOLb$RCLw_Wo*AT6}2!K2h@00_;Xi<|>L z7!d-Tyj)RRm==~s5))2tjeIudfK1i|uy23SY8cR$_cT4RNe0{DHo!#~fr!kZlKf&5 zYXXc>EAl@*6mZv`*Q{LD7^flOCD4$ryQ{8rcaR9hyia>5!@#TlA?e%0=`^_|;D}eniGZJg$m_bS>N4e29=^ylCF3fG?FlFt(JHZOA3>u zly_x#s*5Nr^ACJNoeXwj&b7wnDuIs=~bmn7i5laAGpzM95aM}5|w$uOjI-OS*3Q0 zv7w9MKu%>nCx$CRX-X8q=1V4=;|UptGLc(uYDfiasY`7bq`ej%A8=Lml!STdLI;{x z>&X!Yru@%ok3-{vk9dZmmjc!=T&B&nQ`zF3Vl(-$?|fX{j-_h?ZXTLE0iLT&Opd~$ zV%smgIGCa0ULzRZkOUrpujknAJl|O;gZ*)RL~MK{t9L|`Og=$U_)?>7ef;sE%}hDW zGXxqwGgX<)Y&7(?EQgw0?Hj2hPpT@3{=?&}jSNxfL%R^)LqU3vqs%xe=^-PG!VIQK ziu#RH=XeqK%7$lrsR}J`qgi{U*(&>OCU>YRV&(JHj~QiK)L0X$7%605q;kZ*jsrgh zyPT}SheD=wbU~-z}B0#fb@gY zd?b6~E6Wzn6unThnt`9B@Dzml;Q1yDRy=GIlQGXWqJuX6{aoR#W(x3pp;cM5 zHlsG9p~Kf#dPE-$S)b^>iSjHLk|@kd?`BJTh-g-Y9;&}4kX@@CkyZ|pAgvgznG;Ma z1r5-6S`*#wFCWwecwW(mmr8{rDCAFrvFd@`z@sR?jN$!Znp zc$p|4D7GbtMekjCefZy+IrDI+`*)9L%^JdBC|g-3WX+7oPBHeGP{K2|8HFsBUC5T5 zWX&4JSjtu?*}_;ONs26CBng8^_O-fiYE z2W+L(&K;qKnlM>cZ8k?1MQcQ##Z4hEW4*bV+e`2zVYsEC{<-nY8dYu`Ln^Cv*W0RO zX*_*OGH_Zg)yJ(F?R&h-*85*dV`ap)aItnjkG^wxd$W%L9ua{%z)-h=*Zp6lm) z`HMJO-cJyX{&Z@rZD@*A8stlv(@U!*P@m9Pn>H6d{=PLhf3WkdI_?Ge_=$+PP~8qj zMB6FW*4a5X<*lKZ0H4&ws!9vJ=m$@6V?%Wd1JJyscdc4e=6n`6%7m^>EaIZ{-!bYI z6dL3YT<1o&Q@^sJ3S1|E8fsBzHHKI%rP3^-9f&GP;(6{zq)T&go}KOU!zf;=wzQWT zU~D%=(jPpR@7GOCy`3=DZ~J01Ei;?%C9)#aVqPL~kE`;8(Y40F{J=Rm@YSng#7^Ip>7 zAn}hIxF`e1G+ZNfVP;5@e%yT6TD!nmo>I+6@M2!wKCN~?Dmhpvtl~aq)-ThtqOkFH zGNL)_Dq7A{EtCO4LfZ0S^)h_V!bIm`Ze|ZQs36kLkwS_#sXu!-tz2+uUBVTnCys=8ynKY`GdbsTj+3qRn?;&9Eagf7kF3#s2vr(=(~)EU+KbLN zzI)am%A<`SUO5RvtBc@aI|aa{!_W*$FiGR`O>iu__cw=g3Y(7<&6WDYs7{IOM? zyl1;p79yH~Xd}^GlT@(G@}PEraV}i?!&*97N0EtY-exlTafhg`c5v(5v!BGn=4B_= zr4xDzuEBq{<%GoxH1aKPV=E$GwFzDnZXPlRN$$UKc44?NU%3|q0%G#BIc>T|N9W>qe zA*|vrDWElSin4<#y?KWpK(z;VJrL$cl))X(P=01xFr;t&R~2#EPOb4*(Li0k00;t5 zZ)~o@4$p9oi2jc55^wvTsqO!VL&LikoUA-DHogEal$dySD{*}wTiHon`d*~Dzf@$$ z%r9J!#PRk{nq->0FA$9~KCLb;eVBdBj|?DIbG=d}Bg;T*$r#|_3O5SHqB)yHhx3aP zroqX$_f%#2la8u(VQ5e)Djf4QZmV$SrJ<(;pA@vDHD$}q6SRn|FRAdbs&ULpN9LQh60xi|$KDez81fY^03P zh1kfL9QeM?yQ!&`n_u5sbc6Ak9`4LS&g)97eXYaQl2-4_5kkgaO0f3nFGUJ@3f3WZ z=$I+h-SQFRo;hi&fYiZhn~VA<#k~B5)~IyK2XiNwx!5I0EZ#~U$#XZ~xgnJ#Bz#AX z>tOs8D$QYU*UHLnbnsf3qOk>8<;mhHJ%+=}=;A9CpUiY{@Js9*Y=?UN9`vX-AvY51 zQyvhOMIcO=Nmqu z+|T>E_GUB{vE|vDUn7FgDHAF0&riNE2(kdx~zG(h<5R)dyPK( zY`M*RQ3AJt*bnFRAwPJN4!+kmBIP6`6Q(X+rMK;fB`m<*SS3%vQRM}MUJdKi-dnYZ zq+W1XmfRJfjTQ*f{6qXBwHSAgWvwZn7hcui31=yk+7Rww$qAXj>!;7==^WeqC8Np<#kQ>7lnl~%`Y*UF;>&Iv@T@73{B>3DMe|kWDVqR%cPBpfK zK(NszS`31rluO$6-7UAc@!2u{eng4(a8lmu(OM4ttcI}iXGT@`)Anr4!*A$B&r;)i zy|dTf71KXElMr1rQ>Q-!-3=3Pw1mQ#2_y0+g5!>N(4m}qINRDA%;Nnb$k!CqO{fND3Y+tqdC=X^=TgYyY2h{KxoHPJC6 zd7yUberTBRXgtjz436MZ$XbkShRUrw-kYEU(}fY#=27rsp3l+fmrj-<*wQ|%M?p<` zp8JE`v~J-K=PR57@g?ES1lNrTCwgocnBCem`)>k|h0?Fslw*jUb?e_L)E;gfIjbH; zu07`KwVqR&^pr)Qh7EabUOb4g%2mmf{@If>&#|L?v5^VH{5`D?cHXZF2{N>0XRIR` z439{NP(@#)>o!JnzG>*CB7khUZU*BcOW85-hh|8JcHYSX#8o*5CD^)o|03v2Fw4C_ zL_v%QBH|bLKsu93hnfxDk_R%E1TlJb&hkuE@|7bHVWIeOP1w3?T^!&Sj}bPc(>^7-&}I6HQlqqz z=|?p6xI7#NDM1QqU$gHmZ0HPRpM5pD^f~LYL*lgf%{anreq}+->wF~-PL{T}+G%3e zLaLIMMjGhJY`z-4&f|Bp%~`SNl-vAhfjJWa!kzdPt)h;)3r-AGlSx8o3{?S!!3eOD z{Ic#<^a>Y?!fwkA#o2C4knEr1qk0saCJ0LXL&}NgIu4Qxyq*mCRJ|?L%9Lo2tFAke ze7&D*_G8RK4a4#Vxo> zIv4Ag%nSCYO}?h&XE^dcV$fOhDCFlT=bDodq5Qt&jyT%^)CEzov(j*hnZQ!}td^2+?=ofLxK@Ru zhC%YE&N}A$Tpz;zf7cI7Alh=nsRO10QQ zn=#7Oo3tZvPQxPj$;iFD1KNrw;bPnDC%S2+M!S-4RV@T-D!K3nq~3hWP$k51(G#PL zvg=|sL=Rjr&f!@jKf%w``7qg5a;w*}nbN0uI&-DbT`A<|a_e$MO$%CN3>!-75}Gte zQ@XN-bek15jc7@{`1k{z>m4Ag^2Rr6sboSE(d7~p-Ys&<+2@ga_0hq$P-+EMQHk?q z0^+x#tVH6>B6FVfCeyb$9xFfX%n2`14N#KzlXU*x%h^WE_j`f(!wFyJlxO4iBfROQ2vR4p zZqZ!&QJj$hIYS@>1I;(HSMAeoH|9yB@nf>Kdc8*|C_$jpA#$!Qt)qLI6!@bReb;Pql_|0{y?^X;hTm`KDQ}jt67~AJ< zZj&f#P3Y%iF5!l8XOlY_~Y-ACUCS0Zk|11^u;vB{w}d;3X1SgAb(7Tp*x+`&JfHE=psUG0mP zupLsLJe#|4zy}0Pz`sgB!J~sBcLE>u55mn1m9%|&>dh{`R_7qEqw9FE4_6xEB)M*EVM}SAE6wbfmde92VY1#vb#jP zeFq$TR(=1ep#4F;`VPnZb@!%$^zSUe6`@THD_`$_lW)D;vYk%2AvYGXzdGZ;^7ZRZ z=U-#=AmvA2Ua9W`7Yotq9(?fCJY+j*Da3DI(7nL>%sTkqU-aw2eoJByvybhV z;Ln|zJd`UrGZMRmQndNedpWM}%7U$+@dvO$*eJNiwQD|m%8`hDL=(Zo#I%#QcN(SB z0W7tp{{|CeKN75Z{&!qQ#;b1O|D|TPI)(ca>jeb1RjZ5ejA+PC;*M;&VjC_d()i%T z2xak5c_4B5hT zy!MhgP}&00=f@8Rmd>TWIazDanf{BDW!?syY(FBPIrQ^+x$7ptcWY?LDgiJ>?oa{t z_RRHnJD%1ZlouxtVc)WBwL zTjJ@UdFhnXBXDz;@V3^x5U@s%gLjrg2|yV0-C1`EQT|o|IFWE04eCo2q(B`Y1<@cS zWONk$hUTz|TxKoJEjMts{A@@JwxqzxePKE@%PT7&CrI>|&(<{$k10SEj1Vb)Ffi^` z-hiWpHm~Irh)hv)@hlXcmUz88E1>I))BGUJ(_k@ixO%|8s)1 j+3!@3eo^1FBLV`_ zf^@^Vd7gKl^L}{uTDv}+4|^?UF>%K~uU}l(9igfI|vC4-T)`1VVY#ysU#=@$KBfc=l13nWuD;c_BVUcv*ys-P6 z3azlPM6Z?QAM1LW{QjgBZvE|b{?e+~u!>11bVYC>#Y=fllbJPMkcyCqlf;o+_`o1m z1{@I@`&j%|ZfYw|xGSUvPS&HBOJ0L-hWT zg`ve0kR*MShMSe?{3@B4?l$kbJ=>G^_tK7@;)tF;Cu1}w$^SRc9-`n5(Ki&Wy4KLT z!LRlgmqY6{f+75=cI84^BZjsRqo=gGdYP(ery-iZ(FNa$3MSzO$3$g=hO4I3k=eOu zgH(!VRVPA*>zm8GwN^Yh0)ENTB1kX3vx+n0Dl{TPmPA9^@#7=TD=x$!SER(f5{8c@ znG$~NsfIox-!AuVx`LC3y5z9bxFGgb5FLkaW%$LH{S>U^kLS2L6Sf?U9_y3oTpZHr zPJ;K`o%%5H^iGJc@P0;ra2SV2Pi|m$H|}978#z7L%OZrgMkLn%MD#&UK_UfiQSoBU z=f_u%-4gQ0nxi6cJUqDUK}5q#;Y>N)=DIkyEqcK?l}kfH4L0R8$Vi1PmY1@2_H%e5 zlDhhBNxQnk-O(kTOd8y@!seQgQA%*fa$Jp)72X1iTny@|Wms|L(@scvlGd*f@j=Lg z9B|=7&{4t2L|i1nUc_hDeoRTIz_eF&LXz%oZI<=tG0m>kZ6Qv%eDRJM zdQHI(q-==Y8Z+HS?vFo71AeI{%&tck@YDR^1Z#p2=(X1Ok#y)1hjw7{Wv78xbu?hu;U_<-?IE~Yjo`0o%@cxS}3;bTzSE|7QzGb23pkn9=sJ>QVAXZd^%~th#4m zcW8nSsSfhDr1e0Jc6SjW=DK=BmfD?*?8>)!&SD;I&)hjGGjp&Wo}SjDR0}<3bmef| z2%)3=SjTPUFpo#8AS3FiddJ3rBNDRPLZS45QcDiqFNKHeMLv6+ER|pVcq2NAWq>06 z++`TVpJU3=A?z~}n77%Jv^;%F0E({?_?)XFSV6F|T1ypQ7N*j1cedn-Hx+xin;;!zkSo({>U4wM-pGb5qEq+ix}&N?Gr7E%`64cvj&|_yhKo zvqtX665CNueuJ&b-LyGOLerUd=SL7f!lex84qA|wTv^OUj_R~6YO2uDZ_h}Rb!FTb zC;}cky_G}DI$kD|r12euZ^`^tZDYYRM{PWfOe&-4OR`Ehk9WX~b0xpxG8V+2WF(it z7H0Wy;AN3irWSAuq43iY;v=bxEfYF4^__2w49T#z6a=-}6k{3H%j3w8evIEfAIjHX z$eI&a-XSZiCNBe(f#M2!b9RG~4_q0Cz2zBA5zoU5M7H5o$S%L~BDt@UGluwA&-!rE z+|4I>rB2ePtP6#_o04Tf34$bSkGSi#-*vnSVK4opQ3EdmT~1e*;G2mn3)nd*0c(jF zpD-(xmZ)$@#oSFuMUCuiW_1vQff~47n^g~1MTxU~zb9#|a6R;u5!yc*plu${7ngjy zsHQ(b%J zZ%ivPZBpoc*7>zu;jyU^b3Swc8cRDQPC{53)z6*f6l)LXLr(k4Mfwv?STkAZ)-ZRS z%p9i2B|I&rwo|c$EY*X?;k{OY%Uk>19CB?_K|umvzxLdWJ1 zaeD&hj>~A4D>Tj6v5*Kdfdv)s*S3)|w+}7-EV3O6wc@c| zw2Gt&(gne03>C|)u_zM*M&A_}{_sBk_1;*885c22&9YM+F6B=0^xl>tGw$&1!Rg`x zApudnLyt_TmjHfx#z)@Bp%83*wTuWB1Z^J@uaR8Y03~jK@tw&RwPCWPo+-kV<_TUx zczo75#Wku#wugJ=s|ZH$n?gzBm#wj|s|4*{e@Ld?A6T1MjBr!^s)Tsoch4^6kCpK( z&wytmV#AsRNfrH7xp?|ge!1w*RtnWxnNoBvUrr(Gx!oX#quS$y;3_?=W8R=WJ3e!P zCGo7aW2Rz>@>DM!#!=!b;(R6Z%dSOrE0}`8+18)QyGSBWZgNY_DNo~W8F*h|(Lhp2 zi*e1}C5Te$@;R7c%a)lW0j60w&!IsZ64TO!*j#D$2oYOFpt6iED17}2Y#QI_zL zH=v5ial^1i%@JSp-R14e;2oIr5)DpuS&JGq_EN!HPRo5Paw_fb3x*aDADoR;G77Nn zr^^jHLj3O3A_`M$8Sg0W2;`(IH^N~+Q^af`y5-~Va(?x8rrCgXK!ge~Q)>Dwp$^qC9?&BxP9>XK+_v_E|7wCBmHpkmX}Ez;bilhLQbp=@*i z>1HM6h+y+2+&CSW>7X|Fgn+!O*r0@Q%g2sHotqI@DV$^+Y>+2EdV|B%vvi=k@)pBu z6d0U!&FB$(Fu&KvX}6DnSUVzy>j}oO?Cm+C`yfqBSj73+6Ou_#8+0bz~Wx2GC z=Kk#UU#yY;-(`&!aE$Ny(Qp2M(?NYI-(NhY*)xyi<>j}jZ%E_dm4+HMRc&v0-u29b z;R{Y46`!~z`uUSy3Js{s=;M8q*u29JfO{U}+1u|gz;JtdYsy8bOYHZJoLUaoa^e&d z_vaYsIgR<00GfJLT83&CJHGC;yDFRX$wH05u6?^{ydCiypT`3%_rlO9U2EcMzICAO zvCdhf?h=t#i@MVlk}fNv<_i0hze7)SfCEV!?8-A~u_vzjoWp~d9H7WBdwWQAWSXKy z1>@zsO-_Zd$`_Z<)z-`NLcFU6=>xblfuc)s#?XUNIkiYI$*UiYhZy?`WN!!dKN^*x zn69EppeBsGJ`Q2~IYqz7U=KO&(qCbFS`bx$@Ge%~RZ3sCdkl1Pe^nU6fJ+-&n%o+T zY|!5(<%~ws`jAy;q?mXY{qte(F+)ClPIX!nDq7D{M|?R%)&J3Zi9FH1Sgo_$V_T#e-bAsGu09NiCL$;;Z`J8)#mRrO&Yvfd z!FKTHtqk_ zcQdJ?^CuXv(VXNP=|j$IU4I9tSleX<<^D{?MV7Z%1C@?r77 z6POzDrZIRf^^Y=+0To2sG5UAr*|L~my=7m+2cDAY3>%YE|IFXG)bmh#uQ`idK-&0u zWTE<e$Ah6GdpwvhcajzUpLhmSz=>`(%tPdu#I?4068>5QkyEaauqh+ zu-7;XZ**HNnfE;o7>HH^ztwnybWab$kDE_q3iv7cf(CX}Rk2!@#)BxUEL&8Nx1!oo zOz(3Yx*m8H3KLA%cbcKZW6 zsKcf0xw&{pN`6+>8Z!cnFVl6aA)vYvP%}ZIZrR;^m!CY;gbf{6C>uu5*Pp)JY`ydv zddC&nH%4@2ul$ zz0mqT_^hne1f|(G^3N6g-&KkKZix8zh2g)rL{zKzN_rr}Tqq-AP9VayI{)kh6swUX?&ONNkEebtJM8jc!l`+;mn{yOxPr9*_BE5#PH(bH`6%suAA_*)Efi#{}cSuqL!H~p=I?wCffZ&wMmQj>s`6+ zzQxDW8)5B0)Mm$L^~pogh`YstwePg2&Mk9-2l!2zX>5wjyaa45;xo=6BTx$Py!cbytx~^|#=TV3w88cMQxFi$PJjV89+d+lk2)R$@odHijb6#< z$$LQ7Kb>*K(APo`%pt&z2&Z_{AEcgy1=Id{T9A#^ z5#~y0S=kF3u0w%sTc4EBgzT?f>av9xfh;la4Fb%caTWfbr+>m=vlt-I^pgSlon-S7 zQX-%#ieZ!}_|dO(%QW0i!O|_7-1WkGW6e(lZgb~5kS9tE%Q)9O8oSSnXsz2Q6;SFl zSjfV$ov_%80_ub^@j?ZzoI_%ZHjcrdVmj>k& zzw7X(?P*~hTr+o=_{rwD^1A^!1t&{jQ!hd>RFB2wJ#o&6cY}H~2JYXBiC~PcY{WOm zbv-za&lN7+3Nn*{#a9lQL{1$G`P|;tbLI`wOt^GkD%x$Y?`I5M7;0&V)ososJ1Y(x znmzyf?meRO$kic)gVZ|Rv{ip+5X+@^QZ{h=hS!_uV6ZgJea2?7OvyJ71%b`>)G;j`!FIbuXu&_B(P$2$iSykY#Z$Q|O(HiiP6wtpvz)M3s#t`|?JQ%0A zr0)DtRTAl1jB$cB$jr0*gd+2#8(92|{wL;J1dN^wz?yd=V`cRjSx2VIQRQ_k5cU$j zc1|G=xfN!$h9t0g4}V$w`8C7kuQ6>${OFK8tmqS5oyq3-N`;dqNIoWHDlwJST=VRC z3$EmQ&im#E%60)l#tw@U#3CwMdHJGd4w(g8pXXx^80}V++|RvglBTAyXo)0m;gzV%$aJe1_HBG@Iv$0Im6y$Sl;%aZaEvmo0EsHyj{_`V0 z4lq+wh@kNBE$q#gZZ&YF3OBcAj1X`b5d2nMkk$Z=V9XL7S+W}>B}#8cw@A7QE zC8pz^dW;rqqeWafoV=AYhg{+{4vi4veqegJAjgI1CCYu5E}uU+D6DB<@I@&*)t z_2ndI+l_=n`BdXOf~4>A&)Ao)RYCi03F{{r!(@aG%pa z=H*v#y+A7ft<8FJ(C>|jIyYziu-!L!<)si?15aJ?fna=>>|qSzV@u*=D-Xo@(MB2X zdH!yR7{+(j2cn1)GIW$aZE5hI{qa5B)RFcEQnqB$cb4YGN&sM~mXI8U%S6PTOa4x? zuEq@UxMo&fOFG^dkD@kW7|_})A`Slu2D@Yc+4L_vs1N=b**==Au6X_@rv;!k-^$C6 zKsU2$Aa~<@E(3G=pKv?>OE~r~JXKeiGeC^##a_K=^*udZ&Ah%?gq=05Um)Wv{**ckw;ZLLc6>S;=cy*e ztdib}t@JSkKoc*3h`f8maNa?{bkQr;I`&px9uDxnXzkc}vZ<9jTIpiTzfw$NX}a=M zQp$~+&~yX@8n8=u09jHg?QJ2>k4#&A8$_t&VSjM#=r}q3q4A#EBBaXUYpxY6GR30s zY;1Qucq4gNyeBgP@iqRWUtqs?U^?$zp5cewD4)g37L53N8^3GCEvSX zqClP@)dBg~qM==LfJ;HjX32&05a+!|e?~hK!khF{gdf`wKGNW}ns%3oq4@}7U-#;V zT?`(eajc#J5+|Ev-UMdh=AG=0jd-*vks{$t)SnF%Ps<)b4;nc%eypPbapu3~HT!Jh z3K(e;$5E3J2`0>mC)3FI)=KV={r*$R2D(sPgr?3xiHh%i0*mLS$7ON`X_art=fUgt zj2d@#-AqH;h>Zn{>ncdAA(}>G-+$Iu1=HG_F^STUBm9nL^1Fx~{Wr_%ZbmeR>C*PE z=`WaEp@<#saEa#ZY`-VD%8$LILx1KFvF_MN7;dA=#B{dQx;58uP|A;o!x|B1OuWvy z0a>te;ND6C6+&5b7D|5WB!S!?&VaI4@z`g^+|S0~jY=l= z>%X06r#qrSs>*)TW=fuiQ~K$5^eBAcV3{=Rk#h>;Cy7nD zfRE20*b-|#pIHNqzm9zeX<&iaZxh=4MJ;O<1UPZ>b`?qN#&Zc!X@v>o;@CB|R`RAU zM+9xy{T>^c3({S;5N`qX(SlK5N2JuZp3}+U6Bh*fQ?@`v56+XE(vLQC)cd zEWopmW5|cOf?pg80cykTiK8^pO>EwlvfEd_!A{p5t$)rQp+{GaFK5*%jE#TO-k@dW z6U=O~pd8$|IXt{H3IoOcuf7``t~~{SZhCL7VZR7=TCiui)NuMcpzPy_|1W~6rUB$f zJIUsgcLC+KJJ-kn+c}73Q%_WQfA>s`C|k?gD-mUry^EH*SJwaxM%(~s*$cy-73lug z<8uc9n^z16_o;4l?0OBZqhjd(^B4O3T_R)r*K=0)Qe1o7yOQ7lh zt0@J`6zldIA3}OVbe}5q+qU zxzSC_c&B4T<9;RUFN@oMe%UIP^A|<1X9!~Kix7R%;8it;j;`#{{Y$pyp!!X(>MEmw6w5%=LYl~yo03nRQk%V=5Hm43n;OVbAgN!ftODq0AK+^psbeWNUg-MJ1`Z%!HOad+s zS18F6&fgu@o>uiS+N0kB(D|axzeNNcqD!c1??7M78bG#+N*Al@OImF9J#}?>R!g&6 zUa)#`y6;}rYQ;)BPWNV8;Prenkh-kV)RTa`Zf9D>IyeDv5xVBN-LN|6fBqW{u*-db zqYORhm9=+DUyh5p>WLLS-XL7NKm0(@!tkpU8s11~8}q@uQQI)|_;dQhHKatZOiz@) zsh^1VML$~{AT{Z4@H4I7Eec?7r+}7M%-d5pltmhQJHjK!;c$jYRme_7l}2IM$11Zn z&XzfdkBCa*V4%NG%Bx`l*hxpYU~de)7{YTgLb!wJRaE$_n8TBFGQLKv-^$eEH%5h5DBb{$JRTOA@ zJGGRCV#8h{%xr0Fepl2neC`8mFCnh>sG|cI-y1t^D1*<|t>Pie)wE@dA-778c6Ov1 zRI#>_Y4FAUI`bkAG-<}JKxDt1we%Sk3$DsHA8uZ2=Qt+GsGdTof?C?oDXWcL*7$eT1hd@DWygp}|-lYG=6 zA7E$=eLAddxO@LVErdWT!q&W7BJ||lS+mMI!|iXxAY;@c#dMz_22H>iQ#R_de4n2@ zrlb8_ciJF5sg1v$6Su^*_Xy>$)o1-+_>&~{eMZ}TK(={qqRYC0NH=S!kv{ez@&2u% z1OE3z3s3wP83Nmcu;f^k2+em0v=#29+Loed`=wCWEuxk-y0DBn@=m#5FLb|C3#glz z2Nw;Nhu~_gvikkTAUQLAg)m$EK&aj3L{GrOi{E*E z)?=}|4VcZlyr@VbcHf`xsGlFa1x18n3-#X9;J4JoCY|C1+)szZgD#>6uX)FQQ;k%5%NPe?8s^SV%Xv z>W%-C|F=^57iP_kF}QR6J0N4{kS+7N?FG&C%5mGf-F?_8J?yMgEjlbiB_*Ls~MTs73i}n4j!UFxq;Pb#~Ru2nNka~cy zC$w1DU@n@jf3~F@U91Oq9S59+#H==iT|+!9%6<316Mu`a>)j!yT0n&PuEy-#`IjQh z|7>3ByzTldoo2RbX*PqeRjlo7{0{lE{mp>Wn3`mpo4X!G0>VltSGBaGKgJOk`4W@70F;!U1@o`{Gn5Fn zOrm!GmdIwNwO&m-sN<8p7DIWf3e9vI=c2z_)oSa;|N7s=^)$8P5%9bGN~bplI#28s z1-(w6zozOPxn6d-c^Xsyn4s8bA7TZP;Y6uP(U55 zv?xfUf)A?xk-q#7<`H@$>iPkd{y$jh@;{~hSS44=>gLXF6yL@E2q2nHfhb<*H2>-z zYjwqtTzZ9R+toA~>h<&COxOq!jUD3;f4ZTNqyD2o9 zPgl|bQ}ig2))vBP7C`rE^Ws-2bi00Q9qDZB2xsmxvQ){)Lh+On#z)dzM$$wDG`HVw zCCKnDcQ{19XhLF@ z)lY8#%-CXrjKX7oFuePo2NToC`qp`FlpgeRsjSroqk13rlhM7ea3i#zOv!}3n;)~z zpM{9gTrn`t`LZ{{|7<;6@S=n1qGNvqHVc_&KJM%?h88|%VEZU z+#YPmOnU$G*RqMtW_JB+3bGgG!VUUgZqqOG_tV01KYmTFy0y&Emn7G`^UnVf&SJL` z@&n(#5Vu-5W36IcBaRKI_h>O8@ww$=A(=^As0w%({zIyVwfRGbl$w%E;V-!_CHT*j z$DmN80-pNzNl8g4E^U8i%-iZ3lR`MX^BYGQdX-W=_`41s__{T2A2=AAns|cU% z0nSW^m|)yJz%8DEtz@IxwR!|o_V2O2v|e>)&&P4axV}P1FmQ*mNSJT3zk4hIa$V_; zjyGH8HF0Mg*7K5`H=4j!7aCPb6d%Ya;&ICmVUSGlEJirb$|~u3M1Riw+=+D_Vg@go zyUWzHCRKHwm^Gpi3Ppb2u}&3j3ID$Io*^ak#MZ$CJDimx{|1kAei@upORsCUiv zmNTFaXHFlxk&S0bDA7otjm3#_nb_`UUY};x^>%dBj7X=`kj==!^HHxq9`y;^SY$91 z?cQCQXdd2fC8oF8-n~l+W~cy4HI{Vh3yR!B z>NuIjt$klk1MgS?=L6{3TF!+BKWqP_`Ip{CjLP z;i&$}wKh0s&t(=$qR-9U^<+hUWp-#x8N#_YE)dP|iJ_j-6yo|&|AO0`MvM9_1(fkj^=(M~=`{c+S7XN00&`Dms-`wW7$-~kQ$=SMg^`Yh>Dm@kC zp)QS!DWT@MN^f~uO;tc-sdPz~d(BL>skp+NY|cU!Zh`0l!m2)Vpv;bBX8P9Z34W~Q z7G+m|>Jq(evhl);JfM3P)G9VMo2-m7_zoBHy>jFZ8J8r-I@IC=wCSMfXk%-QF;5gw8IRC(AfPM>Xyy zKlJF4q7CbLc+*$c9w|e?t(#%(>XJfC#&azOy&t1v6}sQcIVbTvFj2MYeM+yh^=zu*=ruW3nM-%1UKtIVju`*;`xzY@H@+`|14cfnnh6D9LggvC z&8>m)%IO}@qdbLPrV%2aYK!TjD5fwzzwHQza-x9UsD7(9=njD+V`lK>&sK3ha6qD$ zE6wUli~2r_qIQG((dP!Z;pVJL-?)k&u|z+mY5-qP+OBWi0)=o7duDxIVFXj$XHE?& zzZ;L0##O<;S1;8;6ZTlBU}1MlC2DJ5Kx<`j?gfR2Z@RfK(5sti--9cDy zE-;ASc0VO0NP4Jyfz%bnAM*CSSp=31S6thQv0$l&5vS+K%^-@JL4CS$gW)g+T!HEb z7S#{74JWZe z?((EhwXlN>&e=?#!mBr%qFnwAUlxHKb}My@dL7tcfDS6S+2A*25gB-P`|CH}*D|kW zx<=ehAh8Mh*RkSA9Y`|p+CGH{!vDI4&wstt`oB*=m!*Hkh|Qf0*+{#skKf;(M)9yh zmW46CR~M&)Dg1T4pCrEl?9=%tPA`ykxJgy7axsHbjVu$&oDx%&U8IkuEm5yo>8Wb& zk_$;X2tw?ez4qbu(Pox2$v~O)6x%9J`jDJMOltd++UxPaDOgqdpJBg-0IGOm4fQGJrG zKmYwoPAIToHekvj1t^E%O1wB(ireoUl2W_ilLb-~7|hUESHw)_Go#6sEAbWPk`=CD zBr1wl=1UDJ40$Sk2JU*5S}%IN1iP|q5e!&nV`^|&!ao+?tz-VH9d5O``mK4G=rGHB zu8fBS6k+=B?z}G&Vz&_?xZ0cK^_2BGGsN%FC1=hj(ZQ*oP<6fo9twBM%E^5y(A`yt z-i8jOMsPEqa&e_*b8{6YaS0HXS8^jPzUm~9axN&Ve&q=0jUDXGWKF%#sDza}$&F=K z{u!-TqC`OsWsD8e+L9?Q4ut0Cscf_GwuFqabDHZZN)_#yjdu4x&GcGH^$c84jcnsk zz+0MoO3zh$@BAt zEWC*RQozP_8|_~C7_Oxr8^>TXYl&r}>D{o(yEGaR2Dc{mbj4vrIH&OICplc6MkVA# z!hu{dHcfl`bW2htNCQK&8y{Jj=E8L#^b+r&gO*W}_t|K1ab=hGHc1IiB6Rp|`E$!d zA@*Sm_O|teN^w_xj`bp^hF(*x0}k^rB28GQTfInx*eVijAn-7!Z~@vKVh-+1e%Qb) z=OrXSx#HG2Y-2oYdAEDH;ov-w6L-DLb4zt>MDM;Jv}6GhqB%f}&rzBg+hCWxJ2_ib z!-xEn_GW01zik$#6||q zLAJ~M)_}5gzfTccHeluc`0A8oV~RV>%)LLmHgyXsI7uTQM=sU^`e{WOAQ7vK%46P7 zg)8ucl^ht@+pwQ1es5YB0xJ1Fb7x1Vz58Y5+0S8?`)2)1d~PWC zWIUyH(%rz3s=@STp5EV;aNjs6f>=8dal@h@ozZFSQ^jZKvM_si0j@_HndNN#*D9qa#n1^PmuG7CpuJL0O@fj_NRlu?qJp zWuBM&W)hk@6MBaS30BPT7wzAHx|%;-;3pA4su?E8D#Q;YG={@F8rqdRytIIU=K@yO z6TO)XwGY@iu*uuiKPy<4t&;6xS2r9RH>^t8XD!>uEevoJw?4y^iAP$@?z=)X6>Sz+Ad0o2Y3x1IFxfB7ps*+QNSEqq*9SYR)n zD1hnwaSoTcrz+zlB8XpL&{3H7;E9z;%J9_pCDK1t4)r!S<3iynu;N@5rnrh^0Gs(tk2* z*xzkjYORkgZXIH_Cnq2C{ zN>i>GGr>Z^a&~MHV$xs&OS0GBzL@1k%XfM*buwL!F-ZYxKf&tcqz`u07jV&6rXj!5 zONZfgy$;eovI{#AQIWTLQ;4em2I>YDVFFi{=pdq#e*ff2H-K}h*#Gi}-ID~S)9W9cm|1sLl1bqCI4orab@_5xv$y{TgA`ok From bc29a14319ea4f06773eeed0e587b5c2b59e9d10 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 14:38:10 -0700 Subject: [PATCH 062/117] added new imag' --- .../create-wip-policy-using-intune-azure.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index cbae7321c4..be51cbc165 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -588,9 +588,11 @@ After you've decided where your protected apps can access enterprise data on you - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. - - **Use Azure RMS for WIP.** Determines whether WIP encrypts [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) Files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. You must already have Azure Rights Management set up. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. + - **Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. You must already have Azure Rights Management set up. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. In other words, WIP uses AIP "machinery" to apply EFS encryption to files when they are copied to removable media. - - **On.** Protects files that are copied to a removable drive. You can also add a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces -- {} -- are required around the RMS Template ID, but they are omitted when you view the saved settings. The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with permission to that template will be able to read it from the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. + - **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. + + The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with permission to that template will be able to read it from the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. From 402fb6538d0f7cef2e079c551cfaf440cc26e99b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 14:53:58 -0700 Subject: [PATCH 063/117] added Note --- .../create-wip-policy-using-intune-azure.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index be51cbc165..06d1375468 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -596,6 +596,9 @@ After you've decided where your protected apps can access enterprise data on you - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. + >[!NOTE] + >Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders. + - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. - **On.** Starts Windows Search Indexer to index encrypted files. From 7e9bcb3724a8cfc1835b4efe3ebf24d671481c40 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 15:06:20 -0700 Subject: [PATCH 064/117] new image --- .../wip-azure-advanced-settings-optional.png | Bin 23584 -> 23683 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png index 02138b02a709d31ff3a1c22f09c939f907a810f9..2ac8f45b5c4f2bf46b77dcbf28f258bb34db65e3 100644 GIT binary patch literal 23683 zcmdSBcT`i|x-T4iMFhk`Rp}t0(jkD-drjzw0unmX2~}T3nt*hH5G3@3BArkz6ln zHB^j1pi>t>pcCEaPXhna$?|>?`0IqXk-8G749B(vyg3bftos-Qs))a||LhF#{=y3l zb8irc(dYQjiD?JU01(LPrl!hcNWhcTDSXVNY3TaVykh-W;8u8v=;Y^;ZzGsrf7QOd zclqs`n=t|Tx?rD(ry1u}ZmCUnT+$8yAX?)!Zc%gViyJTF<}9wLH5h9a4fdRPn7jQB zA?^*Emu$JU8L~u`4IHr~Q;WScm-T%|3X$~D3ka%At75*ahbgq~2pAU#A8;82df6Et z6$`v6i2Q%`Iy@2p4kc&#YZaU`Ewh4`8dBu<7IWjDJT1wT@<6AArtVv0Z0XeduTL9D zsjm>JRrb3(3z;6yN!knIe})%fU5b3dt<*S0(W6|;7c7T$+h4syyA~*kncIn*!7=h9 zNsq-m18Gh4E{CX{=H1xXO-R4|`NF;BmuW*TuA8XqGrd@V_Qi%nR z6ksU=3Yw9zCfe&2hM}s`Q-$L(#Rb*T$Q7GEY*l(~(NBiAE}A{OWci6|T)pq;df#EH z(D*FY1>?}3X6(_Bg3N5uGVTc)-2)mZ{7!u!x#+m8&4HSDhq2?#2_YP zKrpZ@?5B6HEQ65fbyne{@Ry^D;eCO;O`lyB(fxr@v8k>#wp>#WV~faLmzs8c?@C$- zYsbd!&-;ywUPpgS44@Pnm`6=~yf|Bp%^3`=#kRDGJu!uL+NF!qE-*MWKMd5mj_1g3 zyzb2u&uCZNb_Aj<5*14)!=~BvCr-h;ut_%|L@h%uhYyXuntWSxvgqEPO=L>) zKmknX1~Q*wRK6us8S!ZnY{ExNw~9t)X|{|Q%Iy4LG{hJUWoQn0C^G$3ry0UJL+qru3Q{d)%Qnlvviz&n7ug+QKdxF4k>|AQF_nT4 zCTLu{32RDbeP|)r5`TZKrL6?zU22Gs)aT;6x5GwyQeLw&29YVxA3|<)--qFhguyc> z%Tdm2+6l2`=p5?6IMWAJi7EY>M+6f`1$f{C@AVHN#ea#CYTZZmdP?{nfuE^Nr4GPI zXKMF0lkWva!etZGHyh9uwlXGKgR80LgO=97O8C&vVo@qJIo%z)(S>myDVKO)(8ol? zHubZUqUo$TN|tuPLbn)|K`^k3VqCj_s7j+PSCfqoPJPb}vRza6IznkzoQ`KSHnfpwjF0GHZvc0AnYhg*&QAwB4UgO1#@|_Mv235ut(#0)_;Im{7txbj zsfCJIloZuXHi;Uvup9Cx6JQH8?R$^uavel&SVtdL6|GOBGzT|)w9wb(*3)CE+!uYJ zS#7q;(8nQy7$q22=}(k?*Gfi>$C~-%>$e87>yJ#VDdM&jTI4ldndMXjIHM~+dfWB3lvG*r0Be17V z3uO_?sIjI+Nfs0=->u%Zj<0CqSM1Um#K;mNkyRPirrG&%JrH)f2eJv+lsbwWa*)HO$@Bv z>4+}-EAV?&2G3av+qjsAM|f}g3+_r>P~KNC!UF!W$$ka#I)DWW^DScZNU+cp@ehmx z!-@DyU3-Hq4Cti;8~cwpRppCPc$Z2VVl#_mXRGJ6tF}v1)UhWo@U zWLW+}_L_$h@g?oG#TF&1cBI3UG6xQ3@MZ}El&>IbkeKYF>1BJJ{sy(0pCFD#&KbEc z-jW>2?jIPJ6BX>m47X8)uTF)d?TK3)tWGn^EivPcM|0Ka0&M8?rq!Zsy4(;x_y&gW zeM9%0L&H$0h>1RXOh$`^e3f18b?OLD-9@-Nv08Tv`ehbv+5Qo$=cw2UbsKK$JxW#D zEce7r%K{Vq*0^s{vr#{Ot-5R>2m&o@xQIO$6GYZ#?z=A{L6i$L7`Af~F5^rt)vDw> z1t!&0%hfqoY&SEd?w1(Ti`=6X>L*5fr0%94>6~BVK3p|RZrhIDbuGUOzO`3eR8YMm z*%s@*4&~4$CL^n86>K~z%`zBX0=gmR!7L)gWnGP^X+kVns~lJxTtQc_hhs=`YhCp! zTbX|N--|5#fiX%^v^E{VwLGIT9xS$2$yYY0s_9~1H`95~nr1U^>~8rsY?v}}z;B)6 zGmvzr92F?(oK8G#n>5wh;fqz(bie7OUuk5Gmc2{_>+(#GI*+4DE~XSM6!VIhYBnlk zI-+@Vq*!aI{b#I#YaWSW)oYx=d!;b%%KoIyjCfSsVgL-59qsX2ffOqt_ui zTrPO4W?zMHS-CDAmL4bO4kq5r8dem=`DX?5DhU&TRxyv7t}H6~nY=BS96PpaH2vnL zC$6PN6q;oZ)uqcSL|1zxEf+bEho6_3Jfzd_pd;&iBPREslt;A(ZyNVme<+6f`pdQ} z{S|0Dfm5K`LhpD)wh^~&`$%guSs%1y(-gx77y6?irHqX^6=-5RM?+ZbidRhHovfp5ts1gbTr!x*cN=Q@I2=CC7*gwD`~u@QZd>9kgEEI| z--lv&*IjG6a>k+>vSpZX=-A2+-rR!DsJA?W{Rj*(os5v{!kZbIW;9)t%Z%xk^H(0y zZ%N+il)5WwBQc>|Z_x$TKDFe0Z*a`YyqV;NH%&1ZUg{Mavej-m-n_k+Zsg0?`DJH~ z6T#0s5*F^e9I2*3%zY^+TZLuggZldzUa{{0%B9O2S+h^e zl+;Gre^=(W7B)|7GUa%%UKQlsu-vw^%`I14nUUOU>~5(m5lFQ?o>zC`N1R}eFSI#4 z*k2{7cww+52ea1Hrq&{l<@Ts{e^*J&GNH%ni8DbwY-_L}>m zi2LTxosCMx^+(<8R;Sh0Ym4yp+}$QIePchc?H|{~oY7!?=pa>avO8SHjqo}s#=IC? zSs|Q$Hd-biDL19t`$(ibaQFrCgP^~jwCoLu%}rE4>q^$g2s(|@F&@Zo>Oe62BCD2-m8DnV zxN)iVQecy_h?odMCGl4BZT%>1c;v?ll*Qx?{eiK`FxMsEp-i9&XE*47`%*rfMrYlrIzLk^_y$^9Ca$CS(>19?h% z68_R4GLK|pfUS8AL6FcVlwLR#C8WJspmJFFM4sL@+0SDEV-k%#JoRb+G#dF}7G_pv zBLYq#vz4DQ(zV=gx{-o$Xkj_%Y(M~WluMH6E8n4W-=6=*z?$YJ zqVDcGjQqy?*=C7J{^D4lVYtz*E8ZJlq)_lFrX84u25`Npf{P*ey zJE$~L=$3e7tlk(ROy*{yjQXAhL7{0h>>+OKku4X(^7Xse>LQ$f&+x4Zf&iB!3wQJM z5-wGTT3{HQ{0X-ixce3FXUkQB`q{3A+>SZ8fqTion)T2&H)o(n{l|5=V0b#nurDh1 zlh@hntWIBrq{yV(k^n{haQFZ5RaU)%AQzixK01Er_LkO4Mo3ZnZXJnofI$7jcCL9z zjk1X$2vg5@TKh0Pif2oGRdlSo-$8<}Xurcj`*|ru&45tf5gROlbd~i4s6T?kj*Fd2 z%ziuQR5~}A@ZMKV8~>bEVR+>wz)#BCmvFzoR~QcUHl^aU-8fM83xVmQi-cVDk#d`v z$;qaGjoEzdw6Z77fh)tMUUZ!+ldyG1W>vV?C%Xkn;O6`q2Numo*I{tYho!{Akby)_=*JScP}g+yt=Zqtb*_K zlUt?#kQbfp(?yy!;5x^2Mf9F*$zPuYSE2+MJeD0nLD8<<;3TUj^a_OGAcB5sI2@wuPZcCfd@mlRdywY5w%q6fWvwj?Dv zV9s%_mQim-!^HmMo4E^x`La0Qu8nAZ_B1vjY2mV4u%=3xm;F5S%VykY0b#u$mV`*! zd;qF6I(EE54|+#Mw@>UkzZRy=I}+|p!7@SnPiFZYc@pWUXZ;GO?CBE9jlndpsMpg0 za|8L>g4m!P_bw^-nU>WI;FdL8D-0Dve3j&`^>6&jwHT9L0ersF&oiaMO@-1Iw81%d%q#ujN_uJhFwt-qk!4jK!b?o?zG9b`-2 z8h)|WAJ;m)nfx_3fVC@N6-V1&XB0k9Q`LBq0CBU#XrGP2b(9UUPG@hiKPV8t{!5LR1{)Z zA6leRqZRd%B{MU#&V8yoyEsZI--sFX@&qugjGVoU>j{6(`(OQdYC3!Xj>sGkG`!1s zl=?b~uLA#TlwXPN00Mu*MF1D6P)?7d`?>YM+2T@~P7^oYYz_uIG32wBZFKDdE zph=r00=|L_2H!jwpxMO?zy>~Byfdmnu0Wyor{68UF%dUlU(M>ow&$$%f2oL*QTf2E zGymdovPo9t0HQR*Opa1iEmXwGoZ4IEq5gbTz=`r8f{m5rV-S_LeqkQNB9dBgWg?T- z9Mi3JdT8-otfZ8bH50I_m*geA_zkjVFTV46+WFWWxPm|_VdiRoggn%^>d~9Iq z>a#Jcdf3JQdip+kKKmRU z9(dgXz5H_Le`!dvnWKyI^Yg!dzwr0>4+;trXK@3*epn4m-HPu_>YD%YFyb|723*7CTFO% zD)Vc2TcdhJL;3`@=&1&vhWYvXk5KK>n)O?54X8VIy;o(~L(NtRK{@@J%O82UB;mX&=SLaseHl&Wk4+i4*7x_A& z;XL5Od5_lLi=CaFO}?i=Hxq&0epKl{WAkNL=74M(YW^^u^N3huQ#`-W8fr|@J)^FQ zk}h5^(zv2rv7&7 zp%49|dgYzY&xGzQllOVXV5R)vV#W24$q`nW&`$nyYN162Y3Q#loE8pMlYH3-N(FGs z$Di$(+nAny(zW?9I!GzGv(PE9i82hMYI>(YpO%6DX7{k@Iqsaj;0Tll{l`gWopo#Hd2V^wUUt@uh*6G+ zz|Ya|PV(38Ps#1#mW;#NM5%kDwz&J+EEE~syg9&L8b#Gp~xz(QK% zOia0gqT~NmCj8z3gyQ3m`FME^?2J^brqn6Kh&5ge!3jz(Z{ZaW7y0n}49okgzw+DF zHVPPyv?V~FKX2Y-?ZV-337*Ah~hUL~w8ZEx4EmH%BO>lF#_ zI_G>3+1Fp=TUXaHW7Tnl>bMOq>`zmGPozCg+E?u0J)swS5FXQtamUuF$-69QMY1&LA)|^4_&&Z7(x^_H zZ0&$5B5PAF2{&A$YmWXNNLkR`P7WqQ_}uedv|6w!=1kju?TN6hAFG1tZ=KZ?wJ;GM z{C?$OON%ou*=gI^dTJ&^$t~9=riTP6&A%BD+d2q$|ajy7~s;z>Sx~_+YmDlirc4NVah#=lnA~nLrSVDh5 z*NPv_+1DIgm=bv*a(Hc_g31`Bg*1|QMweE#EbQzsU6$z7b{a8E{JwC7%E*m|v&`!H z9l;~!5+UAxq?;n^X4A3JO4<8y3A5bHPa6G7=VtSuRnAF{EYGU!8I)M##k0~oz>$l49@N=yw1DsL52B(e*Jh^uz-swH}8T^ zudcZ5X0bLr(6h^uMLx3Im*`|2U0p;4Yj!E~GvvC|Pu}nGU>PG~OfmS8wdrO{=Tjh@ z9xzrid@i?)F(P(A0Z+MbE&Q?R92-;#!q@pgmWJHiD+!JqM>x04I~SDD4+YV52#(%CTn z_gJ^zT5?R;nr7jY`B!NHGlI0l1~&_E0t}^1z|L3P!;49kI3x-%0^oEGKvY02-~kvs zqjM63C?&P4(NubuYNZ3I>5wdYM)i;UITaATY#kaX(@w8uo9DTFepB_m?BoJxktkoy zpmV_%jogJ?E2O&4K5M7*&==U=F&Hp5+Xz+p&eYnaL~{SypfxGy+x~?W=jk%@ov*rD z1qs=#TI4&n%}W@|JZd7g#z!R4KeBe=rv2e0BZ6MY=p6_4Pvvyh1C$P-OGt z?ovt7gjso}%5#`CR^HvcD2Gav(FPV+3;DK6ug=MFtGqkw5a=@>7OpL4BdhqgdSN;&7>D*=3NlGSD)DZ_|bdo~Y^` zRU+kazF2|t%HRXNdpyap-yY())6^w=89VbF`-5BFniD58FA2-;Sj-v>ZGw-2jn3X! z27F0tz01qflt8=N8_*q5xRp(GMpkZsaEfF8V{h^_ypX5Rt_yDaAcbk$bj(u{}$f z1DrR-C^rEEogl>uro-S&Iz;iV4`Iv+{H2MBnsNe$)6)ZBCTq02I)^nS_3weI$8(T8 zZq(T2x{Q=zc|kv1w^&)fu;nJ}*y#;F1hPq;V(VuRDaO#u)>|8}CJ2mfXdt?d@$p zKR-6XrD=9f&a|KlpwCx@MJ1z)9Kjqblh9hL&(Q_|(;%NOzIFn1Um8FF*DmPtGM!PA zwb5oUNm~23Hn+VkNf7=AC0e>lG!$If_w4=oZGC$0&!1KL(2!@FKZyRVR#6cJySsZf zPU9KD=4#)he8gE8I8K1x7VeCGU%$D;Z$07dv!3K}4Yp6PIh>_Gnw?%&xW>mGeCTFw zq`XtT%b5cL-3I|210YPm4Z7^b5hghI1Btn){eG|RuNg)D;w-DbekB9M>2<${Yu3kY;;khW_Zy-G&r-jy zbLg`0oC1AbUik-!n6S~A*qhJ16Oud}+U6f07atEl)&RHxBz*XMohSIr-Z{nnySQJb z)4L_f3S0h1`|B-#<5+W3cT+j*8*21mN6z?GTH(@!BqcYS&6GLy_n)NJ1JvcCKO2tX zv*iw_KxcCSv@DZdyNEcX3bo!#?~FfM9xsP@QEgfUXa#@e-ZexF`9rwRWrwYRQ1P8x z*++WH`%5!nw|KhO!U7q`^5ti5>;bThW(MHOo50BCHUd06%I$YIUUP;foZ>PL$nz>> z=3crMZy;c^j1S`6*;0#}dC>hTfm3iOAN^@PB6aNE&c>H7UmV4~00IRav2z{TQ5S|z zGNHf}q} zOPX;4flL5DlQ29ye0UhzwfX43;2Dv}%;9es4=@LRS09D{iemg5TX+Jn1;xW94<9A< zNhU9_4{rrQ@vtW;YHOq3e{<^YjFg3*Yc=iXNS_x?9>DM)0SqtvQ>fwpoM5a2;Pq`@ z=P||4TQ9eh`!6`gK*@jL7|SuE`_`_Y&rko!85molC;)A3Pqz+NfHAXf?UFgeHj`i{ z6aGap2m#=QQ@{Y6`#J+Ak#KlS$mU+gdLSY-W^N!+*u z`h0(r1JJg>PbOwII7S=QE%Z*SC3UIP`O4=$0eyZc%q2--z3dVc#{m>$m`&f4ab@j4 zi?G(MXf}XTa<%+L2fB%T-lm2c^Z|2t0Nj36G)PD(aD8rWWadcgamPh@k#`)fp?_+4 zZBhxrof?J-cddag`1!W5fMg}mvtncE&S?JKO(NFD?H?Mx#O!@ncLKf4v2b?fR##V- zlaq^nAKb>l#x{xdR*w+D@l9nN9E40214=??&AtghJVsO5SC;_70;glk@eRB(R#fp_uFTmmWKDEMSN{)g)yV&LBj?B z<+w5=WLlQ2!^9_3(L1VfYN`odWseh)98j1qHIs>HQ;X}x{r(X~yHK+0b`sRo1gILS z+*K!U+vcVyyH=wBJQ%bzkS~?klP0Pd{O6O^Sx_~wC44y`8(n{eTKKLl=+E9wCgd=$ zgEdp!IHx&y{-Eu+YJ77l%UrRVM9X1w;o%jpC~cmZNSVf#c9toyh`>sPPZv)jy@zP$ zM1BSl+4)d4&5A#tU$;P5UtgZQ+LvZ~N+Q;1==TfkeSNv0vNH|+<}sx!h?n!-A{D`f zP0@)?0Wk5TCRHT5{VUH}#>Ef`2dE*uF^5FKor%sQAH)YuEp^1Q9*fZ$dFKTNy!N(N zjV^$GmjL&+F*d2d7u?bI?Bhim^a+XfXn=<^Re=$eF)&+=zgZ|G7;k4Zgw>i&hRW*A z2D@XwP2TTCU*}5|g~vXyjAc9(Ri3INMyKD!zMx%pi>K_WEN z{UhBA`%tN%9o!YZz=0Un{86P6E_9?7|F*!D2EO zFm6+kbhRf+5+|T#NaluRH`6*er;>zbK6Nm6{Dki;V|->g8VWli4vhOQh#G8BiO$U_ zeSLk5=Oo;vvIv| z4YMIHD+awHOfKA0(K;%IFo}?{9sxGc-uQpR2>6!L8;lK3denKn8ESnA*E6?1< z-ydf5R|ytS+v#`bfuDP5DwN)VI8!UP@e%1Jaf0ZoUS|aDK_BKufb)M-Dhz|J=)cWw z{_NRH8jLITjop_Jc0za@rsOPm0W8QJAZ+e~!kRC)@u?rQtq!#W_~I1}B6(C-lu z&I?twvKR+;v1fV`c(H6hc*$}vwOX6kX{X#7TDL5gY9m}Ie=a6Ba5&w%xM8aV{L{J4 z?o>O`cGIDKu)=}v!0J+o+6~dMCFhfHcjlBJnG|Q7R;SL8x9?0Y6R^HG3sWXT&vI$JJ~nHAtAJt1L?g>k}#*6!UMGC8J4((hH$yc8SqE*hek_+b-h4AjIa zMY^<%QsPrg9ZHAx!OYlt6Fa+4MO9)ehu27T`f@24ZppUX`btPom-qLen?&>iT4v=u ze$asGNTLOt$4izA`L9{dRa^STk+d&~7(gD9ml7tlBpk&{uHTgBPe{wHg))g+QI?zN z37JJuvaR<~)xv$)D=fCUvrp^KAYe6Eod*>Gr{Pk#9FXLD0!R^+G>yR%{nY_?(_$t% z7)ZZL<{n!;o{SHSOHxCBQzNGfX)9z4W)a2DJ-4$piiHwKc+xa_b3(@3Pi98z&tr&J z;aA{^Gz89C6Zs;wuuzueJ1ak->XIFWu@tOn?Pa3dOROYYd{nJttg3WAIa@;N<`|*0 zS;mXJpvS%t z3=U51y-FAQ3Pu8)!40|n)lm%|^p6bCOW^04xFo+`Y79FH-BPd6eU&hqciiUg+2&H? zM$d~nJxu4nX{2%NOYpc))_;*x1KmGYL4d0Rhu-Ih|J7*+oIrq(=@k%A-`LpL+$_%$ zTU%Qz`9frA4G#ufXLImbYA2ghI}a1!+NMd~$H0mcj+UcmZkNkvI` z|M}f`EJNAFwqgYC4-!+;Vtmno)ZU5mYo9;sJ+4r4Ar17HY0}$`JM95_0E* zpzPpW>ACnr%8jr;H+D>Ra-^4jP(7OO&h!%;RRRF99yx8t)oPcQ>m!dR)G7YiLaVFN za!ASH@}VU`vhD|*lw%3|e=>*_S{&hjB?nKk{+c2bsiGT|ZpqH)v(dPhfdAn(7vBxkYpCOI_j1Ca6sCs&Osni%J z#Xmo9csjHKI(`0TaqAvAY$u=dXj7`Y!K-n6so{R$kH>of`+bVKt(#nmyIr2pXBXlX zX%nL0-HnY09_;^slHXf@P3@R|^3^+{rP!qQ&UJ?Qu9^yBY2`D?!Ny+<6ZrL(T{RUtw?w zaLdP^-3Vx^t22ElUo?xnO4@MB;3#j}GCy3@eQZ=b_4+VW-tA~G30D`1vU--p`(Dw< z<(yIB7JxZ_+_`e)idt^MzjXT+Mdx(tiS%w?Xp~^61#VC6AY^QDW#$k@u8V;bX=_PK zdRfq)(b@!lQc-00aq{5|w9a?sJCR&LW~vMDCif9r+o5N*tynN^j&_0{}lvEp4x ziU&oG4)hrf5V&#RYi33?odYqk6FYtQvAq27-k%o3;5d`#`a2r{8I|ZEiTxAgyLou* zu&^HdDQqQNVE5GjzR{oFrgrp4RG)Xab8ed89}_&|C{sZI_JUMTNJ(Q!(CWW@4uAi; z^`o3OC$qNKi;KBWeiVy}jpIB}=)79^=QqqAS~3Uvo}CN*VsLDGO!GZA{hL?3|0l1w z65&H%-lw=~X$9eW`h`7>M%|Ur2 zm8W?@4b9D^dn51 zAE1nL&v&W+0yr(uuzVJ0g9oO@W@bjR#;2$Kta?21fx-gpRm1+MmGzRvwsvg(RTIO6 zwdA!MoTw9^;VCtz&`ejWfkBBj?D z;1CXtzn?oM`vc;feX1TolPO<^L=-4ZJf;QvRpM^e!s&0dby%TV*}l{TUF(ppqVHLN z`yeHbckTz9w0JTg#%`@Cf#I z$0<_meKeg?_!(Zy3Tf5n4aCJ>6ITKMymBzevtR-rM_R5G8uzN-mF=2HQNF&jj+~&D zt3mkmZ5w!Py`%Wj>y+4Kt=rWST};+yTEl>o^_+6_dmv{L0?2o;aKP(+QHFT#3Sn<% z(4U{f%C-v8-mI}{Q~1~VNU8WB>qKyBrKbd5(EEs>wUy#)k?d=L%9inYaoea*ou|7) zp%-;=ZEzB8k30zINm@eG0@=rY%Y;HmX*)9lCnrkewFl;Ld~))hXFsclRdXOT{5X9; zJIh&i0)&gNdKWvM5d9|^SWny!^PfrzrLcApbgs5un1^ffIU`w??vl9~(j6%V-?BT& zMS;dSEVbl0#`GF{0?&>Bhjl5UhM%ygRYzvC9h{7JQS-JgU0@5!mzke3NwN}a1R^z2 zFOdyE%%&;U9#G&#YfgZqU0}CZWvtmT3OJ!GvOBYxv}OAVnRoBeQS)7kM#xfJXbOZ) z++GI#d!EV$VPyJFWHYNK+lj1S-r^P&+~I`G_IFb~pA{Cpw`1p-1bf8Imk1U;dvTyA zM}+)MBwq-N1Il0;jiMfT1em9lee1gh_!bTZta?A0I>R;DTKI%UlsVGQ!Yg zG3}bWuv|_aTdjuq4_pmf!3g)B3XRk>^H_Jm4O|foaoA^QD9*4m_9PUEpRFLQPSk1t z9eN3v0X9h}a3i!|_!H5%k;qh^{)H+@To8Lh!gXRfF0^awHN9{4M%CR+@ChD>;==pE z*=fqWoSaV$SXsg_YH<0JMT~5ep_eNVwNI^t*5z0l*#S_SsTxD%}KgXe{=tNG12R( zhKxs(sM9=pmJ+l87>_r*KL-Tm#Q*b-75{QhH@aYORi?2CNM*JCOdz>=X7h->Cfm3b z$dwH5*;XXX|E-7vj-5cLmo5l|vs$lU_}I^P_}gyF`d7>i(dm|uM!>}T!FF5n>qCBU zgWqb#T+Syf77l3OMyEh8sjo)Q_vC6EyA?pz1pvWXRKPp_!S-K8_Wr+2%b4jly#C*S zQEKOd2>R9_K;b%unc;-jrZWd#JRBLz0G`Zu`rAiy4<0f6vb_9}Y*1!8Ga zxth85Adp!I01f!~_+0j4oB(7kmKQ%T9{*>J@E>7k^PBRgNB@T*nve;#(9NVd^jAiX zFiM?G@=s1hz>L@@{!`TyCJ$cE8Vn01rSVYzY}i=urD(Yyu1N9BKwdz&qmy>yqUQk& z!TxA-qyCUO;}ofQuqT?UG6p1C?lxAd@7o@&t%-1AfVkSRS`Ow|UtLYnQ4Ib4P1NhD z{l$35TJ>MtS+fj+B<%zE`drKO_YFBUnfnyw@CFF;_Cf!{Op=1ae-6Rq|KG-Fen%Ak zD?=kGDH(WhcN;$L<@GGceDhu}lfR)c6DGXZ=H~aldcW-Q*SUED7?NmI7)mw}VQi_WJ5;41-Vep3) z3LF5Mww&Kn>xqgz_B+f)S_=Whl>9d#P&Iv}x3@C{VLWk+dpqMpv+W{{ga3$C3J!aM z=J5pd)1q$Vn%#O*CFVZ^(Fg?@u#p81kGEPyLes9h=+8)wy=(=VWd?N9`+(fqGq&t( zufJg!!jRb-^A7^TH8wV8{#DBG34EnWx(d@zF0svha+pQf z!;JNt0)j?)+D`#On#a?wRtwZ$MMchSO|px?*X4feOn?W!@a3fO1LX+;oZ9)tMMoG+ zogp!P^!4l4K)!FWznzxXSk>BEE?3jsyjq_+qXl5~iAuZNk4z&o=7gviZ|yrJsJl}F zQ=$qgr$8mI#bS=1V#VD7)EdxBf&ZVq=C)X2y-0mhGsnJ{;_hPZ2#b`*^gUI)rW;YS ztK?)U#Jk0R{YjTySz6dz5J;~*qeBgd+{EGUbTRY_bXO$Io}$}KgdqcOOI{q04xU3! zeutHs==cfZ-}kaFYnoBC$&J}0Vr-{f%JBoY+WwL=R-W{JZ(~k=;vIeCh7T_pCj}$;_Yx}zF}ic%@cQ*wL!U=2pM@Pe)!^m(9K8r-h#MaI5x!j4(b&*C zVO?x8FUPn8#Jib6=`I~S=ioGlko79k;lW;-s7(tH?PiSykj-?xXRg($muE_>U451# z`tR<0+5CN_X;Z$oOJKzacl!WBf4f+I$N$L2AJG&K&c2gueudr;J4`*#CivD^7F`v zq~uYvC{>bhpU~F69drJsdBZXNc7*vM7BY z0fjfUVfsmeQFhrsuQMFdwDRSvDuDInA$!r|%lGsP8qT{HES;R& z=Vdx0u|kAu-{J;OEsOd_93XZA`VD9gj-U28t{et zT3I&z7;Vpei0JNP(Sx$v#IC|!+SR^JqXJ$UxX6K(>Akr(raB&Dr7N$Zm|=uW;k9~h zcL>!bK=Fg$NKt1bqG}*=AANj8wEW#Ypk=SdVdRq9#IzsbrhRg9$!Kt`?D~@z&$`4Z zU&VBJMqJCE7#|1q_g;{e$Y|C$~DV34ZVBPAjXOlA?Uch z^s3)`JL_rZ9VMq_PkxG&h>h(Po$(Z0WHvW1>|?%b=&5}03moJHCwePH`<(3!#F{1r zYmNo;7JK^x+bqQ_t~gEz#_>S^Npj!04-0H#=mP!~M*6gGXXu|1l&9$g(z2mtJj9J+ zS$MgQyg$bTiZa@Z7V2^7MZdDGm_6uq*$63DIp~$hDsxY2SE%!^F%st6VH<)XVZN8f zD-54hR=SZa5>0asF|rR(d+|!;71X%MJpw*4Y&e!x3do<=`>l>oHTqLw&R!d{?MAF1 z2g?;e{ddNU*z$}QYBaUrW!`Tx&d_YxBhn%Ao$!zDa(Iw&7Lefq3&+*Tcw^eU?%_WH z&o>T#n0xET*WJLa-&<&LkI%p8O{Jc8O|LnG&%=5R3>m}?Nvah$R5o>#u<&1J9WwB> zDnh3C(SorKzM1#7W!9bf^glAjq->X7LPydvREk9OUQ z8%2;zpY;P4=(EGKiGN;8f`m~^dRSo}`PI0VfOD}L zWSA=Md)VxafpkJQ`&0QuyBFZjop&+Xv(@dP3wEx0^jh;AlzbWSH_oX#rmpky>tGcg zUV-V)Xop5+V|dG@4EQvEOgNeS1HMW)y^J8|UsFnTZXp2LKKufT4xgDW=Xn55KjZOU zP9VK-Y>{uqhgq;xpj}Tei<|^kAf7C}_*&MEOTqZmr^uR^*v-mJo3WJGG>by2c5S7g zkBR7Hx2*7To9Jd}MO>OMa|1X#V{OdII7)C4v>2RHw|uobDIxerUxsD7ajZ6O;STB> z7;Y$O+QT%M53T?+(dAX&C~}_ls_C0E$((c5F^U5F7}Nv@FYwMf%_m0lCfzV|dx~^Z zm9VqYCmzhh7nqB)fd}T+n&ybS0Wl~C4#+8zHZ#!`50)Z8^`!@Sp#5wJqM6}L8bvP< zZJ2li3GYvInuiu?A`1r?L!2XvicR2~lbXjeJkLpIpAI#k-}*lXeXwJ<<7&2tk(2@n z{@D2&&j~AD*#2E5eF3+673SHiUU!z)+K^E5u1i~@xjA4aW$k>XSU39h zCG-RK7;t8>wGzvJ0VSi&1Nsm%>gb$akpNUz>uNh1uTUI1R{VPoMsKU};!HvSHumh?4^x@cYM? z*PXjyt<#@A`M!${-TpGQcSIHX*Ec?K)*bF0sk?3-RI87dBm(yRw|u7T(Z#)ETjLXN zWbAdNW0xc2wxq@RV~Nh?uTjT4$8q733%0r8$IoW{{X>-ju0DX~wc4w=|4mVPuQP1F za~jinxYFv^#fF~iMuloE8I!(NSs#pLAEaMO;a81a)MDaSjVkN7tZP1UR2Q~aXH@;t zEGroWbNaY_TD%P~(UE3d;tp=bbzi@=Q}UaW3RQF4*m#pPZTM`S8U#*LoP4aG(F`6-O)@2o3<%oKnT-{W9iA}Vs; z2`#oZu6=zF7hTd7$V0#aLxYjB=-;%c62}h`3 zexeF3a}_&O(&x~>XKF(I0M~Qjeem8w6-&NP28Z6#*P~RE6Oj7UUeDfH^ugvrfRl_c zk>X1n)A9bU|870Mo8UI>x3yl)&#v9$L|70xP^bN9@XdfPMMtJ@r{j|N3h{47U5Wg7fZk>T7J%~>UcMuU zdA24DgX(6esyu8V5 zZ4^GL41C+yu*r4#NBNB6VMh~8vXJtDkbLia#(u1SpVna7S|i6|v& z!Sup$x#DSXnaTlJGhgmT5vJjc*72{5*fv&z80qqMK##Q4>1F6Z2QoCp&WXJvw>iGB zkH3qqG5kI9-0he~5!$tl2S1c}(8gLmy(&5J4^qS}58w27vr`3%c8Rx&ooPci{DEK8 za$4xYd-|s3fFyHvL4v}kR)6V@N4raJE@ARj+4CnF86bu7Kd+X8g?0*j?(xms&bK?6 z@ou>@1j7DY*h4il&>-uBQCYcmf=L7c{_6wdgA>-V7YAC_AG%mV#1wgk^s9+iQEyn( zEVl-+W#9I8B9m?(k&M z(JuGs1|u}wM-{{-n?imSTgg}BHK0A`a*DXKy|X$;?_s4l(~Y*u8984OZQT-n4t0kF zhFS4zb@oayJ#Y41ow~neJQXg}^ooZHxp!wqU@&qOXD#gEq1sHsc(x{g*Z$s^_lEC! zlBaC9>e6zePno>`-BsVHApUeUWNpE?&r$EgDSa>##KyevwU+JIRZnVYM=j`cu{1E} zJSo4z9vD5%i(t$zdhA;LUez{tx#meZh1fNZ@hr2ay}3HFAz;ML_&`gJ#Xv&BiBk|= z@HNp17`Zd;w$IU*a1?L8W5?b(L4R5QGUNoG6^9-|!W3sorb)Y%3Aitox~#ul{2$Gn zX*iqd{>OEhV=$_U>Y=S^)lzF)#Lkq8iZvvm_N}#)s=Z+_ZFNCIi%>Mw8ci%ygodJv zB9_=1R4p^M1hrIbLFC-&^t?FdI_F&fm;X0;@g%vPC%NwDzVGMv`+UCsYtoCiE#_>q zlQ*2NINO%X^r$5{^^&vd(}N!H+8UYPBw5UaZm3yT>Ff9X(u7zQ?AD&RNb?JFX*g#s zeT&-kL+X&^LWlEGSoAwuY%65{n@&ki4<|aB(~Py4S~1+H-D``3yVpc-F50e%zU(t{ z{Ub*Dgd{8MtBj0JN>}jy3|s(aXv+_MqNlVd`cIb za|WIK^@_7!9(d_8dusJL&RIDM6=by#k0J|r)xr>xuDF?e7quj~lEQVq#c{o;oDOpg z{-Y1wn}8G67#hTOJ(BZo=-sUIPQ4~nubDpszFeamyFS$O+9Y@wF;m_0WY*#By~(mz=(`zK5u8l_xnee~luBmV z5t7X?{b(pE#xWP^aFe$zbg$%3&r33%sWfU=K8odRuc(aT>(++Y$mIUg;Dqe#HYRyt z{Xve8KW&@{qsM0JB!B_yQ#58wU-T7M$ibh;zE$ESf?#xaeKfNO*^7lVMuZ9QsLq1F z^R%ArIdxW?s(ks%WzesDa#&J%8cZV;ygM>CMKN!m&gDs^uP=qy!33*m3e{Fa9P?ZM zdpGjfI@VXp59zVyLMi zKFS>wN{}N#>4*o#LYG5hq`Xc=p4KsPKIxNSVrWoj^l@3wJxpV0lh6KwOMxaSvDWd4 zK(~hCJUIp$yL>aNuGqUjig-i+Jf7q|#J8v&&#>u)kJM4rYW!>AZqksp$WP<);u^so zaw)ci+T3HsHGRq2tFg0k78b@$n+fSbF%O-TfZy&Dq~4VyjZQ80-H^K5TkLO8y`hHR z_eV`jX65?u&WCGf15ZI5+b01@vY^{@k|!xg?ESts<|BWIJ<(;yWE?IMS zjb0>ygfW1O_&J3&gY>b@rLlpNfZLbuv%4;+X{!1o&RTo9^>+?=pOzCKw$~g755;60 zmV6Pn?tB456(7{vvX_B`oDq(~I0k$jzRX15F8>*l{odNqQ+i=n?k66+FYxh!-&B-I z-bmUx;wdedA8cNde;bkN7HU0H9Fe6uNQ);Ck-I|=F1A8_E-(aEP8f2SUy6K^UH8Fe z(Oroc1=UfGA32V*SMF3Nn?_k*7+MC_32a|k6{xmFVFr>ismt?Nt4~c{g$j=jW8~3g zdKmEy&wX!``drN@N=da3hZ$vuCA+`AV>iDBApY4i_1t<&LKQz2Cdfks&T@NO%8@8` z$my;G%&*4|iq{jhB8g?&%RdFL=AX1&Q?ru5NajOz%WDZrNV;n>`Tf&`(tK63u%|;Bc;gWg2G@$g0&oZrV*45`>3EpQLAM5FUi#rO3KYuGUrPk zD(s}bYFRG~tyG_AD_Igz5njehD!9NT(P0TUm{6o;)u`TbC|$isRKt_%dS~dQ(|j4a z%`?XjU90q93RP>bKJ8Ab~;MB4- zsD6#Tj1TR8eZ{xT`jY|>N%rS`*f6@iJS}0WV+I%}9n!d&T;yA@g;b+dcd!+4JN9X> zrvKiWRC2vF9^0)-f<@ajubFCK=~k!9FLmKVO$v12hIZ^@^%B(3$As5&b6FMXpu8i~ z0||2c_<~_eY8_QT6@7aQmh70#ep&jfCh_()TF+h7Yccd<^^(g6YaTpJ@2J*w3BuuU z0*G${a(r25<5{9num@6(S)A%u+ddUlJo%yiy&lXt1Z7AhlM@Ce4~<;{Gf;U;^imCj zKzC;ys<)1uJXBbM7mc|_lMw&X?3nDBpkNB=C-ag*n6+G&M2msZ6g~4|8e|j5OxO%+ z>??Z)%Ds(@7DfBmKH2pz8>6ew(Y%BPC3M+nhnIHXdBJs?#axMP z+Ycg&S@(7#i4Mv9#DGU9EoX@aFuT$)fL*5g$vYADJ7}<5p|O^#S%aSn#eZ(B&^}T5 zC^kGvXRt}(#zKIGjY;NON2z~bb=8erHxZM$Ti71I1bgpIJDd#MHrzM&wQr*%$HV z&#>C-;eJ%B*^4Fv*X@%lE@+miC~E~WpR0uZ;1`rc>eLOg>r!Ce-?1GP?}KT0$Pl#S zBhceg;kpYdNd)kmMIAZFRG*DZMT$86&LLo{{2eaz7~~bEZD86#4F@#ISgSJtHBAjF z{T=bc@BX0owKhL%pQYrwyt)8?<`FAg>582sY!%z=rs6}2Y1nEU!qgtAd_SqsNQSjO zr19Ag9;yK^2)(~#$+v#gPOzRZ3)^~ZXB3_uVc+2|5#0Y27UoASFtX^v*^8)k!$1}d z<|GkCre7N$PcQj7a-RqaLx%yeKoz#+fpUm0Ap`8SBf-c;MJuSOPDP_v{ z(T3kdL)NQDVFhm?G2&5ad0%s4&6^OnOqGiuOyM}5%zblbG zz;dRjMr63jU~gXC1jRM8*`bTbG~2bcfZm^&Po~~QIIdnN9zkn$pFz#nbaw9?F1!`~ z@}>__cD7=5P3OZyoa7Bh^ML2Rz3l`u*UmKkdH(hg5x7o<4JGs`ji8SVx+AWO5B(a? z9LutE3rAFYJL+ME{~V^+AQ_^@UD;5&Jhe8cv1(EGX^sQw_LD2Sdcy^M<1^br9**8Ob%h>Dll!*|&B<>}p;<_Bg1Y&_`4i{cHr`Wnz) zEBM@J0O1tgG&()Ra6Xmi5i6E7ghF3#sKU40))&Rx;YkK1LoG8AqJ3C2v*CbF`IWi&y9^0!-M^ei3=Jv`z0gx|AI%~>8!8T4f|Q;s zA;`k(v*K2Rm=Ly~t20?_s6CBg0YY>&?^=sZC zf>+n8b#DD?Mi`1rk;LLKLvDEnkVVZEBoXmnv`9(T$QaMizH|RVn3~?0E=K}_Cqa< z6Kp^JRFs!n+vy@VP1V0W+Cso|hcJf&Nl3_`e0D_a>@*&OAJf)^dyu@XWjD&}=PBkE zTK=$HW0E;xko)5WHrz7BDAGFA~=DTyP1qvj%2umJCeB1DkZ&u{*+qlCo z2)03Gsv!Vz5RL0)tj=@-SiUiQA*1?2mIX|oNAV%}WWf!C9pwP0p5e;?*l}au$aV&? zIzSFcde~QLrDNR6U1Bet$G$tO#yE1HHk#3u70n3n0PtT2H>)({l%gnN#}}f zK-jHYS`rvh$?`x%*#E|5pLjZt4RC`#ep8Z$*y;iLH8OG&s7IpZY5xs3NRe8&0UWr) z-}O7j*4FTCIHfY{Uzyq00HM?Ed;mPT+aSATRkiTnGdnV7G&F&9hXr}MT;nc`PQ`)V z==yFl7n1xA%sw$12Q0$aRUgoU<;F&V-<+FQvKX`4{n!9@-EgwObkDmRaGig94umPt z3H9>w;+rsKy%lPHsI~*NGsR+S_Lw23L6r+;!UwURX;wq``VI(o&g$8c2l!LN5=~3fRoCf_DLYZpZOg}I-n0ve&D$b}H;p?3GIoaJ!1D85 zYV%c}U+1X8Kj@$8m>N*m=XSq$`*Q9S**5U9*-;~VcsX2zFS#Ls{bsEJHW)81lSL~O(5d-X-}Uefq=kUF!> z(8XJ`g`2yqL4ovJhzTw;rVU!XAGfa!ip#?xK_Jyv$;(!G+tQwefAJ#!%=ZA~_0GU`BlK7BfyHO@^<3BG2Z-*e>yv~iEsCdHo4x~cY0au(d@ zZJFQVKK>fiB(@Z6?HhV9%^CVKIEbo@`@qlho6G`$V*v-x4TZQ~(rmaNeLqE@kQbm6 z%RgAjrjZ)SKw+ELhv*m>jE{^szLUF7A9ypa-yd@N9DtICaQc5SwjK<9$PrH98xnis z$-fD9%H~nq<_{b90BzaDTLvR5O6)`7fXtV4S!!-&bm| zsvgbiLV+-M5X$xEYy-|DCIWs$69NH2BH>LLwq=LLG@4y%sOMF9+*dNhC9^o3BZ-g0 znwAz9&qhBC{Q`{OdeeHl#OuJI8(&;r78%*k^S1zyLp0Y*3ns3#gA5|&He&$tHzy}2 zKLi}=-AKr{=VsO=Fw%I=nf#w$kz7uJNAD|d+zRKwrGt4+Msr8gz!4rZ6RS%VM(%h1 E0m%d!iU0rr literal 23584 zcmdRWWl)^awk7WFbV#t^+RzZ(-L3IJppiy`6G9+(a1HKmjavcebZzm`N3tYWd`xv(MgZt-ZdE($P{T!~@}>pr8<{swn88prEy*prC%j zK?B|?rCvM${zLWDQM))i7a&(iN=?ekoN-jto&9H;}bhc#500!#OI9J1d~7|6Gs2 zrhKyjy3e=%rLEl~Ke9sK#GQ%xSVH?Y}Wg1>)Ko5vEV@(*w>>e8dxmY zj+KfKcopmLMltmMZBr}cGvMjvLokbG&t=4CV zZDrc$iS`&z#&e{03j9hsxIUiD|1@CLsF4`~uk;z?s%!6cD-~dC71H5Mh$@p#-ImAZ%&XZ6uGoHwqa*acJsjceV=or!bN^?t3bLd zU4M+HOfdaDMK<=~h(cebggiG$YpgkYpl_^b6~h>!u|W`pK$uww=_V>_EDAu17~~q_iA$^{M>Tic ztA{ms9?^ndoo0MGEHoa{VQIvgPGQFBFDR8_6&SO!r^_*wEaU~@?68RQKcw|Un}TeW z;&`w>)2!#`i+dz$|DHc&(OSv0d$`?nl0dV6%&N-FygE)?J>7h6sd|w?+3*!Pz1%AT zjDc4e@+sk;C0Ejo{n^XbGdKJmPKe5BVDA`L4+)Ok&N4H~`!j8j?pCml`ZA1*nT9%4 z$y%l{z2Aa2x!UF#yu*(bjWeHBDB^$amC@>A8rSYsx+-!(r9W82>)YyBSQK+z&PdNd zt_zA^(ZO_GHoVx7b6fZoX)V@iB|L93Md3Me#uZCz=xRDK9<^;&V6yQW#Dx$w5b|o! zGHs^aQPMAf5mjWXNF`ZJ){?oyB3Bk}4)gL_;iu8OwS!a=0$6OhOjpAiS<0#}RvV zW0opMfM_n>JqXT!bctui8K>;a@E)gVj5$+<%mV{&cKxNPA#JQ^t6i37S!}7nVDS+9 zsNhi#5%Nho7rY3zm?fc*O5Eewy;Fn(KBLpr*P&(a>u+19MF*?3)Ps48D?TzQv&V_> ztd8>9BgSzO%awu=qo%6|Y%k+8k)T0}&$@XSWBSD$YxZt2!@ffG_`oWy!wkcQK55gq=J+9Wi{E;k?>eDbm$b<6OMrX!c<2aEm79I--=;oUICXAH1{7PKkSaYB%7PD3D#i#YukIEKYawkWtI(yVIs^HWl2 zY708vOG9FuHc}ocipB?0zER8+1{~0-6j=0iB!w^cG)k&0?G^(_S9GT8!`TU;dg=?z z*UZj&q*D|L(hMqE92H7Nh&EW_`u2$Mh>0!Yd#pOtHbcbA7)Ql~3u`aCirgOiadJB5 zPQ^+6cAFrHCg-+oCDTR&Q;JU5up`Kqf$520ek%n(&ng{%#>)hL!@dC--%)-ZY=$^a z0dR}L9wk?hy(MicE3kd|&bkqr$wfY)i9N8jf5)1X@?iUK<&#>p(3~?*@2m1?)HR)eS6QRuqqRgcZnkO}RJfdc%$Hi`g z@@ks1be=BFh7R_35=yIpZGe33{LUepd=|X zLlju2LOT*A0(|t!Snwl$N`<^uP{TV}i|DNr+_yX_xRglFjWIV+)?$Uyy8?|PrvAv8 zIYLC4U1E^Vm*m1KgUUVORpIBm0<9b!K^A)=%!J*_4>Jpt!g7c)nJVa}N8*R8RmrV0_Phz-H88F}cLIroJF z44FvK@axIxglD{DL;J~1Cw1Yj;k$;8kCRG2bfGk%g3G!^;v>oM(nfE|L$l<9TQAe1 z4R_~JQ-zq}L|ZE9aRGG5K|@31xCU)Y62=43g*p~0Y)HTgcNACjL~m6p z7$P`T0{TPV4v92e#m+LQxP%-YrEmzsQwI78+&_(A5R_nkh7^M))VTTl!q&E%y_wP6 z)ok?=gBZRDYMbjoU7%wQkR|J=6Oydf+n|Tq{zoMqQen?)tpryc`V|CbSl{T1$_v^H z7*sf(qIu8zGjG$*@8K)r(BmPaC09QC8yzh<7SXLOZv;Uqt8qxXUWHXss@=R?;j~{f$`k!{ zeQs!tR2#aUGRRSR@ScuMC(*5#KrOrsN5%3d7(!%FJRe&vU>YGYlfz%(S{a)T{+&do zLt9~(TqB3Ma9n^vpgqo{$I_93Db??s#+abkJgn9fYMds6u1MseZ=y+>Z}VAF8B0_{ zokpF8SrQM-mnQqGHQr9i>5yGD}fGif#*DhNox=&7_z; zc>Jt(%Z#=O#ot;;z($4q=@FeLG-@+y3N%x~K^EHX;(KD3C^N&6szh1A=~)Vrmw&`G zWxT4yYQU@tg<>sQ?*>(p3KAzB>za(nv{t5%@`Je|J2yzwgFQFWMqXeQxq9_XL~=T5 z_9nN%#gMt2M6-?+1mK$}7t*xVB04zSd$NDZ1LaGwM?aDTY@G*-U*uM%p3<8E4f=Pb zg_V*J7En@~wldTO6fnp(lnpg7ILA{J8z955$S#zqW-_i5qp_1Cl|v;Mv4e9wB~&re za^A_|{uJ3Z`~tHO{l)3bTE`C!7&He!k(AtvXB0xZdAU%M9|fGdLQU2<1Hlq>s0}Hj ztyx!E1T6J4pf6k5L>FZ;i?2@|(+WXcOt8-w%qrm)9_WOop!hnA_?&d6IZx}}RNXvN za8e%t&PIGV6I4?3-J1kj!9OI5r`^JiMq&)X&xM-bi5|CSKvww=4Z}(8Vq?r^x$0sC z9O8{R_2)FJ3I!mcHaIF(ShEmYYEkC^gYNzZs35JWben?ahh2rDs#83}z5p^BZmTO} zDB}^*%!*VZg`%PU$vOVXTWS@{-S)AJ zLyMw9g9#xjLeIXULbfrf<4g1(Q`g=#gj9rE+}212ZqQb^VxRAu4u*jIxlaVIpzpSG z&XF$2XA?|RguO*pF2;}?Bayz=reIg_w%89h>rI<~e%5nOC2H#7`~bnw;Nk||6Ob9a z7%br3!RFqg|M}xIEr^8QbzK}U@#7aEuAg_z#147xZuzgAynVs>8=w4ub5N-UDx%v% zPrVP$AFKoLH@?|_qGh{Tp>O-D?(gkHApIg zu2iWd6kbcjpIe~qvB75nv9ZrU#;6Es(FEX?5>h_<%N+qX zm#JJvwNF1Pt@easmjd@Y*1lT@AC9Of7!^%dE~o1v$&Vd~!OHE)dJ2xSa=b`Qb@-v7 zEDlZ=+?;jDVUO>kMobjg<}I(|0uhOVxz z#zv-88CgEz3cNXh|IJ`Njlz29>Q1v$A2p9Y$R<}g=ulEdLTG%{RvJ|5k%Pk$nJBI| zf$hdRh=#{$6s5S~KcPDzsvpmaX8^_W9b7eHkx#~&{n;BQP*DvjBDvTQY>lF7H(;%? z*d*z1JQf^83um6?oQN%*6H}-X8;rI}xNeeMNphf#cABrH3_kd*Ka9zJw!gx63O3ku z0BETNK<$ox^Hqeu>0`+EZR7Ci=b5Pash_muB{Hy!FXq(5GCV{!lo8KMrsHBzMGp2T z%SrBe6v2YJjuV!neN16cHJXH?R1}OLl@OPH>sW2KVkdz1(QdreH=ZU_F~0byxwOoW zG9R9WvoX-m!&+MyYMdO6P5g+$!L1(-`QWvyR~g&(>eTU2c#uYr?E@KM4n_`YsX(|q zQ+${Rn}U=Ud%uYy@J=#f}Y%>qf$Xe47SFQ>o!PSX3 z40y`}hO%Tz@ZL5~hU0*lhsh~Y<%1+wSZ(8Vodnzq1)A4180Q`jCvo(bcucTug)vW^ui1>?0DgS$5psf&uXw zj7RxMThJ4iMfT}u1ktGLOCNpIZ*W8(z+yA0fw+iI7NJy-5?Ie6Sy(?WBys8H=#_oL za%DuKsSMiC*Mv-diq(=D{vyE6Z0LR@n*K?~q&#;p+9s$OcH-|C&1p7zo~Ti4_%y6H zZS-*#QGbsyXR=G;F!Nhs+qbbP9=%QJS>K^t>Uf;w!b(G$QIZ~dvZrc&3P`uzX_kN8 zLoU0!+OEWuJ6apAi29mw5s5OsTeD8?>$DAWoJf+PM>-RzTq$e{ErbEGXJ_uWiZS7#p`p3Cxp8rEEiElQ&)hDKHla-^ZazBB*O#3g9Zy~IfMgcX zB!Ubwm*FZP3o3>?5uo*QGy42ql;v`EajC7VQ6TYBE4NK6H>uK6GxHHEr?{+ocBco7XP;LbfgwBs^6|prV!Qu^hpQz_27HkH z%KI{J7yq=cBm>0h#!pjSSLaj)l%H2}Mn$MKLDoCJ-k*w?PxjywjQ{A{zYO#0o0yo` z+e36|Tg8Gqinx&V4GqX`qx#7&P6QWn1P<}VU`}9D?V{&K-p{F2;M2A2{5wPMsk|oj zeAk6<-;QJMb1|0~DdDBdGMd!g`Ml*#wtvRb%Z6L~jKGs0^g{ug9r=ZH6PoWYj#hnM z%b|O_ceEWF(r&HxS>8H#IX)db?eUQ+$G{2=zOyI+51vG5DfC%ev4`)dW(;Sifl0t+V{Wlb8nrvVY(%DSxMOQacz&^Oy0jTH>P^AI}jch zN7y9~jOeD29LY~d^yJAC_0k6?jk1OWXv~_N%nXg;!8*Xj>P2{WP|EH((!?xwiL=4BawZz` z#L{5+#p5@%?o2}#$r)Dz5L&r?c?S_74!84waqR6m&gX~Z{INh+$}*@8!&F{EvvAl^ zfj9?PIelfLsh?4k^^moVisB30n03qEKdr>)BeS$@m&kc{zqnIT@bB*@YierrcCk`= z6foWPidOOIUy0J!9)Czgn^_JYE@HgWx&0kCUo5twUex2N4PceJ9R)~rO%0C>gnOHd zkWbR*{BW$zlE>0v*j3eF_QFCVdBh{VZ9c0NxPqrPTagtER{Wz2><_HcNC?BQ+^T_s zyz)xk`H`{(%ggLZh=P83QLuwRZI|TV2q8z-2TcySUwe8%SMmy?!6`kJkytxB`w)%m zKNx8*)r<6Sq2BTH*ee$~w;9cMT7W`(5)I5mPfrh;6n+%LcNF|3hJk}=WnxQV>T(uP z=gpCmnEAHfuHqXts%Im!2qB~Gm%CSKw`b%)Ts;Bes=l+cGsx$oYx_$s_oe=7Da>r)FmBw~qhVC=o@d;eA$Tzye;64yKhrsIP)j0jyx#eb1mJib&_P{Nr;xAto*^K8*RefbxEdk|z{H7Zw(bpFUNT z{F_I_-R6~wNkP5b@5bo=}F@5@WEX<7S8ATi~N`-sGidGs!Q`TBKD3kVX` zgNu)3z?^wfv4POynL79;bZye8njd-uix1o!U6BG=;5&uFU&Z_${sJ%m?Ta>n(J-(|Udq^8Yh|IwzAg|BVr`w<#gT4Jq2 z=${#av}s`@ZqOs@m~h|wCc*B5rRZ=y(XV4(( zm5Px-O>$l7?C9#U1VH~5cRd3VWm4*jdk9)NMjR79G*Dz^A&~}`p)a5WDqNlz5$L`| zjZFi^q+51i(3EqXlZXVH27zWk1$i^^oi0^+Lr{o57z9Bu1XeH^QIxN{fFuWNnBd%n ztR}r$LpiwLS+xVE5iq4Gb*WM*rHPja29G+r{9=53cYcIWTCMe9G)H8lVp)#-i1K@~ ztA(>fe^0>~vbibWeh1Qw04p$S8#A|Nl08u^In%3=+AwBq#knY^BK%^V_~4y9$p&R|or&ZciAqHE zY7ulqA)Gcu!yN1#_5HjeDnAK@-^Y7$=y8X2p@1M6fK{N)2V?xN9^)njjh;j!!u4sb z@njemQXecnJaM78$JhW+=so)06RJn=d3XET7X%vKr?Gws)es3>R=RCc;N3xxZAVgIG-jRsWj~# zFPhiF5f!XtQI$EKp^>WksTPoi5>nKZs8Iq6TiKRTL{^BB5$pONT!VeJSfyfs8KjP8 zR2kJ#8Np&rtby{+Y4iYWCOV7vYwLn83r+x^9n|E?7J=e9k_i}Y%qWhz6>|)ImZ3P( zO>+1;qVqI}qyLM%=qEIh6kO#rbF9&<0E=k`IWTXHDHutos9^@?*8Hr%F6u-<3k}aO z8u%HO{RztRlB77M9g$MS$V9JHXiloxPxq1jtsru3nCMse)YxPFk{%k2et-=En9E=f z#{Z9d0}u_vpDze=QhPlqnuVcbDn7RvR2eQ?x+4qX8Lfh7S{Ep}Eg|@jA=p0*qp`nT z!4tD0oFzTDu}u03WrpN@m}p$LznQYHg5`P0Q_-pS(UsK<#5{Iv)rQk)56hPDKiK#M zIP27g7a&afKL}N3d9b>tD_(Ix1V<I+>#-` z;*V&0YPzn zqV26#q^{Fjv)$Bnj2XjN$2`|JW#NIIYl+EYV=Ap}<}+j!tZ!X03UP`W3lQgDYKlgM z?Wcdvdf<&~2q;qDgXL?rQ1F(<{bv99`D?s)`{p|1{&(k2gQ`yBBSS4wt)%u(GhA{U zsLy|Q7hHVDwQD66X3NCxjj#~ok#V`e!R4Qhsb;5`c`4?rqo_}NBqQUb5nU#Mp}88B zROXnHq0Tx~u8uL^KuyXHw+PYk6)6B^j?p-o_V!O|%IH4=>sTLshA>BF8BiI(tT?u- zt;=YN2}G0IMT#~lvNCO=AvA)zkYRW%SbbtmA@rT!^EFOvkx$CcM*KRSrKbyS6tnCf zks4mLdf?bN3yjx@^&!?3?4uIRq~runMjy&5b65Dy;x+zw*2k0Y=DX-Tzj&EnBsB|S=| zV%cQ#-&%t-+sBruEJ6jE)`g9EZn>O=r z(v3B;$jZmZ$J5hOgs!%x=4q$D?<_ahVs6hfeo$PiA#kNo+H``+FuV2q8J~^{pnZn9tA8--!P(2@@ag zNcJi)ufE6KO4~)jD<;^Xs6~a79#-2u(p?8F9mM{J<@>bP=S%c{>l)@Im$#F*Va=)* zO*n@`lBolKF^nOEfkFf(EG$e!L=;_V@7#GSjC~OJ@^b%nDX_!m1s_KLAL2Vz!8MoK z+FH{mz#+uDI*@~yN(%YPvxNKe+dt*qh}nf({P^)>(c~|@e_bq(ET~gC`6Cp57Wjv4 zw$P8L)+g{M;dp$uI1PaTpc>4O1F8YQfmYLz%K`DL(?-jP_-~$`yQf&q-~UIF(Cu2( z@fv1*eENQJ<|ElSzyzkUDY6>>!mB9w!qU>_{1j&U_RYoJ>9K#t>kYoU1_<3D{oOa> z`n#|B*O49~PnNbm`C&=V$vibbd-2JK_Ir)xwfgLbj33g0=Wddx)}hj0fS&$6e6I%> z+`D&%oVkbM^UE73A1`j+tKY23BkndY0@+g=LN`KWWW0E&gI0Ri-EyxKuWPy_Blk|{ z1EMycNL?!3(*eJX(4J?Wp2u!q?-xV{fV>cp_sw#ch465+?6VS8TMUIclD0~5i}SB} z@w07~XD{wVxv-w@VEs&WN2Q*zX}t7H`WIXdwv_pJ8)?ph6H@;p4)^Ko73R^;$oNjk z;RAZf>#uUhif^2i^>#pP9zTVm+AO&_0-bn&aZf zf52>?o4 z|3vgNT8(%`T6Uv>V784 zyCj2Imfuzw$U$@WTP`kFN6#*_U(((Os{(-0CvO>WL^|Z2sDQ60TAo1fFMIGi!TTtJ z{G>>Z1;2j7aW<>Uv;8C(YsvQRqdKtLh;t*cXb7-?m@b{BrN8(TI2K`2imRm#@wzx(+WR%aua+{swtmFg^Tj%}7`zdPn@gF9A}d$d1WP6A1J;3Q zj|mIcXJUE;W@cuKUzTrIJb|n50Mvbo{%-g94)XPORoeTcZCKGlV>Pww_KjUh-JsXa z(8qgu;+_X2y3i0syuPI$Rf(YPe0O%g|7Xq!p5EsKVAC=Aj<0?H{_OSZrD#C6eWku# zg!;nAXMS!jk?8vEo=?vt)1pvEchLFqU%YPyRPwOfjd}}jKnW=M087gNhU%7ZGFg{| zzxWYgf=*Jv%?ZYk6Nb!0dg3fGpjxF-;bKytpE&_1^|)7ti~eDxnPC6_j~4vX^Ha_M z$^*E;s+%zC-DXmx8m z+xa7^eZo&F!iQE!e#@6rrhtV=qYT)os(pEW`^%D0Qj&%{UJVHUXw#&W8D}{g$T+N> z!ahE&D0uzAOS_*<<9qc=S=1sRW=)r>b8&HL#{m-T-mh=()w98a5>h~Q)cWBt+Fi8j zY=v~A`m(a3%%s9)06@hxn^*dhuw zWQ3vt3M9x>wIV7cm`9zA(q>ScyQ#34+R#DLHy40r?A#y&hzx4(~=hMf(?tNIZv zku9%yx0b_97X+H3;KG6u320?A=nU{oNBT*UrpO|3V5vF|k!J5*D5YVszH~sHaEGV9 z3PDHl`}sBnb~Q8cK)mIhM=sOP)KykL=f#C%)<@4`kI_GKaer-uVvQz|X|}=avL3w2 zA@huNZlQ3e3ei$a<>-&9NGZZ?HnbWMb*k~mOM&TRF-=# z8uk5(!J%9=9RsHX`XM}f&ouNQ)z#G!FAoY{K7eUB0V4>>)fInQnP62nmMtz0b8dtT zTrk4lzPSMlo6r`kT`$-RiVEnAXTrbD#%t(naXhiLYX$2(;<7hWEavb-s~OGzj#Sqf zXGWV4<2*NEQ8gAdV#cFYwEd^@xYv?R=vR<+ zi%N64%`|dV$7XV>LMaQsC{~pSgl?UVXi_d5f3_JL%VT)z;Uu&&cHegq6Je5?Bl)i1 z9tSQH0&+*s;7|ay_{$bSy}3NIUtdF>>-xQJ4!MTr0!+;0wIadeod+fyebFi+00Yur z?m4b32tKdmbXgA=nld2++!8rV#VVy(%Hihx zXDzWIq_B9=U{2LSlMUWX&Q8RKHqpikQ%{*#Q7x>GX;phn2n>ZkvA?aYNpxRlp}uxI z`@IBon^G<_e$3ZVy8_C>IFkbUMsbB0ThVS(Hmi$sR!|b>i%~D57Frb<(;ZrL=6FnF1=kH3xcrFMxaqySd^pzz4tOWB}I6&*LL z$fyO4*56di&6-3h*4Y!yV{W`=*d>!QAb#qnUdtAx69)(pq{G7Caj?Vdp|4mdK2ohYZpE2be zB5vQ~ub3W&tgmPG$!+9BkU)u;ChBP;Ov-4}GG<&z@^lAylS-Tk_L6oxe>O*hloY4d-Gaa`26rFg7CL3qnu0^Y&^dPWGz zBuD3+6c~M&e`F)upcWxyV2)tnkO2S6qgGhASuc|VWH4c(xfpNXsyobPC1o+o*#b={nm6e+q zwz&36V??5;I!**?mO8Y48YB_U35{hWFjCPED4GquvrmiFA3aH4*LT_Ko|J$K^(;O_ zxC_o=GiDd{(1$?=b7F}U(f!Ox#JQ(Zs#1R#*HeC#HRpwh{G=ZZ(iq$Q-|%~=5o z>#)vx;IPpTi2=lxo2D)VlUB$USf=-6fPHe&ln^yZKJ_tFR3~RJ#VM+ZchXp zK}+5*09%Z{ZU`@fANY|EW+Wq1;ryP#u+Zdcpag6Ogp?25-rf$xP_vM-o40weAW|H7 z0tRW0MT{ZbK;w8zwKd@8Ls*EhiOJy;o;a{}h+>}}?A}jm=UWdqcKpj8xQYKab&=Z? zLPtmU^XE@zXJX82RVVi#FeT@G!onfbIe4?`kOVMKxd? zoTjkFHc#xD`nI;V&Q4y!o(=$xah**AwTI6n435**?OIExVxS%>%3Q$M>hqRp04Nq^ zfnL0zM4VzI&OmpMzQ&ew@52o#fWnyk0RWZst|7$jgWI4?zU7yIt8MI+mCK$gK7SY> zM!w$bjj`WkGUJ_Qy%0z)ejr9eQ2hWnU4$1q=mdmrui;8ev(fwBGT@hX;MHWnnbGaJ zh9!N#JX?lJ=4@ZYqW+yCD*zyX#zgq|_&6}Yvp+&u6zE-*M&+4#2$1 z=@?Ap>rdPg0Tus~L5PTm>>SUtbY5JzLa~2|emuDd@92>1S^$=%qlg??u)oFg{Wu}; zX0~f2;!7O0Yg#z-?asV({LQGJw7h6ew#)J6eRBhAZ|#-mc8$PTUqsjSmw90TI2x8p{L3LWIu6#U)Mc$&PJkH4O%!`76oT z5GG}RDE@fHy1eMi^)Fg64=hgTh>NQ$F&4V!;$M1judEx@aLJN{J$2RC0o|^u>u$ZZ zSN1v~9oFvL_r!4RtVsN&g7r3ZD&-ks?Rp(}a(gBcb`pgjT{69hM&FalY; z`hBpT>Dgu4Ii0xjwgPe7k-?h0$?I7sn z(=m9d+}&@hpiZ?Dhtp>~H~VZr*t!B_27uhJQTJc0ygam%8spS-Gc7{>aODcU4<6d} z)xN#rq!?1d!!F*4zQUF4zY~xOHy(>2RR1J;%a`ujaVW@IkxmO>bsXl!A=FTg4)*)-?%m+ctOn4SJqZJnDM3VEULeap&{UfPdM4&T_pU95gP*j6 zE7+PQPHAy&c~thES^#zbMr{v$OWg8q83>(qVD%)-=D*HZzS?c83jhZ8m|7;-)rNP zm{aJ_ko#&t266?|xS*w_rPEXIlF*5~U%!6c^9fMqX4uE3mX?8BQ!}&V@5g_;65D`r z8G}yom1R!xFgFied;`rV`fBrx8K61c9Ff4qz=Ju8|0clvyLaaQ$&W?+%xR7RqksB` zd!9=IB&)vF1K>FTj#Op~-_6vrL)B*#@srt4T+=RlS2yNJc@bZ92VMfU8$InrLCp=z zJ>|5Z7EZz;-#=gM^UZllFw|@bRE4qQ8W0c42}1SF1A(cD*>H}*DjMi{!O8FSDA(o) zgTu4T&X(kRX0|acf{{-oob3;qwbl&zugY-r@V>X(Z*3L4*Xtv666btv)PN>Gpulwk zdRU9oyvt(iAs~@Y1L<+=r(3up`Vb}3>mB7xZ>2)$+o-;b6HZ#j4JCc{Q1d*^Z1T$_ z8(D@Fd#%(t>QqTY)vrUON5#^7MxytHkN&f7q1_IoBQC z1ppm`N<;{$ldDQbDE3}XW@kaaO_lB``4E{e1)iv>7M3{jh%pPMHnaf~C{X_mWzk60 zEfCWe8p_dDVS(BQ5u-v4>u`!@V+@tb#lX*p$xC8JMN1{p-AJGdj-&zrAsDX%?>voi zZgXD`2PEi0Zs~GX5Q5qKS*##2qKPv(yX@iK`LlB9tYbeNs(2n}%pz%7ZVb&Kfd@51 zXIXM~J-dM?W<9%BrFMwn0LI#sqOELqJ^y8Yj-mx*af5bgHp_G336oezT5Z-#H=yBC zL^P=LFixpd01H*u{Qi29!1dTY7Yw%JxG772iOfc+xA@9TKbbJ9_^@Gva26#M@?s@g z*PweZ6UK?ntrm3tMU%}XRXZqmH4CINMUfnRjtZqSDD$?yW}vec(ae#vpsPTf+eCYl zQS(`F?>!q!1($j#xC;T{dvcF4VM>rVI@62qg+U3Uf*CI>v_Xfy!?FQU%KlWcB*PqcP$267q*B~d<*-U2C;@0gat{4=X665J)@bthbWT5CWmE;zs_dkNz z>v;8$3K*)%DFM;^N!zH%YOPIN$|~XE22=cd*4rEE6NUvU=@Rz;Bi4BK%Z0UD-7_q60z0K!xXY4+x1Jz}gn=>Bn z1((xdvG)+nQ)yQXf}%`Xu3kxZLq;dSL~pR*O)|100iCJ49gyauCs; zk+K`v@Ofz1m~-8N+^AUf)b3wb)`6g~t(+ThQv9G%#Y>tLo+!6|s9%kn)9~ZxWPehn zARjrl+eWCi6i!qov0_s4BpF*Mampx7X}KV@c$f&I5&=Hs+-_%}Y~Es+CX}_HvYv=! zh72vLqgGvPwV=_NMu&g&*{5>gR~qC7UC-b59tn^&aDLXnU^GHhMiBeY{e5bHdxO;z z6hn7&uFrBq0LFEmp!xtd_610)+#y$I`^*mqS6bTzKyiRp4!!p*<~;nb<=1GyGXvy& z0N|~Kj1GR(%FGuNm5$IQc{rbUkn@FiC z$Ia*6`}ev8?(-FCet;LQES*~pPyv4tM#u+vKDD$w+po4K{mpQuH685Ha4(zF0!1jm z{viQYWVqC)H$apA%MRMYbzL z4V?1o?j=ww^Ss*<`O1oYYwGGe?Qf*s0N;osQVi{6LVla4={zV*uaZBbGY8x`MRr5u z!2SJozu^8uKRoyZcaLCDTe0z;d z(l@`PVO|{z-?fE-5*-M5Je;3D2b%t=YWD3X$U2Xpn}d(8DVKc_2GVC&fx4V9>=Df1 zpdC|Ql&&{Jt72y{=hCgOr4cI~hhk~>Xwu4Lp>*Gh2rCp=@ji!phYu=%oRIL(r+(zG zzA$iM1t+nll9HInZ$IRgsM=ts&tADYsrM#=3RB^WU*${n*j*OZpJtT>sra^zl~b zCiN_U^`GMSO29>nf9u4L%m2|NvwH6yYK^(b0=8WS%YEkpuu`3xEz#Z4J)M2eR$)zG z>&98M`YWG)$2j*&=C4+QQ#T>z>c%fFE&aeMW~CDHoj zZt-S5=e^D59M~7$jsFf{u|ZzxH~YMRIwXA$VgGu*($(x2{{zGp&UEdce9Hfo{(nOp zpU=CU{w6JbZMj{HjJ%5RnzFfvvcW`(eap*_x?*|1YetuD=5#D~dzH`t6W!X>anrR8 zqz*GN3c>>E+nMbMeKFD?+uQa3FCUazjD zQ<8{QuCL$U?@Q6wlT$5!PSP!2uReHOX9DnUz}sd9z6Y$k<`5JQE1=`y?VW0=cf)&b z685o-n&uVnEs%+}flP#RGh$T|dTa4`_F+>$z`P^;N&*Ao%)c)K$Cw-g^f})o2Tqcs zlq0``g^SbFtioPE(`pG=hSKnX%}d2|pGkq@)9_z&ga6ku?*Gn9{{O_$;TN9ATjPMo z=Ah{_y_7%j2yDH?)z7BV+YEvTd8U+6+TanXyX)gp>qi6RQgVP;0zT1#>?jc5gX3v_ zX-;JKmy587U`2V%D$*zM1IQYJi5z3!BV`p#RFeq5v)`$gy;fo$sEe|4V@o~gT(~qZ zOiY$m^m9_cSeGoIW|o1@zP5?95)YqxnAC6f^X=DZd&x23{!_dtN3NbPJ;jgI1$ZhI z&bju{-Qn1Ho_W#zrpk|j$Tv}E6mfOQ3*;*AK`0^DXvst`U`j)aN)l` z>1jX?s5!F<$EgZM8Sjh>PNT>;SBkrQrwvg z_`Qg{HAod3XvD2peN$ydrjouehtcIXOj6>{*;x|4wvdd>Vpm|72rVoxb~!5CfsNLT z@*7>fcGRBHto8Huxlt@5P`m|A`kRnHqu*!pZz0mhtn8DH3<9(t>E&qgO>~Emh+N2r z;jSXJP7U~9XRcvp zTE>UP8hlv2Y!8Myh%;Y=ey%bYJQI@^*sX{%Qm?VN*jh_2=g+RDVPENd{m~%rl_Nk7 zfJX@cv+gm*i8=&c9HFNT&yLU45-%Q|#qFP?dQkCaW;{h6^RoUZ9a{eb z?$l!4Ub%F-d=KYp$Yy+IJ2g5OMn6gZ+2xU@LNOhfL%}4EWTu>MriW*gqL=MkFfZ^B zNzJT)-H|z>1rKq7MFV?L&^DxrEMa|7jiskN&c(+{3SkzlAeikJJc+{yvRE}KRZeu+ zjmn{vWvwOHu<>{sB$>s&fn@Y~OlS(N?XJnvoiJfuBPo>0)E|DLC9jdK$f}MprH&7n zi#Siq^FDZNMgt^3TdqqX^ck@=+cXhnJ#>?Yz-?;ljpTmNPoF)rTs+y9%q`~NGLfgx ztbMwrT~iD^yZ!k!7JX+8lFqCv7IBJ1vYy(Mwrx0WSo+H4y_9+?AZQpQ=MuuX&G4^H@^Ej&x=_8cBtnz?2v-|VRB{+Mxx0TcB&S5lS&HUhBy+P^wx+fIcGW3d}Q=L@b zSjY@e7#2v?RRGvk-$9#0f}(z#sD7K+$5o2O zs^r0rS%UYst!Ch0kNA(9rre`ZVwzFZY#PZU&^;afA#wFW87))71a9|6dl8KxfIyZ} zJ2M{I?66@1p=Sd#NmC|{!F0H1AL80+bnS#N16v(z$R|8JLv#H2#1vBhWPnwr@N0s# zQ}#QkPy%6L$43LuH!tUuFXd==wAn3#P?yClI)zkiyg-G zNksas<%r}M*=BCBkX&{c2A(-NWG_Z-D7jQcx04z3hii(au>r2+rO>4y-vZN%lZ^Ce zNq^H6AF(jJuvA3t;`?A$$>di}|HuP&_#)19NwmzF3f7Tofk%sM`m}rfHYtaZJbMA_ z1MyY_r@WSiW|DELDnU6f9(%q-x}$r=)^+(f=KI!%UXv~$Yg6S4R^!qd!vI89l6|Z? z5h)unwV+8fJ|XRO4(oQwdiu*XG7nr5eJq6M ztR=r9n~xEc6m15BIs=7mUG^!Q(j4n`AydC;m!O1YZ{j!<1VoQB>K3g-5C{TaN5|;; z#3x>8TTRMDV`%vj)RChS~H>I;-sw270)L0XF3%U%d z%v}RPo`-`ZCB_MLj&D5JQ^P!Jx7e+xj6FkezHk_5W57K_cc4O~c!4!2ZzMR-453Sl zb`xJ}&{B0i_hbMq2}@rAJ6<4Ljuo`I`(XPq^`(wxDzdFLhfZZ+CU<#9DFmgaQbK`Z z#7S!v>nq0%!i%9GynaO0#h(9^8#LDFes_Db_kesS9PmRLgJ}f$fN$WF6N)*hZ*l`| zinQc!?_HTG?p>W{zn|WrI>5GK6y>c@ix`)SCF!wi?)&;Dg!ef4fAQ4XtH+?_!@Gb1 zz>nPNf3dd;CF*4>vn;YYkiLC!>__YmaKKOLb$RCLw_Wo*AT6}2!K2h@00_;Xi<|>L z7!d-Tyj)RRm==~s5))2tjeIudfK1i|uy23SY8cR$_cT4RNe0{DHo!#~fr!kZlKf&5 zYXXc>EAl@*6mZv`*Q{LD7^flOCD4$ryQ{8rcaR9hyia>5!@#TlA?e%0=`^_|;D}eniGZJg$m_bS>N4e29=^ylCF3fG?FlFt(JHZOA3>u zly_x#s*5Nr^ACJNoeXwj&b7wnDuIs=~bmn7i5laAGpzM95aM}5|w$uOjI-OS*3Q0 zv7w9MKu%>nCx$CRX-X8q=1V4=;|UptGLc(uYDfiasY`7bq`ej%A8=Lml!STdLI;{x z>&X!Yru@%ok3-{vk9dZmmjc!=T&B&nQ`zF3Vl(-$?|fX{j-_h?ZXTLE0iLT&Opd~$ zV%smgIGCa0ULzRZkOUrpujknAJl|O;gZ*)RL~MK{t9L|`Og=$U_)?>7ef;sE%}hDW zGXxqwGgX<)Y&7(?EQgw0?Hj2hPpT@3{=?&}jSNxfL%R^)LqU3vqs%xe=^-PG!VIQK ziu#RH=XeqK%7$lrsR}J`qgi{U*(&>OCU>YRV&(JHj~QiK)L0X$7%605q;kZ*jsrgh zyPT}SheD=wbU~-z}B0#fb@gY zd?b6~E6Wzn6unThnt`9B@Dzml;Q1yDRy=GIlQGXWqJuX6{aoR#W(x3pp;cM5 zHlsG9p~Kf#dPE-$S)b^>iSjHLk|@kd?`BJTh-g-Y9;&}4kX@@CkyZ|pAgvgznG;Ma z1r5-6S`*#wFCWwecwW(mmr8{rDCAFrvFd@`z@sR?jN$!Znp zc$p|4D7GbtMekjCefZy+IrDI+`*)9L%^JdBC|g-3WX+7oPBHeGP{K2|8HFsBUC5T5 zWX&4JSjtu?*}_;ONs26CBng8^_O-fiYE z2W+L(&K;qKnlM>cZ8k?1MQcQ##Z4hEW4*bV+e`2zVYsEC{<-nY8dYu`Ln^Cv*W0RO zX*_*OGH_Zg)yJ(F?R&h-*85*dV`ap)aItnjkG^wxd$W%L9ua{%z)-h=*Zp6lm) z`HMJO-cJyX{&Z@rZD@*A8stlv(@U!*P@m9Pn>H6d{=PLhf3WkdI_?Ge_=$+PP~8qj zMB6FW*4a5X<*lKZ0H4&ws!9vJ=m$@6V?%Wd1JJyscdc4e=6n`6%7m^>EaIZ{-!bYI z6dL3YT<1o&Q@^sJ3S1|E8fsBzHHKI%rP3^-9f&GP;(6{zq)T&go}KOU!zf;=wzQWT zU~D%=(jPpR@7GOCy`3=DZ~J01Ei;?%C9)#aVqPL~kE`;8(Y40F{J=Rm@YSng#7^Ip>7 zAn}hIxF`e1G+ZNfVP;5@e%yT6TD!nmo>I+6@M2!wKCN~?Dmhpvtl~aq)-ThtqOkFH zGNL)_Dq7A{EtCO4LfZ0S^)h_V!bIm`Ze|ZQs36kLkwS_#sXu!-tz2+uUBVTnCys=8ynKY`GdbsTj+3qRn?;&9Eagf7kF3#s2vr(=(~)EU+KbLN zzI)am%A<`SUO5RvtBc@aI|aa{!_W*$FiGR`O>iu__cw=g3Y(7<&6WDYs7{IOM? zyl1;p79yH~Xd}^GlT@(G@}PEraV}i?!&*97N0EtY-exlTafhg`c5v(5v!BGn=4B_= zr4xDzuEBq{<%GoxH1aKPV=E$GwFzDnZXPlRN$$UKc44?NU%3|q0%G#BIc>T|N9W>qe zA*|vrDWElSin4<#y?KWpK(z;VJrL$cl))X(P=01xFr;t&R~2#EPOb4*(Li0k00;t5 zZ)~o@4$p9oi2jc55^wvTsqO!VL&LikoUA-DHogEal$dySD{*}wTiHon`d*~Dzf@$$ z%r9J!#PRk{nq->0FA$9~KCLb;eVBdBj|?DIbG=d}Bg;T*$r#|_3O5SHqB)yHhx3aP zroqX$_f%#2la8u(VQ5e)Djf4QZmV$SrJ<(;pA@vDHD$}q6SRn|FRAdbs&ULpN9LQh60xi|$KDez81fY^03P zh1kfL9QeM?yQ!&`n_u5sbc6Ak9`4LS&g)97eXYaQl2-4_5kkgaO0f3nFGUJ@3f3WZ z=$I+h-SQFRo;hi&fYiZhn~VA<#k~B5)~IyK2XiNwx!5I0EZ#~U$#XZ~xgnJ#Bz#AX z>tOs8D$QYU*UHLnbnsf3qOk>8<;mhHJ%+=}=;A9CpUiY{@Js9*Y=?UN9`vX-AvY51 zQyvhOMIcO=Nmqu z+|T>E_GUB{vE|vDUn7FgDHAF0&riNE2(kdx~zG(h<5R)dyPK( zY`M*RQ3AJt*bnFRAwPJN4!+kmBIP6`6Q(X+rMK;fB`m<*SS3%vQRM}MUJdKi-dnYZ zq+W1XmfRJfjTQ*f{6qXBwHSAgWvwZn7hcui31=yk+7Rww$qAXj>!;7==^WeqC8Np<#kQ>7lnl~%`Y*UF;>&Iv@T@73{B>3DMe|kWDVqR%cPBpfK zK(NszS`31rluO$6-7UAc@!2u{eng4(a8lmu(OM4ttcI}iXGT@`)Anr4!*A$B&r;)i zy|dTf71KXElMr1rQ>Q-!-3=3Pw1mQ#2_y0+g5!>N(4m}qINRDA%;Nnb$k!CqO{fND3Y+tqdC=X^=TgYyY2h{KxoHPJC6 zd7yUberTBRXgtjz436MZ$XbkShRUrw-kYEU(}fY#=27rsp3l+fmrj-<*wQ|%M?p<` zp8JE`v~J-K=PR57@g?ES1lNrTCwgocnBCem`)>k|h0?Fslw*jUb?e_L)E;gfIjbH; zu07`KwVqR&^pr)Qh7EabUOb4g%2mmf{@If>&#|L?v5^VH{5`D?cHXZF2{N>0XRIR` z439{NP(@#)>o!JnzG>*CB7khUZU*BcOW85-hh|8JcHYSX#8o*5CD^)o|03v2Fw4C_ zL_v%QBH|bLKsu93hnfxDk_R%E1TlJb&hkuE@|7bHVWIeOP1w3?T^!&Sj}bPc(>^7-&}I6HQlqqz z=|?p6xI7#NDM1QqU$gHmZ0HPRpM5pD^f~LYL*lgf%{anreq}+->wF~-PL{T}+G%3e zLaLIMMjGhJY`z-4&f|Bp%~`SNl-vAhfjJWa!kzdPt)h;)3r-AGlSx8o3{?S!!3eOD z{Ic#<^a>Y?!fwkA#o2C4knEr1qk0saCJ0LXL&}NgIu4Qxyq*mCRJ|?L%9Lo2tFAke ze7&D*_G8RK4a4#Vxo> zIv4Ag%nSCYO}?h&XE^dcV$fOhDCFlT=bDodq5Qt&jyT%^)CEzov(j*hnZQ!}td^2+?=ofLxK@Ru zhC%YE&N}A$Tpz;zf7cI7Alh=nsRO10QQ zn=#7Oo3tZvPQxPj$;iFD1KNrw;bPnDC%S2+M!S-4RV@T-D!K3nq~3hWP$k51(G#PL zvg=|sL=Rjr&f!@jKf%w``7qg5a;w*}nbN0uI&-DbT`A<|a_e$MO$%CN3>!-75}Gte zQ@XN-bek15jc7@{`1k{z>m4Ag^2Rr6sboSE(d7~p-Ys&<+2@ga_0hq$P-+EMQHk?q z0^+x#tVH6>B6FVfCeyb$9xFfX%n2`14N#KzlXU*x%h^WE_j`f(!wFyJlxO4iBfROQ2vR4p zZqZ!&QJj$hIYS@>1I;(HSMAeoH|9yB@nf>Kdc8*|C_$jpA#$!Qt)qLI6!@bReb;Pql_|0{y?^X;hTm`KDQ}jt67~AJ< zZj&f#P3Y%iF5!l8XOlY_~Y-ACUCS0Zk|11^u;vB{w}d;3X1SgAb(7Tp*x+`&JfHE=psUG0mP zupLsLJe#|4zy}0Pz`sgB!J~sBcLE>u55mn1m9%|&>dh{`R_7qEqw9FE4_6xEB)M*EVM}SAE6wbfmde92VY1#vb#jP zeFq$TR(=1ep#4F;`VPnZb@!%$^zSUe6`@THD_`$_lW)D;vYk%2AvYGXzdGZ;^7ZRZ z=U-#=AmvA2Ua9W`7Yotq9(?fCJY+j*Da3DI(7nL>%sTkqU-aw2eoJByvybhV z;Ln|zJd`UrGZMRmQndNedpWM}%7U$+@dvO$*eJNiwQD|m%8`hDL=(Zo#I%#QcN(SB z0W7tp{{|CeKN75Z{&!qQ#;b1O|D|TPI)(ca>jeb1RjZ5ejA+PC;*M;&VjC_d()i%T z2xak5c_4B5hT zy!MhgP}&00=f@8Rmd>TWIazDanf{BDW!?syY(FBPIrQ^+x$7ptcWY?LDgiJ>?oa{t z_RRHnJD%1ZlouxtVc)WBwL zTjJ@UdFhnXBXDz;@V3^x5U@s%gLjrg2|yV0-C1`EQT|o|IFWE04eCo2q(B`Y1<@cS zWONk$hUTz|TxKoJEjMts{A@@JwxqzxePKE@%PT7&CrI>|&(<{$k10SEj1Vb)Ffi^` z-hiWpHm~Irh)hv)@hlXcmUz88E1>I))BGUJ(_k@ixO%|8s)1 j+3!@3eo^1 Date: Thu, 9 May 2019 15:25:34 -0700 Subject: [PATCH 065/117] fixed images --- .../enable-controlled-folders-exploit-guard.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index d761ebfc85..fe87bdd2c0 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/29/2019 +ms.date: 05/09/2019 --- # Enable controlled folder access @@ -59,9 +59,12 @@ For more information about disabling local list merging, see [Prevent or allow u ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) 1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**. 1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. + ![Enable controlled folder access in Intune](images/enable-cfa-intune.png) + >[!NOTE] >Wilcard is supported for applications, but not for folders. Subfolders are not protected. + 1. Click **OK** to save each open blade and click **Create**. 1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. @@ -93,7 +96,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt - **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders. - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization. - ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png) + ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png) >[!IMPORTANT] >To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. From 7b826ecc7aadf0609b764f4681ab6772001e6705 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 15:34:37 -0700 Subject: [PATCH 066/117] edits --- .../enable-attack-surface-reduction.md | 4 ++-- .../enable-controlled-folders-exploit-guard.md | 2 +- .../enable-exploit-protection.md | 4 ++-- .../enable-network-protection.md | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 1a68651c4f..cc1cc8023d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/29/2019 +ms.date: 05/09/2019 --- # Enable attack surface reduction rules @@ -26,7 +26,7 @@ Each ASR rule contains three settings: To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. -You can enable attack surface reduction rules by using any of the these methods: +You can enable attack surface reduction rules by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index fe87bdd2c0..c17a0c7285 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -22,7 +22,7 @@ ms.date: 05/09/2019 [Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019. -You can enable controlled folder access by using any of the these methods: +You can enable controlled folder access by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index 58cb4ad00c..c2ce902a34 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/22/2019 +ms.date: 05/09/2019 --- # Enable exploit protection @@ -26,7 +26,7 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine. -You can enable each mitigation separately by using any of the these methods: +You can enable each mitigation separately by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index 8df4d37da6..25cb0873bd 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/22/2019 +ms.date: 05/09/2019 --- # Enable network protection @@ -22,7 +22,7 @@ ms.date: 04/22/2019 [Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. -You can enable network protection by using any of the these methods: +You can enable network protection by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm) From cd60824364d7ea4119b37af656ce8fac1e09c39a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 15:34:48 -0700 Subject: [PATCH 067/117] edits --- .../enable-attack-surface-reduction.md | 2 +- .../enable-controlled-folders-exploit-guard.md | 4 ++-- .../evaluate-network-protection.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index cc1cc8023d..6a2dd583d4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -131,7 +131,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe >[!WARNING] >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. 2. Enter the following cmdlet: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index c17a0c7285..d2b9eac2b9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -96,14 +96,14 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt - **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders. - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization. - ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png) + ![Screenshot of group policy option with Enabled and then Enable selected in the drop-down](images/cfa-gp-enable.png) >[!IMPORTANT] >To fully enable controlled folder access, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. ## PowerShell -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. 2. Enter the following cmdlet: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index 74605b559a..c0ed880905 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -34,7 +34,7 @@ You can enable network protection in audit mode to see which IP addresses and do You might want to do this to make sure it doesn't affect line-of-business apps or to get an idea of how often blocks occur. -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell From 12a7d68480c7926b83d1fae527be0529c589c201 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 15:38:53 -0700 Subject: [PATCH 068/117] resixed image --- .../wip-azure-advanced-settings-optional.png | Bin 14186 -> 43333 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png index cd8e0d0388c3d30f4e4288d6884302ee048c3bb1..785925efdf7d8f2daf549c90c5ff84fb6f2750c9 100644 GIT binary patch literal 43333 zcmc$`RaDhq_$RD@bST}O(jnd5ErN7|bVzsS0S?_=(xTGc-2#%*2uMoDyZQZR)_Uh| z?&iXE1jKW8JMvfv*uQx3(g6_$e8V!TsC@bJUmE}KU-wA{ z(m5?HM$?Rm8^;_v9xng399Qc$jPqW;mXnhcdAOJvN~DY3?ATtYGfkvZfkZ~KL+W`W zBO}juCq#U2zd0RJ^Yh3n zbb`_7_`Ca?^^E=aSu`GN33JPeJ+WcjT*ZeP?YfQQkwz#K+I_argLN@1M4Zll!|mNaExe9-F1>46$;qkzG#f43@^%4(U?9iz;r3rRItd55Ju>bQ+Wur;G@e>SSsDH2 zHCZtK#-5XwKWk!(+tIH&({M0ASp@}&G6<>AC*mhgXksEB^T%Gp&1lqYD|v7 zXEzy6V(9N8ffrkV#SnDFT2eGLH1zlP-(2@{-Jjkj^P4yI@bF0IFhAR!$mO(DrW%pZ zuF~S)KRU7_eqtWWc&GcrRwsc{DrS=jl8eP!^VHsIMS%YoVuopHuvQ{6*7}rL5S0RoH3gJ{po;280rvPGC||iqbjp><5aRJ*685c zmD&DuaaUK@{X2*Q@p;bCT8BvcM-B&)r%BhrBhxq`3t}^!Rta%&cywYb;-)Srjlx^a zGSzQZYST=J+~%=_?@T^)3)@WO2ptBUZ;!}4)^t32Z4D;Ol&aKUP*G92AFpQ9sgUZp zT|aCN#NpAa28`h?HNzsHzrK(S-5t*^6pw^g&f@L*UirbT#x`)s%&E3JC@6^d;X2rE z>4zHM2Q^O!G2h@~yRQJ>0EDElRTgDVeJPpogH^T9&DllD!~SZU_tnwT04ZxQ%yLmPMf`cqz%!YlFSy&dFmI zcSj9t=w!l*>FUMuYA=>Bzp+!rM1N)+2@tN-Z%L_Gpk`+^A4xGE+(J=&9sEVNfu%6- zaduWStP{rK&cVy`&#vFt%|A99^B4vPt`BjQ1)EhfcvsWa&-qJ}lzpT_SW^>-8rTC?AziG=~-NiGjyB?=I5Jh#*7G3X9L*ziii|nzB6Ts zQ4!HmR^(^IwJ}0=`N{Sw5%Sa(vmE2BQU5LN-EAjZx~sGHsHQA|a{A+9$goZUllWha z(}{1<9orw_N4}U+Zv8C$%&$>rA{Ar0`ePyL2R)Mwj*V=k;>%GQ5;lFTXg%6fbW3oS zNTcQTyS#^kt{?A?Mea`|cA!hBJ#`3M_Qp;1(Y=hn7dx&uP`Co1%ie1~=drDi7ysrB zT{u;3$FulQ@K~tB89aBh-L(-EQRj#KkXtyfW=GFx#2`otDe|(ljXGG=e%HSdJ{3}n z_tl6s3lPgbtdJ?q33AM@EA?b@~Sa0XL>lofhoG-4J3HgI4@q z@di4T97WwqYmV{|T|~0*DZkr&I?rid<8HXDjCu}OdwqUs0v5|Rrh!+h-f`oJLkzb= z4?Shp8G(a^zh0r>s)k98CQXsuD*DTsvj0^q{~5wi@*yVUmO%JlqFhayj3lB9yN0GL zt$}t)uMqgN}1eBC7HK!n~HTv zYOH)QR?Ce})c8q)Nj0H*BLe%W;fAtQq^d*vYC)$40X;i0=mGAka z>|Dc2>NpjYz4|yzO~r)1rfxHhq!Ei|4G;DvI@%;!1Sr1TZrZ$Ne5GgHb%K{@ z!gAQtb~zwnb=T4(ep&Y($;an?yGCBrs{OWf&nZ?V59onRAbY3w< zChL+a(*X#zqYo1k<}w@HfHoFm9O1iRoneU0-b^V*bin7ITMA;>Z(f0xq=S(T|7g_=XWUHB&_8d0hSuW4nM9~Gibb` z5kXym>?9Y93P)g$0t`X?<7NT@l~SSw0U9CKpy#R>fF(t0fi{MIH|By7#9!;Z|2FN) z)(-Znygb10r`rdx$OKMqMnZ1=ROvjU*4yLZ-#pD&NnmVHk@d!+Wo|N;BgXoG+@y<( zD)nA+Q92=RL(wZAN~&%|=ZM+Q2R~!y;_TT=p>lNPA#z(KI7DB?e>FHvjM2X0cijs} z?6YxU=7}-eAYApkvy;m-Qj}Z&WQ~W@71=n>@T&1N$N$ljyAK*nwT^x~SCL8#qt#cj zA>?!brK<1Ys`IC$Si)Wo=fxv`Do!;hc&o>3Ffm$0;TdM!ElTRON8z;AX(s1MD}{?g zQW9{!m78|1FvCTi?J!mF3XA$ik?{sUg$UUtz0i9*`9oRC%T@O^UnrFTogB)9;5jNw zGF<;akt~PX!EzHPUlEw4;r>vrbN~b_aQ9%(%`-BRd$yUBo5#i&(<_BeH>(>zZdNs{ za-fBVxOBv)@j6jbGN&_YRT?qKf9ynDu2qaB{;JSfnz-)lgx>iOK_ZKa&n6lZ1GnKK z`&z;!YJ7&hBn@Yyv9tVdrL;>myM7$05H)ii!9@sB7T0fbH*yMvZk(U>%U-s+V=da% zI4d;j_uHw4)VX&FguGI8i_wE8fp>Uw30%M7aH#^>>VMHBlFU)X37U9S+59%Z9SF)# zQ*|OAB@BkTOTF}_YVv;uooLEsGKA;OPtF+79Y~6>DXv=zbs7_{AW~=Q*Rv*L_OEFP zQm>qGwZkisFB$vmR+Mw=h*mlizJ5txWI{CWx-L<}22a zv2OS(6?~D)_ApHxwp9=`%Nf_{-U>Z@cA}EU=BFY@pgjI7q|2PMUPaN4Q#}tjN}@%_ z$c6LNZ-UNAV#bsoi(tnOh}U21)a+=iiH9N&&2VRkzI8Ovj22h;o|d$fb~gSMVi~r~ ziM=k&L*|`fL_DnU>oW_R^TE$58Z`6ar2KGddQ;(*g2aD+<`TK;J69;JvEFuoZbG9E zp!A~&%O5dU^P*+7r2L8<1ESz~mJiig#2l1cDHM|_d>z`tJ+L&@XIEDPJ;Jwpg|_aF z@AV=ohErK{`AW4>LoK+sBe7J&(oJT@vgIt<-soCfIx_K5ZRX5DExsKhQO+;H;S_a@$f zZ@y@ji)TC#4|13m)Fm%up={Hd#K=}w@@O$M;G1G^rZVYFs}-IXt0ML3IqAn={L~wQ z+s4m=E3xoZr+bIxVuZ^;zJ3LOf^7z*Gg@Ajtq<`9Rv`Q7;B1(|54$BTQd08je+Tn) z6w;<+wO=ZIp zcM12li(ie={^D(DezZiOx(R8ujWc69w9*ktBh2mOmO^IxgF3Q`Gdd{RNH)c%MRndc z9^lgt(HWhij7u6S!ceRhl(p31wwerJi07a^i-=|>|45_JQyr9zH4@{+n}i^>;Rg3D zJ%`-8zphUmAbakYntd?w^F=SH(#D1kUklbYn_){uVVA2FhGpS2{%p-$uxq(pio#)( zhx6Y(Pfc_$G&<#3^(gfE_ox4qEUlWj_MNy5F|YAgouoZv+@$S6iV?zj+E;LH10_}I zM8kvUSkq9)(9cXP(;-C3H{9r1AK0%p+{=DerdKzY+$e0*^L%7U@03rT*D3F1ib?Gi zdtKl}RDWmDmB3&*_P36I+j#uDYS_|hYl61+hWvtg{qSPGOT)UxLahADPMCXhef5A? zqC3nVD7^A~cOTM7EUHG7#n;D^Qq?<|B*dF3^lU6|J7ejr6L=VAN|cCZ70zDGdu{#X z_>Boaelm93)HWuJc>T947(s&>5?OzEA%&zEjns%*V!%YD8qoGez-03pV?m3`;kfOJ z^jDY-740Ug7^(W$MV&_mx1D^iX_8y_o??DM#o>iM5hi{HpSmD+eSf2)OOwm4bk1oe zhTus+7LH@IBp;Laqci=)3)#k>RN~{4vMsCfWeJB3h=bP(3u5cnpq*xj!+CTIwxzm-h7tp(w{2=J|X%R}*ffUs()^sOi*90f%}@+OjdJ_~X2fHrlWu`*5H3 zSgw+6YdGV(aM)zD6;~B^zwmT2n8g`IPwHG2qP}i2AtQeku$U@5LQ%M*Iz8WgD;AFU zF9i@ZUG124%)s8mg`chQzw5Vpy+(uh-soli9z*DSkG(U#{e#230mh)&_wF*0R*AC9 z&ct5Dd}zwWCEbatcDxw&LK63_*}`1iT@kEy-1}c&-ZN5NVKgph`6~YTWR^woj|jn? zo8UMq6W+ya!PX+c+Xyi8uN`50E<3V8zE=Qbr_Ta?#9214=Wkq7YJHjk=6qM=T04)p^vH6rhLp*c!P&7ob zl~v3N)X*;x2#S)Hk_FDITmDjxK?0Rt_|j5RY(eq51FP_VQ1&O!M`=gdE~PWjLVVMb zbbisN&2CeB2}LZ=io%*l(AMVMVm z8YL z9^QA-H6S$D(PaqmI=ezBGR`O+ zfhfCX;&>)&mD8pM{M{fH`OY|T2BYSnWbJ*L?7U@cOa7`t?;Te{It>_By;qm21ItNSbEuw^q$Vw77e7?;iU#<>*?j^W_P-Lfhg zQ5F;jXKa!DUs00Tho}`w4^i~ts{#FCyZxGIVbj^$#DC{Q4ozdXYi6diS&#rEAcw1p zlM+r`dF8hU(_3>p^94+p^wDocr#2WO_l~J7`i(Es0!nkdx%8s5BKE7$%l8 z^Ip#2v!CYsP^CLck7x@GXLs}!}6dIUrt#@-B5SxTBeQ@ zdE`~1n$uMHP=^`))nTo@lI`*k79O?nhdvfTUXfgyOW=9;qixTk#-z-v(pD(b(VEn~$ckd%UNGp_(mIEA)SQ=qpNNvqK07k5pzhy2`ZV zH|U=Ua*#4^fS&Sqt^tza4ddH1!b>~tJdIN2i;yo{$fn`Z*ihDTCd`=O!KATH*~dD+;A$w5X8Y8Jpcx*vB6UxKkd(qEui1jZc`Ay>RS?~{%Xrr^F(A`_vp<%AyIUtaTfiMN&fu!2*FQ9*lz?2G zO+D%i!GHU^HuJo`R6}%?Zi7~tYS)uPhYzhnq57xJVbcLu8RqsU#P;@f;1rOuoAd(D z00DzkuTUE8yoy~X`{d-rX|sPUlV{?eQrr{k)YOzMLrk!Uk$H1FiG&)tkPu1D=c7+@ z%E~F>75%42J1g#M`t=rQSKnKsu4;Pa&EAqR-Ng0m{Jp<9&)3-+dG}~8DJeNPVmkN< zY4?MUoS#;Bz};v%=VHC3yKnI5(?}#19WpLcn(-6FGA1VGe%|M%VB^i}sp#<zmOl))1}*;{|$R16Ld+N_}?pvr{B zzvOt@Ip=iSZSXd{6QElt1-tIdlvcmlRp(DX#_PA>tr|!sWcMq^b3-}MvkXlyhZ$?q zKK|Q`6KMwogc>la3k(tc-R*np4c&|JeK67E*#h(b?${C&6T{JnxP7iq0De2?dGzlH zhz)E#9~U@UYM40bY6r_He1Fmtjmyjdsp_9oIatw^5Wj8^p;;N6|IXZl?w*2 z@3Tyx+vVRC-S+*HurN8F30k9zy(vVI7A$^2^I_~D>&@?J z_dMT8uAx@`{J83Xv^((vjetY4-PapvZa_1>IqAUwt@`cDidrE5m*)CqjDmmO1n*LB zIq`P~?sPp~^$<+tYJ)>=k;v1%OHl%sGp|W+ghDC{MfjlG)!&shuLI_JR^L}i4xovE z2GDrZBy?d7q<=uXP74ku1`%iPCnYeNgul>;7i&K^afEKTXduLK#9r>t>;eG|iezkT z49p5k)nIru=o)*;M9l54T%im>PmVtPk{h%`f;`x?4X}fmb$=YrmSgqkwRycuJ_x@8 zUYp_E z*BAnWr~0UnCRMUxkAZ=aiqMKhr>qCS(l!M!286sXFV4@Yi1q4BURh#cVZFh>xd{UA zowp1aI>inVn^9+xTq0sBryxx6IHgq7Ym^KX8&;sRl91>Z%j58k=88OhC;L_m1@@2# za3Xe85+-+>KOd+k`xGNe900?|w{R*D7NOv0K?yz2pVa~>6!_0qEAAL%!dc`{w$!to z`5*-&`ARuPY}4>AX|eXtzmmV(%vb9*K}q0yShXs(>n+Bpf%sy7Bc=FkXZ~1cXQ(pl zXcwH95;$(!C56!_f@#{Q)vEeP>^wX$fPh00crSR;3A;U#N~a{Qx!bVj$LSyNnmwiF z4>`KhV%SMuSak0Eeqw3O7%GzNk`*KD6Dx#=m>_so5K1Ytbq_1)Ft^bU~K z?TWJGX-zJ9RD~%h0v`fzyrofp=(o7Vs8tuA#}e_dXq2E@i#s-d^Efq`4ygynG$Hq$ z{dAGs58Fi+!*<0hRWbHgMz~>e@%o_1U6M&Q9Kw&16?0JhN->nomy&(}qNXvzblK-H zx(RT!ccMwGn1q6j{oQs^z1j4 zL*!ci)93O4dGpg`-b?mv;B-c!N1`Al&``gE`wAE}6h2AauRbw>G8f9wb@Bc9wKR#E z?-zc*dtQDouP1AVEN}E61qD=v_KQY~o86yMsUS|tXo;x&jiPOm z?sqmn4_Djn0QTdw`N`BP2R=J+!;(e({myqIrZx{A1;4uDCoI((!?IfeEJ1B(bhyLn z4O=LED3|B<;pzIlS#O#=zC~D_O9X#^Z?Eg0*>a${-qT!HYnDTuZZYU-@zm+w+Dk7T z(kXt|0yUk340y#()Z^LowE#*%fpgLar2F(5F_@2(#>5F_1X&4GUlva>UY}y%xZfJ<}ZnB=r_Z;bnmr)%q>%_h$;j zg$ZI}Vtb6~1fqU>F-}Hxf)|q#XU3#IU?j6x+b*D6D2VuN(43jq{|e3E1~g63ivT$S zy2yqze-kj)z!&)uTU6c)TcDQMBGM{lNLntuRK=-s;d>>U*FqzoBwBR$??A?G_5}Dj z3NF=ymKKsq`uSm>=DrXhJa4g*O(j7d$92)oL9|KK4Yp;kOm4gTED?>)wTK8r>;mAx ztB2(!2C%B+2;#Bm(HpdSfSDMiCZyVvd;@BzPOVWFaA64<3NW{j38YaNHOm72_&hya zMG#Xs06bF6?WO!ck4r(K2Yyj18dp#178GcvpFr%!Q3u4I2hh6 z(6@a7$K)Yh#9vr9_VM8kD_Na_C=~P)4GM1Ki7rT>30yBI%etVd+38n6v=0H22ljU< zJpZVl3Glq}1wjV_wQn>>s6|Z~Bq@d@r6I)S9jJ-Ph!_}8rvqd>whNurQf?T7Cm=WA zwL&-jJbAQvB41Pf$;!(^ZzyShe5`76-llw;tnvJ#okRlljFgm=oE*qnYAQSq&*^6q z;^)vsL#8f$@!&2P=0p~s%k9Pf-ky~!w$l4|pAk${ZSjeT508(JcXvOu``mDt4-ejj zfJ&dV)K>+a2AaUpYMa2^O`k-ueDW~JVTg(bwBj+?{5GdS{zhrie`*(IUsOy-BV!ON zkxBNyzF7k&-tO18a@Bko-W)7B(l zv!!{sb_TrEVTb=r!y)Xuw>&shL1HMe6#;)tKh1n|b_ekiJl=HYYfm=@s{rIbAE2~f zoU?)HNRJCIb_GNcG~z$MzT2#?J^o$Do`59EVZ`y{`LXnE9GExJh@}7F-p5sN{kR#n zXxXk!&eZD-#8+?({wy^(gsJrYhl2=pt}0 z>ILKTz=8*gTmd)+Fs#OD9qAW@-{#0?@Yi2?X^MoOI%;lQXA%S{`{VR(P^v1 zbvT&3Nf1z`xw*Z0XS?9|oS)%)UY2?Qg8r_w@GvorYB*3T)h`mE2`P08w`D!Fd_@pp zcDnMm^jpAZw!HImx1P7`Yv?evb@v$V&PKXS-|lxGVJuyyX6Sp|EaCMo7<+TNQVGR` zd^}9K${pnV4mM_6oUZOs1NTbHzSUXsDNTZqcSiQ@5d*ikPxGeXmoc?fv`S$uUDscK zU?Ek~`9ZHXH#bd9O}CQ(JcIIiNXugo^Qz{HzuN4y>t|_;${0U7zUKF!|Iq1hniu3- zst1WuArm}zHfgn6xGyt4rxMY}Oom!`JALYvPEDI588=W8@MP%Q@bH}-Y$BLu!im29 zXO;DkueM7`sm^RH{8Rk#L4^Nc)9%PS*RkK<~(bikOWK4KM9f z`?j`o^stzL-%oEwxK%^uGU>Vi+m{A$vqM^3qnw6Cc$sN_G~-8c?F&az&bQR1OIO)S zb=Qw?R>M44m$25#d;dHFP&QU!I@j~IxN^k*xWj5VPFv< zeGYD!!2s?6s<6t#t!wkxU%T(P<44!XFduw;E8Q|*z4>=u$6bN1UGE|Kui$YJrZSch z4re&M?qn>mpoxHtzgE|$t;({xXn>}AX!*Bolyz_9@+(_-s{ zbg^Nil7l)!e7*V~+PX!BozFfLVZDVq4 zw9;Cf=84~&-+To7&ic}Djlr3p<6)#&P3+NNRSV|B=1@)QeC~c`&zm#^ZxJol5La8< ztTBt38VpTPhs^+00v%k)_tw?StjOt*)R+I_pD?iB($CzjAD=JT2~9` z_8}o51Ek)gyyIUhMY1McuNRXfGv`jF(0C#xwxHKnGP5yT2%ezyK*%{*RuV4%aZCpq z@XW_+$Q-?wM;JXYtThu}D=I1iX$9B6%S~2O1=2{*K=9}0(DAw*=tCYJ*Z(C1nMPL3 zgZ+Fc{C~W582CU>{(&cSQ-aOPOqp!cklSH^2P@&&?t9p6UZH=9gR%_L#HMYs{Ehz% z6&b($IB-;=@K~$)zkqsjDZ$9!9MBr}Dcb`y%W2UN=2Q#{)eywD#1ZDJ>2(&Bl z+(2$*EKR1F+(xjjLRm;O8|@he3ReJdKU!&N01$cF|9^Vf$#F7(={}&h)U;h@`1G?^ zxcpK7qoTXPO(NHdnfmuO`Aq{#=2#BZ;9dJCF_Htz2^?E(kEI`W0152_9YI?=ZR@$m zr-$wO-x6`#FE;}GyfcNPR+N(iIm*bWD1MIKF>sAP zSG3ANrv}s@=SMa)3hYHs=X8-*xZZuvUOpMeGUU1SMi4V_zbwWx0?_2-R zUZVv*%FD!&w)sE#ZIVZ`0sUg7#hnO&XMCzqrUQhDp2MWq9m9a`b$~!9fEw`@1jGVv zif3S#{}mOaEe5Ds9b^H?Ku8gtg#THVkgoOy%k(Ps6S3JFusF;xjxLf?Qb)hOGroH_ z$NN|VO-pNZ*&V;W_Lyc02I*7zc2FcqA_j`MXlTqQ^Ta?*s;5$?9&rSbAqLBS{ovqW z`*W#C5F|F%Zte?CwIMo?vwwXxSCCtSTU}j^`Ss~L;lR`T+5o;g|9VuAn>v41YwpiR zR6u<87FimgNHG2X(vV;!Gp|la<5TXfpJFz)6)41q32bE#sM1DFJ2=_U8leHz}AyfttXhEVtI( z-Tkv#UqQ9eeuZEBH%MxMX`h&wh%*U^q*KmXf2$lC76!I*d_d$l-doK*FoGD!4-j-! zn*q>wT7@Nv7JuqzmF~7DYx;dLr=9|x|IKzPfVs&`I_ep0eEyGu+nHR}8^^~g=|H)f zMqV*hCE~H~6~<2=c@8^36pdu0QC^UJ*S8TIanyIswj-ydLx};8URG0 zdQHy0xBI1U-n?m?0!ow|YB;A9wjDQ7Uw;fia3Zrt$tZY>(>ROx@Xh{zAojM@OLOfc z84cZoQ+{eWZkO09N*nrM=o|X8fH53{EM*Y?9nk--GLT|SNH2nqZpx+zLqu`f+@O}39A70UR{hWmw(-2|>Z6AC_q`5~yPGD~}xz&hN{ zzX00*b6zBZ{t0AGHnxX~o^t&kZ@^-{)vA=u_Wwtnr36bNnxe|U#Af%4i>n;OX0?yO z+{=h1u+M5DyF`&7JrsE(3NllQI}gKEb$9kA|2q5!3_9Ix)jSf_6!Z{PN(Fn1@ zR@Z$@nsfo_0f;fMK4%pN*vJbl)alQk`nS_En({=LGC@7QI$q0FtA&|51fPD9z6i7t z2GB;3l0n9B6;x=j6E^%a-`PmhuHN+F8GHnL5(}{?C8bJ*R4^WFV>mRx#w8!5G3o9O(g}W)Py_mfQw;4N7g#^*{tf;n%V< zOa1|!>$57^w>oxk_@er5y%K>8w;h8BNFTmqP#Zx3&Alox(a} zdE<@(JugnjA z3roY%4pgRGj}4^T{=COOk=01=*;y~(tfI$W3cyx(U+*Hl_dx47Q4{X}$5P6`; z*a5}#^cOKSvV|HIiX3Tik~toYis*WIy!Os=xoD$)MNhC@+t^Jyx21K`cj`sH{$hG=vaEBH$KN zQ5(7Ch~ppFvp>h;XJEH`W zbsuUBTrmsTr_9uuy9(;_Ol#FKU7WNe3DfCvn;dcLUZ-)4xT>H(!Ee~I6e(P!$4Y^+ z#71(18uebrvMB8t4+9ysPh|Lx`OPfYU}XHRh^b2GU!Lu5Uy$>YECWZNSQG^Cm2(6= zZ_doA!^@(xfcQVq+spgOsagEK(2DvMB0?m&+B@{q z1zq2!khDN3vh`K-Sj1qF-~4z0VgS=%w3^higHDRx^_lV<8lJ{%s9lRVW2x-KFKCwufMJ5o`%W^ zjUIynw@V?nY3OXDWbhkr<4cr*g)I1;Q$nH3(Sd1?&Ly6%{jwB<8%XA65wNG}>-s zyP%V>)WZmbSvUfvOtRj*2%Jo+w53+hdhAYBC^@!ns|UL-?mm1=A~@TWJ-wlWf>Sxz zu$Nd{K=RW;uVeEa&*Wj1xVszItTA{19Bo#SP{XLfMhc=J*|66SIsy%+pkUTf61H2_ zjH19t=aPN+yBFs;ivSCZjPzK%WW%a{eK<`fSJ=Ct7d1t&wdmuK2P!TSsJN%*7PeEM z+JdgVaRIEq7?oq-0hTIfM^u1@LjNkFY?Asy8XeTh^!WIAVDA=za{`oBsuCm=6e_aF zf?wd`L_tZ}$a0el2<1n<6$A-c%?Mcqb}V8mz;D*PkA=q7--9N88{YFyLXI4bejCV- zD!uo;SSr9D?pj;Rg>Ge1U=P~VxxPm~o$VEJ-3J=Hc>p~D-Y^6FbfFB!MGmgDvfh0N z5*Gg1vl~>cF95e0if2HccuSCQPAQXtD;2IdXqFp@|60AC&ZzZ6wVv1y(5-xLMytyc zo)y@T=Q}5Up%Mk7^M?Lyz&&!U0XJ24Oy9q(SH&m|U`C`F!hQusKS}*|a1z*tk|;jW z6y=sqm2T2(H~w8y97ch%?XY0avcvCT;Ua#Bp$=YFZj@d+-ffWwO#bfPRN*LtT{cj{ zLE*A6-j7Rn3?+frf(}Pc(KHu3BiBE0kmUnG$_(Zw%q!$90rzoUbv+}VlbuY5jIQP1 zJ>lV~1VPiA-)VM#0Qc`W@8Yjd%sU0JBBXBmU^{{8H=aN>0Oab0(D;|zbUsh$9u@j98XdKOxl_{J)2rzg? zxp4e|ge27v20YwdbzDpACWWESU2ylOWCPhmj z|LcBRA9JcY<+FDxB_&l{Qc`k%H1L${5A)kO9xKT7ruySEL%noHDdrLu_5-d$sY)*H zJWyeeH#dVZ@k^64gGeIBEEMGBo1M3#8XB%ZBLwZ|{btsGeq-Z%b$NPso#Mr>x9w5EF|>q-O4)Dbxpnq^_>c}NRQj~j(j@(_hV;p=jd)=+zbE%6kMjp&pK7vK=%9fM`k|*Eko9dxVb;R2=|3VuC$XV`fJ{T`w1!&u{s;q zb$V^Gy)q;`Iqe>Fa;bTJsnfdcJ`i(H)R$x5K=&)g ze~7?ecTB0$K&zqy@AtmKnqfx$J4hD5!DbUV`hGLI|MP!Q6*Dj}0OP6Lpsm^I5J`(f z*28@~Isd%c=h}r@+-&P3Q)x{RdN$F`zhNtmc@lYij)UQXY{;72Kg5>qL>ZR$Pe{%x zQd3jZy5p~p=gCGMEJ|zLNin=@4Y(D8!soCn+qHC|N1KKP1sfzHS?VCu2Hd87ItW-f z4g%oU0}Kjg>~B}D;*GJd;x6kr-tfK#dHBR-;?U>tEQm6fpGC!8NQC}xxloszL!rd8 z>&ECLB=i$)TcOW(qkSXg;~qf#M4Fr$E{6Hhs#~OOpBp`8O~+E~H$%0S8Mj;4%j-vW z@iAt^9^L<-WaTsy!tb{S{HbMYYil(%HD~GPX&@G)5(f~DQNQ_{(>ix%98LS<%(mwP z@}(8#uR^E27(5hB#y?N9sd&8R^$YW)^29fi3lDR_6H+Bh%$EjZ;>XNSyFA;?J;e(b zV={?MZZeXe%vN|WUA-ZC!il*f4L%MgH8m{C+Qje7_vh|?l~Ir4TeRkk6uz!tT2hIB z?_FZ5<5qxf@(8S`X~=x2O38JnjYmft8#h)|jLA}eo+<<|Rp16C3P>UmH%321Z%<+T z9M!5B&4szqnHNO)(f`!UlYctNIaIfwY=BmCV{u)d$dbjEn{nP$xKYak~7o(4K80ROzX5oY9>dX(Qu{n<<0iM zzqdy0e)vmhK5e)HWKMTCw`cSB<#x|9kqgk)X{o6fY#}d3e4*-0y9LvKQjysp*>HEB zuMj+Ex-%%Gg2dY}{Pb+^Y6}v*wpeu*SpOVMt1Oe4B)P^mG(Z`fEOGAKVl`^8@0yD z-g5-sx31>mSu^Z4T)84U>*hz~_Ico3ThuMNz~7y8+#3bdaB@EfS~$=qWUT>21d(zx z;>K`{0;BKt!YO9N0+CAcadC1L2Ft8tN^>{5&Y>P)<3a=UYvyPBC zaDJs;{DOTc;y!m8DraB-VWs-!p@XGyBv*cU&*xL!;dH%Qq#G5=SIqS;`G?^34(oFT z&IN<2(r>v0k-Zq$tCP#G5D%uSN{{+00#x#~UT`b^&k*n5)va-W8d)N_<1J&|1(EZ*i% z^&)yBr`a;V$@=!O3dAp*<^R`dC@?$yX#A5j?lJ**SYJ_{+2R>+XBcIUFIHq}2qS{RMJHxXL$r?e403CV{*5JSL zEXqH%*J6vYjQ%?B*F6+vcm*>^E1$5>pYHctp~su%%!Ug!_T`IDCL|#`lck_MymYqJyV!vB{F61 zTD9iBdvsv{r+=VyVdfBWfjd3q#<VEaa`nL8hk1`qe5oz@hhWOW^ z2WjTUq)5<*`EP26WSc(KHg&zFS3bN~*Y*(Ket@s!Q(0Du*1lPv z1JE0V%`gq(FTRnQ&oLH9g(7T#5I|7mtKWlH<`}s6&6$CSj(!P^3ov77t%UIKPn`;g z$#i}CZnEUE%bLUM=`}E(efZ(|`cx8O>3<^ru9jT+5Rlh-?0&fdi5ZMJ)9(plV$!e_ z929i6GZyXh6C}m~Qttmxl;?IDDF$yYrS`buaYpiAe(h{c@_)XyEdKxawL4LrkbuB* zO3v1nDIA2%p3Um4W+_x+UdOYop?)zfa3{STK)PrA2ysYx)^mZ-#Do5o>G=j52xr9x z6VcJqmH?;?lJp!9FhTZMq>0l&+589C80qmAkg#Y61_tPOd9}yA;sInQ8B1|BGRo`d z=qPe{1#XRk98fK=Zhd@xff%IK>}tJvZE<>jewP_o$ga&GBm^$#zgw{V0TOeDZC*er zwj>6;xkA1fNcYdKZ;=B`%p~w7Kv0EX;8|-&0##L06Z=g+$lj`IJlp8hYoET$cLz^S z0`Zbs>A}FD;e_BHh(+MC=vfhaz_dOAo~T=@Oak86IP;9>M;lPLw9YOsxgic{+Kbn1Rj6TnWO!FdT$S08)n|mBqt|d2Z@Ca0F`1*wThLRXG7BcYZz-m`_ z{qNc`HRcRT47hOPzCSI6j)L>HcMS-uAU~7Q`114`%#Y&(U~#E1&(C!Ltd$J_IZ&il zfa(Mu_5h@=QNRv>AOIBI=Uc(uivY9HP*eL{Ov%tFq<}1iz=!g@+Jf5R=aHBlZQ7J7<~lr%!(d$oxlXz@51=aH|~L{r)`t z@*_o#0l0Ake0czac>(GLZVM2ka{@9Uz${54KLlDs21tKM0F@5ccoAgO_U_{;B)}sb zWW)FE0B|Jry_f>(+0dkw{o+@1*R)T8UJ<_t-mH`)0!+>F=mj>+`wA_Z?h;2pKm8tW zEQhgL`33Iifa7AT)eejWz(Hhtbvpcf1s_4J623d+^pbiR7OZMq+}OyQv1$99MtZtG z2b$D)Iwu|2n}7+ZXF7so2sjqd^!08P5m|;q*vl<}{xphRp8}q}KpQH*GoBqSw}@Qp zc?;5rk*wh4eglucxXlHkp*3Qmu?sxCk`K^?L6E>y6%Y#pKq0=ouYiz=w1aI0$Wr}V zd=%f31yE0b8zjk2=nHc2L;2^Z)b#XLK!9`&jvTCgMR8riN7(&^m}3>N-(1oR8lcY0 zqHWb)J*Q^)z<|3SU6Z%PbYm(!PB$RUkEy_Q?r*UeBcx5R=J&eT1MH8DLB9>BMFLp0 zT!Z1oz#w;1VFORt_%Gt%Avz>xh(rjFL8|BlECTQzBBZfgFEzkM%91+d6%g0PjCdI@ zTC9q=Ol)2Bx9w`xCCMcp987>nlem;G>jp@B789hmR5>sso);o}_bAur3<=6${gOnA zb)U|f<#4KS0PMAs1EEqWX=&&q5I&1O1mtDRwcq}!0O~e*AoZHdgb-AY zMum?ecDVhd8>P{7+6uopLNmT!#uQ5)1ei|2U16D_K}r2dI%Rg;FctKKNnM9Fsc!IO z62jti{?Bi%hbQgAqzQGzC9|atfma{~BbOKP4YCZi;8#QewkCmR{I||+RAiE53ERO4 zS@Mbt0tI2a8R=fqKj!e)<9p^~c7;+1obcn0~%N^`iE6|5*1!N0< zmQlq*Q%vZEyd`D$TC&soc&TegK~!ppO|JgVm}McCFZvz{c}$zP&r7;{D4(?Y&q5v5 zFIIDK>J{VF;)F<~IKU-|u+-k|Y+>Jz97w^F;+QyZHOap`XV)?UwSIpo5(SSh0ndPl zI^nYWh5fnf4y)(8^$dIh71jrXa&;O8YjI&`dTZAp*>9jz6(J#)ts!Qc`5XAc|a)-L#Y|#NAXvmLe z)bXk^ClDZ+;AOEIjWvHyR}y>(EQee^ddr65RmcS(0hcSs9@NQWTOoq}{p zNp}bqDUu@HC7>YEje;U2An~5-`RzNivw!W*?Ck7c&y2$Z_kG3rp7W{Gd?zO&DGA@d zp9M-OFTpO1*3r9|&vYbZWIo}{+mVIkB1*YZtl#jODJ`mIuV5rDhW4##7ayP~q!~<7i*fMDd53_JJ3=-}aH}06^DsfFk_NeMa z8rtx%cdhBk-1>}u%zUkkJb4ZZum*}IryE0t>R71N{b$|#>qE)6V}^{e6epr@D;K(p z+`7EHL_t9T7j=^N-K{$r8n=L&p~A+)PI6vsllpl>N8er!dt$UQ0-bwe7f}m(Liox} z5>Dn-uZU}D%j4{ip{CMQaFi61oXK_%r-%#!`FbA8X8x!fi_n9fyPxw9%EFC?^)nMz z=jeVk7QRGoQffmT9sF83R=v;({Er~;B;1S`>v;w!@I1S}6uV2?zw0;dt}|mk#pJ@A z$9z7+h5thh#S-Lro>;R5Vtt@=;^3pvC1zw>M_ILC_ox=) z+$FTD;gu61$6l`r3i5GP5520PS{Z8+3qvTS$gzq#?A<$P2tnhj?UH4 z@Ym*!1!wtt3@Nb?%hGQP+NJRimJYRyJha5_j3}O*a*%$tVe$ccLt0jsxTm}8_qPrd zg61Lx^pI))C-lzkepzR+S3N(!ynB!#h8KOlw**{*d=lp4y{B+&rKPYo8W=x<5mA{K+U-^f#dxZJ50N z2uenL2CXJDB}-zHiN=SmO{EWqo`UI{T);*Z?g8iywOf^{AhtfqVSsG&G4fBz0=m`~ZIz*>*_c`rULz{8M$Fj89q4M`UU&so9UodtiX)j#&|D$zd{e5xgAvgUNj|p+@GtU)YEbe5KxOO8 zFTSo0+~(IRbKX#lA6Cj(%%$R?o}W#OBz)BVU&<-jLcXw znbe3?O_Ig&-kD+eB7M4++CBG(mJA5Xe;MY%9oQ}2*P`2zLzrg~ph`H9b$A6hEMC)p zaZks^|8fCm>HTX(#Sh(e3W3h33oQ&@DMwssEC^ZqIUY<=v2su5n~xw>iPQ(LpHpF` z)^-SFCCo$`#arEfOJjQRy($sVzMsEJplEEEMha+?CTI|B)C+p(p<-I#eSTxadn}b1 z1h^+V%PA&~9MzYUfe(dHjv#QT6ek4yP>bix$S zp|KKZ6+HEIrF;jMt|JTsD7rXKrA%IvEwXlk=`aE&#(t17GVN?hZ!w?VN% z);VBG6sE86(f{Z^;bCa5ah=^~I&Zt3@J94qn@1pQxAD{q0kCE5)+XzF_q`=K$Mki@ zzL~{p`7Q1iSxvWHZ$;g-D}j^1+Y3n*J^ea!OTdu;<2?)BrG(YD?J)1b_w`z_esRMH z+9F}+Ik96|C(QAEP?sgM?%REja-xcW1|YY3{_o!7vMbwY_u=wnV~lN&$Q$K133j2e z*8#CH$Y`{)1Tb!U!6ks!>~%?Ou_@ULz30p8>t4I7Tawgg)RdHt)a*QK!&wIqaFHz? zbOvk?qPc7n=mFY^z^9T*zG z9JF@eH+c6M3N-W-l$6;pbG7_xj{7tn-1QU@i)ImX-QP?94+DhQEg!fxE-t@0@4a3d zE0BShGKw}?9u13nlk?Vh3udIew{IwK>~=cVyexg$+ta6F8hgioXYCU02A>lIGr%;l zb#@^KpGn=$U858c+5nfNBnN#i16oYxF;c zhcNWDIPbRj{5EcIeh3Xco!?sW+eUquoKMM?{5a;}3l%HHK_1JW$Dbrchxng79GsB* zx?;&O|0(1Ovd`cFPWkfeGq3`0@W$RQ{yxbz@2i`aT-yFsP*`!UFhlfY?8C^#ksz)< z%pGGuT7crWff$+R1#W2vle6;hIQPVoApW@@64}{yRf5cc7o+HLc>IMgRL2Kpsw6k) z@{$uHe6>%+_m_1ycf5xb@T7=|iG?6==>H^#uCZ3RfB!y+DH2w>G=94<;nHf?q6dh3 z4uvL%l+5TqIo=XlH4kjQcy7-02Qx94fagZQ$Reev_x3$^i97rK;HqO}WGwyfemVf> zH~sE`{iSKP3Ie##eN0>rS@x|7W?MFuA!mfXO&OW0FilaK{L&yI`pSF|#PK(}jk;*?D&F#;`DwFv^%vwIzZC4lgQGoTABc)-}sYTkB z;J1Z~%iJ5%oX0aW*rx%sLr2}oCM>8v&u=@#G!(r&CeD!>an}AIekmTTHY*i$RFg0B z;{ApN>VQC*2B-~VkSK;4gyh=Y?mU%1{+e*A_Vd3xVT>*%8~^~0mT zXAT~Bwn2*IPEJ9=Q4UuvZMXvj!BkWa#!vqZ|4MbP(y527?*g>h{)EWNUen7?TT}f{ zS04!)ZFr)9z4;%FcB6(BVYcuQEShUr0_*!DKWfMC`cfA!&O7TCO`YzK zo_@UP+!pRwUs@{pdhhtphD-Xt5d*j&ZxiiHr^d#3IXMT#T=7<3cN;wL3{>`$+r%VG zop7p94yJeq|iE#N3?CQpi^~C=4Sz=0~2+}a8$o$PU&J$Iu(QRll`F$)@*w;q4f8;WiAJaBi@W*y z(p{C5w+o59fqT6_&VSpTJWjEzy5G-G#_{Su-)aL2ydZF(LXoqEfY0`?;<$O*eyeP& zOg!a0<!wb4qyp@{s^R;mf9FE zdk#)2gWmMN_o`7klaMwrIZDu{^BHAwlyk~<7v}zUswl+JLrbu_JdM#JJeV(8{#;Vq z^qrYuKz7+?Y4k`RA@6fuFDvz|HOkdd-r_BHogJSd@) z&Y2&q4$6&iiko>zx$T!06qo}lwe}YIJmS7PlD?pfN&(ac+9|5Oe0t$|t+kEylLSF+ zDV&R|tX9_MfA(ZtZKJ<8Ta0(2YvzCL+I!yN{_@Kgs~BUg_nTYj{4p;@VCW{Y81DS}v(@ zZ=jVm2<>W1Q(l5hq=HiHsw`|bZ|oz)i`K*V3~hzl)qkvYcdAUSUEMcC-U8?{Sk=D* z?`#^QVcsNa*^zic!+#p4*fRYe}ul~TDmI7TgX-f z7m=z1NDW|&CdS8K0)I*FkX}D__UN==US9*1e=<0)GSkvBGd*F@0P8s@1usHx&|+dA z43nK9RYY{~U5Z|GV&cMPHwaek>XKL2*K4M2N%sE!V@+CeSz}Z~gQ#w>g@wgvZsKAnzdLeazITJf0R9K1Q=k9;Xr-}VOg!j^$Wl;O zLX0je%NkB3ld>5pI^CdYu6#0X8{`RhoH<7pM$;wR7Q}Tu(Y|!CN4S%qgEF5 zypDVTH~*ZjLPVcVA`kri{Q-vs90^f2rnx|^KulpjUX|C{k2w>2?f;Kkt{Q}}r6tA1 zy@@nbR8$(xFhf9kM^at1oT6g)C2jeh6+$e_wVr_Ep!-TZ7(!he3mNGN_{OWps;T2qXZr8rYz(t(V1P-Q4{B`*|Cf zJk2AZlwN5Idd_Y?_;n`Dp0CylC(-SJ-(lc_n~2XT&+Z3BRUBKj>Jg4tiWv9??3K9L zwI6_*#DnylZj0>)2_d2U;Wq%S;bi%SpQI)v4t^94R(ct)A5+OfHC&Pe5;0~evUgd` z;bpOF-C+im2g64z7dhN{iwt^OXyTJ)h1}uy<-X9Y031SLiOb=-QV4KcFi?|&PM}nJ1Q6s)i0R1JME3&Nl$tR$SHf?uUp=3?p60l;$;IM72Wn8&(nyD1O-BIO z4OIdMp?Vn5JYNJo%~gs4%oYwNO{YFfa8ZJg-Sy#TRAzhvmi97@eokdyNIKm@o44zS z*`g4~@+UmhA`TO!Afs!Rwyye*y4Zpbt(9Haq!>d8F7^emn@3Fz@RR~xIvRF`MuiR0 zc@(tjXv+C~mZ9rHR40DUC5$(H9AGVIZ)i%Yyp( zc&?G({RHA3=&8be^k!fx6Er2q$Ct&7{+scLP>Er`B&E8VkNG%Rg;ox09IXj`?K68! zd%NtV-U%QRWv_uuK&m(-+nhjb0Osw7t1_}GpEn?%4DD4(Csg+Im%HAQXL-El(n9eX zrOYu%zMML30imRxFFe!;EKU!vz^dayt9Y^%C|m$Oi5xb1XL2OY#st`gs55n}s+fim zpa%aySF5woIPoe1z!;TjHKMQ*gw9Jo$w^Av7mzi=)Lc()2lMCWV4jRXqT;|07&z(t z6A!v`G>0RE8x;o;OO0q$U#S6lZ?|K8%Cl8vVZhceCp36_y1QXS#8=Tqk4(P<(1!M% zKj;!ZyKmwZi=!X8y7Esj7 zNy!)Rd;xI6)%87*ydMD0bxX;8wR=uvYsBusz}S4MMZ($lwf8d9R(`Dyls{F)e^|tV zo*Zos$p=Z)#KgSM?XM0ewL>8H44$rFD8GtMy~0}2sentg0s{w_RvQfPaGJ{DuCFVv zaF#v>l20#X@S*Tig@bu1J84Hn9Wk#T2H8Lm{;nXkP0>eXNhU&%+`uPqcFa8~NdfsD zaPFD&vT*N4G>J?UkH{bpCejw)fe6bZ0ga9PCJl?ALYo>SeX#SvOLe(1_#!SBMqsT1 z>Aaak_^s&ztT@z9Hg@7E1i`yt-4-(&e(NrrpRpPqGgknUIs@HtN}WPMLc-F6Oc*&` z)_PFC91ghUWt-s*u9yPlZnO%W?@}m8i9Mjig)63=1HV#Ao@@vMTxkSgame}q`2sT7 zPvf>22ljmt*Dg%@Z=h*N8%|}zlPkSb5TBUHdX^TITZumfg?zzjWtOeR;>S1OsI+m^ z@4aMJ01p_n9v=H^YJOeG#+eqs0MkgZi{I~M5g)!bYgnq94Eb6846$)14C$4U&v6P1 z(Z9m`&JM)@u+RYz&Z7|c0f-6YDYGpgt9-bXp_E%_Vd~kJY%DBUHNrvcI)zVv`Xa{@ z738*`0qnN?7D}|Z@7@xqt4TgO%{L350-E9Xr-uyW>AM6>%B>(HSi`>}FmGE1X|uFj zkj+g1RbT5Ag}E&SqQ+F<>l5k__5e_W05OzM(*_mU)n?A%;ANUHjo?(hhlPc;p`rpP z-!vR%8D{_^a#z${BHGu4)*ujCwu3S?y582Ck(g`|NKH#io0++U)Y z^%PwXi0*d3dbGj*2vhkuWK%;kfO>Ml+>BVuux_Ra#z>q#;D)m>*l14Nic&cJO@3t0o06T9os>yVMC5U@ zw+ue9sK`iZpw&W-cJYyK`ECQiH#o?XCcuSK3x}9;y8B~QEiJQJ8?2Ue`+UER=EX4N z^UXPeaI{+!p!hcEc;a~59@*I1R`!%JUz7g%>)qzCGhU$1C#U=CpfGTxwl_}SP5dp% z!N}d?EGPZZ`I4s3J7+%MQSh?to76u!dI@C<|7E=&9;rOPB-T%6F95CwAz{Dv7V;Ei z#Xw#FG*U2n2;ko7_*U`$D2hmwT5T?H_|HE!R;&RL0UwE@)y^;P>!S#tD~Sb54>RR9 zrp;Pgg|8Y{iZc2iJoil2c5!)pu^;Ml57Y5JM}=ardEBbxvDE9Ao?~PFznliCWFBg1 zd7bZXLDT;a<}j-NWJAN9f_kxuq+rmyx^PPg8T~+{b~mcv(o=0Jv&^U^*sJF6TJ)6X zYG41EX4BzX2AQ36q7-HF?0#1r6PeOQv#6X_)7X12{&E7ls6=M`)j;amql*Lb76&?rWT7vm1KmP#eL|0C$m#63)rHgqob$i``rJOhlu18 z+EFN7_5eWCL=ywy`nAdKm^+$&m(tAhcUGF*B=68SI?=vLO4E~zzRpoowHD$WX&2d! z{JRNso*t=hus+=TN5sAD-M2cK)8kxs1Kls-cfP1fwb6WomW;@`X1S&P>~nD$7;$@I zPfBW!Glc@=o258M{_qaWyF7LG6rR8Q*`_!l?jFuq`QO``6%UY;fPes~yn92x2i7yb z43zt1e}%6qL-#YB)=&BY<;PV6_xXlSqNK$I%`)4HCxyoefD&IX6Eu_&#pSrv07D?vpx)?!n$*0Crr^caBx^>H zCB~)KljJTix2MIq?T#!zez+BQko@W3mO03mM@?bgWJv`zs#%kJkG>3DUYgZnAXm+k zcUPxj-`p|I(E>m6nB866H~YMlE8V9;^8K%6&2Rq=UgK_FH}|aaUw?*uE|_0_vm$!( zD|oBNZh&fqh9DILYZqf=rf467C6jdOE9m5N*t-9HiE=mj`OEogyJ=u--DCJ^4sVga zF>lXH@k^ge)y9#H<-UHTTr7gA9#p9bF@H24Men1Z`3+>?o#PoQcBbUoY20l9n1GE* z;&XcL#(?PliN7%bV83qW=u@nw?rw{;yx|NGKl@!VyEr}T^Mggh@)N)#`V%`CU4c60 z4b>0iQK{*kC;LtIygVWWI zDh=VL9Say9j84BCUVTYPcjnC-6MayaVX*ESoa4w#yWzt!O0e%AV9aDijq+GCjGJe` zu&A)0g?qMQF5^mHPtRd!dOG=k#Owfzfxrj6;&z~it!g-GVl9GT0=GMlFP@3on{hmt zsS1>n=@eu7Nvgx1pNudKHb21Jusk>{W{&Nl@)w5)Y2N z$W5)Bd3jZ)vN!S*C7QFH-kA6P@swg^ja0bkWP%E=*(<1LQmhyQ2W)}3N3WRo^TZiTf&=G2Ww@=n!zvW$$Tkg{=TlN_QfJbZcp1KR4bFZrtagcRK%g<{uX}$OcA)&zkgay4d{0W5=2tG&H2ZQ#d&i3Fh?I!{Mo;Gwk zm!BUjmDVpL+3h`3-r0UB9GCr_CZzGSpx)0`oAXBKZxFfPc+O@Vcw zD{nZW_x1H44Inh4R`Lmx$TRrvzan-M06}ZDZ~#I?H-Bv{tI_J@&sLJ)Lz`Nb zae`Wqrp|(b^miUvAkCsCI_@8hTI2IpOtXiR$~7VJe=sFFj$KQ3CjCk1XJF|;I&4(} zn}6OW(#C0arkdN+5fe|r;|DZ6Gn-`F1TRF<&jfURR~k&msa7nPG!wns0LcS?d#}W$ z3nQh7jKgs?|v7B`UUOrbd|XbKwQes>9z+oY0ozGtWunu+obxL zW_Hsd%A{W7x*^Zn3H>%C6hZ%!nUXRANDWwg)hUpABiO{EcXN4p8JK@*@Mm9s)XI}k ztN{JX{=+-Q*lUwxeLqfi21nYgeptRuPb*!E)=0J=GoP#TF%Jw31Zy;i*It?rfyCFn z1&lK{z56manL$ak4*6B!dj?sd=*1;X4~aqQEp_Osq0_!!Yct^V?Q)Zf^uKGrLHa+Q zo^!IjHA$qaCSLy(^MBZU{_n4``hU9i>i_MZcTgrIA}T2cuCoMgw_e?^Hqg#PpWkl=3QWjl zwOm`^0+rwcpqXLnQbiU+dBWTz>AjQ5q=L(__qV&J2S6PM5ORPijjz`EHaO8PU{*tv zbBMd@r=2)pMlXmt^uiATOo{CH#=j>DU>V@BX#x#-@87?Nq)5=qHaLFy0a$9a$-CZ| zkYR-0V`4H^1?j45Nz4T3)bbWmdLyBWfk=C{krCA!z}Kc(euTb`>@lDN_i(ceU0ht; zL5&O_)oZ{2w9h&aBF07cA{YcDATz(Mmz|r7>@=Wkavq0(H8L~bQ1nYr814WYaR3m2)nDhvc$PN0N{(d zKeV_&lG^nj=GK4)cv>?wSD*=+clZ-J!mDEXVy;W=&?F-wPQ;X{bp4Wl7k3K0)5 zwopQ1!0`ZELFvnvRt<1Xz$^(E~wSMNwdpbX z>wClVKoLtQm~yA4^?@+WyjAe4tOlgrZ6GqB%e-yC+H$%DF6862_uaO2n&O-yEC`uzr|G{8|JckY-DfF0{ zC`fmZ9fe+hi{ypR&Wvt;f&H~7eCChI0YuJWCIneQ8%U5Pe0~k9)-Z^J*2h+YTovw$ zz@sj}^!UY&5xrt#5;a%kt?e$@|3Cg;>H?du#b-Tx!%uShyccqYXnGMsO@YByPm`fQZOiqKk$fK(GFO)sm!Q zcG^-<1ka@#lO50dN_a*DeOyDN@S71%{S1zO{(})zz||={(5=gu#SD_?e}LUBe^ULu z_=%3ceZHULoFIFR{YgVzM~2ajKUM~+Y4oS8Vm|Ma(1jt}Y#2Rb zN-E|PuP=48a6?Jc)tm6uTuZ75^HfwsFHw+p-D1Z_m1RXk(ykM84##A!?mQZ&=V60K zRU3~&0R5Eh0!;18eV?ZRi$vb_DOuK>>zAm#9nQ?4s!rroW%Uk#?K!2)&8l>zoJ8K_ z6DYFZA>xkRp)deyt2|!3H5>39g?KnoLLZdEbqpsA;Dk1xq-4cO(qK+#g5*)9u=bzu zW-$Xa*CoWT=OkIGWfv;MxZJpeXIN>fHpX%RVT_X~YJx#;ZxUj1tH+$E1z*n(_$6MN zjc&(gmZ2H?%|^5fpPcpa)A{(dx{z#0gT>NJ_#vn_kx6hDCeC+t(RqI+Le#L?rB>$~ z-B!UdfJyP~fvPmAGRCXiPqkdeoPZZG64Hpd7N#)_+St}IbnT?1qId^zv87X#SQG=E z*FK{*xdPc53G%VUzL+*bL!S&|wL5kht&xH^nnC?xS4{GtgRF>QA)y;cq0>0MU;wDr zmWKFH^2x3kwZ$On5ojWnmvN($h+F>u)` zghD9F5BXuhJ`!Rzgy>+bE+w4X&w-m^UWd0Ef zm4Kw4JoF9b$&9!q^~;=gY^4khbY<>&yGPLbDX6m)RN(%@{{e+qKoeDez$d~`>;X*w z6ZiExt%$fl?JgB5dr@g9JZUi0Y0;~uqNGH?Pn110x-%P$N|gsOk3zIPO7jV(<@_=6 z-()Rhag7^>y+TBLMz)2tWezqnm^2dgGlHt;6d|ivA9H{^S{t@>|1h zM+|h-r7BRyq-d(uar5O#JD}!)IFrEqITO4Mjm8t`7l_dzfzX7Zx%))i%7YvpK z*95{@Vbb7y*Wv;oW!T#y8;fF4dYq zZ-KX=`yDK>Y&S6f!N4umSC`7MyPqK~$$5rNj{7l1sEu|A-_z`0o9&Mb&3Nedz4axr zn$*+SlZ)=u#rUz@$%=;>An%ojTkSv52Hz>WS=%}VU>1>Z%MeSUIEJdJ)1YVY32D^W`acoP%8M6hhL zHT&+iDZadhuS8i!BAzy2+o!O(-3xCk6SnLqW90^Z_3Klej&NPT60;99T(W{*rKWJP z*&`3J+Sl|6uyM433j)AY^9E;{Wes>KW19EK8uMYXB#^$k(jrfdiunRO)ZH85Oov3E zFm4&zq-vMT^HU%|Oxgm)<*=H=Tv9g6rWDrJociRzmB`-p3fd?t;}BVoZ~_DO!!2E0 ztlK>;%b)g|Ov9{MMyUktaQu~xu%bs?Rp?6sxY-pBAi+++lr2xt-odgxn?hBZJ+)oJ_&B_s2~Ccp>uDMJAn{Tb_hJSZp&b@tE0 z>oyu;8$kP+<;mMyufd(`4bRGesAXSoehm6`6-8q-&D&vv3_+=2$t?CIbvZ{h`z|)< zSp8?y#nV$LKf@E&m$_2-`kl`M-`e!#yGS=728(PFIRhnUgq=>NYv_IGO=0bY>MAf{ zZdJ^#_0fzq*hN(Kr?;n3J7uF?fl(u{S53rvSE%Os>@mQs>I&VOVzv@p_t06+ds;pt zDo$VlVebXnw3F#hc#4qvOn6;a4G4G0$~B{vw-jWyx%1?l#Ut#~gn~)Quza6XvZRj4 zLFw4b2a+F_3|)JtBRFrNa~QjC8W#=%)dJZlUDqNUXgG8AnfL1A!@S*Ez_(!$>EZ>3 zOx85wzLAKuj+DbDn6txoaO7Y~L*$2w1oWUn_m|hV2va)?UcOuinB_7-_4p35#5Z80;OQ69K)7Q)l*G<5f=jeOAbcOF_Bo-oM8$EetCI=iM%@ zI#aB*zIC{g zrbJ2n@ORLW!-JuO7tggWgOl@2EtM4kW!QzHcCcn10(Bo5POL-RqhI}aY!=VA3Oh9K z4&wpwzN{Az+)!MFYJc5H(wjC)d~qcfo{t>+&^vw8?}SwvDtBH($YVovNKsm3czFLb ziQml?-Ic%9)zy#97g{`E1nn-NFcbMt+8G+Mj5wzeA?0Nr-hapdi{QYl?zYjpO>+s) zFMW$Y{pso;c@ucJ-aiiLZ&-fmO_Z1mzdBa!eePt6t?K~Ai8p)L;YjOa*cbQma=Y`) zLSSr)=gp_icRgziAskj*Ih!Z#$IxFMQ5RBaxr;ja7Okx>1$V zV#l`n2IDd^r0a3nv1iZ+1g-QXZ`r-xt+e<*gpYHP9z<6bvpfIc&CqL^zx?s0YS2ZZ z(ztE|Qo?>f%sG&sYdiHji=U9SmcOT7O+scIge84~_!I~f>s<%Y@{3$(ZF6&{%>uXw zPO+WA7=y^^rGW#dXsg?UU>Kl3_;9(>K~cliW*a6h(p`> zRGc$dEHc2b6b((&1gt^(dG&WF8TE(Vk4A!H9tRhc7;J`nN0B5-rt^DTd`-ke?W^7He9 zpP8)8xY5-TW>J23aM4u#dt5?(H<;$QASpfl7_=ICP1LYTCG>O`Op!mUKDGHDIl5;e zy(@zWRIg25ap)|Huhl_89fS56vZS_}KlyDALio_gXe2skv`ua7_!5lXsa^XP2Y-eI z#|+-yCm_i%Cn`456r%aw;#0MHc4Z5i9L;o)MM9ecZC~h1O0W(O6ce-STvN$XqWJ#k z>*>dggl9kH<^&z5*a^2fB!9OuWi@_=NJ)(|KpEk|V75z9NQF4Pl^Y1v;q8rnR`46?&i3{>I~LIoRdbj zT2b&#`luA9p=ao1gtZzk+k+p$<_G2(A};ebQ-Oe^A3e&U-C!q_1lw%nIlvM99EHJa zxx!r$niS#){|^9Ak`1IE3_h{>m!(G3Afl-%5;)sA{naHWSal)G6!?p^kwHTpkuJCZ;<0~ z_-L6y2P-Q@Sqo6A*ngwH&dZ$LlkTB1nItEhWq?o%{60DDCbTMo=kTEhI20+b5IGA} z@rHgmju`9eB9XY#T@6Zz98ki(GIPn8*iUKj703~aU*vVc2xP}B8R*XJHL7PeI zuS$a&6-!Te`GbR}?idssCHzypm$G3ZH?5aJc?d}caqK$kwa=EF;0UxeO|#@&Hvq2t z;SE$LY<0-vJzI4Kpn|DxxH3#=5WenXlefAh*Ev;3;je%5v%p`YxPWbH7EeaqN$w)r z1A&W+i*>Tr7%S-dxmp;-mDH3KpO7awYe>h1I|@#{1rC`g&(nY7*RN&WpQC-dLbcA} zA*WLDd-Q0H+~;}cjT~zrY-`Zk0Qx)n=C7HWXTBJ8eH`cWVAG#1(;#~fJJoKCMei-O zVBNwJhT;){=XLSb_n4_$%_jS3=(%EcRZ;fMC?b{T$?b5Q9_@V77r2Yh9VT)%S^wC` z?};$jlM52**scJGNwLBt9}JhyI>HVqDN!^5V061s?iqD~r1xuH$8OTlq&T6^R4?g! z^T27UY*DgwW__(+Bs&eXT(I4#!Vxrdo;V8Nh*wcXRhAVaaB>>@@H7`X^Wtde%k5ji z3nb&d7X9eDE(dq9$JSRbx;3kts6HYRo{>QVL%g3f?Ev1?F@KF3sc_rrE_BmhT6|nQ z>cVbjYgd1J%a_BYg^%^pPh;+ z{7;}{yGB3z^||Cmu`nzmHDQYy1-l&TMenx* zT}gDWln3w)z+;`~t&zqqXUP?hSv0cd;fIV$=If$M_)5*;{E}Wjm{lY5nt3=!Jg&{O^*8k{{hBt5R+-2Mc$2GLbmV>7!k7&MQb#jbR|YHuKcCyBOQt@ zaiNW#@z?%ib`*CkT5a_Fn*BA@9}&3}W2`s~PL^opPL|B7V|bONnp*AfGzc6JWFVvtf)>hbiY3zNy`z5;G6!b<| z2Du5a1^tQV(}fg;Mf?qjpcY|&^xDb1KjS7t*CiS)Kn&Yg0F-ZGd3Wu&$1bR&>Il5H z)rs%Pbnx^(}sZ$m@dm8_iI`cVZiJQQ4_iqO?3-wB}K5j1`P2s|#gf zXBnzt57SRLQ;XduxMgSW3V@mQ7zlA-uOA}7tM#Jq&e+@=E;)$33hmhdUA%M9@Ca!a zvi%8O9gZj<&QaA~LD)L)xt;#}40F_^SwP@PY)JtbF885@lFEsv$9YZ}akSSO0i$E6 zkUDGP^F1&uaDoz$$rS&Sa-qVEWpET@e%`0XX*kds(pQw>q}MD|ej3Kv-=YAr%)~YN zVZ^fU7H|9(o}Nl8*N2ZX{1q(#YYLzFbUgdG6j<~~{1n*@n)Tc~1{>zEW#YR_8AZS& z_LJPz$if+Kj(-Cfi)k32D;BC63rKZ5NMgWZH>i;_;dl0oIQbOLPJ9fBIC9mz2}`Ga z*bbpGr}iva5WS7Wu(J% zWdJbiC$Y9)VJ5<`qMwS#ASWY?yC7hWX(}T`HJ{SDDOu?z&1Wx4uPZP+@S#1>FUNxH z=*8yyrx#c&cOy!eiAKo3o%KI67V|%3M@xI(j@m^$eT)B_(dP!bOW!!C-gQ|zgwQ79 zVPjikGoB(B-m+so|Fy6*tN7*Q5euH;@WpO-KoeS>jM3kag(CNo6Y{GojgGO{e<1Su z3lPCP@UBZs7GdP_u-*xOB?U%Wpx;*S0q_cgF8yl+4&M+mPh$xdmtKj-ePG~Q z!{7Gap1`1JFHomfim2c^f~Gf*^r87prFTk{p_lj;Mfdt6*Dx_@XAeMJxUvN#1(F^q z06k51TAHFgzJp0}R6-}52GP%1(o?7vmCXK~QzfBK8B9PXv0c2FXKU+usknRGOrb*e zTzuS~53poTyjz@7mYeyzkm+9I7w`hMft}Gy`%*AN9V|m7LyVaH_=HGyk4p^Qve};`O26Sqy=7;$V)eK205Y}Tu zS&#iU{;qVx&R)Rc<%0Cg*yi$Jsyu2XUHZ8~?fLXKAM$CjkTRJ?^t4bAu`j=qh6QmG zjiX3XrIfFb;2A@T><`yJNE8Yo%olRGG^f#7C#LOD!1Sa1H3F$C`aOYx4lhO*pdm7H zf%ffWowEXdf%%YNZ=XFum7tCGVe8MzmbJ9o!<|4qLcXS4xFY|#aAM9iTwXeSeEQ$9 z0!8ich#=fAE;>zF>nYFr&rVfn0*w$<8r(BQM&wbqLLU+CE8Oayy#H*Fg2s&YQ88Rf z_U1ZVG^bkcT@#)rsN0C5(72kmSUwM~p5pL{M*U2nFZL1cma&gzt769paS6EbeJE=fy-odc ziIBBtF76r?Ch4^od}cAk5b{ozZQV9wQPko@S$g0UITJ9D8bX|nJ4vcw_cd3T!s3a| zOyDGGY+{75Nj&c3H0}rK1W2<2@<6X3twLzT_)FcRzY{xLNJ$jUvRlfS7A3AA zJ;wVqdI=+8qdWCi7)TV_ZEQFO^H2h~iWguofhT>wUk?)ej00A>0@Pa_sn2;unai&B zr`2P$VDKxIcs&=2pHFD>CXsXS$y$}?q4H^l#(&)ZoTGs{A~xvZu5C-BbZG&cL6>;U zjcFyNe$o3-DOG$|`eV68{he)xkl>Gq*R^;~C=pM2hCA-M3zvbQc0%G+sLx*F69|yV z2>H+&>YcM1a1Hq#Jx{1nwg(b6AK<+DS8&2N91&zhSe)`r8o>u*`&^~xM~oPZTz~xx zJeEQ;Hv8{0tRL_HzB2v4e60Wd@&3R5FE|sBZBme6!VGY2JvqhBKt41;S^nE)8K5w+T=PdgX2E>s<|+km z8lo3kTeDd`acP1N2}nxa`{DCXFpD_C_XOQtuNx^dZe%*cfv`G7M1j%qJQq0xsE0OG{vTr-Vd%7*g@&<%Pr*Kg6i)dIvyL z*!J(2P!j!HS*;TQFr6{`S_AP_5R800HYGVJR&E#;`Yo}`@4Tu5by!!4lp(G z7}qjyBO%?-#yBr;ioCsnOPvY()FiE^B_HZu4*5ofheOcXxS0F%MabRf;CKZ?biXoO zNEQ!hLL0ZitN}^QXd$x|x=aFpXrg&K@GWftp&wwNAtF++SM>-{R#H+sgF|o&MJq`t zJTkI44*+jiA14;IWefMe;#O4WGAz6>faC%An0nk&az3wa=&EUI-f>^U{1O=v5o4jl zrss2Z=rD1Dk!t{VUDbo6Gw|1(cx5p+2uLK_*AbA(30Pl+Bu`&ovFwp?1m4Ql$$bB& zbp*1G^9YxtZ5iuvLmk?Iwuo_W7M-;?Ot;=>3@ zR<10@`9ce@{xUKtgCL8UPyRYyoD|1oqnmZ4GG0^eUW8js5r4wKxLD8i=tyu}04DWV zmy)tfaH@T3TrJz86xR8j+m;@ZcIn}?=rRCvfU7p%0Q&YpB!KpHrzg%ate~`RYs?KD zA48T}Q2fX!(j6w@DcS_^hK*r;Aniki3_$dHni2!?7T$%NcB!n@%t8IYwK@E-jQ7O( zXDwl90e8W+A4kR8x00SP{NL07xvk?CGijk94ks+8)b!{IHST9tCJu1#-U7=Y~jiTinN+J21j5qh+Ll6}3BCM0#Rg?EL-Oy@4wKn`J$`*H3YE!cbU(GmuI2M zj%5pDKd!TjPT6*a&hgPSdlCDU6l~Mm=I2)i=VFCL+2r1fSYVFIT0PRRM+>?8RGm7!5mv>1LX*Ga7 zK->(570C7ukT#Knk|o;WJnV}D){_X;nW z&X6wI0$TMK#5t>CCLf$)9#~FmFGFYhnF#gn6dCU^=#YvNPsEs0UzQa-T^Lsf77t9P zHt=%$R)8}kI`T6LHIKc68${i_Pqb!vT?t_Q*&mn}mp(sT*2fZA=DI*^ljLN=)#e>W z6Zd)}_Ke;bjy&qZqUrh>lLir#cXOo^R{k|o3%VZzIz;q0R@EA4Q4<~VxR|19P9^}i z=8)WQNMln@&<_SSJrny(5EkB^b%oakF)$Bi@X|$g`cFNpuPHwGDiKx5&vgtH>)i*TV0M#smEV4W|6VAG-cECx^M)qSiSYa3-n1)KxW zo!BdS#-LbL}1t zD52K$=GHoc)~E-vR>vPi_O8$QC^IOX{tjI;ZlrTX|MjfAD`&}A70Nh~3(KjPSa&44 zvlReY%zIO?Wyd?;v;E%OkGUjx0atkwEnsg(shdP&CWzEf$}Nb!I`bC6UO=e&8Nvru zt4Z4B3iTi!vM(>WtC!-2Vwf{xQfs_6Ax5bffliBlgG~;HCv(W{YpHG<++!LQO_NA) zy3^q^2)z0Mh!-3A3aFY|Ql8n%<*JVJ(9kd6{2qZU1gTkSWU&X`mFla~Z&JwCX68p> z$?B}>MFGs@*ui%Nl5b0}Dx}sd^&yhEVWsS)r_24usqjfY0rl#uH*xX}gsZBT8oVFF z>(%Z6KHfc&atd)r6FlkmriX?Cq1fN*lMuZBUE!+$Beu~!M`airfFElQ0wc9^%gzrTd; zx`=MHHZi!C*8#Fx#Ccv`|HIVL8!d!I%6(hTEa<6`nV(Yp^JAu(lmV_BK`lQ+N-Sqx zZ{3t85aof8t6u??$iO(A(RJ0esFWk7hO6PQ%|!MjQ~xw zXjbO0*;h7k?Zh5`-RNpQtZ(>3M(6!Eb}g~{bm$aEGmp!B3jh!$yp?1ZH@HCB$5yVn z=0`vqm3hzoscY=_lyPRjaVs#*V%Vc*2&!TgO11nQh`lDNEft&tuUn6*hNM21Dht3ZenFQTiy9l=kOcaB{iD*-W5Y;$KE< zo@dM?w5KJCJJ#ICB#7p;c_ctOi2qadj*3yTrfF-*)=}ZL<-$^aRN4ceh-Z={SW<%- zMZ!zBZdu-(i0)hCO;L#Akj>^MxXcK|&EgeOi(RfAU|6t{vix6-on=(iYrDn)K}v}s z1nCB)K|ys1^m$DIUY+@;lF9a&G-AIJ^u*^J08ZiIa$|YHTU55#BzU~stC3U zz5CHO#7JEbZi(7PD!A>b@VEh5@9Gtr`{vpN{48>Py^-8gMpU6h?Q>O{6ziebm93Pa zo1_YPGS|Z5^v8rld$fH<8e zr1HlxkpFp{tfu;Hx{H@yQ9-q%dRpvPo;+GN7dw6L2`<|H_zN(4$J&GqA(FT zZlQnxCVQnIu`&p_ZIs*x?(%qzzfbb3@T8h9lT^?AkF( ziy%_PNkCKzF3k*Y(BEush=%kbK6GQa&)0=X;`NBjX=VBz>SHl75}?U~sUcYHLV+x) zZruloR#Xa$2HmO`6oucBL3>nRhWt*;^e{}irCyjm$9Ua{omP0(&$RE%u<%$D z6(uD^fE}+|%z9-YcZ|}<+~G+z=JB!|hFbPGtjO5O(ZToSd6!qp6X+V_u^L7t@Q7N} zGfC1`7_3%1*OR?akfru8ZF-|7VOdUbv^ z;Wp?Cdbi$@bO@(kO-jN`e1Mk{{iOmymG|zthe3RdrZTmC;umk~Y!TP%dB5!!nytH8 zKIBp7Bb8k%lmjR+s*kOt;1`CXZVAdo5q2ZS?)Xh1PewD`(okWEGjQ2wqnas|xONH5?HhbMC~`SV zWgf|y#ty($*=1Au*_Rj7fA~sx?XlVzFj0~^8AH=K`GkJ+t}*ev#Z6{4f082@Fi65k z^4e(%mH4rnGqJYo_K9v~nyojn2`b#m*rSZ?htOBO^` z8h?g6%|2&4OoOAVB)0`Tft$)iL^rAm4MGyEqxzMl%y9j~ogk4b47m&5RB!@{k5Qi_ zY;!Lir6jOg`Uy2P*^o-B*TQk!O|*Hi=W~Wj`&aYVsMHc#$w-m&BU)}ZnIo77En$om8-y*P zR@4?6-fAfY4KqiBXhmrYY$uXnE2YA%iv761=+=;+%}i_{EKAZYX7)7%;10}zMt3|m z^rk*gkx?brrEr8|rIIraF=kcLBBfH91JPm{ZopI5hI zQ2TvE3SF)Muh|G5Sw9$W)r_L=p>ph!1vSCB0;i`ycTuKyMBIQdGWep!H^GVAB}hPD zWGrC>KC-GldK@P|OSwqutUM7jGs{%GQmgcvcUOZs73oqfvp+uV#&n&~Moo48}!tB%0?A2z6 z6m@$0@4T(7Bl#j}3W{t~Z2@mAU<(NB-VPZ1LqkK+{Vwk?qdLwJl@^v*Zr&}ZqH?{~ z@gU65D3yUJeR73hecdTWw516ya5iaJP{$@Nii5v#PdTbjPwpn0nt-EDskvW=8KIq& zp2!?I%?)fCJAU3zEtXy;zt-Y%Pd&@${}_KrqbN%F3n9pEEIWJkn_XDzpY8g)o)yZt zv;>cLA!k2HAd!v$IoVv4xYU%omnU>VsD6SPM(!I&p>N$4Z(;H29+*EUxdZ z(fCtK74dUTi{M&&L`i8z5iM-z%k$a{cXLr@LX7?V9)Qkf92s8gRp_E55 zD`N6QhdGEfp*w@OqXJ&5MPgEZ6EpvC?O`s(yA=Z}P8Mwz5vD+2>j$mtwkQ&=+CwlNUicP-{N{W`yRCIyqB?)f9W|HH_f_X1Y8PBuCK`06w zic(k0MeJn-y{veW4^(;GFf3RUsbzD8Dsc%2lYV;RGV+|~E08(?50Ug z?BqvF9Tsq{$u0zMlk5@;_7?3QfXhA0khfwNh_KMI!-vI6L!fh5PY&3@YOXvYQ zFF|t!L+2cUey<6laLwl^?kD^lPC8vXO8Q!_{4xKXvR-rlp^q*U;OvxM8Br*J{I8VH zp*<3b4B98dQ7Cn(G?g_mnSl-+5Yq*nmp?0`Q$~|5JkOeZzykv=suqyk4}yb(&oZ*) zg?b-zZIv4v(wPV)r%{5`K|!Gd3kG=o=?o#7Am<5YL657Px{2>k9aYutN1oF5=lTn2_9)Bqnq5JC?)kT6Hhw0Bk*sg-X^ zr%QUNZNw4&S9#tXx(B!?>1Lczat0C8 z^LACWyUcvHPc*8iFKA8d{_YUv9~8hEBuqwSrMo$=6fXt@1V94B0~|BfZ?$C59xrZa z0)%iFBYn@#=Hk|$B7zRnInC(6G{YUgE@dU9Y6r25n*CR@LcJzxhOYd(WAY16G^SRX z3x?>)SZMoP>ZcPJUu=)lK#oFW08d=5qe|VlYMD;EqQ4pCf!2!Ixv?c3w*FYf(5*5f#67qYTB zh=#_a83K*Ew1>8{#mKVEzYkiD2}z3sr=wLL*_|GINY98tN;r>`#@}ocRjjSI)w+1G zgoUf#_@CgkW4Huq+(d~NQDoU@Zy)l|CcUen9P6UCy4_6K{TX7k=5TqZig${%@8Ysg z`FwZxKiD~KZS6+cQmEKgR7PTgPHP(5qMg$!ojp(YL|)I=~D0%Z$mm zOe$s2z|-?YqYp}8vd~RF_`_Y^;v>77qr3E6;MG#82Av;}a|+1a*-YlU+AS*YWf$5F5_Q)h;+^Qx5$K zOVOh0MfrDsbZmSP)k1$VFR&pn9f*Yk0a9pg`cGgw+}W#fJze?{mu@rhFjJIJg(K#3 zm*WS#8&1yqLfOV6S5{E-@f*K%uX{YhU~jQfuE1H@|NK#AcB99+p@Aq^rF(N}Da?TG zO9_qGWnP*+z)e*ZPV)%A&-HMUqFdb^M&7|GvjSwQmlnTP^`!H4s_b!$C98j_?)@0- zI4hKoIuieTRp0k@k5rTn%PXpjDK=>4H+#u+OJeSvsv={;Z?w60O_up? zb+TRADoZ~5dZR`9obCUJO!HFi*juz2{sr!U@Muu5J1zsWt~*5d_|y=@0oWR>gJYti z4u(#iGQ6SB;AuK3N$iJsGot8R>Rni!KkibLdd0Nv9ZslfL)Nl=2lf{#)@Yuz^TxrX zpWyNAE^B1W0*|D^)^+oLQq$*>u<(AUGSm0euJ_$rG?V z{#@;6f%vDw!;wW>8SmFjbBY@5hFEk=Cu)Rm{}^6A`r-9ubhk%tmZXt2y`?X5cKD71 z`AHj9Og5Q4u_(doiQ6Vh0i(d09_w-2oEY{pMjzX(lE-v)U{8E&T>l$3D-P9$$0ON> z8qti~FSp6LbOoCbueY8~3r}wyiA>X6tQxO33NH; zD&NC*DGer2nRwZ3_)pCb;s3wp=c|hU4-|UK>3Gv}Xm|Ju%x-G#=eB5ICw#qW-Gn72 bPcJY6zKdT+GBb=}z>l)Lx?HJ@Y0$p_z-}$b literal 14186 zcmeHuWmJ@XyDuRnBST0dEl5cWDFcI)AYB3?4FeLAA{~Nsqafh`(w!sSEey>FBLV`_ zf^@^Vd7gKl^L}{uTDv}+4|^?UF>%K~uU}l(9igfI|vC4-T)`1VVY#ysU#=@$KBfc=l13nWuD;c_BVUcv*ys-P6 z3azlPM6Z?QAM1LW{QjgBZvE|b{?e+~u!>11bVYC>#Y=fllbJPMkcyCqlf;o+_`o1m z1{@I@`&j%|ZfYw|xGSUvPS&HBOJ0L-hWT zg`ve0kR*MShMSe?{3@B4?l$kbJ=>G^_tK7@;)tF;Cu1}w$^SRc9-`n5(Ki&Wy4KLT z!LRlgmqY6{f+75=cI84^BZjsRqo=gGdYP(ery-iZ(FNa$3MSzO$3$g=hO4I3k=eOu zgH(!VRVPA*>zm8GwN^Yh0)ENTB1kX3vx+n0Dl{TPmPA9^@#7=TD=x$!SER(f5{8c@ znG$~NsfIox-!AuVx`LC3y5z9bxFGgb5FLkaW%$LH{S>U^kLS2L6Sf?U9_y3oTpZHr zPJ;K`o%%5H^iGJc@P0;ra2SV2Pi|m$H|}978#z7L%OZrgMkLn%MD#&UK_UfiQSoBU z=f_u%-4gQ0nxi6cJUqDUK}5q#;Y>N)=DIkyEqcK?l}kfH4L0R8$Vi1PmY1@2_H%e5 zlDhhBNxQnk-O(kTOd8y@!seQgQA%*fa$Jp)72X1iTny@|Wms|L(@scvlGd*f@j=Lg z9B|=7&{4t2L|i1nUc_hDeoRTIz_eF&LXz%oZI<=tG0m>kZ6Qv%eDRJM zdQHI(q-==Y8Z+HS?vFo71AeI{%&tck@YDR^1Z#p2=(X1Ok#y)1hjw7{Wv78xbu?hu;U_<-?IE~Yjo`0o%@cxS}3;bTzSE|7QzGb23pkn9=sJ>QVAXZd^%~th#4m zcW8nSsSfhDr1e0Jc6SjW=DK=BmfD?*?8>)!&SD;I&)hjGGjp&Wo}SjDR0}<3bmef| z2%)3=SjTPUFpo#8AS3FiddJ3rBNDRPLZS45QcDiqFNKHeMLv6+ER|pVcq2NAWq>06 z++`TVpJU3=A?z~}n77%Jv^;%F0E({?_?)XFSV6F|T1ypQ7N*j1cedn-Hx+xin;;!zkSo({>U4wM-pGb5qEq+ix}&N?Gr7E%`64cvj&|_yhKo zvqtX665CNueuJ&b-LyGOLerUd=SL7f!lex84qA|wTv^OUj_R~6YO2uDZ_h}Rb!FTb zC;}cky_G}DI$kD|r12euZ^`^tZDYYRM{PWfOe&-4OR`Ehk9WX~b0xpxG8V+2WF(it z7H0Wy;AN3irWSAuq43iY;v=bxEfYF4^__2w49T#z6a=-}6k{3H%j3w8evIEfAIjHX z$eI&a-XSZiCNBe(f#M2!b9RG~4_q0Cz2zBA5zoU5M7H5o$S%L~BDt@UGluwA&-!rE z+|4I>rB2ePtP6#_o04Tf34$bSkGSi#-*vnSVK4opQ3EdmT~1e*;G2mn3)nd*0c(jF zpD-(xmZ)$@#oSFuMUCuiW_1vQff~47n^g~1MTxU~zb9#|a6R;u5!yc*plu${7ngjy zsHQ(b%J zZ%ivPZBpoc*7>zu;jyU^b3Swc8cRDQPC{53)z6*f6l)LXLr(k4Mfwv?STkAZ)-ZRS z%p9i2B|I&rwo|c$EY*X?;k{OY%Uk>19CB?_K|umvzxLdWJ1 zaeD&hj>~A4D>Tj6v5*Kdfdv)s*S3)|w+}7-EV3O6wc@c| zw2Gt&(gne03>C|)u_zM*M&A_}{_sBk_1;*885c22&9YM+F6B=0^xl>tGw$&1!Rg`x zApudnLyt_TmjHfx#z)@Bp%83*wTuWB1Z^J@uaR8Y03~jK@tw&RwPCWPo+-kV<_TUx zczo75#Wku#wugJ=s|ZH$n?gzBm#wj|s|4*{e@Ld?A6T1MjBr!^s)Tsoch4^6kCpK( z&wytmV#AsRNfrH7xp?|ge!1w*RtnWxnNoBvUrr(Gx!oX#quS$y;3_?=W8R=WJ3e!P zCGo7aW2Rz>@>DM!#!=!b;(R6Z%dSOrE0}`8+18)QyGSBWZgNY_DNo~W8F*h|(Lhp2 zi*e1}C5Te$@;R7c%a)lW0j60w&!IsZ64TO!*j#D$2oYOFpt6iED17}2Y#QI_zL zH=v5ial^1i%@JSp-R14e;2oIr5)DpuS&JGq_EN!HPRo5Paw_fb3x*aDADoR;G77Nn zr^^jHLj3O3A_`M$8Sg0W2;`(IH^N~+Q^af`y5-~Va(?x8rrCgXK!ge~Q)>Dwp$^qC9?&BxP9>XK+_v_E|7wCBmHpkmX}Ez;bilhLQbp=@*i z>1HM6h+y+2+&CSW>7X|Fgn+!O*r0@Q%g2sHotqI@DV$^+Y>+2EdV|B%vvi=k@)pBu z6d0U!&FB$(Fu&KvX}6DnSUVzy>j}oO?Cm+C`yfqBSj73+6Ou_#8+0bz~Wx2GC z=Kk#UU#yY;-(`&!aE$Ny(Qp2M(?NYI-(NhY*)xyi<>j}jZ%E_dm4+HMRc&v0-u29b z;R{Y46`!~z`uUSy3Js{s=;M8q*u29JfO{U}+1u|gz;JtdYsy8bOYHZJoLUaoa^e&d z_vaYsIgR<00GfJLT83&CJHGC;yDFRX$wH05u6?^{ydCiypT`3%_rlO9U2EcMzICAO zvCdhf?h=t#i@MVlk}fNv<_i0hze7)SfCEV!?8-A~u_vzjoWp~d9H7WBdwWQAWSXKy z1>@zsO-_Zd$`_Z<)z-`NLcFU6=>xblfuc)s#?XUNIkiYI$*UiYhZy?`WN!!dKN^*x zn69EppeBsGJ`Q2~IYqz7U=KO&(qCbFS`bx$@Ge%~RZ3sCdkl1Pe^nU6fJ+-&n%o+T zY|!5(<%~ws`jAy;q?mXY{qte(F+)ClPIX!nDq7D{M|?R%)&J3Zi9FH1Sgo_$V_T#e-bAsGu09NiCL$;;Z`J8)#mRrO&Yvfd z!FKTHtqk_ zcQdJ?^CuXv(VXNP=|j$IU4I9tSleX<<^D{?MV7Z%1C@?r77 z6POzDrZIRf^^Y=+0To2sG5UAr*|L~my=7m+2cDAY3>%YE|IFXG)bmh#uQ`idK-&0u zWTE<e$Ah6GdpwvhcajzUpLhmSz=>`(%tPdu#I?4068>5QkyEaauqh+ zu-7;XZ**HNnfE;o7>HH^ztwnybWab$kDE_q3iv7cf(CX}Rk2!@#)BxUEL&8Nx1!oo zOz(3Yx*m8H3KLA%cbcKZW6 zsKcf0xw&{pN`6+>8Z!cnFVl6aA)vYvP%}ZIZrR;^m!CY;gbf{6C>uu5*Pp)JY`ydv zddC&nH%4@2ul$ zz0mqT_^hne1f|(G^3N6g-&KkKZix8zh2g)rL{zKzN_rr}Tqq-AP9VayI{)kh6swUX?&ONNkEebtJM8jc!l`+;mn{yOxPr9*_BE5#PH(bH`6%suAA_*)Efi#{}cSuqL!H~p=I?wCffZ&wMmQj>s`6+ zzQxDW8)5B0)Mm$L^~pogh`YstwePg2&Mk9-2l!2zX>5wjyaa45;xo=6BTx$Py!cbytx~^|#=TV3w88cMQxFi$PJjV89+d+lk2)R$@odHijb6#< z$$LQ7Kb>*K(APo`%pt&z2&Z_{AEcgy1=Id{T9A#^ z5#~y0S=kF3u0w%sTc4EBgzT?f>av9xfh;la4Fb%caTWfbr+>m=vlt-I^pgSlon-S7 zQX-%#ieZ!}_|dO(%QW0i!O|_7-1WkGW6e(lZgb~5kS9tE%Q)9O8oSSnXsz2Q6;SFl zSjfV$ov_%80_ub^@j?ZzoI_%ZHjcrdVmj>k& zzw7X(?P*~hTr+o=_{rwD^1A^!1t&{jQ!hd>RFB2wJ#o&6cY}H~2JYXBiC~PcY{WOm zbv-za&lN7+3Nn*{#a9lQL{1$G`P|;tbLI`wOt^GkD%x$Y?`I5M7;0&V)ososJ1Y(x znmzyf?meRO$kic)gVZ|Rv{ip+5X+@^QZ{h=hS!_uV6ZgJea2?7OvyJ71%b`>)G;j`!FIbuXu&_B(P$2$iSykY#Z$Q|O(HiiP6wtpvz)M3s#t`|?JQ%0A zr0)DtRTAl1jB$cB$jr0*gd+2#8(92|{wL;J1dN^wz?yd=V`cRjSx2VIQRQ_k5cU$j zc1|G=xfN!$h9t0g4}V$w`8C7kuQ6>${OFK8tmqS5oyq3-N`;dqNIoWHDlwJST=VRC z3$EmQ&im#E%60)l#tw@U#3CwMdHJGd4w(g8pXXx^80}V++|RvglBTAyXo)0m;gzV%$aJe1_HBG@Iv$0Im6y$Sl;%aZaEvmo0EsHyj{_`V0 z4lq+wh@kNBE$q#gZZ&YF3OBcAj1X`b5d2nMkk$Z=V9XL7S+W}>B}#8cw@A7QE zC8pz^dW;rqqeWafoV=AYhg{+{4vi4veqegJAjgI1CCYu5E}uU+D6DB<@I@&*)t z_2ndI+l_=n`BdXOf~4>A&)Ao)RYCi03F{{r!(@aG%pa z=H*v#y+A7ft<8FJ(C>|jIyYziu-!L!<)si?15aJ?fna=>>|qSzV@u*=D-Xo@(MB2X zdH!yR7{+(j2cn1)GIW$aZE5hI{qa5B)RFcEQnqB$cb4YGN&sM~mXI8U%S6PTOa4x? zuEq@UxMo&fOFG^dkD@kW7|_})A`Slu2D@Yc+4L_vs1N=b**==Au6X_@rv;!k-^$C6 zKsU2$Aa~<@E(3G=pKv?>OE~r~JXKeiGeC^##a_K=^*udZ&Ah%?gq=05Um)Wv{**ckw;ZLLc6>S;=cy*e ztdib}t@JSkKoc*3h`f8maNa?{bkQr;I`&px9uDxnXzkc}vZ<9jTIpiTzfw$NX}a=M zQp$~+&~yX@8n8=u09jHg?QJ2>k4#&A8$_t&VSjM#=r}q3q4A#EBBaXUYpxY6GR30s zY;1Qucq4gNyeBgP@iqRWUtqs?U^?$zp5cewD4)g37L53N8^3GCEvSX zqClP@)dBg~qM==LfJ;HjX32&05a+!|e?~hK!khF{gdf`wKGNW}ns%3oq4@}7U-#;V zT?`(eajc#J5+|Ev-UMdh=AG=0jd-*vks{$t)SnF%Ps<)b4;nc%eypPbapu3~HT!Jh z3K(e;$5E3J2`0>mC)3FI)=KV={r*$R2D(sPgr?3xiHh%i0*mLS$7ON`X_art=fUgt zj2d@#-AqH;h>Zn{>ncdAA(}>G-+$Iu1=HG_F^STUBm9nL^1Fx~{Wr_%ZbmeR>C*PE z=`WaEp@<#saEa#ZY`-VD%8$LILx1KFvF_MN7;dA=#B{dQx;58uP|A;o!x|B1OuWvy z0a>te;ND6C6+&5b7D|5WB!S!?&VaI4@z`g^+|S0~jY=l= z>%X06r#qrSs>*)TW=fuiQ~K$5^eBAcV3{=Rk#h>;Cy7nD zfRE20*b-|#pIHNqzm9zeX<&iaZxh=4MJ;O<1UPZ>b`?qN#&Zc!X@v>o;@CB|R`RAU zM+9xy{T>^c3({S;5N`qX(SlK5N2JuZp3}+U6Bh*fQ?@`v56+XE(vLQC)cd zEWopmW5|cOf?pg80cykTiK8^pO>EwlvfEd_!A{p5t$)rQp+{GaFK5*%jE#TO-k@dW z6U=O~pd8$|IXt{H3IoOcuf7``t~~{SZhCL7VZR7=TCiui)NuMcpzPy_|1W~6rUB$f zJIUsgcLC+KJJ-kn+c}73Q%_WQfA>s`C|k?gD-mUry^EH*SJwaxM%(~s*$cy-73lug z<8uc9n^z16_o;4l?0OBZqhjd(^B4O3T_R)r*K=0)Qe1o7yOQ7lh zt0@J`6zldIA3}OVbe}5q+qU zxzSC_c&B4T<9;RUFN@oMe%UIP^A|<1X9!~Kix7R%;8it;j;`#{{Y$pyp!!X(>MEmw6w5%=LYl~yo03nRQk%V=5Hm43n;OVbAgN!ftODq0AK+^psbeWNUg-MJ1`Z%!HOad+s zS18F6&fgu@o>uiS+N0kB(D|axzeNNcqD!c1??7M78bG#+N*Al@OImF9J#}?>R!g&6 zUa)#`y6;}rYQ;)BPWNV8;Prenkh-kV)RTa`Zf9D>IyeDv5xVBN-LN|6fBqW{u*-db zqYORhm9=+DUyh5p>WLLS-XL7NKm0(@!tkpU8s11~8}q@uQQI)|_;dQhHKatZOiz@) zsh^1VML$~{AT{Z4@H4I7Eec?7r+}7M%-d5pltmhQJHjK!;c$jYRme_7l}2IM$11Zn z&XzfdkBCa*V4%NG%Bx`l*hxpYU~de)7{YTgLb!wJRaE$_n8TBFGQLKv-^$eEH%5h5DBb{$JRTOA@ zJGGRCV#8h{%xr0Fepl2neC`8mFCnh>sG|cI-y1t^D1*<|t>Pie)wE@dA-778c6Ov1 zRI#>_Y4FAUI`bkAG-<}JKxDt1we%Sk3$DsHA8uZ2=Qt+GsGdTof?C?oDXWcL*7$eT1hd@DWygp}|-lYG=6 zA7E$=eLAddxO@LVErdWT!q&W7BJ||lS+mMI!|iXxAY;@c#dMz_22H>iQ#R_de4n2@ zrlb8_ciJF5sg1v$6Su^*_Xy>$)o1-+_>&~{eMZ}TK(={qqRYC0NH=S!kv{ez@&2u% z1OE3z3s3wP83Nmcu;f^k2+em0v=#29+Loed`=wCWEuxk-y0DBn@=m#5FLb|C3#glz z2Nw;Nhu~_gvikkTAUQLAg)m$EK&aj3L{GrOi{E*E z)?=}|4VcZlyr@VbcHf`xsGlFa1x18n3-#X9;J4JoCY|C1+)szZgD#>6uX)FQQ;k%5%NPe?8s^SV%Xv z>W%-C|F=^57iP_kF}QR6J0N4{kS+7N?FG&C%5mGf-F?_8J?yMgEjlbiB_*Ls~MTs73i}n4j!UFxq;Pb#~Ru2nNka~cy zC$w1DU@n@jf3~F@U91Oq9S59+#H==iT|+!9%6<316Mu`a>)j!yT0n&PuEy-#`IjQh z|7>3ByzTldoo2RbX*PqeRjlo7{0{lE{mp>Wn3`mpo4X!G0>VltSGBaGKgJOk`4W@70F;!U1@o`{Gn5Fn zOrm!GmdIwNwO&m-sN<8p7DIWf3e9vI=c2z_)oSa;|N7s=^)$8P5%9bGN~bplI#28s z1-(w6zozOPxn6d-c^Xsyn4s8bA7TZP;Y6uP(U55 zv?xfUf)A?xk-q#7<`H@$>iPkd{y$jh@;{~hSS44=>gLXF6yL@E2q2nHfhb<*H2>-z zYjwqtTzZ9R+toA~>h<&COxOq!jUD3;f4ZTNqyD2o9 zPgl|bQ}ig2))vBP7C`rE^Ws-2bi00Q9qDZB2xsmxvQ){)Lh+On#z)dzM$$wDG`HVw zCCKnDcQ{19XhLF@ z)lY8#%-CXrjKX7oFuePo2NToC`qp`FlpgeRsjSroqk13rlhM7ea3i#zOv!}3n;)~z zpM{9gTrn`t`LZ{{|7<;6@S=n1qGNvqHVc_&KJM%?h88|%VEZU z+#YPmOnU$G*RqMtW_JB+3bGgG!VUUgZqqOG_tV01KYmTFy0y&Emn7G`^UnVf&SJL` z@&n(#5Vu-5W36IcBaRKI_h>O8@ww$=A(=^As0w%({zIyVwfRGbl$w%E;V-!_CHT*j z$DmN80-pNzNl8g4E^U8i%-iZ3lR`MX^BYGQdX-W=_`41s__{T2A2=AAns|cU% z0nSW^m|)yJz%8DEtz@IxwR!|o_V2O2v|e>)&&P4axV}P1FmQ*mNSJT3zk4hIa$V_; zjyGH8HF0Mg*7K5`H=4j!7aCPb6d%Ya;&ICmVUSGlEJirb$|~u3M1Riw+=+D_Vg@go zyUWzHCRKHwm^Gpi3Ppb2u}&3j3ID$Io*^ak#MZ$CJDimx{|1kAei@upORsCUiv zmNTFaXHFlxk&S0bDA7otjm3#_nb_`UUY};x^>%dBj7X=`kj==!^HHxq9`y;^SY$91 z?cQCQXdd2fC8oF8-n~l+W~cy4HI{Vh3yR!B z>NuIjt$klk1MgS?=L6{3TF!+BKWqP_`Ip{CjLP z;i&$}wKh0s&t(=$qR-9U^<+hUWp-#x8N#_YE)dP|iJ_j-6yo|&|AO0`MvM9_1(fkj^=(M~=`{c+S7XN00&`Dms-`wW7$-~kQ$=SMg^`Yh>Dm@kC zp)QS!DWT@MN^f~uO;tc-sdPz~d(BL>skp+NY|cU!Zh`0l!m2)Vpv;bBX8P9Z34W~Q z7G+m|>Jq(evhl);JfM3P)G9VMo2-m7_zoBHy>jFZ8J8r-I@IC=wCSMfXk%-QF;5gw8IRC(AfPM>Xyy zKlJF4q7CbLc+*$c9w|e?t(#%(>XJfC#&azOy&t1v6}sQcIVbTvFj2MYeM+yh^=zu*=ruW3nM-%1UKtIVju`*;`xzY@H@+`|14cfnnh6D9LggvC z&8>m)%IO}@qdbLPrV%2aYK!TjD5fwzzwHQza-x9UsD7(9=njD+V`lK>&sK3ha6qD$ zE6wUli~2r_qIQG((dP!Z;pVJL-?)k&u|z+mY5-qP+OBWi0)=o7duDxIVFXj$XHE?& zzZ;L0##O<;S1;8;6ZTlBU}1MlC2DJ5Kx<`j?gfR2Z@RfK(5sti--9cDy zE-;ASc0VO0NP4Jyfz%bnAM*CSSp=31S6thQv0$l&5vS+K%^-@JL4CS$gW)g+T!HEb z7S#{74JWZe z?((EhwXlN>&e=?#!mBr%qFnwAUlxHKb}My@dL7tcfDS6S+2A*25gB-P`|CH}*D|kW zx<=ehAh8Mh*RkSA9Y`|p+CGH{!vDI4&wstt`oB*=m!*Hkh|Qf0*+{#skKf;(M)9yh zmW46CR~M&)Dg1T4pCrEl?9=%tPA`ykxJgy7axsHbjVu$&oDx%&U8IkuEm5yo>8Wb& zk_$;X2tw?ez4qbu(Pox2$v~O)6x%9J`jDJMOltd++UxPaDOgqdpJBg-0IGOm4fQGJrG zKmYwoPAIToHekvj1t^E%O1wB(ireoUl2W_ilLb-~7|hUESHw)_Go#6sEAbWPk`=CD zBr1wl=1UDJ40$Sk2JU*5S}%IN1iP|q5e!&nV`^|&!ao+?tz-VH9d5O``mK4G=rGHB zu8fBS6k+=B?z}G&Vz&_?xZ0cK^_2BGGsN%FC1=hj(ZQ*oP<6fo9twBM%E^5y(A`yt z-i8jOMsPEqa&e_*b8{6YaS0HXS8^jPzUm~9axN&Ve&q=0jUDXGWKF%#sDza}$&F=K z{u!-TqC`OsWsD8e+L9?Q4ut0Cscf_GwuFqabDHZZN)_#yjdu4x&GcGH^$c84jcnsk zz+0MoO3zh$@BAt zEWC*RQozP_8|_~C7_Oxr8^>TXYl&r}>D{o(yEGaR2Dc{mbj4vrIH&OICplc6MkVA# z!hu{dHcfl`bW2htNCQK&8y{Jj=E8L#^b+r&gO*W}_t|K1ab=hGHc1IiB6Rp|`E$!d zA@*Sm_O|teN^w_xj`bp^hF(*x0}k^rB28GQTfInx*eVijAn-7!Z~@vKVh-+1e%Qb) z=OrXSx#HG2Y-2oYdAEDH;ov-w6L-DLb4zt>MDM;Jv}6GhqB%f}&rzBg+hCWxJ2_ib z!-xEn_GW01zik$#6||q zLAJ~M)_}5gzfTccHeluc`0A8oV~RV>%)LLmHgyXsI7uTQM=sU^`e{WOAQ7vK%46P7 zg)8ucl^ht@+pwQ1es5YB0xJ1Fb7x1Vz58Y5+0S8?`)2)1d~PWC zWIUyH(%rz3s=@STp5EV;aNjs6f>=8dal@h@ozZFSQ^jZKvM_si0j@_HndNN#*D9qa#n1^PmuG7CpuJL0O@fj_NRlu?qJp zWuBM&W)hk@6MBaS30BPT7wzAHx|%;-;3pA4su?E8D#Q;YG={@F8rqdRytIIU=K@yO z6TO)XwGY@iu*uuiKPy<4t&;6xS2r9RH>^t8XD!>uEevoJw?4y^iAP$@?z=)X6>Sz+Ad0o2Y3x1IFxfB7ps*+QNSEqq*9SYR)n zD1hnwaSoTcrz+zlB8XpL&{3H7;E9z;%J9_pCDK1t4)r!S<3iynu;N@5rnrh^0Gs(tk2* z*xzkjYORkgZXIH_Cnq2C{ zN>i>GGr>Z^a&~MHV$xs&OS0GBzL@1k%XfM*buwL!F-ZYxKf&tcqz`u07jV&6rXj!5 zONZfgy$;eovI{#AQIWTLQ;4em2I>YDVFFi{=pdq#e*ff2H-K}h*#Gi}-ID~S)9W9cm|1sLl1bqCI4orab@_5xv$y{TgA`ok From c67e518bec98b2c39d77e35e6e2a8ad20f26b026 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 9 May 2019 15:45:46 -0700 Subject: [PATCH 069/117] resized images --- .../wip-azure-advanced-settings-optional.png | Bin 23683 -> 43333 bytes .../images/wip-encrypted-file-extensions.png | Bin 10846 -> 23272 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png index 2ac8f45b5c4f2bf46b77dcbf28f258bb34db65e3..785925efdf7d8f2daf549c90c5ff84fb6f2750c9 100644 GIT binary patch literal 43333 zcmc$`RaDhq_$RD@bST}O(jnd5ErN7|bVzsS0S?_=(xTGc-2#%*2uMoDyZQZR)_Uh| z?&iXE1jKW8JMvfv*uQx3(g6_$e8V!TsC@bJUmE}KU-wA{ z(m5?HM$?Rm8^;_v9xng399Qc$jPqW;mXnhcdAOJvN~DY3?ATtYGfkvZfkZ~KL+W`W zBO}juCq#U2zd0RJ^Yh3n zbb`_7_`Ca?^^E=aSu`GN33JPeJ+WcjT*ZeP?YfQQkwz#K+I_argLN@1M4Zll!|mNaExe9-F1>46$;qkzG#f43@^%4(U?9iz;r3rRItd55Ju>bQ+Wur;G@e>SSsDH2 zHCZtK#-5XwKWk!(+tIH&({M0ASp@}&G6<>AC*mhgXksEB^T%Gp&1lqYD|v7 zXEzy6V(9N8ffrkV#SnDFT2eGLH1zlP-(2@{-Jjkj^P4yI@bF0IFhAR!$mO(DrW%pZ zuF~S)KRU7_eqtWWc&GcrRwsc{DrS=jl8eP!^VHsIMS%YoVuopHuvQ{6*7}rL5S0RoH3gJ{po;280rvPGC||iqbjp><5aRJ*685c zmD&DuaaUK@{X2*Q@p;bCT8BvcM-B&)r%BhrBhxq`3t}^!Rta%&cywYb;-)Srjlx^a zGSzQZYST=J+~%=_?@T^)3)@WO2ptBUZ;!}4)^t32Z4D;Ol&aKUP*G92AFpQ9sgUZp zT|aCN#NpAa28`h?HNzsHzrK(S-5t*^6pw^g&f@L*UirbT#x`)s%&E3JC@6^d;X2rE z>4zHM2Q^O!G2h@~yRQJ>0EDElRTgDVeJPpogH^T9&DllD!~SZU_tnwT04ZxQ%yLmPMf`cqz%!YlFSy&dFmI zcSj9t=w!l*>FUMuYA=>Bzp+!rM1N)+2@tN-Z%L_Gpk`+^A4xGE+(J=&9sEVNfu%6- zaduWStP{rK&cVy`&#vFt%|A99^B4vPt`BjQ1)EhfcvsWa&-qJ}lzpT_SW^>-8rTC?AziG=~-NiGjyB?=I5Jh#*7G3X9L*ziii|nzB6Ts zQ4!HmR^(^IwJ}0=`N{Sw5%Sa(vmE2BQU5LN-EAjZx~sGHsHQA|a{A+9$goZUllWha z(}{1<9orw_N4}U+Zv8C$%&$>rA{Ar0`ePyL2R)Mwj*V=k;>%GQ5;lFTXg%6fbW3oS zNTcQTyS#^kt{?A?Mea`|cA!hBJ#`3M_Qp;1(Y=hn7dx&uP`Co1%ie1~=drDi7ysrB zT{u;3$FulQ@K~tB89aBh-L(-EQRj#KkXtyfW=GFx#2`otDe|(ljXGG=e%HSdJ{3}n z_tl6s3lPgbtdJ?q33AM@EA?b@~Sa0XL>lofhoG-4J3HgI4@q z@di4T97WwqYmV{|T|~0*DZkr&I?rid<8HXDjCu}OdwqUs0v5|Rrh!+h-f`oJLkzb= z4?Shp8G(a^zh0r>s)k98CQXsuD*DTsvj0^q{~5wi@*yVUmO%JlqFhayj3lB9yN0GL zt$}t)uMqgN}1eBC7HK!n~HTv zYOH)QR?Ce})c8q)Nj0H*BLe%W;fAtQq^d*vYC)$40X;i0=mGAka z>|Dc2>NpjYz4|yzO~r)1rfxHhq!Ei|4G;DvI@%;!1Sr1TZrZ$Ne5GgHb%K{@ z!gAQtb~zwnb=T4(ep&Y($;an?yGCBrs{OWf&nZ?V59onRAbY3w< zChL+a(*X#zqYo1k<}w@HfHoFm9O1iRoneU0-b^V*bin7ITMA;>Z(f0xq=S(T|7g_=XWUHB&_8d0hSuW4nM9~Gibb` z5kXym>?9Y93P)g$0t`X?<7NT@l~SSw0U9CKpy#R>fF(t0fi{MIH|By7#9!;Z|2FN) z)(-Znygb10r`rdx$OKMqMnZ1=ROvjU*4yLZ-#pD&NnmVHk@d!+Wo|N;BgXoG+@y<( zD)nA+Q92=RL(wZAN~&%|=ZM+Q2R~!y;_TT=p>lNPA#z(KI7DB?e>FHvjM2X0cijs} z?6YxU=7}-eAYApkvy;m-Qj}Z&WQ~W@71=n>@T&1N$N$ljyAK*nwT^x~SCL8#qt#cj zA>?!brK<1Ys`IC$Si)Wo=fxv`Do!;hc&o>3Ffm$0;TdM!ElTRON8z;AX(s1MD}{?g zQW9{!m78|1FvCTi?J!mF3XA$ik?{sUg$UUtz0i9*`9oRC%T@O^UnrFTogB)9;5jNw zGF<;akt~PX!EzHPUlEw4;r>vrbN~b_aQ9%(%`-BRd$yUBo5#i&(<_BeH>(>zZdNs{ za-fBVxOBv)@j6jbGN&_YRT?qKf9ynDu2qaB{;JSfnz-)lgx>iOK_ZKa&n6lZ1GnKK z`&z;!YJ7&hBn@Yyv9tVdrL;>myM7$05H)ii!9@sB7T0fbH*yMvZk(U>%U-s+V=da% zI4d;j_uHw4)VX&FguGI8i_wE8fp>Uw30%M7aH#^>>VMHBlFU)X37U9S+59%Z9SF)# zQ*|OAB@BkTOTF}_YVv;uooLEsGKA;OPtF+79Y~6>DXv=zbs7_{AW~=Q*Rv*L_OEFP zQm>qGwZkisFB$vmR+Mw=h*mlizJ5txWI{CWx-L<}22a zv2OS(6?~D)_ApHxwp9=`%Nf_{-U>Z@cA}EU=BFY@pgjI7q|2PMUPaN4Q#}tjN}@%_ z$c6LNZ-UNAV#bsoi(tnOh}U21)a+=iiH9N&&2VRkzI8Ovj22h;o|d$fb~gSMVi~r~ ziM=k&L*|`fL_DnU>oW_R^TE$58Z`6ar2KGddQ;(*g2aD+<`TK;J69;JvEFuoZbG9E zp!A~&%O5dU^P*+7r2L8<1ESz~mJiig#2l1cDHM|_d>z`tJ+L&@XIEDPJ;Jwpg|_aF z@AV=ohErK{`AW4>LoK+sBe7J&(oJT@vgIt<-soCfIx_K5ZRX5DExsKhQO+;H;S_a@$f zZ@y@ji)TC#4|13m)Fm%up={Hd#K=}w@@O$M;G1G^rZVYFs}-IXt0ML3IqAn={L~wQ z+s4m=E3xoZr+bIxVuZ^;zJ3LOf^7z*Gg@Ajtq<`9Rv`Q7;B1(|54$BTQd08je+Tn) z6w;<+wO=ZIp zcM12li(ie={^D(DezZiOx(R8ujWc69w9*ktBh2mOmO^IxgF3Q`Gdd{RNH)c%MRndc z9^lgt(HWhij7u6S!ceRhl(p31wwerJi07a^i-=|>|45_JQyr9zH4@{+n}i^>;Rg3D zJ%`-8zphUmAbakYntd?w^F=SH(#D1kUklbYn_){uVVA2FhGpS2{%p-$uxq(pio#)( zhx6Y(Pfc_$G&<#3^(gfE_ox4qEUlWj_MNy5F|YAgouoZv+@$S6iV?zj+E;LH10_}I zM8kvUSkq9)(9cXP(;-C3H{9r1AK0%p+{=DerdKzY+$e0*^L%7U@03rT*D3F1ib?Gi zdtKl}RDWmDmB3&*_P36I+j#uDYS_|hYl61+hWvtg{qSPGOT)UxLahADPMCXhef5A? zqC3nVD7^A~cOTM7EUHG7#n;D^Qq?<|B*dF3^lU6|J7ejr6L=VAN|cCZ70zDGdu{#X z_>Boaelm93)HWuJc>T947(s&>5?OzEA%&zEjns%*V!%YD8qoGez-03pV?m3`;kfOJ z^jDY-740Ug7^(W$MV&_mx1D^iX_8y_o??DM#o>iM5hi{HpSmD+eSf2)OOwm4bk1oe zhTus+7LH@IBp;Laqci=)3)#k>RN~{4vMsCfWeJB3h=bP(3u5cnpq*xj!+CTIwxzm-h7tp(w{2=J|X%R}*ffUs()^sOi*90f%}@+OjdJ_~X2fHrlWu`*5H3 zSgw+6YdGV(aM)zD6;~B^zwmT2n8g`IPwHG2qP}i2AtQeku$U@5LQ%M*Iz8WgD;AFU zF9i@ZUG124%)s8mg`chQzw5Vpy+(uh-soli9z*DSkG(U#{e#230mh)&_wF*0R*AC9 z&ct5Dd}zwWCEbatcDxw&LK63_*}`1iT@kEy-1}c&-ZN5NVKgph`6~YTWR^woj|jn? zo8UMq6W+ya!PX+c+Xyi8uN`50E<3V8zE=Qbr_Ta?#9214=Wkq7YJHjk=6qM=T04)p^vH6rhLp*c!P&7ob zl~v3N)X*;x2#S)Hk_FDITmDjxK?0Rt_|j5RY(eq51FP_VQ1&O!M`=gdE~PWjLVVMb zbbisN&2CeB2}LZ=io%*l(AMVMVm z8YL z9^QA-H6S$D(PaqmI=ezBGR`O+ zfhfCX;&>)&mD8pM{M{fH`OY|T2BYSnWbJ*L?7U@cOa7`t?;Te{It>_By;qm21ItNSbEuw^q$Vw77e7?;iU#<>*?j^W_P-Lfhg zQ5F;jXKa!DUs00Tho}`w4^i~ts{#FCyZxGIVbj^$#DC{Q4ozdXYi6diS&#rEAcw1p zlM+r`dF8hU(_3>p^94+p^wDocr#2WO_l~J7`i(Es0!nkdx%8s5BKE7$%l8 z^Ip#2v!CYsP^CLck7x@GXLs}!}6dIUrt#@-B5SxTBeQ@ zdE`~1n$uMHP=^`))nTo@lI`*k79O?nhdvfTUXfgyOW=9;qixTk#-z-v(pD(b(VEn~$ckd%UNGp_(mIEA)SQ=qpNNvqK07k5pzhy2`ZV zH|U=Ua*#4^fS&Sqt^tza4ddH1!b>~tJdIN2i;yo{$fn`Z*ihDTCd`=O!KATH*~dD+;A$w5X8Y8Jpcx*vB6UxKkd(qEui1jZc`Ay>RS?~{%Xrr^F(A`_vp<%AyIUtaTfiMN&fu!2*FQ9*lz?2G zO+D%i!GHU^HuJo`R6}%?Zi7~tYS)uPhYzhnq57xJVbcLu8RqsU#P;@f;1rOuoAd(D z00DzkuTUE8yoy~X`{d-rX|sPUlV{?eQrr{k)YOzMLrk!Uk$H1FiG&)tkPu1D=c7+@ z%E~F>75%42J1g#M`t=rQSKnKsu4;Pa&EAqR-Ng0m{Jp<9&)3-+dG}~8DJeNPVmkN< zY4?MUoS#;Bz};v%=VHC3yKnI5(?}#19WpLcn(-6FGA1VGe%|M%VB^i}sp#<zmOl))1}*;{|$R16Ld+N_}?pvr{B zzvOt@Ip=iSZSXd{6QElt1-tIdlvcmlRp(DX#_PA>tr|!sWcMq^b3-}MvkXlyhZ$?q zKK|Q`6KMwogc>la3k(tc-R*np4c&|JeK67E*#h(b?${C&6T{JnxP7iq0De2?dGzlH zhz)E#9~U@UYM40bY6r_He1Fmtjmyjdsp_9oIatw^5Wj8^p;;N6|IXZl?w*2 z@3Tyx+vVRC-S+*HurN8F30k9zy(vVI7A$^2^I_~D>&@?J z_dMT8uAx@`{J83Xv^((vjetY4-PapvZa_1>IqAUwt@`cDidrE5m*)CqjDmmO1n*LB zIq`P~?sPp~^$<+tYJ)>=k;v1%OHl%sGp|W+ghDC{MfjlG)!&shuLI_JR^L}i4xovE z2GDrZBy?d7q<=uXP74ku1`%iPCnYeNgul>;7i&K^afEKTXduLK#9r>t>;eG|iezkT z49p5k)nIru=o)*;M9l54T%im>PmVtPk{h%`f;`x?4X}fmb$=YrmSgqkwRycuJ_x@8 zUYp_E z*BAnWr~0UnCRMUxkAZ=aiqMKhr>qCS(l!M!286sXFV4@Yi1q4BURh#cVZFh>xd{UA zowp1aI>inVn^9+xTq0sBryxx6IHgq7Ym^KX8&;sRl91>Z%j58k=88OhC;L_m1@@2# za3Xe85+-+>KOd+k`xGNe900?|w{R*D7NOv0K?yz2pVa~>6!_0qEAAL%!dc`{w$!to z`5*-&`ARuPY}4>AX|eXtzmmV(%vb9*K}q0yShXs(>n+Bpf%sy7Bc=FkXZ~1cXQ(pl zXcwH95;$(!C56!_f@#{Q)vEeP>^wX$fPh00crSR;3A;U#N~a{Qx!bVj$LSyNnmwiF z4>`KhV%SMuSak0Eeqw3O7%GzNk`*KD6Dx#=m>_so5K1Ytbq_1)Ft^bU~K z?TWJGX-zJ9RD~%h0v`fzyrofp=(o7Vs8tuA#}e_dXq2E@i#s-d^Efq`4ygynG$Hq$ z{dAGs58Fi+!*<0hRWbHgMz~>e@%o_1U6M&Q9Kw&16?0JhN->nomy&(}qNXvzblK-H zx(RT!ccMwGn1q6j{oQs^z1j4 zL*!ci)93O4dGpg`-b?mv;B-c!N1`Al&``gE`wAE}6h2AauRbw>G8f9wb@Bc9wKR#E z?-zc*dtQDouP1AVEN}E61qD=v_KQY~o86yMsUS|tXo;x&jiPOm z?sqmn4_Djn0QTdw`N`BP2R=J+!;(e({myqIrZx{A1;4uDCoI((!?IfeEJ1B(bhyLn z4O=LED3|B<;pzIlS#O#=zC~D_O9X#^Z?Eg0*>a${-qT!HYnDTuZZYU-@zm+w+Dk7T z(kXt|0yUk340y#()Z^LowE#*%fpgLar2F(5F_@2(#>5F_1X&4GUlva>UY}y%xZfJ<}ZnB=r_Z;bnmr)%q>%_h$;j zg$ZI}Vtb6~1fqU>F-}Hxf)|q#XU3#IU?j6x+b*D6D2VuN(43jq{|e3E1~g63ivT$S zy2yqze-kj)z!&)uTU6c)TcDQMBGM{lNLntuRK=-s;d>>U*FqzoBwBR$??A?G_5}Dj z3NF=ymKKsq`uSm>=DrXhJa4g*O(j7d$92)oL9|KK4Yp;kOm4gTED?>)wTK8r>;mAx ztB2(!2C%B+2;#Bm(HpdSfSDMiCZyVvd;@BzPOVWFaA64<3NW{j38YaNHOm72_&hya zMG#Xs06bF6?WO!ck4r(K2Yyj18dp#178GcvpFr%!Q3u4I2hh6 z(6@a7$K)Yh#9vr9_VM8kD_Na_C=~P)4GM1Ki7rT>30yBI%etVd+38n6v=0H22ljU< zJpZVl3Glq}1wjV_wQn>>s6|Z~Bq@d@r6I)S9jJ-Ph!_}8rvqd>whNurQf?T7Cm=WA zwL&-jJbAQvB41Pf$;!(^ZzyShe5`76-llw;tnvJ#okRlljFgm=oE*qnYAQSq&*^6q z;^)vsL#8f$@!&2P=0p~s%k9Pf-ky~!w$l4|pAk${ZSjeT508(JcXvOu``mDt4-ejj zfJ&dV)K>+a2AaUpYMa2^O`k-ueDW~JVTg(bwBj+?{5GdS{zhrie`*(IUsOy-BV!ON zkxBNyzF7k&-tO18a@Bko-W)7B(l zv!!{sb_TrEVTb=r!y)Xuw>&shL1HMe6#;)tKh1n|b_ekiJl=HYYfm=@s{rIbAE2~f zoU?)HNRJCIb_GNcG~z$MzT2#?J^o$Do`59EVZ`y{`LXnE9GExJh@}7F-p5sN{kR#n zXxXk!&eZD-#8+?({wy^(gsJrYhl2=pt}0 z>ILKTz=8*gTmd)+Fs#OD9qAW@-{#0?@Yi2?X^MoOI%;lQXA%S{`{VR(P^v1 zbvT&3Nf1z`xw*Z0XS?9|oS)%)UY2?Qg8r_w@GvorYB*3T)h`mE2`P08w`D!Fd_@pp zcDnMm^jpAZw!HImx1P7`Yv?evb@v$V&PKXS-|lxGVJuyyX6Sp|EaCMo7<+TNQVGR` zd^}9K${pnV4mM_6oUZOs1NTbHzSUXsDNTZqcSiQ@5d*ikPxGeXmoc?fv`S$uUDscK zU?Ek~`9ZHXH#bd9O}CQ(JcIIiNXugo^Qz{HzuN4y>t|_;${0U7zUKF!|Iq1hniu3- zst1WuArm}zHfgn6xGyt4rxMY}Oom!`JALYvPEDI588=W8@MP%Q@bH}-Y$BLu!im29 zXO;DkueM7`sm^RH{8Rk#L4^Nc)9%PS*RkK<~(bikOWK4KM9f z`?j`o^stzL-%oEwxK%^uGU>Vi+m{A$vqM^3qnw6Cc$sN_G~-8c?F&az&bQR1OIO)S zb=Qw?R>M44m$25#d;dHFP&QU!I@j~IxN^k*xWj5VPFv< zeGYD!!2s?6s<6t#t!wkxU%T(P<44!XFduw;E8Q|*z4>=u$6bN1UGE|Kui$YJrZSch z4re&M?qn>mpoxHtzgE|$t;({xXn>}AX!*Bolyz_9@+(_-s{ zbg^Nil7l)!e7*V~+PX!BozFfLVZDVq4 zw9;Cf=84~&-+To7&ic}Djlr3p<6)#&P3+NNRSV|B=1@)QeC~c`&zm#^ZxJol5La8< ztTBt38VpTPhs^+00v%k)_tw?StjOt*)R+I_pD?iB($CzjAD=JT2~9` z_8}o51Ek)gyyIUhMY1McuNRXfGv`jF(0C#xwxHKnGP5yT2%ezyK*%{*RuV4%aZCpq z@XW_+$Q-?wM;JXYtThu}D=I1iX$9B6%S~2O1=2{*K=9}0(DAw*=tCYJ*Z(C1nMPL3 zgZ+Fc{C~W582CU>{(&cSQ-aOPOqp!cklSH^2P@&&?t9p6UZH=9gR%_L#HMYs{Ehz% z6&b($IB-;=@K~$)zkqsjDZ$9!9MBr}Dcb`y%W2UN=2Q#{)eywD#1ZDJ>2(&Bl z+(2$*EKR1F+(xjjLRm;O8|@he3ReJdKU!&N01$cF|9^Vf$#F7(={}&h)U;h@`1G?^ zxcpK7qoTXPO(NHdnfmuO`Aq{#=2#BZ;9dJCF_Htz2^?E(kEI`W0152_9YI?=ZR@$m zr-$wO-x6`#FE;}GyfcNPR+N(iIm*bWD1MIKF>sAP zSG3ANrv}s@=SMa)3hYHs=X8-*xZZuvUOpMeGUU1SMi4V_zbwWx0?_2-R zUZVv*%FD!&w)sE#ZIVZ`0sUg7#hnO&XMCzqrUQhDp2MWq9m9a`b$~!9fEw`@1jGVv zif3S#{}mOaEe5Ds9b^H?Ku8gtg#THVkgoOy%k(Ps6S3JFusF;xjxLf?Qb)hOGroH_ z$NN|VO-pNZ*&V;W_Lyc02I*7zc2FcqA_j`MXlTqQ^Ta?*s;5$?9&rSbAqLBS{ovqW z`*W#C5F|F%Zte?CwIMo?vwwXxSCCtSTU}j^`Ss~L;lR`T+5o;g|9VuAn>v41YwpiR zR6u<87FimgNHG2X(vV;!Gp|la<5TXfpJFz)6)41q32bE#sM1DFJ2=_U8leHz}AyfttXhEVtI( z-Tkv#UqQ9eeuZEBH%MxMX`h&wh%*U^q*KmXf2$lC76!I*d_d$l-doK*FoGD!4-j-! zn*q>wT7@Nv7JuqzmF~7DYx;dLr=9|x|IKzPfVs&`I_ep0eEyGu+nHR}8^^~g=|H)f zMqV*hCE~H~6~<2=c@8^36pdu0QC^UJ*S8TIanyIswj-ydLx};8URG0 zdQHy0xBI1U-n?m?0!ow|YB;A9wjDQ7Uw;fia3Zrt$tZY>(>ROx@Xh{zAojM@OLOfc z84cZoQ+{eWZkO09N*nrM=o|X8fH53{EM*Y?9nk--GLT|SNH2nqZpx+zLqu`f+@O}39A70UR{hWmw(-2|>Z6AC_q`5~yPGD~}xz&hN{ zzX00*b6zBZ{t0AGHnxX~o^t&kZ@^-{)vA=u_Wwtnr36bNnxe|U#Af%4i>n;OX0?yO z+{=h1u+M5DyF`&7JrsE(3NllQI}gKEb$9kA|2q5!3_9Ix)jSf_6!Z{PN(Fn1@ zR@Z$@nsfo_0f;fMK4%pN*vJbl)alQk`nS_En({=LGC@7QI$q0FtA&|51fPD9z6i7t z2GB;3l0n9B6;x=j6E^%a-`PmhuHN+F8GHnL5(}{?C8bJ*R4^WFV>mRx#w8!5G3o9O(g}W)Py_mfQw;4N7g#^*{tf;n%V< zOa1|!>$57^w>oxk_@er5y%K>8w;h8BNFTmqP#Zx3&Alox(a} zdE<@(JugnjA z3roY%4pgRGj}4^T{=COOk=01=*;y~(tfI$W3cyx(U+*Hl_dx47Q4{X}$5P6`; z*a5}#^cOKSvV|HIiX3Tik~toYis*WIy!Os=xoD$)MNhC@+t^Jyx21K`cj`sH{$hG=vaEBH$KN zQ5(7Ch~ppFvp>h;XJEH`W zbsuUBTrmsTr_9uuy9(;_Ol#FKU7WNe3DfCvn;dcLUZ-)4xT>H(!Ee~I6e(P!$4Y^+ z#71(18uebrvMB8t4+9ysPh|Lx`OPfYU}XHRh^b2GU!Lu5Uy$>YECWZNSQG^Cm2(6= zZ_doA!^@(xfcQVq+spgOsagEK(2DvMB0?m&+B@{q z1zq2!khDN3vh`K-Sj1qF-~4z0VgS=%w3^higHDRx^_lV<8lJ{%s9lRVW2x-KFKCwufMJ5o`%W^ zjUIynw@V?nY3OXDWbhkr<4cr*g)I1;Q$nH3(Sd1?&Ly6%{jwB<8%XA65wNG}>-s zyP%V>)WZmbSvUfvOtRj*2%Jo+w53+hdhAYBC^@!ns|UL-?mm1=A~@TWJ-wlWf>Sxz zu$Nd{K=RW;uVeEa&*Wj1xVszItTA{19Bo#SP{XLfMhc=J*|66SIsy%+pkUTf61H2_ zjH19t=aPN+yBFs;ivSCZjPzK%WW%a{eK<`fSJ=Ct7d1t&wdmuK2P!TSsJN%*7PeEM z+JdgVaRIEq7?oq-0hTIfM^u1@LjNkFY?Asy8XeTh^!WIAVDA=za{`oBsuCm=6e_aF zf?wd`L_tZ}$a0el2<1n<6$A-c%?Mcqb}V8mz;D*PkA=q7--9N88{YFyLXI4bejCV- zD!uo;SSr9D?pj;Rg>Ge1U=P~VxxPm~o$VEJ-3J=Hc>p~D-Y^6FbfFB!MGmgDvfh0N z5*Gg1vl~>cF95e0if2HccuSCQPAQXtD;2IdXqFp@|60AC&ZzZ6wVv1y(5-xLMytyc zo)y@T=Q}5Up%Mk7^M?Lyz&&!U0XJ24Oy9q(SH&m|U`C`F!hQusKS}*|a1z*tk|;jW z6y=sqm2T2(H~w8y97ch%?XY0avcvCT;Ua#Bp$=YFZj@d+-ffWwO#bfPRN*LtT{cj{ zLE*A6-j7Rn3?+frf(}Pc(KHu3BiBE0kmUnG$_(Zw%q!$90rzoUbv+}VlbuY5jIQP1 zJ>lV~1VPiA-)VM#0Qc`W@8Yjd%sU0JBBXBmU^{{8H=aN>0Oab0(D;|zbUsh$9u@j98XdKOxl_{J)2rzg? zxp4e|ge27v20YwdbzDpACWWESU2ylOWCPhmj z|LcBRA9JcY<+FDxB_&l{Qc`k%H1L${5A)kO9xKT7ruySEL%noHDdrLu_5-d$sY)*H zJWyeeH#dVZ@k^64gGeIBEEMGBo1M3#8XB%ZBLwZ|{btsGeq-Z%b$NPso#Mr>x9w5EF|>q-O4)Dbxpnq^_>c}NRQj~j(j@(_hV;p=jd)=+zbE%6kMjp&pK7vK=%9fM`k|*Eko9dxVb;R2=|3VuC$XV`fJ{T`w1!&u{s;q zb$V^Gy)q;`Iqe>Fa;bTJsnfdcJ`i(H)R$x5K=&)g ze~7?ecTB0$K&zqy@AtmKnqfx$J4hD5!DbUV`hGLI|MP!Q6*Dj}0OP6Lpsm^I5J`(f z*28@~Isd%c=h}r@+-&P3Q)x{RdN$F`zhNtmc@lYij)UQXY{;72Kg5>qL>ZR$Pe{%x zQd3jZy5p~p=gCGMEJ|zLNin=@4Y(D8!soCn+qHC|N1KKP1sfzHS?VCu2Hd87ItW-f z4g%oU0}Kjg>~B}D;*GJd;x6kr-tfK#dHBR-;?U>tEQm6fpGC!8NQC}xxloszL!rd8 z>&ECLB=i$)TcOW(qkSXg;~qf#M4Fr$E{6Hhs#~OOpBp`8O~+E~H$%0S8Mj;4%j-vW z@iAt^9^L<-WaTsy!tb{S{HbMYYil(%HD~GPX&@G)5(f~DQNQ_{(>ix%98LS<%(mwP z@}(8#uR^E27(5hB#y?N9sd&8R^$YW)^29fi3lDR_6H+Bh%$EjZ;>XNSyFA;?J;e(b zV={?MZZeXe%vN|WUA-ZC!il*f4L%MgH8m{C+Qje7_vh|?l~Ir4TeRkk6uz!tT2hIB z?_FZ5<5qxf@(8S`X~=x2O38JnjYmft8#h)|jLA}eo+<<|Rp16C3P>UmH%321Z%<+T z9M!5B&4szqnHNO)(f`!UlYctNIaIfwY=BmCV{u)d$dbjEn{nP$xKYak~7o(4K80ROzX5oY9>dX(Qu{n<<0iM zzqdy0e)vmhK5e)HWKMTCw`cSB<#x|9kqgk)X{o6fY#}d3e4*-0y9LvKQjysp*>HEB zuMj+Ex-%%Gg2dY}{Pb+^Y6}v*wpeu*SpOVMt1Oe4B)P^mG(Z`fEOGAKVl`^8@0yD z-g5-sx31>mSu^Z4T)84U>*hz~_Ico3ThuMNz~7y8+#3bdaB@EfS~$=qWUT>21d(zx z;>K`{0;BKt!YO9N0+CAcadC1L2Ft8tN^>{5&Y>P)<3a=UYvyPBC zaDJs;{DOTc;y!m8DraB-VWs-!p@XGyBv*cU&*xL!;dH%Qq#G5=SIqS;`G?^34(oFT z&IN<2(r>v0k-Zq$tCP#G5D%uSN{{+00#x#~UT`b^&k*n5)va-W8d)N_<1J&|1(EZ*i% z^&)yBr`a;V$@=!O3dAp*<^R`dC@?$yX#A5j?lJ**SYJ_{+2R>+XBcIUFIHq}2qS{RMJHxXL$r?e403CV{*5JSL zEXqH%*J6vYjQ%?B*F6+vcm*>^E1$5>pYHctp~su%%!Ug!_T`IDCL|#`lck_MymYqJyV!vB{F61 zTD9iBdvsv{r+=VyVdfBWfjd3q#<VEaa`nL8hk1`qe5oz@hhWOW^ z2WjTUq)5<*`EP26WSc(KHg&zFS3bN~*Y*(Ket@s!Q(0Du*1lPv z1JE0V%`gq(FTRnQ&oLH9g(7T#5I|7mtKWlH<`}s6&6$CSj(!P^3ov77t%UIKPn`;g z$#i}CZnEUE%bLUM=`}E(efZ(|`cx8O>3<^ru9jT+5Rlh-?0&fdi5ZMJ)9(plV$!e_ z929i6GZyXh6C}m~Qttmxl;?IDDF$yYrS`buaYpiAe(h{c@_)XyEdKxawL4LrkbuB* zO3v1nDIA2%p3Um4W+_x+UdOYop?)zfa3{STK)PrA2ysYx)^mZ-#Do5o>G=j52xr9x z6VcJqmH?;?lJp!9FhTZMq>0l&+589C80qmAkg#Y61_tPOd9}yA;sInQ8B1|BGRo`d z=qPe{1#XRk98fK=Zhd@xff%IK>}tJvZE<>jewP_o$ga&GBm^$#zgw{V0TOeDZC*er zwj>6;xkA1fNcYdKZ;=B`%p~w7Kv0EX;8|-&0##L06Z=g+$lj`IJlp8hYoET$cLz^S z0`Zbs>A}FD;e_BHh(+MC=vfhaz_dOAo~T=@Oak86IP;9>M;lPLw9YOsxgic{+Kbn1Rj6TnWO!FdT$S08)n|mBqt|d2Z@Ca0F`1*wThLRXG7BcYZz-m`_ z{qNc`HRcRT47hOPzCSI6j)L>HcMS-uAU~7Q`114`%#Y&(U~#E1&(C!Ltd$J_IZ&il zfa(Mu_5h@=QNRv>AOIBI=Uc(uivY9HP*eL{Ov%tFq<}1iz=!g@+Jf5R=aHBlZQ7J7<~lr%!(d$oxlXz@51=aH|~L{r)`t z@*_o#0l0Ake0czac>(GLZVM2ka{@9Uz${54KLlDs21tKM0F@5ccoAgO_U_{;B)}sb zWW)FE0B|Jry_f>(+0dkw{o+@1*R)T8UJ<_t-mH`)0!+>F=mj>+`wA_Z?h;2pKm8tW zEQhgL`33Iifa7AT)eejWz(Hhtbvpcf1s_4J623d+^pbiR7OZMq+}OyQv1$99MtZtG z2b$D)Iwu|2n}7+ZXF7so2sjqd^!08P5m|;q*vl<}{xphRp8}q}KpQH*GoBqSw}@Qp zc?;5rk*wh4eglucxXlHkp*3Qmu?sxCk`K^?L6E>y6%Y#pKq0=ouYiz=w1aI0$Wr}V zd=%f31yE0b8zjk2=nHc2L;2^Z)b#XLK!9`&jvTCgMR8riN7(&^m}3>N-(1oR8lcY0 zqHWb)J*Q^)z<|3SU6Z%PbYm(!PB$RUkEy_Q?r*UeBcx5R=J&eT1MH8DLB9>BMFLp0 zT!Z1oz#w;1VFORt_%Gt%Avz>xh(rjFL8|BlECTQzBBZfgFEzkM%91+d6%g0PjCdI@ zTC9q=Ol)2Bx9w`xCCMcp987>nlem;G>jp@B789hmR5>sso);o}_bAur3<=6${gOnA zb)U|f<#4KS0PMAs1EEqWX=&&q5I&1O1mtDRwcq}!0O~e*AoZHdgb-AY zMum?ecDVhd8>P{7+6uopLNmT!#uQ5)1ei|2U16D_K}r2dI%Rg;FctKKNnM9Fsc!IO z62jti{?Bi%hbQgAqzQGzC9|atfma{~BbOKP4YCZi;8#QewkCmR{I||+RAiE53ERO4 zS@Mbt0tI2a8R=fqKj!e)<9p^~c7;+1obcn0~%N^`iE6|5*1!N0< zmQlq*Q%vZEyd`D$TC&soc&TegK~!ppO|JgVm}McCFZvz{c}$zP&r7;{D4(?Y&q5v5 zFIIDK>J{VF;)F<~IKU-|u+-k|Y+>Jz97w^F;+QyZHOap`XV)?UwSIpo5(SSh0ndPl zI^nYWh5fnf4y)(8^$dIh71jrXa&;O8YjI&`dTZAp*>9jz6(J#)ts!Qc`5XAc|a)-L#Y|#NAXvmLe z)bXk^ClDZ+;AOEIjWvHyR}y>(EQee^ddr65RmcS(0hcSs9@NQWTOoq}{p zNp}bqDUu@HC7>YEje;U2An~5-`RzNivw!W*?Ck7c&y2$Z_kG3rp7W{Gd?zO&DGA@d zp9M-OFTpO1*3r9|&vYbZWIo}{+mVIkB1*YZtl#jODJ`mIuV5rDhW4##7ayP~q!~<7i*fMDd53_JJ3=-}aH}06^DsfFk_NeMa z8rtx%cdhBk-1>}u%zUkkJb4ZZum*}IryE0t>R71N{b$|#>qE)6V}^{e6epr@D;K(p z+`7EHL_t9T7j=^N-K{$r8n=L&p~A+)PI6vsllpl>N8er!dt$UQ0-bwe7f}m(Liox} z5>Dn-uZU}D%j4{ip{CMQaFi61oXK_%r-%#!`FbA8X8x!fi_n9fyPxw9%EFC?^)nMz z=jeVk7QRGoQffmT9sF83R=v;({Er~;B;1S`>v;w!@I1S}6uV2?zw0;dt}|mk#pJ@A z$9z7+h5thh#S-Lro>;R5Vtt@=;^3pvC1zw>M_ILC_ox=) z+$FTD;gu61$6l`r3i5GP5520PS{Z8+3qvTS$gzq#?A<$P2tnhj?UH4 z@Ym*!1!wtt3@Nb?%hGQP+NJRimJYRyJha5_j3}O*a*%$tVe$ccLt0jsxTm}8_qPrd zg61Lx^pI))C-lzkepzR+S3N(!ynB!#h8KOlw**{*d=lp4y{B+&rKPYo8W=x<5mA{K+U-^f#dxZJ50N z2uenL2CXJDB}-zHiN=SmO{EWqo`UI{T);*Z?g8iywOf^{AhtfqVSsG&G4fBz0=m`~ZIz*>*_c`rULz{8M$Fj89q4M`UU&so9UodtiX)j#&|D$zd{e5xgAvgUNj|p+@GtU)YEbe5KxOO8 zFTSo0+~(IRbKX#lA6Cj(%%$R?o}W#OBz)BVU&<-jLcXw znbe3?O_Ig&-kD+eB7M4++CBG(mJA5Xe;MY%9oQ}2*P`2zLzrg~ph`H9b$A6hEMC)p zaZks^|8fCm>HTX(#Sh(e3W3h33oQ&@DMwssEC^ZqIUY<=v2su5n~xw>iPQ(LpHpF` z)^-SFCCo$`#arEfOJjQRy($sVzMsEJplEEEMha+?CTI|B)C+p(p<-I#eSTxadn}b1 z1h^+V%PA&~9MzYUfe(dHjv#QT6ek4yP>bix$S zp|KKZ6+HEIrF;jMt|JTsD7rXKrA%IvEwXlk=`aE&#(t17GVN?hZ!w?VN% z);VBG6sE86(f{Z^;bCa5ah=^~I&Zt3@J94qn@1pQxAD{q0kCE5)+XzF_q`=K$Mki@ zzL~{p`7Q1iSxvWHZ$;g-D}j^1+Y3n*J^ea!OTdu;<2?)BrG(YD?J)1b_w`z_esRMH z+9F}+Ik96|C(QAEP?sgM?%REja-xcW1|YY3{_o!7vMbwY_u=wnV~lN&$Q$K133j2e z*8#CH$Y`{)1Tb!U!6ks!>~%?Ou_@ULz30p8>t4I7Tawgg)RdHt)a*QK!&wIqaFHz? zbOvk?qPc7n=mFY^z^9T*zG z9JF@eH+c6M3N-W-l$6;pbG7_xj{7tn-1QU@i)ImX-QP?94+DhQEg!fxE-t@0@4a3d zE0BShGKw}?9u13nlk?Vh3udIew{IwK>~=cVyexg$+ta6F8hgioXYCU02A>lIGr%;l zb#@^KpGn=$U858c+5nfNBnN#i16oYxF;c zhcNWDIPbRj{5EcIeh3Xco!?sW+eUquoKMM?{5a;}3l%HHK_1JW$Dbrchxng79GsB* zx?;&O|0(1Ovd`cFPWkfeGq3`0@W$RQ{yxbz@2i`aT-yFsP*`!UFhlfY?8C^#ksz)< z%pGGuT7crWff$+R1#W2vle6;hIQPVoApW@@64}{yRf5cc7o+HLc>IMgRL2Kpsw6k) z@{$uHe6>%+_m_1ycf5xb@T7=|iG?6==>H^#uCZ3RfB!y+DH2w>G=94<;nHf?q6dh3 z4uvL%l+5TqIo=XlH4kjQcy7-02Qx94fagZQ$Reev_x3$^i97rK;HqO}WGwyfemVf> zH~sE`{iSKP3Ie##eN0>rS@x|7W?MFuA!mfXO&OW0FilaK{L&yI`pSF|#PK(}jk;*?D&F#;`DwFv^%vwIzZC4lgQGoTABc)-}sYTkB z;J1Z~%iJ5%oX0aW*rx%sLr2}oCM>8v&u=@#G!(r&CeD!>an}AIekmTTHY*i$RFg0B z;{ApN>VQC*2B-~VkSK;4gyh=Y?mU%1{+e*A_Vd3xVT>*%8~^~0mT zXAT~Bwn2*IPEJ9=Q4UuvZMXvj!BkWa#!vqZ|4MbP(y527?*g>h{)EWNUen7?TT}f{ zS04!)ZFr)9z4;%FcB6(BVYcuQEShUr0_*!DKWfMC`cfA!&O7TCO`YzK zo_@UP+!pRwUs@{pdhhtphD-Xt5d*j&ZxiiHr^d#3IXMT#T=7<3cN;wL3{>`$+r%VG zop7p94yJeq|iE#N3?CQpi^~C=4Sz=0~2+}a8$o$PU&J$Iu(QRll`F$)@*w;q4f8;WiAJaBi@W*y z(p{C5w+o59fqT6_&VSpTJWjEzy5G-G#_{Su-)aL2ydZF(LXoqEfY0`?;<$O*eyeP& zOg!a0<!wb4qyp@{s^R;mf9FE zdk#)2gWmMN_o`7klaMwrIZDu{^BHAwlyk~<7v}zUswl+JLrbu_JdM#JJeV(8{#;Vq z^qrYuKz7+?Y4k`RA@6fuFDvz|HOkdd-r_BHogJSd@) z&Y2&q4$6&iiko>zx$T!06qo}lwe}YIJmS7PlD?pfN&(ac+9|5Oe0t$|t+kEylLSF+ zDV&R|tX9_MfA(ZtZKJ<8Ta0(2YvzCL+I!yN{_@Kgs~BUg_nTYj{4p;@VCW{Y81DS}v(@ zZ=jVm2<>W1Q(l5hq=HiHsw`|bZ|oz)i`K*V3~hzl)qkvYcdAUSUEMcC-U8?{Sk=D* z?`#^QVcsNa*^zic!+#p4*fRYe}ul~TDmI7TgX-f z7m=z1NDW|&CdS8K0)I*FkX}D__UN==US9*1e=<0)GSkvBGd*F@0P8s@1usHx&|+dA z43nK9RYY{~U5Z|GV&cMPHwaek>XKL2*K4M2N%sE!V@+CeSz}Z~gQ#w>g@wgvZsKAnzdLeazITJf0R9K1Q=k9;Xr-}VOg!j^$Wl;O zLX0je%NkB3ld>5pI^CdYu6#0X8{`RhoH<7pM$;wR7Q}Tu(Y|!CN4S%qgEF5 zypDVTH~*ZjLPVcVA`kri{Q-vs90^f2rnx|^KulpjUX|C{k2w>2?f;Kkt{Q}}r6tA1 zy@@nbR8$(xFhf9kM^at1oT6g)C2jeh6+$e_wVr_Ep!-TZ7(!he3mNGN_{OWps;T2qXZr8rYz(t(V1P-Q4{B`*|Cf zJk2AZlwN5Idd_Y?_;n`Dp0CylC(-SJ-(lc_n~2XT&+Z3BRUBKj>Jg4tiWv9??3K9L zwI6_*#DnylZj0>)2_d2U;Wq%S;bi%SpQI)v4t^94R(ct)A5+OfHC&Pe5;0~evUgd` z;bpOF-C+im2g64z7dhN{iwt^OXyTJ)h1}uy<-X9Y031SLiOb=-QV4KcFi?|&PM}nJ1Q6s)i0R1JME3&Nl$tR$SHf?uUp=3?p60l;$;IM72Wn8&(nyD1O-BIO z4OIdMp?Vn5JYNJo%~gs4%oYwNO{YFfa8ZJg-Sy#TRAzhvmi97@eokdyNIKm@o44zS z*`g4~@+UmhA`TO!Afs!Rwyye*y4Zpbt(9Haq!>d8F7^emn@3Fz@RR~xIvRF`MuiR0 zc@(tjXv+C~mZ9rHR40DUC5$(H9AGVIZ)i%Yyp( zc&?G({RHA3=&8be^k!fx6Er2q$Ct&7{+scLP>Er`B&E8VkNG%Rg;ox09IXj`?K68! zd%NtV-U%QRWv_uuK&m(-+nhjb0Osw7t1_}GpEn?%4DD4(Csg+Im%HAQXL-El(n9eX zrOYu%zMML30imRxFFe!;EKU!vz^dayt9Y^%C|m$Oi5xb1XL2OY#st`gs55n}s+fim zpa%aySF5woIPoe1z!;TjHKMQ*gw9Jo$w^Av7mzi=)Lc()2lMCWV4jRXqT;|07&z(t z6A!v`G>0RE8x;o;OO0q$U#S6lZ?|K8%Cl8vVZhceCp36_y1QXS#8=Tqk4(P<(1!M% zKj;!ZyKmwZi=!X8y7Esj7 zNy!)Rd;xI6)%87*ydMD0bxX;8wR=uvYsBusz}S4MMZ($lwf8d9R(`Dyls{F)e^|tV zo*Zos$p=Z)#KgSM?XM0ewL>8H44$rFD8GtMy~0}2sentg0s{w_RvQfPaGJ{DuCFVv zaF#v>l20#X@S*Tig@bu1J84Hn9Wk#T2H8Lm{;nXkP0>eXNhU&%+`uPqcFa8~NdfsD zaPFD&vT*N4G>J?UkH{bpCejw)fe6bZ0ga9PCJl?ALYo>SeX#SvOLe(1_#!SBMqsT1 z>Aaak_^s&ztT@z9Hg@7E1i`yt-4-(&e(NrrpRpPqGgknUIs@HtN}WPMLc-F6Oc*&` z)_PFC91ghUWt-s*u9yPlZnO%W?@}m8i9Mjig)63=1HV#Ao@@vMTxkSgame}q`2sT7 zPvf>22ljmt*Dg%@Z=h*N8%|}zlPkSb5TBUHdX^TITZumfg?zzjWtOeR;>S1OsI+m^ z@4aMJ01p_n9v=H^YJOeG#+eqs0MkgZi{I~M5g)!bYgnq94Eb6846$)14C$4U&v6P1 z(Z9m`&JM)@u+RYz&Z7|c0f-6YDYGpgt9-bXp_E%_Vd~kJY%DBUHNrvcI)zVv`Xa{@ z738*`0qnN?7D}|Z@7@xqt4TgO%{L350-E9Xr-uyW>AM6>%B>(HSi`>}FmGE1X|uFj zkj+g1RbT5Ag}E&SqQ+F<>l5k__5e_W05OzM(*_mU)n?A%;ANUHjo?(hhlPc;p`rpP z-!vR%8D{_^a#z${BHGu4)*ujCwu3S?y582Ck(g`|NKH#io0++U)Y z^%PwXi0*d3dbGj*2vhkuWK%;kfO>Ml+>BVuux_Ra#z>q#;D)m>*l14Nic&cJO@3t0o06T9os>yVMC5U@ zw+ue9sK`iZpw&W-cJYyK`ECQiH#o?XCcuSK3x}9;y8B~QEiJQJ8?2Ue`+UER=EX4N z^UXPeaI{+!p!hcEc;a~59@*I1R`!%JUz7g%>)qzCGhU$1C#U=CpfGTxwl_}SP5dp% z!N}d?EGPZZ`I4s3J7+%MQSh?to76u!dI@C<|7E=&9;rOPB-T%6F95CwAz{Dv7V;Ei z#Xw#FG*U2n2;ko7_*U`$D2hmwT5T?H_|HE!R;&RL0UwE@)y^;P>!S#tD~Sb54>RR9 zrp;Pgg|8Y{iZc2iJoil2c5!)pu^;Ml57Y5JM}=ardEBbxvDE9Ao?~PFznliCWFBg1 zd7bZXLDT;a<}j-NWJAN9f_kxuq+rmyx^PPg8T~+{b~mcv(o=0Jv&^U^*sJF6TJ)6X zYG41EX4BzX2AQ36q7-HF?0#1r6PeOQv#6X_)7X12{&E7ls6=M`)j;amql*Lb76&?rWT7vm1KmP#eL|0C$m#63)rHgqob$i``rJOhlu18 z+EFN7_5eWCL=ywy`nAdKm^+$&m(tAhcUGF*B=68SI?=vLO4E~zzRpoowHD$WX&2d! z{JRNso*t=hus+=TN5sAD-M2cK)8kxs1Kls-cfP1fwb6WomW;@`X1S&P>~nD$7;$@I zPfBW!Glc@=o258M{_qaWyF7LG6rR8Q*`_!l?jFuq`QO``6%UY;fPes~yn92x2i7yb z43zt1e}%6qL-#YB)=&BY<;PV6_xXlSqNK$I%`)4HCxyoefD&IX6Eu_&#pSrv07D?vpx)?!n$*0Crr^caBx^>H zCB~)KljJTix2MIq?T#!zez+BQko@W3mO03mM@?bgWJv`zs#%kJkG>3DUYgZnAXm+k zcUPxj-`p|I(E>m6nB866H~YMlE8V9;^8K%6&2Rq=UgK_FH}|aaUw?*uE|_0_vm$!( zD|oBNZh&fqh9DILYZqf=rf467C6jdOE9m5N*t-9HiE=mj`OEogyJ=u--DCJ^4sVga zF>lXH@k^ge)y9#H<-UHTTr7gA9#p9bF@H24Men1Z`3+>?o#PoQcBbUoY20l9n1GE* z;&XcL#(?PliN7%bV83qW=u@nw?rw{;yx|NGKl@!VyEr}T^Mggh@)N)#`V%`CU4c60 z4b>0iQK{*kC;LtIygVWWI zDh=VL9Say9j84BCUVTYPcjnC-6MayaVX*ESoa4w#yWzt!O0e%AV9aDijq+GCjGJe` zu&A)0g?qMQF5^mHPtRd!dOG=k#Owfzfxrj6;&z~it!g-GVl9GT0=GMlFP@3on{hmt zsS1>n=@eu7Nvgx1pNudKHb21Jusk>{W{&Nl@)w5)Y2N z$W5)Bd3jZ)vN!S*C7QFH-kA6P@swg^ja0bkWP%E=*(<1LQmhyQ2W)}3N3WRo^TZiTf&=G2Ww@=n!zvW$$Tkg{=TlN_QfJbZcp1KR4bFZrtagcRK%g<{uX}$OcA)&zkgay4d{0W5=2tG&H2ZQ#d&i3Fh?I!{Mo;Gwk zm!BUjmDVpL+3h`3-r0UB9GCr_CZzGSpx)0`oAXBKZxFfPc+O@Vcw zD{nZW_x1H44Inh4R`Lmx$TRrvzan-M06}ZDZ~#I?H-Bv{tI_J@&sLJ)Lz`Nb zae`Wqrp|(b^miUvAkCsCI_@8hTI2IpOtXiR$~7VJe=sFFj$KQ3CjCk1XJF|;I&4(} zn}6OW(#C0arkdN+5fe|r;|DZ6Gn-`F1TRF<&jfURR~k&msa7nPG!wns0LcS?d#}W$ z3nQh7jKgs?|v7B`UUOrbd|XbKwQes>9z+oY0ozGtWunu+obxL zW_Hsd%A{W7x*^Zn3H>%C6hZ%!nUXRANDWwg)hUpABiO{EcXN4p8JK@*@Mm9s)XI}k ztN{JX{=+-Q*lUwxeLqfi21nYgeptRuPb*!E)=0J=GoP#TF%Jw31Zy;i*It?rfyCFn z1&lK{z56manL$ak4*6B!dj?sd=*1;X4~aqQEp_Osq0_!!Yct^V?Q)Zf^uKGrLHa+Q zo^!IjHA$qaCSLy(^MBZU{_n4``hU9i>i_MZcTgrIA}T2cuCoMgw_e?^Hqg#PpWkl=3QWjl zwOm`^0+rwcpqXLnQbiU+dBWTz>AjQ5q=L(__qV&J2S6PM5ORPijjz`EHaO8PU{*tv zbBMd@r=2)pMlXmt^uiATOo{CH#=j>DU>V@BX#x#-@87?Nq)5=qHaLFy0a$9a$-CZ| zkYR-0V`4H^1?j45Nz4T3)bbWmdLyBWfk=C{krCA!z}Kc(euTb`>@lDN_i(ceU0ht; zL5&O_)oZ{2w9h&aBF07cA{YcDATz(Mmz|r7>@=Wkavq0(H8L~bQ1nYr814WYaR3m2)nDhvc$PN0N{(d zKeV_&lG^nj=GK4)cv>?wSD*=+clZ-J!mDEXVy;W=&?F-wPQ;X{bp4Wl7k3K0)5 zwopQ1!0`ZELFvnvRt<1Xz$^(E~wSMNwdpbX z>wClVKoLtQm~yA4^?@+WyjAe4tOlgrZ6GqB%e-yC+H$%DF6862_uaO2n&O-yEC`uzr|G{8|JckY-DfF0{ zC`fmZ9fe+hi{ypR&Wvt;f&H~7eCChI0YuJWCIneQ8%U5Pe0~k9)-Z^J*2h+YTovw$ zz@sj}^!UY&5xrt#5;a%kt?e$@|3Cg;>H?du#b-Tx!%uShyccqYXnGMsO@YByPm`fQZOiqKk$fK(GFO)sm!Q zcG^-<1ka@#lO50dN_a*DeOyDN@S71%{S1zO{(})zz||={(5=gu#SD_?e}LUBe^ULu z_=%3ceZHULoFIFR{YgVzM~2ajKUM~+Y4oS8Vm|Ma(1jt}Y#2Rb zN-E|PuP=48a6?Jc)tm6uTuZ75^HfwsFHw+p-D1Z_m1RXk(ykM84##A!?mQZ&=V60K zRU3~&0R5Eh0!;18eV?ZRi$vb_DOuK>>zAm#9nQ?4s!rroW%Uk#?K!2)&8l>zoJ8K_ z6DYFZA>xkRp)deyt2|!3H5>39g?KnoLLZdEbqpsA;Dk1xq-4cO(qK+#g5*)9u=bzu zW-$Xa*CoWT=OkIGWfv;MxZJpeXIN>fHpX%RVT_X~YJx#;ZxUj1tH+$E1z*n(_$6MN zjc&(gmZ2H?%|^5fpPcpa)A{(dx{z#0gT>NJ_#vn_kx6hDCeC+t(RqI+Le#L?rB>$~ z-B!UdfJyP~fvPmAGRCXiPqkdeoPZZG64Hpd7N#)_+St}IbnT?1qId^zv87X#SQG=E z*FK{*xdPc53G%VUzL+*bL!S&|wL5kht&xH^nnC?xS4{GtgRF>QA)y;cq0>0MU;wDr zmWKFH^2x3kwZ$On5ojWnmvN($h+F>u)` zghD9F5BXuhJ`!Rzgy>+bE+w4X&w-m^UWd0Ef zm4Kw4JoF9b$&9!q^~;=gY^4khbY<>&yGPLbDX6m)RN(%@{{e+qKoeDez$d~`>;X*w z6ZiExt%$fl?JgB5dr@g9JZUi0Y0;~uqNGH?Pn110x-%P$N|gsOk3zIPO7jV(<@_=6 z-()Rhag7^>y+TBLMz)2tWezqnm^2dgGlHt;6d|ivA9H{^S{t@>|1h zM+|h-r7BRyq-d(uar5O#JD}!)IFrEqITO4Mjm8t`7l_dzfzX7Zx%))i%7YvpK z*95{@Vbb7y*Wv;oW!T#y8;fF4dYq zZ-KX=`yDK>Y&S6f!N4umSC`7MyPqK~$$5rNj{7l1sEu|A-_z`0o9&Mb&3Nedz4axr zn$*+SlZ)=u#rUz@$%=;>An%ojTkSv52Hz>WS=%}VU>1>Z%MeSUIEJdJ)1YVY32D^W`acoP%8M6hhL zHT&+iDZadhuS8i!BAzy2+o!O(-3xCk6SnLqW90^Z_3Klej&NPT60;99T(W{*rKWJP z*&`3J+Sl|6uyM433j)AY^9E;{Wes>KW19EK8uMYXB#^$k(jrfdiunRO)ZH85Oov3E zFm4&zq-vMT^HU%|Oxgm)<*=H=Tv9g6rWDrJociRzmB`-p3fd?t;}BVoZ~_DO!!2E0 ztlK>;%b)g|Ov9{MMyUktaQu~xu%bs?Rp?6sxY-pBAi+++lr2xt-odgxn?hBZJ+)oJ_&B_s2~Ccp>uDMJAn{Tb_hJSZp&b@tE0 z>oyu;8$kP+<;mMyufd(`4bRGesAXSoehm6`6-8q-&D&vv3_+=2$t?CIbvZ{h`z|)< zSp8?y#nV$LKf@E&m$_2-`kl`M-`e!#yGS=728(PFIRhnUgq=>NYv_IGO=0bY>MAf{ zZdJ^#_0fzq*hN(Kr?;n3J7uF?fl(u{S53rvSE%Os>@mQs>I&VOVzv@p_t06+ds;pt zDo$VlVebXnw3F#hc#4qvOn6;a4G4G0$~B{vw-jWyx%1?l#Ut#~gn~)Quza6XvZRj4 zLFw4b2a+F_3|)JtBRFrNa~QjC8W#=%)dJZlUDqNUXgG8AnfL1A!@S*Ez_(!$>EZ>3 zOx85wzLAKuj+DbDn6txoaO7Y~L*$2w1oWUn_m|hV2va)?UcOuinB_7-_4p35#5Z80;OQ69K)7Q)l*G<5f=jeOAbcOF_Bo-oM8$EetCI=iM%@ zI#aB*zIC{g zrbJ2n@ORLW!-JuO7tggWgOl@2EtM4kW!QzHcCcn10(Bo5POL-RqhI}aY!=VA3Oh9K z4&wpwzN{Az+)!MFYJc5H(wjC)d~qcfo{t>+&^vw8?}SwvDtBH($YVovNKsm3czFLb ziQml?-Ic%9)zy#97g{`E1nn-NFcbMt+8G+Mj5wzeA?0Nr-hapdi{QYl?zYjpO>+s) zFMW$Y{pso;c@ucJ-aiiLZ&-fmO_Z1mzdBa!eePt6t?K~Ai8p)L;YjOa*cbQma=Y`) zLSSr)=gp_icRgziAskj*Ih!Z#$IxFMQ5RBaxr;ja7Okx>1$V zV#l`n2IDd^r0a3nv1iZ+1g-QXZ`r-xt+e<*gpYHP9z<6bvpfIc&CqL^zx?s0YS2ZZ z(ztE|Qo?>f%sG&sYdiHji=U9SmcOT7O+scIge84~_!I~f>s<%Y@{3$(ZF6&{%>uXw zPO+WA7=y^^rGW#dXsg?UU>Kl3_;9(>K~cliW*a6h(p`> zRGc$dEHc2b6b((&1gt^(dG&WF8TE(Vk4A!H9tRhc7;J`nN0B5-rt^DTd`-ke?W^7He9 zpP8)8xY5-TW>J23aM4u#dt5?(H<;$QASpfl7_=ICP1LYTCG>O`Op!mUKDGHDIl5;e zy(@zWRIg25ap)|Huhl_89fS56vZS_}KlyDALio_gXe2skv`ua7_!5lXsa^XP2Y-eI z#|+-yCm_i%Cn`456r%aw;#0MHc4Z5i9L;o)MM9ecZC~h1O0W(O6ce-STvN$XqWJ#k z>*>dggl9kH<^&z5*a^2fB!9OuWi@_=NJ)(|KpEk|V75z9NQF4Pl^Y1v;q8rnR`46?&i3{>I~LIoRdbj zT2b&#`luA9p=ao1gtZzk+k+p$<_G2(A};ebQ-Oe^A3e&U-C!q_1lw%nIlvM99EHJa zxx!r$niS#){|^9Ak`1IE3_h{>m!(G3Afl-%5;)sA{naHWSal)G6!?p^kwHTpkuJCZ;<0~ z_-L6y2P-Q@Sqo6A*ngwH&dZ$LlkTB1nItEhWq?o%{60DDCbTMo=kTEhI20+b5IGA} z@rHgmju`9eB9XY#T@6Zz98ki(GIPn8*iUKj703~aU*vVc2xP}B8R*XJHL7PeI zuS$a&6-!Te`GbR}?idssCHzypm$G3ZH?5aJc?d}caqK$kwa=EF;0UxeO|#@&Hvq2t z;SE$LY<0-vJzI4Kpn|DxxH3#=5WenXlefAh*Ev;3;je%5v%p`YxPWbH7EeaqN$w)r z1A&W+i*>Tr7%S-dxmp;-mDH3KpO7awYe>h1I|@#{1rC`g&(nY7*RN&WpQC-dLbcA} zA*WLDd-Q0H+~;}cjT~zrY-`Zk0Qx)n=C7HWXTBJ8eH`cWVAG#1(;#~fJJoKCMei-O zVBNwJhT;){=XLSb_n4_$%_jS3=(%EcRZ;fMC?b{T$?b5Q9_@V77r2Yh9VT)%S^wC` z?};$jlM52**scJGNwLBt9}JhyI>HVqDN!^5V061s?iqD~r1xuH$8OTlq&T6^R4?g! z^T27UY*DgwW__(+Bs&eXT(I4#!Vxrdo;V8Nh*wcXRhAVaaB>>@@H7`X^Wtde%k5ji z3nb&d7X9eDE(dq9$JSRbx;3kts6HYRo{>QVL%g3f?Ev1?F@KF3sc_rrE_BmhT6|nQ z>cVbjYgd1J%a_BYg^%^pPh;+ z{7;}{yGB3z^||Cmu`nzmHDQYy1-l&TMenx* zT}gDWln3w)z+;`~t&zqqXUP?hSv0cd;fIV$=If$M_)5*;{E}Wjm{lY5nt3=!Jg&{O^*8k{{hBt5R+-2Mc$2GLbmV>7!k7&MQb#jbR|YHuKcCyBOQt@ zaiNW#@z?%ib`*CkT5a_Fn*BA@9}&3}W2`s~PL^opPL|B7V|bONnp*AfGzc6JWFVvtf)>hbiY3zNy`z5;G6!b<| z2Du5a1^tQV(}fg;Mf?qjpcY|&^xDb1KjS7t*CiS)Kn&Yg0F-ZGd3Wu&$1bR&>Il5H z)rs%Pbnx^(}sZ$m@dm8_iI`cVZiJQQ4_iqO?3-wB}K5j1`P2s|#gf zXBnzt57SRLQ;XduxMgSW3V@mQ7zlA-uOA}7tM#Jq&e+@=E;)$33hmhdUA%M9@Ca!a zvi%8O9gZj<&QaA~LD)L)xt;#}40F_^SwP@PY)JtbF885@lFEsv$9YZ}akSSO0i$E6 zkUDGP^F1&uaDoz$$rS&Sa-qVEWpET@e%`0XX*kds(pQw>q}MD|ej3Kv-=YAr%)~YN zVZ^fU7H|9(o}Nl8*N2ZX{1q(#YYLzFbUgdG6j<~~{1n*@n)Tc~1{>zEW#YR_8AZS& z_LJPz$if+Kj(-Cfi)k32D;BC63rKZ5NMgWZH>i;_;dl0oIQbOLPJ9fBIC9mz2}`Ga z*bbpGr}iva5WS7Wu(J% zWdJbiC$Y9)VJ5<`qMwS#ASWY?yC7hWX(}T`HJ{SDDOu?z&1Wx4uPZP+@S#1>FUNxH z=*8yyrx#c&cOy!eiAKo3o%KI67V|%3M@xI(j@m^$eT)B_(dP!bOW!!C-gQ|zgwQ79 zVPjikGoB(B-m+so|Fy6*tN7*Q5euH;@WpO-KoeS>jM3kag(CNo6Y{GojgGO{e<1Su z3lPCP@UBZs7GdP_u-*xOB?U%Wpx;*S0q_cgF8yl+4&M+mPh$xdmtKj-ePG~Q z!{7Gap1`1JFHomfim2c^f~Gf*^r87prFTk{p_lj;Mfdt6*Dx_@XAeMJxUvN#1(F^q z06k51TAHFgzJp0}R6-}52GP%1(o?7vmCXK~QzfBK8B9PXv0c2FXKU+usknRGOrb*e zTzuS~53poTyjz@7mYeyzkm+9I7w`hMft}Gy`%*AN9V|m7LyVaH_=HGyk4p^Qve};`O26Sqy=7;$V)eK205Y}Tu zS&#iU{;qVx&R)Rc<%0Cg*yi$Jsyu2XUHZ8~?fLXKAM$CjkTRJ?^t4bAu`j=qh6QmG zjiX3XrIfFb;2A@T><`yJNE8Yo%olRGG^f#7C#LOD!1Sa1H3F$C`aOYx4lhO*pdm7H zf%ffWowEXdf%%YNZ=XFum7tCGVe8MzmbJ9o!<|4qLcXS4xFY|#aAM9iTwXeSeEQ$9 z0!8ich#=fAE;>zF>nYFr&rVfn0*w$<8r(BQM&wbqLLU+CE8Oayy#H*Fg2s&YQ88Rf z_U1ZVG^bkcT@#)rsN0C5(72kmSUwM~p5pL{M*U2nFZL1cma&gzt769paS6EbeJE=fy-odc ziIBBtF76r?Ch4^od}cAk5b{ozZQV9wQPko@S$g0UITJ9D8bX|nJ4vcw_cd3T!s3a| zOyDGGY+{75Nj&c3H0}rK1W2<2@<6X3twLzT_)FcRzY{xLNJ$jUvRlfS7A3AA zJ;wVqdI=+8qdWCi7)TV_ZEQFO^H2h~iWguofhT>wUk?)ej00A>0@Pa_sn2;unai&B zr`2P$VDKxIcs&=2pHFD>CXsXS$y$}?q4H^l#(&)ZoTGs{A~xvZu5C-BbZG&cL6>;U zjcFyNe$o3-DOG$|`eV68{he)xkl>Gq*R^;~C=pM2hCA-M3zvbQc0%G+sLx*F69|yV z2>H+&>YcM1a1Hq#Jx{1nwg(b6AK<+DS8&2N91&zhSe)`r8o>u*`&^~xM~oPZTz~xx zJeEQ;Hv8{0tRL_HzB2v4e60Wd@&3R5FE|sBZBme6!VGY2JvqhBKt41;S^nE)8K5w+T=PdgX2E>s<|+km z8lo3kTeDd`acP1N2}nxa`{DCXFpD_C_XOQtuNx^dZe%*cfv`G7M1j%qJQq0xsE0OG{vTr-Vd%7*g@&<%Pr*Kg6i)dIvyL z*!J(2P!j!HS*;TQFr6{`S_AP_5R800HYGVJR&E#;`Yo}`@4Tu5by!!4lp(G z7}qjyBO%?-#yBr;ioCsnOPvY()FiE^B_HZu4*5ofheOcXxS0F%MabRf;CKZ?biXoO zNEQ!hLL0ZitN}^QXd$x|x=aFpXrg&K@GWftp&wwNAtF++SM>-{R#H+sgF|o&MJq`t zJTkI44*+jiA14;IWefMe;#O4WGAz6>faC%An0nk&az3wa=&EUI-f>^U{1O=v5o4jl zrss2Z=rD1Dk!t{VUDbo6Gw|1(cx5p+2uLK_*AbA(30Pl+Bu`&ovFwp?1m4Ql$$bB& zbp*1G^9YxtZ5iuvLmk?Iwuo_W7M-;?Ot;=>3@ zR<10@`9ce@{xUKtgCL8UPyRYyoD|1oqnmZ4GG0^eUW8js5r4wKxLD8i=tyu}04DWV zmy)tfaH@T3TrJz86xR8j+m;@ZcIn}?=rRCvfU7p%0Q&YpB!KpHrzg%ate~`RYs?KD zA48T}Q2fX!(j6w@DcS_^hK*r;Aniki3_$dHni2!?7T$%NcB!n@%t8IYwK@E-jQ7O( zXDwl90e8W+A4kR8x00SP{NL07xvk?CGijk94ks+8)b!{IHST9tCJu1#-U7=Y~jiTinN+J21j5qh+Ll6}3BCM0#Rg?EL-Oy@4wKn`J$`*H3YE!cbU(GmuI2M zj%5pDKd!TjPT6*a&hgPSdlCDU6l~Mm=I2)i=VFCL+2r1fSYVFIT0PRRM+>?8RGm7!5mv>1LX*Ga7 zK->(570C7ukT#Knk|o;WJnV}D){_X;nW z&X6wI0$TMK#5t>CCLf$)9#~FmFGFYhnF#gn6dCU^=#YvNPsEs0UzQa-T^Lsf77t9P zHt=%$R)8}kI`T6LHIKc68${i_Pqb!vT?t_Q*&mn}mp(sT*2fZA=DI*^ljLN=)#e>W z6Zd)}_Ke;bjy&qZqUrh>lLir#cXOo^R{k|o3%VZzIz;q0R@EA4Q4<~VxR|19P9^}i z=8)WQNMln@&<_SSJrny(5EkB^b%oakF)$Bi@X|$g`cFNpuPHwGDiKx5&vgtH>)i*TV0M#smEV4W|6VAG-cECx^M)qSiSYa3-n1)KxW zo!BdS#-LbL}1t zD52K$=GHoc)~E-vR>vPi_O8$QC^IOX{tjI;ZlrTX|MjfAD`&}A70Nh~3(KjPSa&44 zvlReY%zIO?Wyd?;v;E%OkGUjx0atkwEnsg(shdP&CWzEf$}Nb!I`bC6UO=e&8Nvru zt4Z4B3iTi!vM(>WtC!-2Vwf{xQfs_6Ax5bffliBlgG~;HCv(W{YpHG<++!LQO_NA) zy3^q^2)z0Mh!-3A3aFY|Ql8n%<*JVJ(9kd6{2qZU1gTkSWU&X`mFla~Z&JwCX68p> z$?B}>MFGs@*ui%Nl5b0}Dx}sd^&yhEVWsS)r_24usqjfY0rl#uH*xX}gsZBT8oVFF z>(%Z6KHfc&atd)r6FlkmriX?Cq1fN*lMuZBUE!+$Beu~!M`airfFElQ0wc9^%gzrTd; zx`=MHHZi!C*8#Fx#Ccv`|HIVL8!d!I%6(hTEa<6`nV(Yp^JAu(lmV_BK`lQ+N-Sqx zZ{3t85aof8t6u??$iO(A(RJ0esFWk7hO6PQ%|!MjQ~xw zXjbO0*;h7k?Zh5`-RNpQtZ(>3M(6!Eb}g~{bm$aEGmp!B3jh!$yp?1ZH@HCB$5yVn z=0`vqm3hzoscY=_lyPRjaVs#*V%Vc*2&!TgO11nQh`lDNEft&tuUn6*hNM21Dht3ZenFQTiy9l=kOcaB{iD*-W5Y;$KE< zo@dM?w5KJCJJ#ICB#7p;c_ctOi2qadj*3yTrfF-*)=}ZL<-$^aRN4ceh-Z={SW<%- zMZ!zBZdu-(i0)hCO;L#Akj>^MxXcK|&EgeOi(RfAU|6t{vix6-on=(iYrDn)K}v}s z1nCB)K|ys1^m$DIUY+@;lF9a&G-AIJ^u*^J08ZiIa$|YHTU55#BzU~stC3U zz5CHO#7JEbZi(7PD!A>b@VEh5@9Gtr`{vpN{48>Py^-8gMpU6h?Q>O{6ziebm93Pa zo1_YPGS|Z5^v8rld$fH<8e zr1HlxkpFp{tfu;Hx{H@yQ9-q%dRpvPo;+GN7dw6L2`<|H_zN(4$J&GqA(FT zZlQnxCVQnIu`&p_ZIs*x?(%qzzfbb3@T8h9lT^?AkF( ziy%_PNkCKzF3k*Y(BEush=%kbK6GQa&)0=X;`NBjX=VBz>SHl75}?U~sUcYHLV+x) zZruloR#Xa$2HmO`6oucBL3>nRhWt*;^e{}irCyjm$9Ua{omP0(&$RE%u<%$D z6(uD^fE}+|%z9-YcZ|}<+~G+z=JB!|hFbPGtjO5O(ZToSd6!qp6X+V_u^L7t@Q7N} zGfC1`7_3%1*OR?akfru8ZF-|7VOdUbv^ z;Wp?Cdbi$@bO@(kO-jN`e1Mk{{iOmymG|zthe3RdrZTmC;umk~Y!TP%dB5!!nytH8 zKIBp7Bb8k%lmjR+s*kOt;1`CXZVAdo5q2ZS?)Xh1PewD`(okWEGjQ2wqnas|xONH5?HhbMC~`SV zWgf|y#ty($*=1Au*_Rj7fA~sx?XlVzFj0~^8AH=K`GkJ+t}*ev#Z6{4f082@Fi65k z^4e(%mH4rnGqJYo_K9v~nyojn2`b#m*rSZ?htOBO^` z8h?g6%|2&4OoOAVB)0`Tft$)iL^rAm4MGyEqxzMl%y9j~ogk4b47m&5RB!@{k5Qi_ zY;!Lir6jOg`Uy2P*^o-B*TQk!O|*Hi=W~Wj`&aYVsMHc#$w-m&BU)}ZnIo77En$om8-y*P zR@4?6-fAfY4KqiBXhmrYY$uXnE2YA%iv761=+=;+%}i_{EKAZYX7)7%;10}zMt3|m z^rk*gkx?brrEr8|rIIraF=kcLBBfH91JPm{ZopI5hI zQ2TvE3SF)Muh|G5Sw9$W)r_L=p>ph!1vSCB0;i`ycTuKyMBIQdGWep!H^GVAB}hPD zWGrC>KC-GldK@P|OSwqutUM7jGs{%GQmgcvcUOZs73oqfvp+uV#&n&~Moo48}!tB%0?A2z6 z6m@$0@4T(7Bl#j}3W{t~Z2@mAU<(NB-VPZ1LqkK+{Vwk?qdLwJl@^v*Zr&}ZqH?{~ z@gU65D3yUJeR73hecdTWw516ya5iaJP{$@Nii5v#PdTbjPwpn0nt-EDskvW=8KIq& zp2!?I%?)fCJAU3zEtXy;zt-Y%Pd&@${}_KrqbN%F3n9pEEIWJkn_XDzpY8g)o)yZt zv;>cLA!k2HAd!v$IoVv4xYU%omnU>VsD6SPM(!I&p>N$4Z(;H29+*EUxdZ z(fCtK74dUTi{M&&L`i8z5iM-z%k$a{cXLr@LX7?V9)Qkf92s8gRp_E55 zD`N6QhdGEfp*w@OqXJ&5MPgEZ6EpvC?O`s(yA=Z}P8Mwz5vD+2>j$mtwkQ&=+CwlNUicP-{N{W`yRCIyqB?)f9W|HH_f_X1Y8PBuCK`06w zic(k0MeJn-y{veW4^(;GFf3RUsbzD8Dsc%2lYV;RGV+|~E08(?50Ug z?BqvF9Tsq{$u0zMlk5@;_7?3QfXhA0khfwNh_KMI!-vI6L!fh5PY&3@YOXvYQ zFF|t!L+2cUey<6laLwl^?kD^lPC8vXO8Q!_{4xKXvR-rlp^q*U;OvxM8Br*J{I8VH zp*<3b4B98dQ7Cn(G?g_mnSl-+5Yq*nmp?0`Q$~|5JkOeZzykv=suqyk4}yb(&oZ*) zg?b-zZIv4v(wPV)r%{5`K|!Gd3kG=o=?o#7Am<5YL657Px{2>k9aYutN1oF5=lTn2_9)Bqnq5JC?)kT6Hhw0Bk*sg-X^ zr%QUNZNw4&S9#tXx(B!?>1Lczat0C8 z^LACWyUcvHPc*8iFKA8d{_YUv9~8hEBuqwSrMo$=6fXt@1V94B0~|BfZ?$C59xrZa z0)%iFBYn@#=Hk|$B7zRnInC(6G{YUgE@dU9Y6r25n*CR@LcJzxhOYd(WAY16G^SRX z3x?>)SZMoP>ZcPJUu=)lK#oFW08d=5qe|VlYMD;EqQ4pCf!2!Ixv?c3w*FYf(5*5f#67qYTB zh=#_a83K*Ew1>8{#mKVEzYkiD2}z3sr=wLL*_|GINY98tN;r>`#@}ocRjjSI)w+1G zgoUf#_@CgkW4Huq+(d~NQDoU@Zy)l|CcUen9P6UCy4_6K{TX7k=5TqZig${%@8Ysg z`FwZxKiD~KZS6+cQmEKgR7PTgPHP(5qMg$!ojp(YL|)I=~D0%Z$mm zOe$s2z|-?YqYp}8vd~RF_`_Y^;v>77qr3E6;MG#82Av;}a|+1a*-YlU+AS*YWf$5F5_Q)h;+^Qx5$K zOVOh0MfrDsbZmSP)k1$VFR&pn9f*Yk0a9pg`cGgw+}W#fJze?{mu@rhFjJIJg(K#3 zm*WS#8&1yqLfOV6S5{E-@f*K%uX{YhU~jQfuE1H@|NK#AcB99+p@Aq^rF(N}Da?TG zO9_qGWnP*+z)e*ZPV)%A&-HMUqFdb^M&7|GvjSwQmlnTP^`!H4s_b!$C98j_?)@0- zI4hKoIuieTRp0k@k5rTn%PXpjDK=>4H+#u+OJeSvsv={;Z?w60O_up? zb+TRADoZ~5dZR`9obCUJO!HFi*juz2{sr!U@Muu5J1zsWt~*5d_|y=@0oWR>gJYti z4u(#iGQ6SB;AuK3N$iJsGot8R>Rni!KkibLdd0Nv9ZslfL)Nl=2lf{#)@Yuz^TxrX zpWyNAE^B1W0*|D^)^+oLQq$*>u<(AUGSm0euJ_$rG?V z{#@;6f%vDw!;wW>8SmFjbBY@5hFEk=Cu)Rm{}^6A`r-9ubhk%tmZXt2y`?X5cKD71 z`AHj9Og5Q4u_(doiQ6Vh0i(d09_w-2oEY{pMjzX(lE-v)U{8E&T>l$3D-P9$$0ON> z8qti~FSp6LbOoCbueY8~3r}wyiA>X6tQxO33NH; zD&NC*DGer2nRwZ3_)pCb;s3wp=c|hU4-|UK>3Gv}Xm|Ju%x-G#=eB5ICw#qW-Gn72 bPcJY6zKdT+GBb=}z>l)Lx?HJ@Y0$p_z-}$b literal 23683 zcmdSBcT`i|x-T4iMFhk`Rp}t0(jkD-drjzw0unmX2~}T3nt*hH5G3@3BArkz6ln zHB^j1pi>t>pcCEaPXhna$?|>?`0IqXk-8G749B(vyg3bftos-Qs))a||LhF#{=y3l zb8irc(dYQjiD?JU01(LPrl!hcNWhcTDSXVNY3TaVykh-W;8u8v=;Y^;ZzGsrf7QOd zclqs`n=t|Tx?rD(ry1u}ZmCUnT+$8yAX?)!Zc%gViyJTF<}9wLH5h9a4fdRPn7jQB zA?^*Emu$JU8L~u`4IHr~Q;WScm-T%|3X$~D3ka%At75*ahbgq~2pAU#A8;82df6Et z6$`v6i2Q%`Iy@2p4kc&#YZaU`Ewh4`8dBu<7IWjDJT1wT@<6AArtVv0Z0XeduTL9D zsjm>JRrb3(3z;6yN!knIe})%fU5b3dt<*S0(W6|;7c7T$+h4syyA~*kncIn*!7=h9 zNsq-m18Gh4E{CX{=H1xXO-R4|`NF;BmuW*TuA8XqGrd@V_Qi%nR z6ksU=3Yw9zCfe&2hM}s`Q-$L(#Rb*T$Q7GEY*l(~(NBiAE}A{OWci6|T)pq;df#EH z(D*FY1>?}3X6(_Bg3N5uGVTc)-2)mZ{7!u!x#+m8&4HSDhq2?#2_YP zKrpZ@?5B6HEQ65fbyne{@Ry^D;eCO;O`lyB(fxr@v8k>#wp>#WV~faLmzs8c?@C$- zYsbd!&-;ywUPpgS44@Pnm`6=~yf|Bp%^3`=#kRDGJu!uL+NF!qE-*MWKMd5mj_1g3 zyzb2u&uCZNb_Aj<5*14)!=~BvCr-h;ut_%|L@h%uhYyXuntWSxvgqEPO=L>) zKmknX1~Q*wRK6us8S!ZnY{ExNw~9t)X|{|Q%Iy4LG{hJUWoQn0C^G$3ry0UJL+qru3Q{d)%Qnlvviz&n7ug+QKdxF4k>|AQF_nT4 zCTLu{32RDbeP|)r5`TZKrL6?zU22Gs)aT;6x5GwyQeLw&29YVxA3|<)--qFhguyc> z%Tdm2+6l2`=p5?6IMWAJi7EY>M+6f`1$f{C@AVHN#ea#CYTZZmdP?{nfuE^Nr4GPI zXKMF0lkWva!etZGHyh9uwlXGKgR80LgO=97O8C&vVo@qJIo%z)(S>myDVKO)(8ol? zHubZUqUo$TN|tuPLbn)|K`^k3VqCj_s7j+PSCfqoPJPb}vRza6IznkzoQ`KSHnfpwjF0GHZvc0AnYhg*&QAwB4UgO1#@|_Mv235ut(#0)_;Im{7txbj zsfCJIloZuXHi;Uvup9Cx6JQH8?R$^uavel&SVtdL6|GOBGzT|)w9wb(*3)CE+!uYJ zS#7q;(8nQy7$q22=}(k?*Gfi>$C~-%>$e87>yJ#VDdM&jTI4ldndMXjIHM~+dfWB3lvG*r0Be17V z3uO_?sIjI+Nfs0=->u%Zj<0CqSM1Um#K;mNkyRPirrG&%JrH)f2eJv+lsbwWa*)HO$@Bv z>4+}-EAV?&2G3av+qjsAM|f}g3+_r>P~KNC!UF!W$$ka#I)DWW^DScZNU+cp@ehmx z!-@DyU3-Hq4Cti;8~cwpRppCPc$Z2VVl#_mXRGJ6tF}v1)UhWo@U zWLW+}_L_$h@g?oG#TF&1cBI3UG6xQ3@MZ}El&>IbkeKYF>1BJJ{sy(0pCFD#&KbEc z-jW>2?jIPJ6BX>m47X8)uTF)d?TK3)tWGn^EivPcM|0Ka0&M8?rq!Zsy4(;x_y&gW zeM9%0L&H$0h>1RXOh$`^e3f18b?OLD-9@-Nv08Tv`ehbv+5Qo$=cw2UbsKK$JxW#D zEce7r%K{Vq*0^s{vr#{Ot-5R>2m&o@xQIO$6GYZ#?z=A{L6i$L7`Af~F5^rt)vDw> z1t!&0%hfqoY&SEd?w1(Ti`=6X>L*5fr0%94>6~BVK3p|RZrhIDbuGUOzO`3eR8YMm z*%s@*4&~4$CL^n86>K~z%`zBX0=gmR!7L)gWnGP^X+kVns~lJxTtQc_hhs=`YhCp! zTbX|N--|5#fiX%^v^E{VwLGIT9xS$2$yYY0s_9~1H`95~nr1U^>~8rsY?v}}z;B)6 zGmvzr92F?(oK8G#n>5wh;fqz(bie7OUuk5Gmc2{_>+(#GI*+4DE~XSM6!VIhYBnlk zI-+@Vq*!aI{b#I#YaWSW)oYx=d!;b%%KoIyjCfSsVgL-59qsX2ffOqt_ui zTrPO4W?zMHS-CDAmL4bO4kq5r8dem=`DX?5DhU&TRxyv7t}H6~nY=BS96PpaH2vnL zC$6PN6q;oZ)uqcSL|1zxEf+bEho6_3Jfzd_pd;&iBPREslt;A(ZyNVme<+6f`pdQ} z{S|0Dfm5K`LhpD)wh^~&`$%guSs%1y(-gx77y6?irHqX^6=-5RM?+ZbidRhHovfp5ts1gbTr!x*cN=Q@I2=CC7*gwD`~u@QZd>9kgEEI| z--lv&*IjG6a>k+>vSpZX=-A2+-rR!DsJA?W{Rj*(os5v{!kZbIW;9)t%Z%xk^H(0y zZ%N+il)5WwBQc>|Z_x$TKDFe0Z*a`YyqV;NH%&1ZUg{Mavej-m-n_k+Zsg0?`DJH~ z6T#0s5*F^e9I2*3%zY^+TZLuggZldzUa{{0%B9O2S+h^e zl+;Gre^=(W7B)|7GUa%%UKQlsu-vw^%`I14nUUOU>~5(m5lFQ?o>zC`N1R}eFSI#4 z*k2{7cww+52ea1Hrq&{l<@Ts{e^*J&GNH%ni8DbwY-_L}>m zi2LTxosCMx^+(<8R;Sh0Ym4yp+}$QIePchc?H|{~oY7!?=pa>avO8SHjqo}s#=IC? zSs|Q$Hd-biDL19t`$(ibaQFrCgP^~jwCoLu%}rE4>q^$g2s(|@F&@Zo>Oe62BCD2-m8DnV zxN)iVQecy_h?odMCGl4BZT%>1c;v?ll*Qx?{eiK`FxMsEp-i9&XE*47`%*rfMrYlrIzLk^_y$^9Ca$CS(>19?h% z68_R4GLK|pfUS8AL6FcVlwLR#C8WJspmJFFM4sL@+0SDEV-k%#JoRb+G#dF}7G_pv zBLYq#vz4DQ(zV=gx{-o$Xkj_%Y(M~WluMH6E8n4W-=6=*z?$YJ zqVDcGjQqy?*=C7J{^D4lVYtz*E8ZJlq)_lFrX84u25`Npf{P*ey zJE$~L=$3e7tlk(ROy*{yjQXAhL7{0h>>+OKku4X(^7Xse>LQ$f&+x4Zf&iB!3wQJM z5-wGTT3{HQ{0X-ixce3FXUkQB`q{3A+>SZ8fqTion)T2&H)o(n{l|5=V0b#nurDh1 zlh@hntWIBrq{yV(k^n{haQFZ5RaU)%AQzixK01Er_LkO4Mo3ZnZXJnofI$7jcCL9z zjk1X$2vg5@TKh0Pif2oGRdlSo-$8<}Xurcj`*|ru&45tf5gROlbd~i4s6T?kj*Fd2 z%ziuQR5~}A@ZMKV8~>bEVR+>wz)#BCmvFzoR~QcUHl^aU-8fM83xVmQi-cVDk#d`v z$;qaGjoEzdw6Z77fh)tMUUZ!+ldyG1W>vV?C%Xkn;O6`q2Numo*I{tYho!{Akby)_=*JScP}g+yt=Zqtb*_K zlUt?#kQbfp(?yy!;5x^2Mf9F*$zPuYSE2+MJeD0nLD8<<;3TUj^a_OGAcB5sI2@wuPZcCfd@mlRdywY5w%q6fWvwj?Dv zV9s%_mQim-!^HmMo4E^x`La0Qu8nAZ_B1vjY2mV4u%=3xm;F5S%VykY0b#u$mV`*! zd;qF6I(EE54|+#Mw@>UkzZRy=I}+|p!7@SnPiFZYc@pWUXZ;GO?CBE9jlndpsMpg0 za|8L>g4m!P_bw^-nU>WI;FdL8D-0Dve3j&`^>6&jwHT9L0ersF&oiaMO@-1Iw81%d%q#ujN_uJhFwt-qk!4jK!b?o?zG9b`-2 z8h)|WAJ;m)nfx_3fVC@N6-V1&XB0k9Q`LBq0CBU#XrGP2b(9UUPG@hiKPV8t{!5LR1{)Z zA6leRqZRd%B{MU#&V8yoyEsZI--sFX@&qugjGVoU>j{6(`(OQdYC3!Xj>sGkG`!1s zl=?b~uLA#TlwXPN00Mu*MF1D6P)?7d`?>YM+2T@~P7^oYYz_uIG32wBZFKDdE zph=r00=|L_2H!jwpxMO?zy>~Byfdmnu0Wyor{68UF%dUlU(M>ow&$$%f2oL*QTf2E zGymdovPo9t0HQR*Opa1iEmXwGoZ4IEq5gbTz=`r8f{m5rV-S_LeqkQNB9dBgWg?T- z9Mi3JdT8-otfZ8bH50I_m*geA_zkjVFTV46+WFWWxPm|_VdiRoggn%^>d~9Iq z>a#Jcdf3JQdip+kKKmRU z9(dgXz5H_Le`!dvnWKyI^Yg!dzwr0>4+;trXK@3*epn4m-HPu_>YD%YFyb|723*7CTFO% zD)Vc2TcdhJL;3`@=&1&vhWYvXk5KK>n)O?54X8VIy;o(~L(NtRK{@@J%O82UB;mX&=SLaseHl&Wk4+i4*7x_A& z;XL5Od5_lLi=CaFO}?i=Hxq&0epKl{WAkNL=74M(YW^^u^N3huQ#`-W8fr|@J)^FQ zk}h5^(zv2rv7&7 zp%49|dgYzY&xGzQllOVXV5R)vV#W24$q`nW&`$nyYN162Y3Q#loE8pMlYH3-N(FGs z$Di$(+nAny(zW?9I!GzGv(PE9i82hMYI>(YpO%6DX7{k@Iqsaj;0Tll{l`gWopo#Hd2V^wUUt@uh*6G+ zz|Ya|PV(38Ps#1#mW;#NM5%kDwz&J+EEE~syg9&L8b#Gp~xz(QK% zOia0gqT~NmCj8z3gyQ3m`FME^?2J^brqn6Kh&5ge!3jz(Z{ZaW7y0n}49okgzw+DF zHVPPyv?V~FKX2Y-?ZV-337*Ah~hUL~w8ZEx4EmH%BO>lF#_ zI_G>3+1Fp=TUXaHW7Tnl>bMOq>`zmGPozCg+E?u0J)swS5FXQtamUuF$-69QMY1&LA)|^4_&&Z7(x^_H zZ0&$5B5PAF2{&A$YmWXNNLkR`P7WqQ_}uedv|6w!=1kju?TN6hAFG1tZ=KZ?wJ;GM z{C?$OON%ou*=gI^dTJ&^$t~9=riTP6&A%BD+d2q$|ajy7~s;z>Sx~_+YmDlirc4NVah#=lnA~nLrSVDh5 z*NPv_+1DIgm=bv*a(Hc_g31`Bg*1|QMweE#EbQzsU6$z7b{a8E{JwC7%E*m|v&`!H z9l;~!5+UAxq?;n^X4A3JO4<8y3A5bHPa6G7=VtSuRnAF{EYGU!8I)M##k0~oz>$l49@N=yw1DsL52B(e*Jh^uz-swH}8T^ zudcZ5X0bLr(6h^uMLx3Im*`|2U0p;4Yj!E~GvvC|Pu}nGU>PG~OfmS8wdrO{=Tjh@ z9xzrid@i?)F(P(A0Z+MbE&Q?R92-;#!q@pgmWJHiD+!JqM>x04I~SDD4+YV52#(%CTn z_gJ^zT5?R;nr7jY`B!NHGlI0l1~&_E0t}^1z|L3P!;49kI3x-%0^oEGKvY02-~kvs zqjM63C?&P4(NubuYNZ3I>5wdYM)i;UITaATY#kaX(@w8uo9DTFepB_m?BoJxktkoy zpmV_%jogJ?E2O&4K5M7*&==U=F&Hp5+Xz+p&eYnaL~{SypfxGy+x~?W=jk%@ov*rD z1qs=#TI4&n%}W@|JZd7g#z!R4KeBe=rv2e0BZ6MY=p6_4Pvvyh1C$P-OGt z?ovt7gjso}%5#`CR^HvcD2Gav(FPV+3;DK6ug=MFtGqkw5a=@>7OpL4BdhqgdSN;&7>D*=3NlGSD)DZ_|bdo~Y^` zRU+kazF2|t%HRXNdpyap-yY())6^w=89VbF`-5BFniD58FA2-;Sj-v>ZGw-2jn3X! z27F0tz01qflt8=N8_*q5xRp(GMpkZsaEfF8V{h^_ypX5Rt_yDaAcbk$bj(u{}$f z1DrR-C^rEEogl>uro-S&Iz;iV4`Iv+{H2MBnsNe$)6)ZBCTq02I)^nS_3weI$8(T8 zZq(T2x{Q=zc|kv1w^&)fu;nJ}*y#;F1hPq;V(VuRDaO#u)>|8}CJ2mfXdt?d@$p zKR-6XrD=9f&a|KlpwCx@MJ1z)9Kjqblh9hL&(Q_|(;%NOzIFn1Um8FF*DmPtGM!PA zwb5oUNm~23Hn+VkNf7=AC0e>lG!$If_w4=oZGC$0&!1KL(2!@FKZyRVR#6cJySsZf zPU9KD=4#)he8gE8I8K1x7VeCGU%$D;Z$07dv!3K}4Yp6PIh>_Gnw?%&xW>mGeCTFw zq`XtT%b5cL-3I|210YPm4Z7^b5hghI1Btn){eG|RuNg)D;w-DbekB9M>2<${Yu3kY;;khW_Zy-G&r-jy zbLg`0oC1AbUik-!n6S~A*qhJ16Oud}+U6f07atEl)&RHxBz*XMohSIr-Z{nnySQJb z)4L_f3S0h1`|B-#<5+W3cT+j*8*21mN6z?GTH(@!BqcYS&6GLy_n)NJ1JvcCKO2tX zv*iw_KxcCSv@DZdyNEcX3bo!#?~FfM9xsP@QEgfUXa#@e-ZexF`9rwRWrwYRQ1P8x z*++WH`%5!nw|KhO!U7q`^5ti5>;bThW(MHOo50BCHUd06%I$YIUUP;foZ>PL$nz>> z=3crMZy;c^j1S`6*;0#}dC>hTfm3iOAN^@PB6aNE&c>H7UmV4~00IRav2z{TQ5S|z zGNHf}q} zOPX;4flL5DlQ29ye0UhzwfX43;2Dv}%;9es4=@LRS09D{iemg5TX+Jn1;xW94<9A< zNhU9_4{rrQ@vtW;YHOq3e{<^YjFg3*Yc=iXNS_x?9>DM)0SqtvQ>fwpoM5a2;Pq`@ z=P||4TQ9eh`!6`gK*@jL7|SuE`_`_Y&rko!85molC;)A3Pqz+NfHAXf?UFgeHj`i{ z6aGap2m#=QQ@{Y6`#J+Ak#KlS$mU+gdLSY-W^N!+*u z`h0(r1JJg>PbOwII7S=QE%Z*SC3UIP`O4=$0eyZc%q2--z3dVc#{m>$m`&f4ab@j4 zi?G(MXf}XTa<%+L2fB%T-lm2c^Z|2t0Nj36G)PD(aD8rWWadcgamPh@k#`)fp?_+4 zZBhxrof?J-cddag`1!W5fMg}mvtncE&S?JKO(NFD?H?Mx#O!@ncLKf4v2b?fR##V- zlaq^nAKb>l#x{xdR*w+D@l9nN9E40214=??&AtghJVsO5SC;_70;glk@eRB(R#fp_uFTmmWKDEMSN{)g)yV&LBj?B z<+w5=WLlQ2!^9_3(L1VfYN`odWseh)98j1qHIs>HQ;X}x{r(X~yHK+0b`sRo1gILS z+*K!U+vcVyyH=wBJQ%bzkS~?klP0Pd{O6O^Sx_~wC44y`8(n{eTKKLl=+E9wCgd=$ zgEdp!IHx&y{-Eu+YJ77l%UrRVM9X1w;o%jpC~cmZNSVf#c9toyh`>sPPZv)jy@zP$ zM1BSl+4)d4&5A#tU$;P5UtgZQ+LvZ~N+Q;1==TfkeSNv0vNH|+<}sx!h?n!-A{D`f zP0@)?0Wk5TCRHT5{VUH}#>Ef`2dE*uF^5FKor%sQAH)YuEp^1Q9*fZ$dFKTNy!N(N zjV^$GmjL&+F*d2d7u?bI?Bhim^a+XfXn=<^Re=$eF)&+=zgZ|G7;k4Zgw>i&hRW*A z2D@XwP2TTCU*}5|g~vXyjAc9(Ri3INMyKD!zMx%pi>K_WEN z{UhBA`%tN%9o!YZz=0Un{86P6E_9?7|F*!D2EO zFm6+kbhRf+5+|T#NaluRH`6*er;>zbK6Nm6{Dki;V|->g8VWli4vhOQh#G8BiO$U_ zeSLk5=Oo;vvIv| z4YMIHD+awHOfKA0(K;%IFo}?{9sxGc-uQpR2>6!L8;lK3denKn8ESnA*E6?1< z-ydf5R|ytS+v#`bfuDP5DwN)VI8!UP@e%1Jaf0ZoUS|aDK_BKufb)M-Dhz|J=)cWw z{_NRH8jLITjop_Jc0za@rsOPm0W8QJAZ+e~!kRC)@u?rQtq!#W_~I1}B6(C-lu z&I?twvKR+;v1fV`c(H6hc*$}vwOX6kX{X#7TDL5gY9m}Ie=a6Ba5&w%xM8aV{L{J4 z?o>O`cGIDKu)=}v!0J+o+6~dMCFhfHcjlBJnG|Q7R;SL8x9?0Y6R^HG3sWXT&vI$JJ~nHAtAJt1L?g>k}#*6!UMGC8J4((hH$yc8SqE*hek_+b-h4AjIa zMY^<%QsPrg9ZHAx!OYlt6Fa+4MO9)ehu27T`f@24ZppUX`btPom-qLen?&>iT4v=u ze$asGNTLOt$4izA`L9{dRa^STk+d&~7(gD9ml7tlBpk&{uHTgBPe{wHg))g+QI?zN z37JJuvaR<~)xv$)D=fCUvrp^KAYe6Eod*>Gr{Pk#9FXLD0!R^+G>yR%{nY_?(_$t% z7)ZZL<{n!;o{SHSOHxCBQzNGfX)9z4W)a2DJ-4$piiHwKc+xa_b3(@3Pi98z&tr&J z;aA{^Gz89C6Zs;wuuzueJ1ak->XIFWu@tOn?Pa3dOROYYd{nJttg3WAIa@;N<`|*0 zS;mXJpvS%t z3=U51y-FAQ3Pu8)!40|n)lm%|^p6bCOW^04xFo+`Y79FH-BPd6eU&hqciiUg+2&H? zM$d~nJxu4nX{2%NOYpc))_;*x1KmGYL4d0Rhu-Ih|J7*+oIrq(=@k%A-`LpL+$_%$ zTU%Qz`9frA4G#ufXLImbYA2ghI}a1!+NMd~$H0mcj+UcmZkNkvI` z|M}f`EJNAFwqgYC4-!+;Vtmno)ZU5mYo9;sJ+4r4Ar17HY0}$`JM95_0E* zpzPpW>ACnr%8jr;H+D>Ra-^4jP(7OO&h!%;RRRF99yx8t)oPcQ>m!dR)G7YiLaVFN za!ASH@}VU`vhD|*lw%3|e=>*_S{&hjB?nKk{+c2bsiGT|ZpqH)v(dPhfdAn(7vBxkYpCOI_j1Ca6sCs&Osni%J z#Xmo9csjHKI(`0TaqAvAY$u=dXj7`Y!K-n6so{R$kH>of`+bVKt(#nmyIr2pXBXlX zX%nL0-HnY09_;^slHXf@P3@R|^3^+{rP!qQ&UJ?Qu9^yBY2`D?!Ny+<6ZrL(T{RUtw?w zaLdP^-3Vx^t22ElUo?xnO4@MB;3#j}GCy3@eQZ=b_4+VW-tA~G30D`1vU--p`(Dw< z<(yIB7JxZ_+_`e)idt^MzjXT+Mdx(tiS%w?Xp~^61#VC6AY^QDW#$k@u8V;bX=_PK zdRfq)(b@!lQc-00aq{5|w9a?sJCR&LW~vMDCif9r+o5N*tynN^j&_0{}lvEp4x ziU&oG4)hrf5V&#RYi33?odYqk6FYtQvAq27-k%o3;5d`#`a2r{8I|ZEiTxAgyLou* zu&^HdDQqQNVE5GjzR{oFrgrp4RG)Xab8ed89}_&|C{sZI_JUMTNJ(Q!(CWW@4uAi; z^`o3OC$qNKi;KBWeiVy}jpIB}=)79^=QqqAS~3Uvo}CN*VsLDGO!GZA{hL?3|0l1w z65&H%-lw=~X$9eW`h`7>M%|Ur2 zm8W?@4b9D^dn51 zAE1nL&v&W+0yr(uuzVJ0g9oO@W@bjR#;2$Kta?21fx-gpRm1+MmGzRvwsvg(RTIO6 zwdA!MoTw9^;VCtz&`ejWfkBBj?D z;1CXtzn?oM`vc;feX1TolPO<^L=-4ZJf;QvRpM^e!s&0dby%TV*}l{TUF(ppqVHLN z`yeHbckTz9w0JTg#%`@Cf#I z$0<_meKeg?_!(Zy3Tf5n4aCJ>6ITKMymBzevtR-rM_R5G8uzN-mF=2HQNF&jj+~&D zt3mkmZ5w!Py`%Wj>y+4Kt=rWST};+yTEl>o^_+6_dmv{L0?2o;aKP(+QHFT#3Sn<% z(4U{f%C-v8-mI}{Q~1~VNU8WB>qKyBrKbd5(EEs>wUy#)k?d=L%9inYaoea*ou|7) zp%-;=ZEzB8k30zINm@eG0@=rY%Y;HmX*)9lCnrkewFl;Ld~))hXFsclRdXOT{5X9; zJIh&i0)&gNdKWvM5d9|^SWny!^PfrzrLcApbgs5un1^ffIU`w??vl9~(j6%V-?BT& zMS;dSEVbl0#`GF{0?&>Bhjl5UhM%ygRYzvC9h{7JQS-JgU0@5!mzke3NwN}a1R^z2 zFOdyE%%&;U9#G&#YfgZqU0}CZWvtmT3OJ!GvOBYxv}OAVnRoBeQS)7kM#xfJXbOZ) z++GI#d!EV$VPyJFWHYNK+lj1S-r^P&+~I`G_IFb~pA{Cpw`1p-1bf8Imk1U;dvTyA zM}+)MBwq-N1Il0;jiMfT1em9lee1gh_!bTZta?A0I>R;DTKI%UlsVGQ!Yg zG3}bWuv|_aTdjuq4_pmf!3g)B3XRk>^H_Jm4O|foaoA^QD9*4m_9PUEpRFLQPSk1t z9eN3v0X9h}a3i!|_!H5%k;qh^{)H+@To8Lh!gXRfF0^awHN9{4M%CR+@ChD>;==pE z*=fqWoSaV$SXsg_YH<0JMT~5ep_eNVwNI^t*5z0l*#S_SsTxD%}KgXe{=tNG12R( zhKxs(sM9=pmJ+l87>_r*KL-Tm#Q*b-75{QhH@aYORi?2CNM*JCOdz>=X7h->Cfm3b z$dwH5*;XXX|E-7vj-5cLmo5l|vs$lU_}I^P_}gyF`d7>i(dm|uM!>}T!FF5n>qCBU zgWqb#T+Syf77l3OMyEh8sjo)Q_vC6EyA?pz1pvWXRKPp_!S-K8_Wr+2%b4jly#C*S zQEKOd2>R9_K;b%unc;-jrZWd#JRBLz0G`Zu`rAiy4<0f6vb_9}Y*1!8Ga zxth85Adp!I01f!~_+0j4oB(7kmKQ%T9{*>J@E>7k^PBRgNB@T*nve;#(9NVd^jAiX zFiM?G@=s1hz>L@@{!`TyCJ$cE8Vn01rSVYzY}i=urD(Yyu1N9BKwdz&qmy>yqUQk& z!TxA-qyCUO;}ofQuqT?UG6p1C?lxAd@7o@&t%-1AfVkSRS`Ow|UtLYnQ4Ib4P1NhD z{l$35TJ>MtS+fj+B<%zE`drKO_YFBUnfnyw@CFF;_Cf!{Op=1ae-6Rq|KG-Fen%Ak zD?=kGDH(WhcN;$L<@GGceDhu}lfR)c6DGXZ=H~aldcW-Q*SUED7?NmI7)mw}VQi_WJ5;41-Vep3) z3LF5Mww&Kn>xqgz_B+f)S_=Whl>9d#P&Iv}x3@C{VLWk+dpqMpv+W{{ga3$C3J!aM z=J5pd)1q$Vn%#O*CFVZ^(Fg?@u#p81kGEPyLes9h=+8)wy=(=VWd?N9`+(fqGq&t( zufJg!!jRb-^A7^TH8wV8{#DBG34EnWx(d@zF0svha+pQf z!;JNt0)j?)+D`#On#a?wRtwZ$MMchSO|px?*X4feOn?W!@a3fO1LX+;oZ9)tMMoG+ zogp!P^!4l4K)!FWznzxXSk>BEE?3jsyjq_+qXl5~iAuZNk4z&o=7gviZ|yrJsJl}F zQ=$qgr$8mI#bS=1V#VD7)EdxBf&ZVq=C)X2y-0mhGsnJ{;_hPZ2#b`*^gUI)rW;YS ztK?)U#Jk0R{YjTySz6dz5J;~*qeBgd+{EGUbTRY_bXO$Io}$}KgdqcOOI{q04xU3! zeutHs==cfZ-}kaFYnoBC$&J}0Vr-{f%JBoY+WwL=R-W{JZ(~k=;vIeCh7T_pCj}$;_Yx}zF}ic%@cQ*wL!U=2pM@Pe)!^m(9K8r-h#MaI5x!j4(b&*C zVO?x8FUPn8#Jib6=`I~S=ioGlko79k;lW;-s7(tH?PiSykj-?xXRg($muE_>U451# z`tR<0+5CN_X;Z$oOJKzacl!WBf4f+I$N$L2AJG&K&c2gueudr;J4`*#CivD^7F`v zq~uYvC{>bhpU~F69drJsdBZXNc7*vM7BY z0fjfUVfsmeQFhrsuQMFdwDRSvDuDInA$!r|%lGsP8qT{HES;R& z=Vdx0u|kAu-{J;OEsOd_93XZA`VD9gj-U28t{et zT3I&z7;Vpei0JNP(Sx$v#IC|!+SR^JqXJ$UxX6K(>Akr(raB&Dr7N$Zm|=uW;k9~h zcL>!bK=Fg$NKt1bqG}*=AANj8wEW#Ypk=SdVdRq9#IzsbrhRg9$!Kt`?D~@z&$`4Z zU&VBJMqJCE7#|1q_g;{e$Y|C$~DV34ZVBPAjXOlA?Uch z^s3)`JL_rZ9VMq_PkxG&h>h(Po$(Z0WHvW1>|?%b=&5}03moJHCwePH`<(3!#F{1r zYmNo;7JK^x+bqQ_t~gEz#_>S^Npj!04-0H#=mP!~M*6gGXXu|1l&9$g(z2mtJj9J+ zS$MgQyg$bTiZa@Z7V2^7MZdDGm_6uq*$63DIp~$hDsxY2SE%!^F%st6VH<)XVZN8f zD-54hR=SZa5>0asF|rR(d+|!;71X%MJpw*4Y&e!x3do<=`>l>oHTqLw&R!d{?MAF1 z2g?;e{ddNU*z$}QYBaUrW!`Tx&d_YxBhn%Ao$!zDa(Iw&7Lefq3&+*Tcw^eU?%_WH z&o>T#n0xET*WJLa-&<&LkI%p8O{Jc8O|LnG&%=5R3>m}?Nvah$R5o>#u<&1J9WwB> zDnh3C(SorKzM1#7W!9bf^glAjq->X7LPydvREk9OUQ z8%2;zpY;P4=(EGKiGN;8f`m~^dRSo}`PI0VfOD}L zWSA=Md)VxafpkJQ`&0QuyBFZjop&+Xv(@dP3wEx0^jh;AlzbWSH_oX#rmpky>tGcg zUV-V)Xop5+V|dG@4EQvEOgNeS1HMW)y^J8|UsFnTZXp2LKKufT4xgDW=Xn55KjZOU zP9VK-Y>{uqhgq;xpj}Tei<|^kAf7C}_*&MEOTqZmr^uR^*v-mJo3WJGG>by2c5S7g zkBR7Hx2*7To9Jd}MO>OMa|1X#V{OdII7)C4v>2RHw|uobDIxerUxsD7ajZ6O;STB> z7;Y$O+QT%M53T?+(dAX&C~}_ls_C0E$((c5F^U5F7}Nv@FYwMf%_m0lCfzV|dx~^Z zm9VqYCmzhh7nqB)fd}T+n&ybS0Wl~C4#+8zHZ#!`50)Z8^`!@Sp#5wJqM6}L8bvP< zZJ2li3GYvInuiu?A`1r?L!2XvicR2~lbXjeJkLpIpAI#k-}*lXeXwJ<<7&2tk(2@n z{@D2&&j~AD*#2E5eF3+673SHiUU!z)+K^E5u1i~@xjA4aW$k>XSU39h zCG-RK7;t8>wGzvJ0VSi&1Nsm%>gb$akpNUz>uNh1uTUI1R{VPoMsKU};!HvSHumh?4^x@cYM? z*PXjyt<#@A`M!${-TpGQcSIHX*Ec?K)*bF0sk?3-RI87dBm(yRw|u7T(Z#)ETjLXN zWbAdNW0xc2wxq@RV~Nh?uTjT4$8q733%0r8$IoW{{X>-ju0DX~wc4w=|4mVPuQP1F za~jinxYFv^#fF~iMuloE8I!(NSs#pLAEaMO;a81a)MDaSjVkN7tZP1UR2Q~aXH@;t zEGroWbNaY_TD%P~(UE3d;tp=bbzi@=Q}UaW3RQF4*m#pPZTM`S8U#*LoP4aG(F`6-O)@2o3<%oKnT-{W9iA}Vs; z2`#oZu6=zF7hTd7$V0#aLxYjB=-;%c62}h`3 zexeF3a}_&O(&x~>XKF(I0M~Qjeem8w6-&NP28Z6#*P~RE6Oj7UUeDfH^ugvrfRl_c zk>X1n)A9bU|870Mo8UI>x3yl)&#v9$L|70xP^bN9@XdfPMMtJ@r{j|N3h{47U5Wg7fZk>T7J%~>UcMuU zdA24DgX(6esyu8V5 zZ4^GL41C+yu*r4#NBNB6VMh~8vXJtDkbLia#(u1SpVna7S|i6|v& z!Sup$x#DSXnaTlJGhgmT5vJjc*72{5*fv&z80qqMK##Q4>1F6Z2QoCp&WXJvw>iGB zkH3qqG5kI9-0he~5!$tl2S1c}(8gLmy(&5J4^qS}58w27vr`3%c8Rx&ooPci{DEK8 za$4xYd-|s3fFyHvL4v}kR)6V@N4raJE@ARj+4CnF86bu7Kd+X8g?0*j?(xms&bK?6 z@ou>@1j7DY*h4il&>-uBQCYcmf=L7c{_6wdgA>-V7YAC_AG%mV#1wgk^s9+iQEyn( zEVl-+W#9I8B9m?(k&M z(JuGs1|u}wM-{{-n?imSTgg}BHK0A`a*DXKy|X$;?_s4l(~Y*u8984OZQT-n4t0kF zhFS4zb@oayJ#Y41ow~neJQXg}^ooZHxp!wqU@&qOXD#gEq1sHsc(x{g*Z$s^_lEC! zlBaC9>e6zePno>`-BsVHApUeUWNpE?&r$EgDSa>##KyevwU+JIRZnVYM=j`cu{1E} zJSo4z9vD5%i(t$zdhA;LUez{tx#meZh1fNZ@hr2ay}3HFAz;ML_&`gJ#Xv&BiBk|= z@HNp17`Zd;w$IU*a1?L8W5?b(L4R5QGUNoG6^9-|!W3sorb)Y%3Aitox~#ul{2$Gn zX*iqd{>OEhV=$_U>Y=S^)lzF)#Lkq8iZvvm_N}#)s=Z+_ZFNCIi%>Mw8ci%ygodJv zB9_=1R4p^M1hrIbLFC-&^t?FdI_F&fm;X0;@g%vPC%NwDzVGMv`+UCsYtoCiE#_>q zlQ*2NINO%X^r$5{^^&vd(}N!H+8UYPBw5UaZm3yT>Ff9X(u7zQ?AD&RNb?JFX*g#s zeT&-kL+X&^LWlEGSoAwuY%65{n@&ki4<|aB(~Py4S~1+H-D``3yVpc-F50e%zU(t{ z{Ub*Dgd{8MtBj0JN>}jy3|s(aXv+_MqNlVd`cIb za|WIK^@_7!9(d_8dusJL&RIDM6=by#k0J|r)xr>xuDF?e7quj~lEQVq#c{o;oDOpg z{-Y1wn}8G67#hTOJ(BZo=-sUIPQ4~nubDpszFeamyFS$O+9Y@wF;m_0WY*#By~(mz=(`zK5u8l_xnee~luBmV z5t7X?{b(pE#xWP^aFe$zbg$%3&r33%sWfU=K8odRuc(aT>(++Y$mIUg;Dqe#HYRyt z{Xve8KW&@{qsM0JB!B_yQ#58wU-T7M$ibh;zE$ESf?#xaeKfNO*^7lVMuZ9QsLq1F z^R%ArIdxW?s(ks%WzesDa#&J%8cZV;ygM>CMKN!m&gDs^uP=qy!33*m3e{Fa9P?ZM zdpGjfI@VXp59zVyLMi zKFS>wN{}N#>4*o#LYG5hq`Xc=p4KsPKIxNSVrWoj^l@3wJxpV0lh6KwOMxaSvDWd4 zK(~hCJUIp$yL>aNuGqUjig-i+Jf7q|#J8v&&#>u)kJM4rYW!>AZqksp$WP<);u^so zaw)ci+T3HsHGRq2tFg0k78b@$n+fSbF%O-TfZy&Dq~4VyjZQ80-H^K5TkLO8y`hHR z_eV`jX65?u&WCGf15ZI5+b01@vY^{@k|!xg?ESts<|BWIJ<(;yWE?IMS zjb0>ygfW1O_&J3&gY>b@rLlpNfZLbuv%4;+X{!1o&RTo9^>+?=pOzCKw$~g755;60 zmV6Pn?tB456(7{vvX_B`oDq(~I0k$jzRX15F8>*l{odNqQ+i=n?k66+FYxh!-&B-I z-bmUx;wdedA8cNde;bkN7HU0H9Fe6uNQ);Ck-I|=F1A8_E-(aEP8f2SUy6K^UH8Fe z(Oroc1=UfGA32V*SMF3Nn?_k*7+MC_32a|k6{xmFVFr>ismt?Nt4~c{g$j=jW8~3g zdKmEy&wX!``drN@N=da3hZ$vuCA+`AV>iDBApY4i_1t<&LKQz2Cdfks&T@NO%8@8` z$my;G%&*4|iq{jhB8g?&%RdFL=AX1&Q?ru5NajOz%WDZrNV;n>`Tf&`(tK63u%|;Bc;gWg2G@$g0&oZrV*45`>3EpQLAM5FUi#rO3KYuGUrPk zD(s}bYFRG~tyG_AD_Igz5njehD!9NT(P0TUm{6o;)u`TbC|$isRKt_%dS~dQ(|j4a z%`?XjU90q93RP>bKJ8Ab~;MB4- zsD6#Tj1TR8eZ{xT`jY|>N%rS`*f6@iJS}0WV+I%}9n!d&T;yA@g;b+dcd!+4JN9X> zrvKiWRC2vF9^0)-f<@ajubFCK=~k!9FLmKVO$v12hIZ^@^%B(3$As5&b6FMXpu8i~ z0||2c_<~_eY8_QT6@7aQmh70#ep&jfCh_()TF+h7Yccd<^^(g6YaTpJ@2J*w3BuuU z0*G${a(r25<5{9num@6(S)A%u+ddUlJo%yiy&lXt1Z7AhlM@Ce4~<;{Gf;U;^imCj zKzC;ys<)1uJXBbM7mc|_lMw&X?3nDBpkNB=C-ag*n6+G&M2msZ6g~4|8e|j5OxO%+ z>??Z)%Ds(@7DfBmKH2pz8>6ew(Y%BPC3M+nhnIHXdBJs?#axMP z+Ycg&S@(7#i4Mv9#DGU9EoX@aFuT$)fL*5g$vYADJ7}<5p|O^#S%aSn#eZ(B&^}T5 zC^kGvXRt}(#zKIGjY;NON2z~bb=8erHxZM$Ti71I1bgpIJDd#MHrzM&wQr*%$HV z&#>C-;eJ%B*^4Fv*X@%lE@+miC~E~WpR0uZ;1`rc>eLOg>r!Ce-?1GP?}KT0$Pl#S zBhceg;kpYdNd)kmMIAZFRG*DZMT$86&LLo{{2eaz7~~bEZD86#4F@#ISgSJtHBAjF z{T=bc@BX0owKhL%pQYrwyt)8?<`FAg>582sY!%z=rs6}2Y1nEU!qgtAd_SqsNQSjO zr19Ag9;yK^2)(~#$+v#gPOzRZ3)^~ZXB3_uVc+2|5#0Y27UoASFtX^v*^8)k!$1}d z<|GkCre7N$PcQj7a-RqaLx%yeKoz#+fpUm0Ap`8SBf-c;MJuSOPDP_v{ z(T3kdL)NQDVFhm?G2&5ad0%s4&6^OnOqGiuOyM}5%zblbG zz;dRjMr63jU~gXC1jRM8*`bTbG~2bcfZm^&Po~~QIIdnN9zkn$pFz#nbaw9?F1!`~ z@}>__cD7=5P3OZyoa7Bh^ML2Rz3l`u*UmKkdH(hg5x7o<4JGs`ji8SVx+AWO5B(a? z9LutE3rAFYJL+ME{~V^+AQ_^@UD;5&Jhe8cv1(EGX^sQw_LD2Sdcy^M<1^br9**8Ob%h>Dll!*|&B<>}p;<_Bg1Y&_`4i{cHr`Wnz) zEBM@J0O1tgG&()Ra6Xmi5i6E7ghF3#sKU40))&Rx;YkK1LoG8AqJ3C2v*CbF`IWi&y9^0!-M^ei3=Jv`z0gx|AI%~>8!8T4f|Q;s zA;`k(v*K2Rm=Ly~t20?_s6CBg0YY>&?^=sZC zf>+n8b#DD?Mi`1rk;LLKLvDEnkVVZEBoXmnv`9(T$QaMizH|RVn3~?0E=K}_Cqa< z6Kp^JRFs!n+vy@VP1V0W+Cso|hcJf&Nl3_`e0D_a>@*&OAJf)^dyu@XWjD&}=PBkE zTK=$HW0E;xko)5WHrz7BDAGFA~=DTyP1qvj%2umJCeB1DkZ&u{*+qlCo z2)03Gsv!Vz5RL0)tj=@-SiUiQA*1?2mIX|oNAV%}WWf!C9pwP0p5e;?*l}au$aV&? zIzSFcde~QLrDNR6U1Bet$G$tO#yE1HHk#3u70n3n0PtT2H>)({l%gnN#}}f zK-jHYS`rvh$?`x%*#E|5pLjZt4RC`#ep8Z$*y;iLH8OG&s7IpZY5xs3NRe8&0UWr) z-}O7j*4FTCIHfY{Uzyq00HM?Ed;mPT+aSATRkiTnGdnV7G&F&9hXr}MT;nc`PQ`)V z==yFl7n1xA%sw$12Q0$aRUgoU<;F&V-<+FQvKX`4{n!9@-EgwObkDmRaGig94umPt z3H9>w;+rsKy%lPHsI~*NGsR+S_Lw23L6r+;!UwURX;wq``VI(o&g$8c2l!LN5=~3fRoCf_DLYZpZOg}I-n0ve&D$b}H;p?3GIoaJ!1D85 zYV%c}U+1X8Kj@$8m>N*m=XSq$`*Q9S**5U9*-;~VcsX2zFS#Ls{bsEJHW)81lSL~O(5d-X-}Uefq=kUF!> z(8XJ`g`2yqL4ovJhzTw;rVU!XAGfa!ip#?xK_Jyv$;(!G+tQwefAJ#!%=ZA~_0GU`BlK7BfyHO@^<3BG2Z-*e>yv~iEsCdHo4x~cY0au(d@ zZJFQVKK>fiB(@Z6?HhV9%^CVKIEbo@`@qlho6G`$V*v-x4TZQ~(rmaNeLqE@kQbm6 z%RgAjrjZ)SKw+ELhv*m>jE{^szLUF7A9ypa-yd@N9DtICaQc5SwjK<9$PrH98xnis z$-fD9%H~nq<_{b90BzaDTLvR5O6)`7fXtV4S!!-&bm| zsvgbiLV+-M5X$xEYy-|DCIWs$69NH2BH>LLwq=LLG@4y%sOMF9+*dNhC9^o3BZ-g0 znwAz9&qhBC{Q`{OdeeHl#OuJI8(&;r78%*k^S1zyLp0Y*3ns3#gA5|&He&$tHzy}2 zKLi}=-AKr{=VsO=Fw%I=nf#w$kz7uJNAD|d+zRKwrGt4+Msr8gz!4rZ6RS%VM(%h1 E0m%d!iU0rr diff --git a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png index 1a0ec5397d87e4b1f8af36ddd7fa49b20a528a64..8ec000d2a74d4d1478511f67b84df3bbc6e82833 100644 GIT binary patch literal 23272 zcmb@uXIRqh8$Vo`xl&WhJu)jTx256$Q#0!>HM87GW;t@<^KQcBrQQj}U%)B`5s&Ary;zSja>(GgndCdX2YvX_7 z1V8gD{(zG+E>a;UPS`^4-PV5`;z-VBO}}6~8HdsFJ_`bzmeqfMF3K}jt}03PzWsz8 z-=)Z@d)3J%spm8#|E~XJ_YLllI3sM;MW#iXn(VHrY^kvL&$SHP@NfQRYGw5#IFj)s zFfdpS2%KJ>Zmy@UO$@#C@GxPQjy-2^`%G0;70Pe%AFjS!Jwo%s`}=E!X^z_|%t!3f zx4+PaaQ3<1I1nY!8EFW9^ouKghc#k=eBdXMs!6!-#8*~<23X-#Xo;z=&s&r zx;Dw`Qsn4v8l_c0;e&A83lf{5)K@e=IcD!`*wTbRpxK>i;?oST9*qYT6+W-YKj=ZR zXhlk~b8$1lvNzXjmGXlL|XSme1LB~jfr&TUgt4Uk@2dt3!xHo^7E z>3X}@c4bz@NNM`Hr+^5bF;w;;H0qFh@$FyL-b3G(*oSAVls$6~e%M(@g$>u&3>9RV z>$;>zIz!bc0KEy6x85ai5nSWVK~+`G;_Yw%aPm!PwM4sIQNE-3lpwWOb9DnDza}MV z=qdj)9XV7`Zf>8p2#@!gL)fiFuEsAG%CW5QuZUZLB^5MB;3ZhqPXAYdsvr6mWBkIb z5r0vZ9jKpi3bAVN(3!cAv#OCFlCV7U*^*eJ^Sk%&sIM9S`dkcVg?`A@Lv=de_}TQ- zfp=Adc$+ISR*lj&PF_ZcND zBDc2zum7rleBm-ZXz9u3Viwmg=( zs@^s=9)8awYTW|Tcq zc5RJv5GnfEPPv&;>r5loVkq><(bKMtlk$`2w;@Y1kK0fFtlk$5xU)x9!mVd9Ns`Q!OEy945+Lw88JO z*kDbCgFJ4%AL;x=jfZgr-Le1ZN_HBykz5+GCiqyEyqM1`iPK+aVf=BrC&d05u`(?aon_OtZfYjua91k3DKhjSN8 z7uwk7M>*Ku3>jCHZE!Z%fFzv*Iz#}f3`mbtxpbl77cDL(B?{H)^uodN zv5g=V5M;maTcwQctR=Rn$+t&2A`%_+N;4Bso$fCkeA|A1iRv(FBP-jF_uxBig8}JR zeifbN;n*2y<9Ha8c;8CA!3H-r_jmkczdMK0$|B@-)1_lIz_mh1FO`MKa8nB*xCUgiLU}Fc8d3f3Y8z_h4a&fl z7XaujIB#kyI+=?(8?3J-53#Rk+nR))oV>0$Gn(f;Jtv&%lv}QEDE@A&X)&z5pikhYt7Gz9r@s%DPYD4Z9&vgWoqIv%gkD?eqX#%eT%tgf z{s=y?&jVD zMv$qd*_PrTTTh~$zjwUw&9ezAC6J9Ww9V$wB0{J>RJO0v)?OfosSBj+g zL!bgN4>3JgnKs`b|5Tz%`TCsr1w+C~Q9}pLhiT>ZH0re4^)h}UH`N_y757jhpjtcc zY<$!CJS9&y?T=az$!3?&>kveUt}hsueLYW-s36gCYB-MQ!;Za1bx`|WDj0Ny7Yh{? zXWP4yO5h3`jzc(}?7nkwE-BF8`V0y9L7Hv9sLi)H&i?}v@c{l2a_gybqvB+)aIGO~ z=&7BYArGSLR<1E{?aYIO3s3DNeBXBFNrdzV#MhkThAW8?Lq$_ppC0>_7(2M(IV-35 z@CGRWXpv`WqM8m+f^B?$4TKvy`Ll`Dz6ItAyPJ^85{Hd8J zgsf5ntF<>9w1sHHQ+`t7Vf^Wv|6J`ays2#hajb^uuiwJfoC;H@H=5voh+1=`(k}x% zL;zOJv+dpx1GSQYa&Y}Q4Y>>SkXl2Yl|PaQJ286!%MPBe7ye#yhz>N5rv)g?rk|&n zRcaL9zqIn68>$1&JqeYyKXjgbTYBe+Ja_KrkA!ZCSBK_lw}-EY(TXKj(oYek1?Y%Q zbwM`bGxb$=T>UUrCsC2J!oUgCyNUJ^rA@ z7y6=R{Z|3^=py>AzMWtAcc(Nw#9{4VWY{p}HTgxsdaoX&5r0D+XdfC&MJoM8=EmUC603 zGIsBLNHQR>fkBm=J)QE;c=qA2AeEY21_Nlh`6ql_X9QC{b>Q86T-a{x&%g zDn3hQ$MRJ6+>bA8fF{3gBA&e$wD=N!h>0pwi1tz>aPWX{RKmoYbkw|#e6zh&jEz1$ z_R)_n`EDruF6CnM6{FlEwsmue~cjf81@>`I?#9gwf+$M(;qq-F1O`#Q*v@8Nul{mM!FYq2P1*|z6ac4 z82ghRi%1n@_)1JraSW&_8GVX=8$9sr43&%GL@I#YM}n_vl9F)^XiRG414<8{9L$ z8bbj0>5YRUA4)9{C}EU?#S%T!Xs(A4@iT|tX25$6z`rYt)J30fy!}O^pLy4eJC2OR zEnm4Uu8KsPhz>~x^wJ(bW;DwN4c!pkRXrxv*ix!ZqkRZM~>zdrh~nQFxTtY zW|UDyAUkKxmJdD^P^*^~u7VSIy;OXl@+f@6V2`@dHC3sCC)n+}E7Bjlo2hFbm+2Y-^T}UZIr^Lze6MTIv`l*@LnvaulFn$aVbMk@^$s zC-%qHiQzBRSLcJv%+)Qxp&cw=$j)RYksnV)K154dJ;vW-kBo^(2Z^;#3T*t2Uawd# z(V-yD78Sq*yL%w-Kx}lwb1uN+(xZO8V%I$+NyIT}hS*kru&5t$E$ro4ivdPGKXB6U zoVPb{S7vAk$_R!XxO}#%TmABpCPNeJ!HBnZPoHzqA#DB=RrYi*{>ixG$LZIb*D0IA zM;vr9N2SULifJPV@5JA3L|SY*%yZS2_*|xB=Tu`k3g^mm4VhU9gQ`-_vhAB=uCyl( zI=7Ii^g|KHR0rq!OTC9B;MbCW`-XP1Yt#?lFPcVjwcq@D*5X(>cDYw|${N#oTvoX; z=va?V-B3D{DbvEfY6koML(4xC9D9h9K@+Dh6}g5ONlx+-;X~lsb~T*$*k9c*s?M+; zoaxyi8z^qzN71=&?y_ zZVq{MSzM*%uh~kZ@^PLn=F3KCzna}XoGL9Aw8dHLnx|RIOEa@fa@adfji=dr`$HmB zve=2Qmd}D?Rj4}l+1^~0m{Y)xnq=6Lp;p7|GjrERmcaZI)&x3^f_g1(!1%zONU))=bZ-xCHjzAobU&L+2?HhuuUi`@!c zwg@%FV3WR2ZADBB{dX$w#nBJ<$RTdIp>*04YrZ)VcjnHG6jl5@dK$*fIs6#2`sE3Y zrQg-jDxIKTDWyxOFiH=L&wvf4g!cP#v>(GESH!pHohpc>1_uv%s{V9WX206xtpvMX ze83hpw~_A}7WxFb$Lx9q;m<(aQEYg%li3Oc`YVWra01BR#u#~h&muXeJ4@ zlfIpv%lezjO)N9tt8Z^)Px&-SXH49D0Nl3`o(5N!&qcqt-90GkfQ61)HPD0GPwF@D zPeZniJD#ASathN8?fNH3A_m)PEAHS?+w@tNJh7kSSSj zqFno-zba_!{Xg=cuPIW^-le&A<+TYqPijw9VA zZD;az@-tgC>Zd?i_}<+&asQ??F1gj#QifHXAL}?LV~u28iOcCJ>;e|&cg=q5_ALd>t5&EL3RZmk5 zy=ec?(p3{}JDYRq;Ko9`lg`$Rg3fN0z1~vfVSB0=2(3SMk zSp>;bYaS7<=e|tih+CU8`^S@0yy?r{(scjQ^k2`B?}lq1rXMkcrGLi9Z%m2J+~^<0 zc_ZD4|Mt=6x5ekO>QVmRy>H~(Q5%Zi6$8dk zB?6t275mC-#?#-0Z(Y$^JQC-UsQO`mRj75By3lN9&ft%z|3kAXl*!#6-G6(9Mv|qb z1P8YS6>i8y`9Ir>p+&Yd>!5bJWSL5_|rgXOM5)yi*4m#-Bn5nRw z)?W9&X7+0{^S2$3P{YgnGetjB1a-)JY{|!SJ7x3B_t%EvF3`F)3(Iv6Z;u|OSWY%H zt4%jW9ZSPe$67l=necQz1R-$b~muEYRmd0lE zV$eY*>!{S?LfOh!Q;4ar;tG1o0Nz`VI<~hbz%V~rHw4GhmS^`-M3e7RWp-#;mD(}S z@Oe1B@n<-pWil+Qb-1-?Wl$szb?!hl;D>H_q<7rn$I(gY<2I0Z{g1j0>XF=Sfoj39p&I!w@nxtHHp?oFQ^AnD~g}(HeMKws@u_Z+`1X4{OkGeKNUIK74|&U{V-^&3J$A1-RWj zBg{b7PQ9=~0_E`LNyl%SR4X5W8G2POO8EUkclvpuYM(SKo3UZ*Oy5AC@9`Uu>nk^F zt+Ie&wpKGScPc_?)LDepM)_eh`0k;>EyH zBYB2)C%ILxsQr(W_|p`#yZ+$IkWQ=~x;4lDRDFxW^!qC1oMX&-&`?!2Ie%<>nri@m zWd!MnX1pkoXfdeCTjvrhDMaek|`Z4;O+qCA~-+>OkCeJLx zY`~>sTgE=#zP80s^HS&EX9cC<_$BJ?xbgG%1}f@uQy&B1(VGSb{aI?e?@rGx9H#`E z)%ovw`-F4fM-9>L2BysK-^`uteCI)$7-@R%K+Q0~S5719-S8E%lgj7hK3 ztsnhn`NZa4A#nypVCx@w0uQK^U~4Oht@)`8+(d1}ND1OW&0i)>=CvoJ@n6Rm*#aRx zW)&q=&tA*l8bKipO)j`I1HIRLkWJ@Pf=S1l%FGcXY2%lEUu_!{(b4^#1E~3a@Lpdr z;&q=kRupqQqNg}IdBqrSIPQ2;{DaxtnlA0PD8Nzr00L`#aelPXyh^r8DZ4R|=HX)) zhPCNaeqb&Z69D6Xs**J(Np{X+N${Ly+n*7CiXSxZxvg_Pb)>Q4`Q~@&!+zoefNN6Y zeA%UXknx2LSp7J(Z_fWiMZ;$v9(SPwQ65PNR6)?)I;inwyi4}8>=YxSuO^`GaPou% z$kqkMSjv2H!Np@`%IZP7GDav|eG;~te=kUGvY~d$zy7n%m#1-%ahInKC_ExYU|Kfy z6ny=LXIeqyK%0$@XR}7o@2K%e{Fer3m-1ssGvlBOuLbbt!Gk8^ci+}`PN+l97L$%yhqaqTwCTD(xCx4UJaAsV)Ue;`7UTl7+O$IE02@O~}}& zxQi!O5n>ac7cjneenSEqfU2R9pB}g9;e(oBh5p^k5BO6FWr;0pfd_=D!B&S_JSO0L z<22}K7d26?dxm`sdX!ae>fbIQf;#s4US|8%{xycjwCvRQyHhjV!jrmEOT2EO@bzVJ zu~wVUNhF59p>ph=|E5@H>+H>~QDND2DOPyC15x;(LT}Ot1g2n$ZV`@3rjl^Dj5)U+ zp+xyC0ezRl$4lOt8gc!11Kr1uG~{O1fsKib-Jds`BO`>;x}GfCs|O<5A=OQ_NmZ_B zxti;da&Pe*-d1X@TiS3RLRU4{OLDdAjyW;}A665FmE%Eor`^9U=7{xU^z5gmiaL7< z6u7e`n=@$l!T}m_FPt>_e{GuprTea~<7bi-EEmQmieNel-QRo*tT8v?>&RP#uU=}F zcc2;@l0LiHj|f+Tb3eE+nhyu`FGP6SDT^$f9;ash3- z2}72tyNh3}cBbnuXUsf2YIxY;Ye3xUVEu@a$m;!y@Vfs0kxWaVBVSN>5wqWXqH0dBKEr%WH(+=Y=eM-jLoZ^pyqG zU%@`GbysflJ`{K{CpU*;;I7581T1xEc`HpGGg@2iTxVJ3J*PfAz;AC~2-@+8LmdeI zrtM}=jz^_fHnQEm3d(WqG^#6KGx0S&D=ww^hz&4lWSl7TxaCRjAdWvaSTf5Eo|iSh z(dWl2B_0wUfA9`w;eBXq{JnVl;qJ%s2Z!0rbip)dP5>C?-$Yta{9THwk(xK;kQP(F z*d|y}Ty5@Fu`%?0?Nf*L#IPopSM&EjCk;q3)n^J^y<>UE-6+Dw=m@HZ zDo+N$PD>o5%j9_WbS>(I=F);jStc~jG|i=bX~ts%OcV2npat~hsrs`+sxC7T?-qYG zt9kKft-@INy?SPv7O($oQVDcPR_raQBAx6zU@aqY2wb(_S<3X8^uJV5 zXCG98_NMtowT-i|UCCv&2vu*81MyD%?PYs%Q|NncvcN``3c|p*U&u$(4?W^$KU}|> zHhbsj{a-^AOS>KQ-YX>@caBkkP(Q@4e0*J%6L4OU^;0(d@`NDp?`ZW&uwqGVuB9bj z0vqIA%qvwoJB6vCy(EgK@6ddFWRdp*&9b&p%TECU4*1Rn@|rH-cc0MwRDFYRO*Y$= zNxp(drH231hP!*TDrhmK|oYl~*U^gAns?ppj(LeM74Ybxe+cGY^^ zK`DAZZpr2`gorNXv8$1#MJBTbAKytoJP5;YTNk)B-HmbRRFt>t@d{@ z$6kuZzDM^h$6F8T>T7?>>4fM&v%s%SL=dl-5IiAsA(DK5zuzX5wss6Xim$NM@(U0P zUwc~)dwb5n(|(HbGK#v)=Tn4nbn_@*S;m%&trF)CN%yuBzQ@#i&HRouc>ODeCBUce zdc8+(cO3)uz_BMoCc=wj<2=G7rh>3eX z3PMa2{PQb^)JoIx;;F`OzE-!y$yOV%H!zt+mGJf!Yc8Mrx+s9* zB^En2M26$b!%Ih?^d4~L{&!{!X!Y1xPoboCnUFg1ChKMM4%OhmDYOu{&jW|8d!$H7!y7yQ~{@xXx*s#keH{6l2-TLZgP8!uNi ziMi&P>$TCJZPWCIiY{eY*t-@T%<1s;E0+i2?SxvtD|ZJU>lm$D7!*zCdL^DiZ%kk6 zG2RP^%{aQ)9+k6vmbgdn6d9rAYH}&oSAvd>*a-;`M}25$I!qS91quxQR)Jxe>;9&# zLq>brA%YqX$Ohl<(336HrhR>R+ZRUygBG$yQ2cYv=gOmx{b^aKzTakr1s$zm=0d41Qn`+p0eQspHjlc(vws; zB#$8F^mS~tk7krk#yuXONk=}>+czWG9D#>6LOZV8WjJ`H3`#y%j!oOqrFDc~%tCBB ztlk?Kuqe9?z-`1poEg@!VyoDh+DSi7NJMYx@uyA@yQ>E04PbL+*Lu3+acEhqw*ey= zhWDV(weqwBee&>q2nFx z9wI{;NXBt1JB4pboMK=ORj5WDFUj4mJH0VAzDq1xsOuG7Ea^M!9#{yqBiUDX;cgM=?dI)RE18JFc`Zx3)d^PiiragqVms7xhKghkBOe%t z{B_2Zxxyl!fZ>#_T^GAE-S=C$oR7DEZ*%!d?3@E}%)I~{RYYhH6yE6FS@ny}IKIZd zqa7jAK6i&M9|1(B>3ypxN#Bsmak_yAUDY(Dawf5l~+4KuGQ8P9E zUl+$)K0XQBzd@yQun*{`FS;JNO1GS+gb73T7Anlz`u=^jJ7bqQo5g>kH9n@ny}6gbDfU4x#CU%l|1O zXKaO02w(Zw7$_H90hgGiu8YRXCrdFdpcfe0Uu7OJp2aGMs*R0)7->8V1-7u#zBUy1 z8vw>WrKDmO=`WKV#zEcjvPO26#Ye1Zt)W?_aoKEuHPqFB+rQKTYz~OF21+|*GGI8s`dB!5)!JbZAtkD zXXxh-gQ7t5LKMbUCi3vUlL9JwJ)E?E3I`tAHDqwTI~FAw8|<=BBAUwNwNo>SeMG42 zu7=<^8i|EjDPYC zK;t#|WWgh5L*Um`wQeB(5?`3G4C=lypwJ1UYd0TUSh2y%q@Bn^p;sxM!9}|}1b)nS zzVhgt#cMGj33@&nU77#`z;5uBZ}wQQG9HoOvLo0ujX$mi7*?47Ii(${x-VLC-}Q8u zr|ets3jE)C^JEz>Pog$SNFP&Jq3r%yDwc36_I^H-VR4?aQ(|^Yd(xR3(bGkb+EX+L zNvc35Xl7b1O<3Y;7{wd06m2kp7juPO$QeWF+Ishj0c<`?e!Kl#8jaJFOxGLRfYX%q zwMsS;c4YYWA7P$c>Nj2+yF^OIzzH95ySr46ybZ)Wkc0W?3Pl&eSpx5WsI+omFks5L zL)_1d4$6*6Y~TFy?!sR{_bzpC&jCTcIU;*Nclw1nz1Z&zg)-EZkThP3JFY$orbMy3 z99t^B*weM29zUN!FGT0ayfMNBm#g15I#4;5#tp4&12I`qghIE0Tj24#|E>paX#dyk z@JCWHlum`nf1>P>q%*^SKP{d zvxoSVMnA$~f533-H4=ZTvKxQp9>_EMffk^6=Av=3w=n!+s2f!O2q-J1)W@&R#&rp) zLbl@%SgsUucvyaV4LpAy>44S{@Fm9l>8FsQgJK4w2fjvz8Ac-o+iw~AO zjD4KSwly5wt~{pvDu>v%^b5YY{FX6#lCFiT_uUtxNYc!HP38j$#>NYs>2C59g`tvy zi;81{!K5=V8<*dOftCl*gb7+nd{f45r)W*tq;;`JY24rtJDJdybRmAQClT~DF*LNH zdpm|OTu{}joKH{_p#!+|PBLIPXIc25$6KwdeeI!cWgB_f}gUH??+*u#C7kRpOOJqM@9#xNx-d^4;a*)l4C-$KTW z9!!nRKefJptlM29v&~CkGepMxI%pB5qqym~cb97%aRp~lEGuyZMe7;jiJ-iKaK)%y z4(hMmE+Hy6cRX5?qO6aRpt#8wVbPnFDJ{sv2;kdOJ5ul5D&>~)`&!FV6u-Gfj{vhh z1`kl0NUy!*3anAmzTNR{E~<%&p&95cRA@wu?&_!bvVsQi$d8l?L&=Im(<1fUN^*IC zGzW@Hg5|+u9t!#Ch0poQp13gsDHFx9Q0_&MH_&NizQriXgZ4*x$0vY?UX#`VFW-)Q z_A1cq7?FBWt;yLd7F*5zpjvyaxj5Uxck#9AM(d@ThWDhD-4RNfSXdu$E?pqGs>&Ln&G;aqmRUv|x z$^PVxfoW6ZVz5?ER3!08eJ%T=2r?^%`v6uI>aHp%n)A%5*6Tb{9*sV|$Xn3oT)DPg z6!`fl=9#^S(@As0W+rYo2KK7LSj)K*F%%px85*~z9}X*fcArGJUMUB&d3Ni)yqU0< za14V)k#Lfze|6+c+MoDQmKQ0;GzQyF&<;8Ov$XqUp(}zTl2&4pY=`g9=*6g4CxyDn zPYQQ6Z-42uJ=<*`b68-023-}xF7izd^A}bf}XgNcaMqmyvrL%UWYxALOKqV#Vteu%6 z+)iIF-T)a^Rd6oGzm8@{auPBeFNcET9sRP6+P=o>bp#F8#y1J4F0*4j4WSv~B@nmE z-5gLkT)}$8R#j58q?a`u5!j2uS+Kyb#O`1Z_7y z6C^$?wZJ@01-1NQFRZp6?qy7l+J2tT4RPR=_#=|@urbcOp9Ix00DDXB7=+ux%Hqs5 zM>Vs!8TB}+$q578uwt}iAct~1?8z0%_(mLV9smhb5G&_4hZ`ap)^I-nlOa9C*#5E1 z$s{(qgjVu$6Q2z8$?kIFv*?M}Ga!cxtcaDsXP9pV=+<@V0} zTDN4cs!qYwtgN-amSwgt;^N}G8@=$TeoI_eY=;w9oPni``P*#%y45L&w`V*U|Hlruj)4qMXE;Qix5ZiR7vcFeH zTYK_ji8B`AEtZjy!A-s}Zi8}#!O%lzP6wqfEH0`q3^n?@dJxd9@&aj%dUtJXG7<|~ zy~oP4%N$#qq|H)Ou)MqS_+0W2KLM2aix-7M>fX6N=>0A-1`R#1eemEdUSl`%<;!pQ zt4I@XB)Rhi%H-Lz&vsU|jv+IOjxFQanulD77!wg<5AHwKNBRyjPHqc@G?iEsH8p4wB8K8}VRU!iew&UkymxciZnu2J&Da>s);u=cr)4YN4!!d2 z`&5$;hJoTT%hc#&zC#}U!z-rId$8HTJNAa_=&EVfUgo0LVQ{Z1Hl(q!(L4Mk5=a{# z2=EL(k_;MmGVOQ)(Dv3k(LZXtY7c2+h5Z98Fh)AcGd3cRn|GN9ydpSkxzN;qr%$ta zGdp;uF;!y^?@`g(V#uTQysUwR2auOvHp?E?0BCM;jAR4~?fzilZP0EnvGV{{Q%CK> zA*ZIdZY#BHw%6TE!ppv%2VJqTu~F(Jcj!}SgvjGF+{d83S(YM!GNFL8Q&No6lRN=v zUBJ8&cQ!w-giL))NfaV;?B$d#Z8GKk`zf`vu}os1&D#DM-JRYWPgBFsFn-+~FLw~Mgj$ww_fuw&1Q&q@yV~#cC zdcw?N^9K4rR2&pDzqp-8{wonLV5U2mq~d#k1ksC`a}=r(PV+Q`50ypssgD7GJK;zB zL~hdr{8jSf`E9@32|os_>u17xW?wh>F?DN%yTJFdv~(LI2TGfu{Y_ME@;V)?o~}Fx zbJL~YaTA!EY6?>W14@`nBQCvAe2KhbVFrAWa@C}oDKcZTrIRL_(+k}{v^!M&@Gg>X zT{Axqc`3J2-kap;PSmkFweDdf(lwdYqIsm=dMb-u{~!n@Vr({7Dk=_)ksOLA;2X)|D^|M%Hl)ugr|=!YfVF1d>;dZ zuPylw%-;YAxjAbrL&t6JkU(^j3~&654zn!>v*jT(y}*K(_B>(HdPjQ&T;Sm8K*^vl zt9<;z+(MB*`HVxxCzO5=JB&HF6b%p%!wyffqJk{iu zU;=auSpxT!&5fwG>oUTv&a^h$@w|#5lN;s{FcNXo^w&FSL(x08PDMBUL2nE3e98SA zy0g^hFXQ2w2n_xhNObH1s}IR8g>x zSNrbKpX1rBHoj()WJ`4eXc}QPp}4IT=2$JR1-*HMU9 zc5vbu;(_0XWSM}IrD9%MtCHu|@K1Hpz_3QKt;=i@0q?|?7nt*F$KKQ5GI6yxv%t@U zD9Ml5^rN2ntCWbOdq8{^K%K=%NHkRIgbsM~DuW?DaYw*2JH$)eQ?%uFGJ zAM<49gk!_FrRTuce(t*F^``Is3T8m+upVWT1D{oY5vj8d&{-)iC`EPoZntRDR9lUxiZSI#_5Suj3U2ci{j+(chpL_7}qORWl zMS*<1TgJJ(>z*%bwc!Yz=riwjRHH-Bt*H-Y%qR4u>C(PqMZz)nh1YA=W7 zcJI6SkRqm_yVKs~W5!ZYN@n0;+4dh1>41>0X1U(ZU2lC6))xJG#}QV!HT~MFLK00~ zrs_`F)E%*47$?Y=ofjqe`G!jpq&$CXx!Y& z6#a%|)BY%#+T~JNVv{dIT8Fs6G{TPGdBnH=^)h5;2o>z)INX>d5j-^*$06aMy)wnC zj5(|x!ilhphdR1OJHNv7C+lxM4>)0Lm!@Fz7a=<{Jr5!byQ%Xy;B>gdzGPi~Ktxog z-FI%k3ChX&_;FFvn3y2(;Of;iuPWDn0Q;Zn_1w<67qiT_C7%@KDEFrf8aD%&g2_L% z!Z};a3%=6kpDN^o_;b_LhbN?86GSl6A=jR<<9kcOC3EDZ2tCNj1^9jrFMeezm;H8D zP<3Zs5wt|5j)9wXI4(n4M1wE72a|sI(%F6XtHe)6wR%LX?x%H&*?$0>`epUzt%S~K z-0{Zokxv;uMjuvccs0<^LfW&qL#q&~Y@}vlY_beNM~{4#Iq<4%Pa% zJI4`u7-u90l62l>a+Y=F&vW!@iA03OK{9|(;wNH=IGrRBGiy;>9)^Exl28D00VCe;<98%g&kW?vE95#`l)7SpmUcfS1hzs04(hL;{U7RtITT! znVlD*HcB&HP3ujoSxO=Q?8S?DLlzfFSMm|{DlxmU{7N^ZR-#cZIi+?g^k3S4@|Wlj z=BG5g5H7E3I#rb6R0ofoGfNlM?KQA2>6#heBN4jgI+NS>(f&Cqj{=W*i{*Q257VdC= zr`5k-3+vLGKF6%~kBp26a>gCL`)^L?=!6Y<;hIf&#{0|&{nGenB z#A5MGCx4h8=-dhjsH>|J{U1DZGYAN%#ngJ23jJ?92DRb=B+A48MtuAKGOGOl4btO| z66VlPOw&7yIf{MN|AF3tGr=T-e4K6M7&x*ux7sOP#i`wPae^6{d+u*9!d85CMy$XS zYZEn!OmKzd`}ZTaP}@%S>GJ0FmrRqG&sYT?SAQ>W>NW*ZAM3qfSlHOO|Ni|uXaKl7 z&h#@_$MnWM%Ig*Sg&;uhhSz z8_u*!Ud(VqNt_2xPLR#1giFE3l7t5^e$)9RWUG7}rrB`P)j`uZT_nURr^QceqP z(j$l&2Q@E#l((8>hVve*tgJ!Dj9vUkE5~J&A&kB(+q~J%RaRR&?A26$DK;kr%5q(UIYEg&d8q?wG$ z)O2b;Ei@3pA%0CLerE~D426}v5BIhlD;!%}m^pz)mB^CNr3}}Wm6ewjOq}h=%ptV0 z@ap0|dQnJ&j(6_F4^=;4DuuU*X^9m50~6_>HD%@3N?;VOelz!52-3MwiB<0vvh2tq_aS|9Ca-{f8`9NKVfA_TIn!os+|p z5Eo}pn_BJHC*>}W#*^L1t(nl8Y zG`iOGWZT`esC)R_spKd4Buhm*jn7mxJ;C5{(Z#{ZA}2A5C3hl?x&rrzWDUXfE|ZYBW4BmW z!GOOr3=qo6WMcX!VZF6Me*spu=wB}z8tQmWTy6OD=>xdit|jhBLX~y)&EKXVRG7xc z#W})sD2U%(UEf43cMQ?&enCHwP+VF61BTO;^}1}X&6s|fqIa)+3XTdY%v6R|aq1Dz zeMzK-dfD8Z=^x;_Lr7YA|JQhxS@2CGnEmna&oCYMksR6fGxM2)0vll&H55PI_aysc6-hXVJx)IK@r=Ba8lq48=F z{Cklq+FZ3~ZFlm6)U45!wJk)~xRs_fUrxubuJM}t48@3FOtraZV(H{@~!UkG~cf#8a zwRo!};H`C|H-RAZoNU%^pGkfW`%HMtYH75FtG}bGMspZ%;O)@Bz{Y~QxOioK!xPr_ z@A&pa96VY3MpOd7*mC+QKdZTHZMFfmHH=XT3UxsO3Kt2pbATDw4ht7R!g4yK!5yC_K%H6WLfz;@wzD4`*zy0zYlM}f}uAy6359ck9lLB z1cLRiyRx`5y@ci>&0NZJS^dob;a|C@8){kW4|nYDU0c4PyZ-1tVa$LyhQL?#$A<$& zq;`{|Te)?z?kY6ruv~r$vF!rqkHadB$bQ$C>UZLl^0Qi1cjs<)XWMsBZS)Enmsd&y z&M);_(y8vi6x(Nf`~v6>>_XkbLbeod)Le)aKQ zZdo>Bkz}1Y&y&P4_y@)e5jy7nIe^eohsi1G73k{N2mHbYs*iTQ5Y}rQ-)9hV{+v9~ zAS6soS0wuRb6zN2dPv-IX|4obdk=!4U7|h$0ah5hCs^(iPW^E&{8zsJ2xVKY)zHYs zq?t&UE&OdFQ{F-;zieReP&UVHriP}(X#w(NAtoio4&HJwYOZ4~T&Z@Lfb+PHu=(LX zNq9(%VbaE4#5{EEdisBX%m0V5+2Z&AMBU>lhOtRW?!hwNaemwyarnOMt|TWXSBC3t z+(CdQ+=~?0b*C#?s1MP42x?rzc_hc>|8dQ#8@vLmE=~uOqN9xD)6m#Bhuc7d>LWz0 z2T;VlTu$&v{uGm_e}$+necaZc2+ue ztO2fzsRrc=qKCb`J!fGIu252 zgo{8PkX=;56%9v%V*%VT7O*Y&6PS$jf)ssG#IVqn%#w8bkom(Y91)@dWX3uq+}1z|J;?yRuIFg2i$G{#Qb8!Ods5X$dD7_;Ac#{8aPi^#}{8K)NM+ z_7Ek?PSQ21--yBwg@qcawz>$nDR6B4A-3*-1!hQfEXsF^QLxxjPekmJ2$9{<#26In z0}{p#lh$lglEqi@(Tn0wImeuQIVMU1##ekY&N$|{hh*(^#pVVUi%qn+a%IE>Mz!&! zOLK@8Kbn&d*PtmqM`j{oQx_qC^qmrH~iopq1dLl6V=G5H+1i6IhGHQxUNs=pf0&^p556Tqinnj~ zoDSwpY~MZ{c!u&S3H9D>a)=SAxVZpg!2mn!inIV{jf@z28(d)@V{v*i6(+|M{KeXL zsfiOVMr3knO3v7@6aV}7?-6662C5q%mm3)Pt=3p_00!-zR=(Iz+9~CP9QOE$)1>w{ z#^SO5<8NXm(N+01Vpd%+-R$`f-AUg14D}E)&P5!WIz*0xQ4PwZ>LhN_gr#xW8U97P5(;3!eJOER$2jN?ZVBS#rqz8>2s#zCBKAAeRZ) zniazdni<^abHU?ggbqH_h<_$_X?0+ebL0%td+6v_9Xe&JYzToh?AYRs`aG=kt6&lvHYV->+rv%a7dmk{9!qU!c?hs_aPa312a z+T-+biCn=+m0#*oua76sPcb^z%OIaFEVGgr3k>&ZbR6-!yLI;ys*zj;X#cmweFCq2m zD^c>>$3EMDh`8w0rh}>Gq%lh40_D|i)6$q}50gG83EWG&t zr)+_S78Vu`&3c=qWviT$EoHNZR#(lnM>SsEJyBL39`=Sr`h_l>u-4b7hAsnsi+NeN zx*m`vSEMn#&HLHh+#X_PULTm{trs{9LIZsAI0*tQB8?$rI6dL=o<_9L0qTTYY?<%% z&P?kjp0-}z-H^wRv!kN+Lr|H;1&YKUJ#pd$DB5iKw{NgSL^sXCC} zkf3Y@*Qd*P+Z#0>4#vhd-*9q9pIUES% z-XXYUtvS&(?OMhxu2BqyafJSbp5nYGuOU|1N5=TJ##woJ`D(~~{5F@}-Q!S!A{o)w zhFXFQ%~_Ksu9P2E}+E6J0o>8GRuPo;G&f}bvtTHstYRCn~s>g{5q@$r=g(+~~dBCXJg1W1uwC{WV@l+)giq2FF>{1>4u@{gA4)}xH+$IZ?tKsbLmdg4d* z;Z10Le}yEIqlgTg1kcZk3lP1EwfJ5V6apQaa=!}>CtOE+P27~x@+KBo39w39@6W1D znp;@gKUXmGc2aF4_9HbYyOWwEc<`r>>we43Shv4SKQl&o@R&RINDR)V6qjvmW&VhTt{gs+DSb$5_LF=crhj97wS=g9z^sH8>E9E7BiC$~ zoTWVE_L24sIP(giU&eViC>1Pa&6~=+d-u+xB9Lcghr``dn>Z)mq}m_OT+=FlcAsb8 zrR82)E@Ia%r>WV!-gbAy2KP`!rU1e{x}=Jcg_NnG4s|EugbWz)h=Gh3aEfqG?=(eY zAvvCWubN1<*w1RRhSHj&HgV8_GBkWAExJNF&#LrJR{RL9VyHS;i+={`(Ae!FypCfs z6{G&QVR2#wDh&$Fqtn`_`-5$DZ`7W>8ctQx=5*(&o`w1&bWl#cnw zsHJT>E|4oSVwQO<5-4;~bB?XPXs->6o>2DX%T+44tA4;C(=yQGqY^7ydGKM&$`*PW zf@FQizW5;+a3sdYci4(LSm_Vie~e~wb@2eD)UJsa(dXiRBcDl=XbakvnAJtpp@(h(&<`v%ILCX=b8+r74j;!+DI2OejI!e>} zhH|nKe0o6p=xA4~Tg$B(AwE}Obd=lgNy0W<({EU;y*=`^Rj0uQeynYRlJnNFYw38i z1_D|lMNnXrMYvsy+{YEOETXXfqbc{inVI_sP4>Q?JVDN%ij#X}spx0ZMc?7y6kMof z3!WZp6Z=!|ab==q$ukc~t2J%l(ACBG$>sdMXkJTW<;7oJv{YYTiCAWe8_m_bF zRjNS(*r`*e1ZAtmw(`>#u6FbCxizvA;RCjOKg1iGUtu@sA0m}v82j|;jp|2&JY0vM z--_{{8%nLI6@P}aZU4b$(!Y9B|HjKGsNUNkPg4l=tb-?SEnQ|u#Jd&OLl9Te)$Lz5 zzjm#-BE>Mc2SU9gh;I2W$Qw0S+uK*-Gw?y47%HZe4NE>~huI!yY93OT05itHcb*5d z&St*uU1nxJuUT)Pd~<`OcWzgfA^{ErV%J82D}%0e0;(N`K>9;AlJX3Nb#A(s&Bv^> z^fo=9P<2-xz41;lX%~%z5lsp1rv;NoAR0ectwlGam#{;`^5mMnYL<@q( zexaJDy=a6goBL&Twn4cs87WlbOAmru|PkGnOaY|49s zipa3P!vGs|JAhx<+vCe5_^4~(+-L?NCZUT1_XdEC_08@O$J_wemQ@ofUg9KeB;yqo zx(PN-37F*;vj@dGASTuW`yoReBaq1=nTo4DxBQ({m=7u{Pf90oeKAC`&Mb6j-|CG^we=QC)xndn1wu8FoUt2ywY4-N^y)MA^tQY2?rIpfdT5 zjh9HX^$MYh74jQ>{RQ2>p&9>#te4GJU^J z`t6oe(}C*snM#U$ogOWG7zrq(sk~Swi^YJyG(B8G93MV6UF^lawZ6LO!{w zXD(RK_@y(8CyoNUX7pmT`Y#@aQ$Hs=`=^3ZaJwZov{v-qCrbiyXKa=!1%0#8>*&o9;_*=qfPF-X&nH*3wc&EtM zF;Wqij{=(=mXq|IFC%%a-v7s!f;)4}Emb1}NjqfzBOdl& zlTT^G&erdH8)R+`v(6Y9ts1jyeV2dvR_`~_e}ZA!&4hulQJ>%A0|14YU%fiEeR(Ty zgeAM5NzH^?4KRN`&q&&@!5n!hJNZgY;)M$rP~UI8$scy>riomHl|SD_jw`bA35u(C mVQW_AdXF_CjlqU2-&o0b?ByJgLhn5w76hbs2t_)f2STrp6p@|~ zsubw~A+*o~XLz3Towd$;&iVDO_d7qh$;_IW`?|}u_rCT_@Jmf)S{fD_5C}x8s-mb3 z0#RNEfhcZVJa=}6uD=TSN8zHa{0vmm$3_4S&cmK+JOzQuBQ77mq5_UDIjR`CfIv4~ z&;BT;-g0_^Ks?*3icfVt&DJJOW7zS2#LY%?c|lj7brY8;8~xtP5>41ip6LSKPF3V+ zxkz}-42>YK0x}@XHX3Us?^^{+O0iPKEyDWRkJH zN?J98X?PGDcYB5rEPh}y46GP`iWr@=DLx@mhe;&}nyvtWWq_B|z0ZR{@_f!*AW(qJ z|D$afTvSg@5V{E#Py1s=PV44%_4h>cpDs+K9*u--DcDR3HB5R5pPzO`ABEksY7tYe zSL6PGaHPA3;@vloaBtS9I_;HC^-BW+`+lO=PmUG_X`UcOTtQHeM@o9?THPd9~H2 z-?iDf=F0x==6dy%Q1|JE{n9Q@=^*K9$c(bTaV$}Cg6z!T`+ajA1Kj{OP1K5=Fa0>9 z{A{BUR_}kLd23^mUdqSnAU(p>UJe?Yep+@Bu`jOVHC?;TR5(LSA8_O8uG6l6wsHB6 zr~k#KQPmAYq?=4bhSmdC zk9J}l#rDz!c9#Q)MMUmupoc#er7r~7@|9J(w`l~Korfw6lrCYP(k;YSk zrhGC98N#h!Y=vAMgbXdQmx)Y3`WRqc6w}7j5ceQ8e~U7Nv(80?lOK5S%1i(!-7v(A zmql!1XPx^umUvZv`%@KSi@buhnd;t+A?mfV@K}QlFD0A|w;pzh+}YnHk>@9%W$WjB zzTaLv~|9dV;% zF%+1&pJYzhq_D9D-LPziUy^%CMZDbVae}_$nJKVe%ey~i&e-Y! zZG}`*fsLuA=>v%+f$7$lhZ#+#SOfh{s7f2gZXCa1Xy877I!}5m-``GQy)g&fU=IqJ zIYP}ajR(5PnKlWW2fw6h9%3xwTi6n~v;U2EA3P1egs9;q(zSLw#8U7Uwp+DJNSF%m z#sodVLR{x*rcBOugFMTx!t`Y$iQBZ{WW^D!)+B_sX@(J4tDX`&V@6i=ag}FbI|>fh zYqeZHTXK~TtK{suoe!j#%p&Euqdj`N-UW>vdfCg=J49|NZkpi(C;3xEW<~J~Es5S# z=j`mt9U47{zt1-1%?y(0!`P{p`6d7E@19mG%MoB$WwAcKY(ktaD>}b zuA8VU@`ARqu5j0NOIrZ99=B2yliL>hn;-K@;=;JyYODb4v}lM8ddSMd_x+Y#-w+x5 z$|@thad$b&<+Smr<)Dy5qVT!?9{JCA4P9{cwn5e5d|`7aeq`#XMh|LKSBv^tet2NY zZCq&Hu1abE;Kiu)ol=wysT8q@y2o0KI(<{fYg_4kGRuuw zaf>L&LJ?}IQqK*aTRd*VyKaup=+?ti zT0$+0_3#_NOrQ$}c$qOH{3BaE(lY$C%RTY`(yv(IPled9d?(MW-Xtj@^HI{c5_=^V z6O{C8M1GA4?=zNBt$?6;!tOU(uXsej(O zW_8cXN&@KocTS zN5Us^^aGuz`-k-a^81laT&x;<8&9kECu+>en@Q-j<%)O1BrkX&?BvLwy!d(>zVpo*+D|C*Wj0rczH_JBh0}Z~ z<2~Me*_9S2#>(Q}k$!2(EEpB*7-x+ow$r0<9XKaxZ1fjBK}Z$>N=R^y=r{Ax_4F(jrhW$xTJR<#uwP!PxtR4ujR0z|9>U6C}aylmG-B@iMFZK%q1cer!%?lRm~_Q|dJ z0x#*4!RJ_++<06z=WoJ6)!Uq6VYw%qsB^B7@LR{h5@^zWzNxT7t)~LTokh?g=KgPO zkJj4N{NCR;RZ1v@Y|)xn_n9Bhcj^0!OHae<7MHhJ+s$*ADkL+WS1U};`-!_IK?u%LbQt+}lS`5U~w z#ww4l4(8)l3}lG{SPnEf;`YcWXQZ5Vf9U37nFOH+)^-w;uoiZP)NGas&E2Hd5FHd zxQRNn7`iBbOk4~hikRwLS^6Dz55~&}x`FUf*qby6_foA>ah2A^SL1<+rwQG&9$Yhr zGWbgG70c@RCEy!nOxxj`vy7amy>+w;*Yu1M71Yn7X}X@jG2E^tk83KSo6vzn>qlJr z$N~+6jUKku6oJ@{eGe(+u9r@DM?+s4&AFG3%Dk2Ryr2~DBr#V{uoE?cMYyfazG^!M zN=ZU?rT3bWS`4RP=d|m}bE@TG%yrcDsCo;N`xw?YrAj<71`H=AZ;xmM{p1PK5-^L! z<+u9`t$~}C=4I<_g^S!H|A~aqge|KC;MWFBppTLhu9NqMqjCuoeK`RHgZhiS02 z)LpWr>mwtSf*Z6_)ZW}%_PWFH!dqy zxWSdtG5u64JaZz=-`8UYW-Qq0lNaB?`X*h8$D!Hl$kn&OKMy)-A4gI7mO*$5xpBZM z z_Q*}MQJB`xJ>9iuuXtDKijT_284BDn68y!7pVtIdJBgC`+1@>8I}=rfG2I1WGt(69 z00gj;wn>@XC$+b7Jy2gb9h9c`$6?cZ;}}5i*Nf_^ z4^EP?z1nMiBCgV|&^=pj`c1?bOzTCcujO#WdQ%gLR~wp;0%ec3Z-H;x)!(`%=Fs2N zYLhn=h$1kRkgGxvzec@nGbd@ch8lztF!oo}x-LGsw@8YZ-Q&pqC_YXHQV=++&P5)X6pI=MY-y2W}*ni883A;_wS7RaBeSM07xmZ zcW4@Ri2Y6JfS3o1W>j`1;bL{k!%X<6s7{OYfu0K#9_4-y?m7Pwe$`p@~CG(rMU*$P{Y(pxN>`NoEA^qqt5CeVQDNOL6pAS<6V;UW3Tp&i^1!=T zRG|iM7P8c`7Q^Lgzd~t$%Rw1Tpk6LeyE4qmEz5smh%qT#x$?CRmBo^aIvHz5g^w6P zIUS+0URhAmff1Cl%pa;?tpE*MHTrv?Vss8|lDKZBli9edZZ(HvfIuK;FPwT8@)P~% zGQB5ygMJ1mj|ZBU1akT|UTnh9ASwm++r_)L$bgjQ-7h!Coadu-^D@8Kw4Gqp5@Xle z4{hB$L0@btq(RgP?2qy8r(N^)U^rGcE~}c^n!0v8$LqP!8*jm$((UtX17apbxnsf> zc>!!jHSLstv8j{>@lC*B3AZruY=aWIp=Q@wr!6>rBajmnc)DF2KND2AwSKMP`1!32 zw2_J4*AF-bOR(3wdt^oBk~4{!%1OQa^&c?_GyYplDpSD@Ro&jh$%<=$TJ<5(uMGmi z@(;I^5tTzp`rpcP9S?CmVUN53s7{+a3sYt4E5ncwGzWBj8d52i02CwK?2mvdpu$n! z20W*J-Y%hqrd&|6Ovev)&A-Hmw{MSS(lfs4ucm1@4 z_5~A{%6ivK{!@~4>QNuV!ouw7n`O3#nonVS1?y1gMl;76qLk(&#Y1ZE^H~k*!g+JS zSkvv4F!|VGlf2$HXLXY%VNRTdVq71M6MgtOF|a>+f~gKoHW-ZYPA(v$Z1Jd^iq zWA2V8F=<_&E`efNuH+t1w^Y>xglPdL_b`x?Y^T+$;l8%7SaYIcN7fzGZZoB-9bg8U%l=G=@!6)A>%R!mO2 zqF~@LCPDJ|)uZ6F1j;S)ysJ|Oo1>jE*vqvHffhdxmQy^djY^0><(o6@Q#G1J*;LV# z{)UN~6t-)Sg=cnZiz+Sv2htmBw^~Weu z*11=#JwDFliBCZgMkIQY7xkYa5>T#>kYZfc$co$B>(_iOzWlxWz-&e74Z5Q6D#GMh zyqqO(ZNLWzH-Z?^E;s#SVJ+Ye6f5k+IOw<5UH(I>zrE=wW_;A;hR+!xKUm|2e4MF2 z1dISeI-UM@xg&vSHVru`uG=x^%t+_gYpt8eCC{IJR6C6U3TMY#i4>Z(hA>tyd{1H(|4#ZZcI~K*#4Us0iCvj=xP|{o1b; zG|$YrCN^R+x0_spQ!##LpY3joA*0&4Wn>#fx$GRO_9fwYyd!FJ)0qux{ zM~#*YKY5u^xlSo1OxVfs95Zt1>5{sA@bhGm9Lgt+5#BFD3t5Ox)+Y1D4&Ij|_IwzS zv=Y@Dv9o?TM{b%k%&Ov6jda>;B^}6n9C2RV)|N6=Mv@^1iiYN;wNF*k9kySl6n-3i zOo8z{o;A(u)SJldSND!LVRR5FSxv3u-@MYflxVM58EOV$i-~S>3~>$aO6uSarNoU4$u0*yvm|44E*Cf%L>40Rm)U>ZRej;$}PzD=m3`%=B; z+MMP%G^<3&EgE^+0d1pZtah;98G0j}o*$Q$2#F<;l36QjJizhAPhA+G?cANd7ua~< zsu8`A=BlwBz$BUcl;F+4(8jvA9nwGeDw^X;E{&v)@P%Uu9;dR}jLz}%^Vf3JanNqi62Hv=Kdse zq_7I4#qaQYML}|NmO9mNw1<+11+{}AV!~EGl0p!YV^d>NqdUtKi{Ikna}0`;YhMRk z9#0m}?_{RW`Oe&O8!j2sJbcY17lXkJ_~TG@LJv&764 z=cXRCz0{wOqn02?-ocHS`#FInU~*`St<770_38of`a36U>PexaOO5~Ez>$>1;$ z6KIJYqiu_I zZ!}Z80)xYSj?d!H`a~B*kHxNj;rb|${z!FDhulpHR-sO5)5;!XrZ#3%=_Ry;{z?ot zknKo($i4=8(rb-d&`8Xdw2+<0n?2Y4U@Eg~Q}{)%pqDp1I4Nixhmw%zizg}C>0noH z+hCzRN2H-QP9bXDQQ>8~ndR{co*$z6qp$Y+Y_`@z-CEwrL`}_$JpRu{HPDbKLh#QI$CphaKt76S$&(tiwh!)Q@U40215bmU9wBbq| zcrOQ6P{l&lWS2#erpw>~8Rxk~w>XN67PyeE{}mz=6JXe$&-RG!oB=A;0EwCL*9A9v~H!ItLO4vHb^aDlv!0Gion%b1@1q2`hYG7_T>rA{`+K82w=;)mZaLX+1(Wm@gJv*slczkw=hP%&a>v;1~&-HE8 zD0Z-H{2cEP_2TTVxp3drYPSq)=a-fh?4T#8#23fiBq!e8$trUgc$4+YY{3BWPB7Qg z-e?-fukm$K=44CpI0m9eF+8~fWxQiBOn>t7Hlkyxe-W8~Ns``i%&V*o(r*mD7Qva| zlW{=rWlbmQ|0GX2!bC2G^3j!EZk+@X)otk+Va^-e&}52KhJ!gt=p2*GWTqk3{AOHD z-A|*~K9v2Sr6FYBMcyuNRFU)vml$Fv3d0I7dtyx~^EWMmKaA)+WqZNl$`TB}{;7ba zGu8dq!a|1j1IQO|T}i+9%cX*J9m@py&%mY>x?}u2~nN%v+X)*`qP< z7oFMSIDQaDsUOM8?7Gzpt-fa!i|_WHNsz~MYz`o}<3%Xs!}5NZC57QK(B~{J^I)Sg zim0t{hmx(^^2JUvA&rL#tDr|u=ha){tc8!GZUbg%z|%7;$Y@?2lzS1-@dZl%23(#2 zAMl2~B|FZm%kg=NNF(q9{=W_Q&LDLvE?R`4Kc?YYq8NZrLq8^){Co_l1G;!bf;X4w z0Z_zg>g(%wALgj}?EWdx2)D7ZfhVP;@U1EgxMvrE60e_4gL0DUS8%$4fx&=gLPEmX z#mS7JS*qc0tgMvq?d|PoxsT)V6g}sGSMRv2p8Fl?kcY-t%{a;0mFigaifq<6fdW)d z7ygxJw-r^(*W0jjk7R$Uzdk-tTyv@3kB{a^h>!oZ?2&epfWj6X9C%@VgtJS(hChI7 zIo2J1QwU;fu$y?Y1e>)0;nXShL_S<7;z;2f+e@Mr)nB$s1n=#&jL2j-BVi^FC@IS% z+Z*P9gpA>q^UvubgwrGwhB)FAk|Mk52JYr4^7+& zU7*<)o2a3DczZkG1{Z`UnYuyuAbuRGm$k(mhhZ;{Mugn}UC8Tt^IB3zD#1ErNbNbp zPX2QZe*|Qz!pv8P7qHB8%#?J8b(hheuSxOkg`tI@T)ji>7szLluoduCPr1#nQQBpC zgU2%(Vw4~Y`D6vIc##7?=f;Oa$IMHQA4u`qxNl!s){jiPg}*V(SMZ?eP`x`7ZS?cS zfGx$NPjE}a*J`I;EtWF5Iy|M!_b4n}LcH1liV5>dnV7`t+pEJr z_a`0CVu0n-!<7Hoi~sdlrEk82rCBC43It4$%o$>hJ=+hZO#Tro8K?2vMGE3i*o)EC zu$1xX06DZ-ZBqO4;lVYbBDugY;>~!h^E;|Tj{|>Z)t}1DbY+jgTxP3F4s7XKa;@o- z-t^5wX79fR&pO;wJ$@ElBTQb;YZH=vrs*CD~IaBP;4|9C%_)z>?Fo2^QFt6NrQP>T; zf!1U*uk=facZ8wXM|-xBe?R6YBEnE~15;uy*N#syrhN23v{Fn4C;qZ6toP_B`vQ7b zx(j&;_)0`YIS|betI@?-&uFFA+p+m@cg4Jf5(N611b)8cclPB-(!cK({QpmPy}l$m z4w?KVOl76+FhvhP?HgJc?FyO>WGUW-EEwJMPVjhk|IG9Ta+O~H4e!aqp#;Mbouo!( zU7e9&J=>3@009L`!|zGROD*Ra3`6~E_t!m2LK`X zOpGqc2VVk@qG|sOnsFYuFJdYgd=RFQlxAe^<;_M-26 z4;$_1@Nc5~)wNHbsN&+D6rhwNoFY5~LRvQ$=s_lo$p&0Vk(^%~=J((~b>`A!eSYOL zVn)m)q&h^3-g!gu+gv~xE=EDk*^)8NJaKa)oO8%B%T79sjZ$$5nw4V4dGLw|AkuVR z=?dm!*@GRpYL!ZPOv5VU@9CI@A}=K>_5K#(AoL|2$5%WQb`Cv=iyJ2y_&8C4zVj`z zpE~;?L;UteOPf1yV~_<&ATKU_s1}u?k!h&zJ5#C_Q5!mcRTnNpQ&Up|1IN!d&0ieI z@?s)ID40LJe!caN#+*RNZmRYK4J}`t95P6uA%|2PoWuZ^h~&BLt0jxHtIAV}@hUju z(|f%%XDTE?38{6tqnHYlr?kiLMbp2TBO#I(rh2MyRIitj|^&wI!6IFH$t7 zVm6f$MP=S19PShJ~@~a;fSOvWu z3(qLp5%atcy5ayZOSUWQM#>dB(#wg3m>oQ(tmy)O1$uB5~D&l|P75DvSsZzThsONT=d4zYE zE5k8Mmw=#6q78?Esi|Gq`G6=a5=c}W5QVP>PhZgSgFIQE-Ta~ht-^;LL~yXqLrgu5 zMXt5PQCzfjwoL;c6ubIR04wuS@SWnh78PI+CCCDajL-Y)Q6F%OcK{f=LAzwcH7`76 z>re%1S-y#j1n>sYi?l`{%yi!HHs#Eh3J0@H-sLU)guFD$B8s$0ifrx}`rod`Agu+D z3GWl{=NykAImqo?fU2#!PrD>azXfy26kflTVFH-J77e0H>iT{2Z9lfNfZ+=A^XL1y zxj_rC$HxsnySuwXHa%L}C1c`wdAOl}D?hA#u#s604+W^Xu*6F~?#X z1{(J!&sjVd_#_@}V>uS)^dn_jyg)2GXjl6889AB!4spHzaP{d}<%wDk;%d&Y1V_6W zx!VmOCE@KQrG|dM%YL*Cyu$>6w*H+K5TK^OGZHJ$zAJm@lB*9S9#?UX+GmmRvoI`d r0DuR9e%$*%+N0C6${ggq;(EflePYHe+VkBXI0mUIX)2aHvk3ejDV@d2 From 170fce992d89ff18362e18f604274665307b5ac1 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 9 May 2019 16:00:36 -0700 Subject: [PATCH 070/117] Update safety-scanner-download.md adding version info link --- .../threat-protection/intelligence/safety-scanner-download.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index 890f7e0401..5a4ea7bd10 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -22,6 +22,8 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from - [Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732) +[!NOTE] The security intelligence update version of the Microsoft Safety Scaner matches the version described [in this web page](https://www.microsoft.com/en-us/wdsi/definitions). + Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan. > **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection). @@ -49,4 +51,4 @@ For more information about the Safety Scanner, see the support article on [how t - [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download) - [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware) - [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission) -- [Microsoft antimalware and threat protection solutions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) \ No newline at end of file +- [Microsoft antimalware and threat protection solutions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) From 6653d97f9ae5f5ca2e94c156457315c02e68d0d9 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 07:29:41 -0700 Subject: [PATCH 071/117] new image --- .../wip-azure-advanced-settings-optional.png | Bin 43333 -> 44501 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png index 785925efdf7d8f2daf549c90c5ff84fb6f2750c9..e0072bbc2fada185f186710d991255065da8f02d 100644 GIT binary patch literal 44501 zcmd43Rali>*gq)U-QC?G9n#(14HDAbNJ+PJN{G@S-QA^>bR!7T4YPQ^`Tlb<$8*hr zmz&MziS?{?-@jTrN>y0~1(6W(&6_tUaA1_92LD00smqAJ zshT7{1V2FAh$)G^c~hH!^k@bHenxPX)pL9E2GjlZAHJ^dj8M$J~=An5d>$NQvZKkqEhZT-~8X|~_4Ru>VEH76%WQCtmMN)5Yudw<{S z@z#aO)$e$bgG%M~%~baS*(6GyI7b}t0h$i64GUn!6%Z>IL>guuE4K9bXB`t3Ij*B%E3=AW~=a_J4q$_P+ z)pLj3@lGSjGzte%E{RuBv9UsdkIgR5B-VddTHFT3_9EW?u$?RYu2W4ow6?u7lJe7m zcm>zR#U-29Nm*8wJ^lspBsGqRcP(#sDqpnAakcgK)_eQbdK%06dfrN1tkK|yL+$Us zgJ&1FP*zbC! z(LNpAL?(Fo=hyeR&?9zxLC<4$R8HQC+S9HV(ieMTzl5u!g`k^Nufd)VE}OkD_t!UG zP_?zSeGw>q^+ZE2(C!#PQZa*P6V0x>qc-^g*9q4#f?g+&XG3I5^Y}wS3Hd?KcWk^& zEAA<@N}QUzS3A{>gw!%1&6uU``IJYHD9CIz;&0fI%gV50{yMCUU#MV>!66z{|&nZ$UW3+x?`1Zc4m@$@A=YeSEmu z=Jj{E@#*O)&X5gbV{m9_h_92z8}Z(h*fIeBHtrf30pYAQX%0af&whMrYKl*pXytf& zC?TEO0~Q8G?*96A>?%LnVX1BtnvlogJ@E_HpM~nF=K|B7kKhi`4W1@ESU+JrKchpl zwp_*5AZ?0dfqNZ@!HcU1fE(3q6QKrnIS694KhK2w4RME=S^}IU-3IREG`-R(B z!*E`Ht=$I+n?8|FB~K*a9z2Qt^WCxI^D3h@TpXP6qjb|x<6MriSRu9U<3q`dt1Gf~ zECK=dmv;km+H^^)6Rzy$ZWC)BZOI5Cj(Yru*k?%P~IIS_ZjPE z@wf#`DT@5U)R@(3?boX^|9wQzAs5sj{9Z7eX;_uvhY+~jPSkV#Ry zCS_!~DPK;nDhCJ0-d`nJ{+;a4J?5NtOZ?_!I^S(3O_>->#hH?llC;0$Y_m)IPBP^d zigOfAst0$D)ZS`->}UDr8>5P$mq)M_mb5KI*v&NjvN42_%BRZ=8FN=FU^Z5gYt^`1zcQ zwXrlf8Cg281L2$|hGR6=xeeKNMjWj5wr;j&>a%+Ssfx94a5!gnvbSMIom+fN;JNMY zt*YKGph=sOY(XDZ{v2t{Q^8|+_hc#}Ga#>6If{VeWqU&&0LVZ@u-`!UB@rbrm6y zwUt+~8KlGa{1IGP@P`)6+TGQUO?fEFparBq@cuPmoUb&{>GZ#QIPD60e!P?Z{QJ8z ziyQTiw7}Z!>85?TOpSG`Ivg_4Yo{m>RnZO-NOb z+a0nW^H@?`F+o!RTnA`sMlIG%18Zqm+FK%-GYVdYhA#meb~K)T%5Fi@^lZ=i6xs zG>jIoBwfJj?0R_?)R4+`2+H%>BUnKxTg)QicilN@J6)?WgJMdM@;{g^{PYRFe{B^5 zPw}zsv~x^La*bKTvksKW$H$8)IVVtZz+87gJ>Q?2qV&F;k;y#$^<4*#QS;M$I*Wny zu6yA1@e;RDxjN0sJ`56WEQ#P}(lvEolmPf(u>N~sNQ-4jCy&PNQ2$4=m`;` zbh#ATziS;t+Z($Isq`FnKj~S^^hZ@kz`9%7(BLl}gfy2kdwG7ED^uC0-Er{t=A-Gl z+sp2YM6*Ctl&8snH<610$29kJ7LN7(x6z|H$!^O5icQz!Ig)hBUv@u+FLu1T$zz8^ z5WH%rI$D+bY5o;MkB&=q;Yckp-!#j6pOy+G;Dlft&qnC-Ej{T&AvmN!G5j~PVhf6_ z$lewvF6QUr_6AC4yUT-_hGE4s{d#L9M+@YK-EnzPl6JkT3$>ss#$GJB7s68fL(9ON?QebqOR@jzfHyY*%F1r zc4nx(k0UfG-|?A|BHr~JgK_We2@}7B;7V=Y$;@iM+!FQ9%>xN zPIJ@!rpZt)*1b^?#9D|m>TI#*HYFVEc(ygL;_Hn@40*$M<8X7b%F%{=v7aAgZRP6K zbw0|JL#b)S*mb*wWc}F}-($7a;}9Wb?7k<{nN73GP){HGt66UtLhL7mzrUN<28+cV zaSc<{dRaCViRb%7mT#$ zHL%l+jAB#GGx(@aJIpL~5iPkKNYWe1mbF))JzEUL^J$$qW#nS0(VfH`TJyD=OVDCx z^7?M9?V3{JA~+)AiGASXjp!2|_&fe{j(9Eju$#oC%mTvj9?TILA4dZ_@|3it0x_uL zaf&u!Tx#o0X$u0K3f&|~e3a~(HTZ+_NRM4dp)oFpMRugp9=H;c&u_UX4%a&T>RIL3 zlfWF~R`|@#HMH7`>4N97C6Y+6x3`@jx|c}v@y&+U;x>7oH!kNAw+ovKFJxe}UxZ?5 z&f7Rq%8AvOGTKdqUv-hDBx4j@O1V$>R}zpkkq?n=Nc-Xy7KkE<|pN zjVd+7>5Ay%eKEl+R}*T6)T=j3AF_lJ7T37N_y+>D!EJw19pQ$@i*Lf^<AUv7w31%A(Y&S9U?qCRO+R}oWVx?y7K~#MCilLlYxsiU=3f#}=m^A#&qQ-~F ztnXZngPuHckUk&(EKk`{WvO0SyG6xh))Zp%5{W^4B8LkKvnXQphhQS;+G`y@w8VCe zqO+{yIe@h#{5xBMgpfnt;hOJ-g0)U(8?vWsnq2DlDTg}4Jd>e6!tRhRzyis>%5Hq% zpIpt)79?5cAT$3PIVgV)18B_QHv>D@mNoBr8f)P(-gt?n(`5Q$9fBJL)d?wzz!?Sj;jdlb#@+!OdLE5iV+LwwH7M6N)CnZi7Naj*yItPyS$y ziJV9j2Aw`#^-v5!Bv_gkz+cv!JuaBV0{K9P`4y5jSy0LmE(a<_c^#l{y1Zz=e6c8) zcRVUzF}xBDWp`DC&ceofmCVHI&Ub4eti?Fx*cn1$QOp&nzlYCkHtK%o?q|**O|a@y zPKCCxgh=cT*^rXka24?TQQssHJXKGIJ#!zVS?lphare@6Ml%D1KOn_Q{*axgyn$W{U4+aYt)=Hl}U&_Po-aWH6 zQcyTB?9@1K_8uQLr_0ta44&2Q!3&qiktUBMPRMW{r|KOwj7=n1)fDa^xkAZijUBR- zQcZYfAl1g^m}AMOH{%MfR!|90c;f zkJyr4Rx#JFIT&U(?%|WpESr3+!SB$sHz@VQH5KH1<4w^|rdg><0$bx6Hc&#!%~Y8c zKI*%bqYJM$|ASW<6j^s6R3eH9RylGS^QTsf+PibY9UbsP3^uh#w@3be(qC zabtsZESVQWo}gjPGC8_jDgL@*jX*XtR9G^mZ{$U#1W>1Zq>0kAYGk*Bl=0*$)+6ma{y+gPG{eGaP%KV+l!V zJ_?ChzKcJJTRaDG6BCgHKeri%8`7p1I?FuD4GzD5!BSgcqP^c!9yGv>Yn5x9^BeCZ@c%9H$x=m z#BFRlrBb4cJ_V)66LMb;_VnbsL75r8PK=|5f&b{#5D~RRkcdlzvg4*Ll)i5&Oh!7o zq&Xa}&Qk47Bdrf$!Zlpp6*-Ue=qd{PoVuH?Zia(9wFV~b$~b5~Vhw|_1bq~39;`_e zJCnHvqi^_+^AAE@jyn@MD@rs)uw9IPI1p5|Ygg)z6XMc-vtFMFL~0s)_b;H?c19Uu z;jrcF`!U%k1kH~ymdv+o#UCqSG3if!h5ZhRgG`Ppw>^`_fm30#C5-Hxfu5Hp34vh; zobG1LFF`38`wfr!FdYR|8@&*o?Wk&Sne*i-Ktd%`&8Lt=AY?Xk8e>>o3+$NwBkCag zE{=W4X4W&6C!Af`0?(qvrQx6@ydav0wr7};7#i+04ks{(3x{Sw+*WSTbn+1f3EkA8 z7o|6V;*MKMMaYTc5B5|y!w5u+Fc1{VbVHauFpr5WP0T4_4qA$Z;}oBERxUe-i;CCI zi(zo9l3EEIelL9+enztFg4)8C@7 z#~b4~ayS3pQlnFFE}1JlKR-Pv@j`q;@j~@VC7yNLNwFt@;Vt%ucLS=1A*E-5t=_If zEdflCLe{7L3+3jw$BMg~A;hyb*UQMGZdMk5iBL`ugsIIFSTG&_)g$m> zxa2dldv&LwDkR-$_#HAWghkX~4iF9Y;zsoOd3@ti0bm}@t;N%{ft}yO-zJxMKs`p&*~nP3deB+Sal@j03YA^G z2e#MWe~8Y6DpP}{F|u1}=IH2^w034=_Y~-(#aSw_7^kI8(_rS8LtjEi;}9I@yTW2s z5E0|g)D8a5_qY|q_U}FBqfhT@*inUQA*AgJaZ_;nmq!~egMxPuZfSJ`EgU)FL^dgo zU*ZRQP|~;*6-Q;oTo3B^<)J9K8YE{^=u`&XWATzoi}mXHJw2PSXcY_e5n@XC9Su@5 zmbmfWtVL|9rtwpj&R%qKnK2?%%GUfQ&-mPxF9&nA4zTF?xU}m({fzW94S@I^jSpdy zpsL+TBQJX3$P}}Als><2wEIO3?PcV%`mo8p6Tm$ii`_(y6s)a2fS)sP?2bH`Kql(A z!Y34ZnK|jS+Nwnii8rgV)HeOO0%c>5lCk7FzLKjVA`WB!DEBEJE-BO|F4YrYt|E{B z`to9;MF3gJ&5Uk+h7foxyi?trLLaLUsTI9Rzhj>YTZMv37co^Aitw4LGU*bbr0n%i zy(R0m=V0Z9{mhA4B@xe`4*x4fMFh}imEv@%!CdkLyR&DqfJ=-RmFqMbh0maxGNl)n>z~b9-{AaZ{M~aKm_j5*|;3EwPv^fH;D{G)|pxXi>4yQ{mNqld69)Vc0bEf>UvBq4lbT=2<7;zR10 zBhko|MNS^B7EH?6zfj!{)?j6YZgz|WbtvaLle zM;ENg%Pa?Ki;IQ2x&Ulyy9*6DzqbwZV6KA7IHc=uSC%o-jvb!;6KmXqC?Wf|W~I}Z z)L}`S{)~kbh}*dYBE}ithSU9W+Kg#GKEz8PW?O8orB2tn)(>DCqLr&i;6 z%~oZrSq+_|Fqp!6y@syi~Jk^Cr~ zN#f{qVKIxGXpp{^Y@LChe`02HJc4LuT`p7nDUS;=(<_s$RZQ*?Pb~I()lrT0a2bVl zrgRH&x}->HDG_o=L^0{T1S&#N&`3}4Wxny|1OXvbAq%YXTm`+|mp6lj)RkN=)WLiB zkUDDh&?pTb2M!PdOi|dsYAVD(eDc?Z^enZVVjvarX1|uZf^aAZ)ceC7hf<4{+do91 z#>e@MbAdv_`+CV{Nu?(70O~1qsBFC2;akl`TuihXrvPGol`NO@Y=ijzh>c-gOHV8_ z5l4DPYP^}*u>|UNk>5K)2@a$@uLg2^q6=3FCYf>B7()e`j4WIR2~?O@^TtjCh7)~q zYxI!FVw3TFNzavKu#B|jDi|iBu>ZMyuowR@c>mkya_UH$B)d5aR)+}Y9wzNwH z`BG)hTB1l!lb?fOqm$V7$3IJT~hGEGn^Vg*p(Zv|}oq`5(^5*y&N~%SlIF?R461}FvZL`8q>FliE4$w;a{pQEh+L{N|D!gminY1@aewA z?vBbGABVh$xxROI6Dx9D=NrS=Y_m07o2ed*ZW|VzGB;`}a#&nVl50@a?Bl zu#o+?zybP53Td*vA#gj&^I^GWjx!!-U;?y*QsWoHT7-|wB?@@v_S<||-FthW0X&hJ zbbqbnT_2kGQ}bY=#8N}U@tEO<;jJelyp+M;Hi0VN%z$=qMb{!f3igK{eknkIAjQ{Z*Q|GikXU!&l^ zK(I?iVbVM+pmEe8-ktBZId4MN7F1WC0+ELmjq3%9JQ2vAJu?mV3zNh5M3!TpD-|<2 z&x0rXhlc2YG6`T?+nGvt$DahqLm(i<4{pu zo4+wdULG%i>XU>IoGW0r(P)4J-Jxxh43KbI4jVXiSP?f{l>$&Tw7MRL3QV{Y(3uPk zf%CPnQ+@S<3VfK@*3BWlj*qKPDQ~8PZ&rW?8pj-CHIeleXn7xi3D*_)YU<(x>L%FQ{+qKhK?HW_q8lMPUzMh}%fWGnCJy_>th%U0E zX#dju{#Tx`-(*Xd2d*k7wNmFj+^aFr?tRwX-AyX&d->;=0_O{+sHkZ6kXN%GQrW}4 zTARmF#N-GsSr5405lQVJpwAW*6ad9S@?6P3AmCzu>J-)rX>lB@k zfVPl@lG*-n(sqs_iT!5eQP9+;^#)A(Ca3l1INr4kZrfyAn^&8ZYnw#wyKXIIuLYRR zuOem|6WzLyGO=`x0g#_}+<DkFtrN6Qw8JM)3)Oy3a( z?rdp-kG6>L2nc!|zHc*40`E#PMZx)ohh^omojrjk5&QFz=UUU0_m5c(@GHE5EDK*? zGm$kwa}MJHrklL=puLzSnB}M>0+Nsv$Vf=`zkjeqo_mx6G?I1-FI6N-=ykdl_lQpZ z!+rr(`1!Cbe>gTi{$#yNv~Ho*!yZy~N2VY7>1eKON&-#zCvYRe!ot8KN{MQYClfX9 zEWH{c3zFmHcAh_Yk?UMI|=?8%4-sY-m@5?XfKSA$KiOTt3;2VdOPQOi{FCntkZ73h|5r&Cys zT2q zmf5D*O5!Dp(8J+P!BtrUi!`cS-)JLgu?zg@TOTJ+_9n8AewIrFGbMC_>1*&^o8?0A z*QfK{3sp@i{fGpC&uk{o$5$o@Z#S7Opa(fkyMw*fd?NoX%wa<&v*q?{1FL-iD#_vtRX1>-!JOk!0XcU^U1QsEpsJLd=NsG*5HY zfvHL>%FUhnb@F1a9XPpP-!e-5RIqIEIGV?0(MO+5h7~s$B@YBK0T-~oWa0>=$aZ=S z-W}MANYlm_2VOMoD^h>%0M&!x4qQj0(|VqSG{s%mk35slBky*IBncp0-=lu!KS!*mlyY;EGNvl4OV><+nlsrya{T5h^#VWZ1Qju0K6iLDe ztTxB7MbdGEp>Sxla6FDH^hphL&`qgM%e5 z`7JtofLy?&*_on87=et8tT?^Ekc@!|9KiK|BRH}q1934if&f#1HKUTlmz0q~zaCLI zqpRN?yt%n~F59AzS=*6HP)|L-`FH#lAZCxAZp0hrz(8x&W;JXY*6BU<%o&6AmfXC`ywz92d2e-SE>~K6 zo_guTe%yY2yqr6W+PWf6usSe1}urN%rweFwJ@cGa5u6vzE`R}Ib#6rHdIa;WJ ztL1&it*tFwR>Q>_v%U(}CI(NNO0Rgf-`*2j7LB)hK8@#7pEI9l$OQJB8ljhsNj*xZ z!eZhGMKb_M8cCreviNWPl7V~?FoSo7lOzIV$rUa}7cUHMXmrJm$kJUccGh7h-?wow z4qUMfo={U?F;-R8(!tjR2)vx13SyDkukS6^TJSzAegsn|S?*uf7AVZ$K;~&Mgg2w( zPCpM170>t1`Q#)r@b~8Zpaq4z=v&u+Y%e%E^ zgd=mqO^f9`D!~+zNvtRX5jJ06hjK0p1(uiQPc-u<4Sp|`rjiSp2gh$uat8hcspPgT zROngc{C6t^YicV1moGZ}cuf@y+3tPOOV>vgbbJ23Mb|~&xicZ25a_uVdYHcZ6U!w3 zgE7D5ZyBlRz4H&kkC&$bNRz&era#EpkoylC{JWU%{|sPPB$rO}jHs3CnvOr78^qJ% z9(d9RHAzIWQPZig*hjgc9}1+bzF?A61;M*5ize+lt+oj|?w6+`?#i2hpayWeq&r_n zCi7qX76_VcP70oKqt1>mL!IS6;d)%#FYrG1<$6IA-!>eyrLdOr<@l-4eGtm==AZ1e zGkNTP%i-b@pOUWOnX8zZY`gRGSE^ANCQDU*Q&&KThp_N&*}D%Y7i36r=e$;rDf z(osNOE_FQA3!9ggb})u4L*I?PP#@#v-^R%PNuApsjLV+P>Z?7rH=&D+K>4_Hp?EDU^_wIE!d@qal9FLAiPq>p zvuGfpo}LT*?|K7N`y&}6HQW2Tj4EpuvaEt?U7+Q;j?Y#mzWeTvksYJjB=fG>q5Nwc zq}EMV&v|h&A{)!okZbAnXD$?(Ig3|VAf7@Ko!fcBfHoO}aV@q=Pn2>A|r`M&xj(?C5>EbIJqs8;8;o>?sI1#2+9$GugPI(#&g*K_E8|L{PR`5#8@ z6^zaXCA?qqv^^8?CLP5Xhal+fH5zDYZKAcmj1C{9BJQXjM{zIf7vuVV_gnLO{0ih4 zG;Xsb&$4TmA+iYSkh;E##AM!2_7AA2G9e=;Zq%#9Z9*=~wX|uZgy?TVjg$yHFn&cx z4&E{@AVgE+cjLHCKCxm#@zqk~#c@49r7z5KX!SJry@!r$N$)3l0dWVTdT(-CxiOi{ z3XyrYvJ}{f&c|PKE!jU&>kVaH@>Cqx=-cH=HkwKe>%80f|5AQ%B0#E|vV&P#UO-KV zi&9Wlp8U*`?ed!998m;k1@d=S(93giG4(dz2WYrO>&wv~R>qQHCK>r_5zNcW9vS;E zW&e>|%lQ)f>kMce(*xfxm*3LY>yLHmn1dXH#HF`yui@*I42kB}w@UzVtJO=QUG!f^gWLPUFU_FQuF-8@`Sh9NeL+4-M<4}J>K6o zMiw-QWEqlvk7D0T;ABkLX zTx%bhno`--2J2=Hpp}WwECzt0?@wgg5ZhQ8`>;RU;$8frC$o(564?G*989FrC5yHivhA2eDgp3k2k1t z%CSi$laq#r=Z8U)qqMg6-t60lEh87VrU6HREa%;>A< zuhTQx?JrtTm0s8ni<)c92M|*WbZgDi7`2L?ySv|+m@G8m5S7(qy9;P|tT;B&QPYAT zC>g)2`}Sbm^Yb%{e#3A!Z}tBSeQI&~RxgO90nXQ9GnE${{3fzbES@Dr=<}1xhP%Mi z<0GI@TEM2DQh0q*{l#Cl5as0L@YsxFV`8W{x$06IHn+F?XleQQ_yCY;je7kQV{zLS zBUs4Mkn~lsa<4CvF~0uyj=Xe1^mlNJ^aLS{Rp9+1OXzR^sUZKKe8AFfz^Kl01VEm+ zQ0Crf9Ht*m>yE^aZbe_dfEyyl!LcHKsZLH#uJgY;2YoVeuo%QWldHkydz@u$0m%FX ztXHS@vqA7^M1TT7#rpvWKr}3WuBzEVV0S&}WtH!C->}s^O6|h#^-!s)+<^Wc5x zC|5T(bR4GLZ?I({-+oL35Qq zFzY%`&C2QstWPi?)Dw-G@E~KGUSH1Vb53o;ke`^?UAXEf>VNwW$VbCV9ez#wP`^PP zQ_wQ(rN{;31@bpc&MnYV-fKqF(9$Mvy99+ z#;ig?&q6c=*k#m_=k5`#7;SR|tf`OL;#$WRme|%>_=ys+ayqLe%p)Ts?hHIUpSf2H zkf}-#`0d3Z&iNIl4(a$)%{BnZYY^{Llw|yxcu%8bW}92epm=kDSx;*dP9o?ji{&c2 zo0>W~7p+P2H(5?DQ-hhdUd4^~`fmv1hqu=7<$*+6>(iOG~_P`T=Dra%f*Lg+BvBru9gD&SR{0$q^`2T;oIVEL=6 zqHo=RtRukYuXMhCO2nWmP#87f*Eg-^J>bicuiZ|oJBmEtZUb7HRG<$@2#uWH;eBR4 zims~w7Y3N#R5mXfn+lDlE>NPl&w&Qh>3hYfq%l%wHTG)c{ebz|J^7}30@W0p(LIV! zZcQTmYxBCE&7N0jb;Z3bpcq-hZIpYcK~Z z7OA*L*(FIZcQ5kCsBQK;ZR8y(L&anE3+2w=rf*A3l+Q-V{E` z0@SxZKg$&bG~Q(x7fD9FwVy{OCiB00Xvf{& zx<9KwZNHcV25n@6`_X)yVi*NbteiUU_P`VTU1z0mHp!xpjX$RAB4)38eC}AIRVV`ZC*~)iQmxuSbO-8;YMCPTaKcz&|~~pos-int}M?t zy0h@oL8+LhfD2@Gi}dZjB!k)R1Jp7_2rU;}t-fOrV+2c|Oc1lBKWu(NX5})61r_1= zU8_PmYeTr!>+TCqHAhdb#juva+pnCN>ZBI4(7TzamU(%q`#@V!ss*l@+g5*+gEqX% zp#dm441I&*d35WLpL;;2g8i))#s*~vJP+5fXJqbBzVHj6Fn4&M4sXq$f@s<+h3DQx z3PD1UL~2?r*C+$BBk?BnF;&WKsB9{<81f8qXPP9K(8CahKDFipo+m4EgmCiCQGm*< zldZ>fOG-;`EdkA3HXP(%C=%1YL;DEGKlba9-}d3v<80`29Z(p45tq!>=~w4mg8mnM zDxE=7_NwEXTB(#_WeplggtZ zJ5;)2Fw7$Nv|Km`>2eUi%pw-&ZS64*!7!6k9Bp2lGo>G=|1}yB{1>uSN+@oHQtIU1 zP}ctiWSz&%Kt8=C2c2Mys`XOo{193E%8PV_6GQTaaxo)*BO4m3&;mpQp`RqXmc%Kd zckq~XRr4fN^J?pviV(tb^k}(2$<#8N6cM(8>yGG7y%P=nfiEb%mj<65hy9xq72=79 z%>Gr7AO-5$JMSSTyAVwDlf=P&OtEJWUtDDiRK~x=O#2)vlqPC1#Jm#vNx81i`07qq9GA+;@)Li zT|F<=SKQ5-!yVE}JnhgQNU%w~ocv7bq3uhtAJ64Qa9Zn8@G)S7xELhNjC+P%ZDzl^ zY(x+*Qzl#EQSvvygOENIRS_3R)lpYa=f5Gml2V#s*No25F$wTkX?Bs^xmgeDvSFG< znVKZe#0;2ig&y7blR2aXsg#{rtZ{`qt~hAW=J`Q@e9#7^;9hfbcQ&l;{-rt}$tTTT z<4UQ**FJ-=-sp!6SeCn5lIdByPu2iuDGrdiQ^sXHHvr}3D@hbk@9Z~w!;|F>q`9Sw z-i1H{p*=&u!w&3okYt3P*_+B|Bm17DLh+h}=SIEkd^n-{NhIJ-zlk^50QM(9+vGs@ zQXzyZ0c0gb18QcPL=h{rTzgAdb(wyzm^`a-yRNIM`xIpG99>Syw~1_CEJu0TDq`Uj z?r$pZwVIvHW{=UR^RT9oA)A4H0t7!f)Bx!XKw{p_5trJHVJXibE=NVdBICcKLqNBE zzuaJ}9?bU)_RLT(!X2-7kPTYiyvKiL`iSK(XU zrwE^q?Dg9eE_dfvrQI5Y!e+yYyC6X~o{+tI8>}z;3%acVw4$t-utE+zWF^UaT+Q#= zO1Q|Mw3Li&1QzR>r(U5QC74$S`Q-vAL_GaOs6;#!0T0&)Lr84x|3D9;?4ysw_Wsuc zhY;bM<+|AHVnMyRWRqWl5Bh;DcDii19e+Q}&GC{OSOjRIkL)xE=W9Ouxd5^ZUnpW( z)&a2z)FodKxWB*t8}lbDJbW{rfmWFSJy0ziOoErP{J^3-VC(?23s19=y5DEE6}ktKoA81otc=shh3wS%0xC8eu- zg!##lVeVO~UE&%gX?4dnuqe~>z`icP1T>=BWt6o{0C01RtF=d4_&@LWhAo3PRcz1 zAj6XEy2^5JvKlNnqg?)_vBXon!Qo(IVNue~oR;svw2*>pwEQ>*M^wA(=kh}KICCb1 z9;^4oR&G={t!%DZA0b+zM<>dj@a6CK_^tAY`CY>TkYO?~E(1Xo1HfLB(|P0F4=ZUP ztfY>M0doON*B4fgLYn=a$bwSkQsM@&h51wZ(CBfYoHeYOQ2TaPv5=wS&qDBD5gcR4QFHFbi_|Ac_x;wmf*&1#L#$ z76NwspwC>NuCEV2nS|fo0@D@HFDsh;$=u(=U}xrt<=3q>V(JgzQVR8tkLP61X- zW6;M-aD5eL6l4FFPZ1P0&&tLS0lTiM^&9_0(dE&D;Q0PfJa%gqUwJ~hl0C0hAu%}?O&wq$1qd#tN7sJqupOaz9~pR9s- zrCnY&^RbF8oX`DW8t4l@Tik5!KD_x)i{G*uFlu!_-0X`K^!T%LMs0~t)c!YQL4AdH&srzw5`okE6@8 zm&y%XONWY{&Cex#J;PU++MZApKR!HQ<&n6Z_&0n36%G#w++bhs|L}QBVD>dREX@L_ zzTHh^sNh^7h~M?B3Rztn6?9uqStRgGLoGOL62xwHGa}j6C+O?>sP5WyI%S|vjJwVq zRXMlmZd|X!NUHkX0sVy$8?}bIH1uG$@6FNYzb<5x?fsj;$f*l_@~v)qW$)fFr}QVl z&H)=b$wd>kapH{?9Un)^Rjf@2g!a#oMDv1n>bW8(2}DnL%s#jSQL4*;(Bs&AbZ$N8 zi06Lg_AN)$$XZgSoP9NkK(@n~lEM2U=Lp#4Wo~$rixZM+o{8r_5=%Pm0Yfnp^#(;9 zFC^qu@ey~i89sOF6(y=6{==1zz6r1L!V(aWfeljw@EOo1ThMc7H^=HxM&YIov`qgn z!Tj*oEjAQ;`J7Kkc1qa6>^p7IBJD9^K;Jf1O=RvFXt?vmv*jaHJ9{F~aJPi366Ezh z*gm9cwtoruTSJyVVQ>?Q^%pkB;ihLq|CEGmjpIh*CR`AUWKy^7X#E%Vej2t-EQt?K zRjZL;OKpZ4q0@Kp*+Fww(bH}AB#YS?HrAh1zsfmocV^BDw=K{GmqE- zAn|{*w|tdlG7-R21B(#~3Mwv?o6E-Uc(nwoH}qwi*L9vmmfYDvRoGH;zdbS%&*0vg z!oGlIw@f`>XfJpDy@IT#c@M<2$s3fJ_chA0FVAxF`NV^)m z#`XOI%4Euhb#y0Jd;H9Dw)3)OG(z|>CFD&nAzhQ|fHSCUkqo@DNO$)Jpqb0>oEZ=h zB)lgWa*Q{Y9l^`fkLXa4tf@5hBvZ)JS~+RhL%9*_GBVMkDCV>O3@;QwGvNAmU||R| zWuxX+KPoutTRqIu^jHIstw;9v?FJ9WXV*7&od1_h%HKvDsCMfh;Gdu!@qe#&$v z|86Z$dvjfeROmz&*aNz%MV*?R(kMed?=(CSBve~Hgxu!q$eQ7;7hK=_*bp-}lLyh+3=NdmHovjj{jZ79}rznvFOnkNcIE^i>Aj4FK2~)n5CF^40FY`#A7qcK8wm{fOog@QrEB3_v#}vB7j* zek?<>$RDjQ!HZl^DlUH!z6vcZeUX}E%Nu@swZH)V1b8@?@_+3R!Ra|!%-Pu)NUA_I z%KP;~%I)`Q>YEo*IxEKe7CWy1?2!{mL8tBf?^Wd43P0}f4(`2ElTJ^g9i0?k>Vv|5 z$SIHEJY;`xqiXv7!y$Ubs{lCPCm8=-JOhvrMJc!ns5WzVt^Z;1cbHFnV?Ti@7Amk)son3j8@+44P#FYr*WwZqahPBz#HT9(YrNELFILSze0L-j(}U>!{n+?m0_jUcWrR~(2ubRY5#)>F4Ya4`G~=nDS(_= zH25M3AdP@;p!g63Eyv*^kP86;acuGFJ@~!^1F(s>riOhx=e5*F$;k`=n4pF|(4U>J zrTzM97x(`U>hk|yLt=b15gFMF$SQ-N!VsS_-2WZd-zJX%tX|X~Y)c>P`RfYyB?GOI znwlDaNG}CQ#O+{XE`Wd_9?1{rEwPBdw{}x#5&a7l=;*Jps6XGU0XFTFh(v8S?(qF( zT@Mf@^6Fc8@2JH^-Fjt0;h^XC;{=>9@NT`dc_q9r3vLKqgSRY>uxJ;@GL_ zcU-9ZHqRi?rLjp!SPsE|v$ltHo&``%HQ-e8dp-8i4?s|R>#*p24)ioS<>R%EwlI>; z&Q2gdt9Kiqlg~yMm*>z@=aM?CwqCuWGt~C}7`D#g`F_4;BLEx;nt$27jd$93-8|T4 zL0n7(Sj=mNEHbwqavbUlo-SG5Aw3F_L@spCppRW;G&SPPX@s2SiH6i0BM zlh56+CC=607BIUKqc^4?p8$xX`1|+thhRY`lV@d$1_j0uzO|mriOQ!TWzi^&#TEg= z^s4{>&=pYKfJ_OqTM*l~ISle6XQMzByKM|)I3muL$8>=hxBEsnMC-&R$S7Wez!KO!z6|!W ztOEyLLR=gl>1pSuk=LqJCK#tG-P(`72bO?|0KM67cNE7m!Zctsl>ylku!0>f3~cF; z&&+ytzE^+zPFf=SGy$oIQ26%@{rYRbQAk_=FXFy3EX(!VQxKKzF6okx?nb&pK#&GO zkrwGzx)G$ilt#K61O!2)M5IGNT1uGp`kym1pU-?aU-rJPy_I;M=U(?(zgjIoVp`!? z;vYXO(F}YoBoA$x=N2+p? zGv7l(LwQMzBipsnmJ9JmK9QzynfgHp4CI6GN(02vX<^wPm5Z5Z00@Mg#o^j00vB8d zjaQ4$8IMYk3JA;+;Dcp~IV;yKO-KT6f@MlOVb%a`#q3^`M&JQ)&9Mvj(_;J z3`S=aBli1VgL30~^3m1^IbzH@k0t$}Vrhmi#hKhRqjFNC^Kt^@-f%~qfFMjKO2m-u zs9v{Jd;3L{3{hYLP5YV_6_XTeQ@`XASu0s#@jY!fOC20neen zXj-Gu?Pmd~RnjE7UPQ1JwF40q|teK~{JGtm@ zF=~NgBE++nm#f#RgO4ejllC!T+$>56!2@%VgSAl=q%F$(W;f0h`6s*BLAhMvwmAWx zh&NQBP14%eCfd}ivgtFAq~Uo+65W&k1AxRZXw@dg8IrN?96QnWmzj3>f!nz1W^z}+ zOpSFuHD|9E{Na4k+dhEVZ(@#e--7CuG|WwCS5LyHW}a$FkURjl7b&6LwtQvDb@c#s zWJH9;!0V3*vabwCbKh9^d&z#;WatCE)n6deTsA7UajG`Wy?d9;k*fT*zLgKtS%r4F zcd@|vKNthR7pCM6sEnsV#*)~&Jm9qyaqApfdZl&i^P6x2=B4k>jlJ;@d^4cGbnLWX z{3^ERao(g=f;<~4B`Z_i;>?z@8$VIwgzCs|zO7U*ITL&mMvHmw<;(KrY%tPj}q6 z4(TzSvOG;V53775y@VhO3+iuG!GP%`)uX6~D{tiEr-64B0Gx5N2e>+vOhk*_=^C)&`mvTswBvhSF4#nMgt|lMDwZ4vU8s#=>qf zhBPcm=;FEch!~7+dsb8>kZ~z9gxaWNm*N&aDY{Q0dYfmH*_l^>wxaOywyegqo|7R5zGuj^G(_M|>^S2~F+Z)_yYt zu+t1te2xt;XF5SQ%}|0OP6~SV z9O+=tC#ZO^-9q7{J(oU4gss5svNZVsb^od)B}rORQ&~yVgvYtJ`f0 z+J&W*C%6d}vB~hRGCO0^v_x6iHKW|a+ln-@W5mL0v?Z106$S05t3XqC=Zugae`$Fc z??x@h(=~Q}9gaZq$K+7WjIa)=)I{hns6D05fd#b09YbbvyS3N<_FZ82sddW% zEDq5r2oD#hst%Ys^x@^w``hY5yo1QMl05x+vs<)R{u8>fdgl>z8|_e6Gi2sKmT8@p zfTF0E^*la@VYM__KhM*7p;QD875N)vRcD>(K)BfH&LGnZk?IltVO(ZgDzx-2z_Lco zZg%-4EiVp z+bpB`2^m&V)Ou2NZTufYwTt^xnDr35VDRP>FZz=1ERP^JQx+4y^uuuH=$n5wRz_bm zI{P`IuWkl7n^jkh+>cpbpi;^%6sT1fakb2h%EXS-2;v{gK?wZQV~yOTpkw4x+PQGR z`MwHHk|&gnk{Y^IX402w#nVnKS|rWZ?MmU)xH#gcKZ6SpusSYNAXVTdu)pDLE1T8K zAumJZ5{lI0_^_0k;fX>`Wt3o2D-kj8M)~6jUUuhj=T#>tl?P=!dispfW^es{b-_ac z$7DFY9aFCVnE=~(0}v|8=RotNeA1b&b(s*_g)YuhXD>IDI*%xbElMg|zx)wnU!yTT zviV&vdvZ_c15ix9$o>fm4#p$pfe&NUq2FFHPcSKgR_8Tee)9Mz!MUnEo842ID0#fi z0y~s6n~&2-ie&8aqxceOuF@z&KS}`9-la>1Zl}i8;+%9AxJm|BAoRlMj(L|8EFa;_ z)!+k|qmX8M1<%9w>pLR5Ps&J&)=#_GJ5OGHQo(J74u=QC-91b_k3ZI!_uT&S2Q|0 zper}wLWRp{uE8;ua*2g;gZ6$Og}}3KQEuSAagNE#78h8Yg)#)N=?lQ)8y$HgWb9Ya z7(S(tV*J*4LJcBr-Vh?&$Xf6&JfEtd^6mVbKfaQG&j#AMiLXE})&j)>^EjmL%tDj( z6_{0h6VF#7WHNA}u>`yw8mPVXT6KULZs4aj><2@vW5rzoB1@BK=z`B@F<-h8AfAPoOk5C?xBut(Bzo)3G(&m;Yb*-u1vo1mSArQ)q75H{ZZQVK=;&q;f zHeRnbCd5CEfHmpokAZ>Ea-u`^Q7dXmzYHz2e$d2Dh#wJ6hFeeHtkyYONz@>{)e1MZ zg^Aa*v=q)lFR4*Q?l60%EWdNRhw3Suk8N#1j!T-_1@aWFWHKWxG7_($Ml1b0bQK8# zUB++=ri3D42I?DT4?YKywDG&1A{>rv%TbUSlex0kAvNvHw+JTCKaFRU(w|O4ge@uN z#1}S7s!KloQUb(!?V;s@0BDq<(W2Yge&lejZv?HGKU$0D@7~4;rH4LSEaue~+PN~f zmbRgiz}3C+M&Cr(W6ulgMm*Oaq* zT)H$*JUnbSUdefvRPs*`cySLcKB-&VYsk`YqkDgL)4mvgTjJrf_8W6UC@qy=(-OD0KcWBB^Qh}KRW|q zX4C^83FLsS{Zamh04BR>86TM)grGUM2e$K5@RgWseHrSFi4UK@i63z~+j7_W!EMvh3)%7mND`thVIUw=-wNqkZD;^R+Q{ zRu}vIR`=V>=TV1;Iwy|G=UGZ0I$n04IhY$cq^}k(e~M{h=cqMorgnXZ;ey@TQ+(!k zLFM<&u+Ud|r$!&ON|j?%$FHHSs$=zi_qSNiQ_AE0Y-90lm#|9Hh(fI`F3CaVoOXym znFT8nbWG&@Pu-SNl>Wg9cYfd7{hY5rGLofrR?(vUZhp>k|LmiYd&)e%=kz9t+in8K z&@LuM4HLr*e!|X7kUgvWTpfycy;*vXd3g9s`4C*k*}Ua#yj*xch|_bbcUYk+Xj!b0<8MO&#X$U?WhH#Yabq!RS2q=?}og;Tu^N6u)BI4 z(s%rj^MzKJ#mbd+rVUwf-{Oa2p-b7D6{~~aYJLYVd@bS0&EXBL{Hn+IY{^Z;A5x`q za%ldhKSH3dk%B~mjEvUXIF`!Eob&V=f43~x&U~+1IQRxPEnR&D9hs7Nk$+jW^w`Z@ zTMUzHOpzJiANIHLh734>a^NzrcK+u}VA3?MWF6goENYqY?cnbJV^jea7y-IX2Hdb9xsa_>DWLj=O@-Ir#s13-8Pp8@b?ir@B%aB{-E59=k2DUBWPktCz4#s6iONqRP}y4Kkv=Y5B{v89=fwjoV5u%YdO2sNu~OzHD6y><`)wH_orfO zYYXb8XiEgGH2JfRR8VAV>+IfVlE{=90c+o-8J2X%w0F^M_%Ag=$=jIRjfBm6wpi2E zcSI+>CwQ@1z9%|yaC3^}?ud>?Jmmafzug?t*jxO%PMpZo{US)5Rq5nc2m7C~J+y<4 zRu|Kiz{uK)%N~}qWL$UunX_UQX0C;)>W6L2Pk)g-|&{iUH0O>mvD(z|kStSl~?*VAcZ>R{UVa_r#dq~w|J z(QslG*@TE*Ogi}{kY-wqH zIhe{@+|h9jcWKnWkB=9G>}|wUM31WWerD=d%J&)hI&`QPW2odFoM~(eyY8PB2E^UC zrs?>(N24!CkvP6PZ!>CYXHcd3Bdwh6PwIi{@Q(@&wByXre*@QltGEnL?=1dWuXPFuIt{d|yC8D}wqLcQwA1Ex1?F|n^!j%b+-9AH zC=HZ4e3aqkb_L30H1*!gIPuLw7xSjt{3g2y;Ec7g9mF1%+x6Ku$?Q0s)idXZe{1b? zp_+03&e-##Ki&d|i*(<`uktHp2FKp)YU6ORF<$vlOy5Pscf&B0V4ek+ll|kf0spC^ zb=-Nn=Bq2izuq4ZS3mTLHoL90OEL4_CMqWs*$rj^vG*AG)h}h^=b9e&rR{QP2z_m{>KF+C^4V_$L!{r{{drIvXC~vt z?886dsLn-;pKB_!$5L;SwELZ`-)Wihb{^3gi`m{gapYp|WAvX{Ee>m)VZkLNCdJ*J zc>H1Jg*3SY2^QdQU%;@D=R5Bsd?Vy#5vyKi^;PTWnZL z-Y4`1>H+ts(+vH~I=K_#1a(oM5^O3H@9A?c8z6MlsvbKO_uEe|583#i{?K3FZ3^~F z7ci?Zt++o$qCU?#s2w=ri4HWBn^5VKsR`d9v?0GhKe#L&+#`vIRT6u7Dx+DSL-&&S zd&h3oFNF&Sm6udXtTV{I*_T`UGB~=5v8Jt&#;z=k+^=X?SO~SMR3(PQTz~pVh55%I z*`hWK+tz8G##7$BAThA=3B z1{O?hZ6C{_z83YRcYGruArSvT{KHG!wr=f+vGIU;+&%Ic$)?v2Px%^~WEs_C` zC|YC5R9UV{!zDsPRYut(Y;?2AINEg$^@T`=gubPY%WFeQ^|?9^1=}2gzhU7o|E@^o zWG9Bi#_~@ukR?hr{=!82(8rY1dt%=uu^(QKvW2;?q*~q2I9^x30SsMW@h6zPEi6vK(5}|dq+h5bM z4m5iPqquoj7mmb)O|+w;mgMkO&y>k`{0n6yg-xls$UEAP){i~KLJQ}mFEXXSY4!P# z|E>$2rKDgxBUwmD8e3?t$XlRFPdr31U`{&nJS(x(Xti{)TNonAocuJ+tao6Fw|cr| z@NsJOQk_vmLd@c~>38PX*yB~%69Lb%=QT!mMXf6F?8!_D5@-Duz{NXJa8o1dimA!qh5*D1{dF$R3ORTuh~6BhC3$B~8_K zmLM1u9JGrKzh-~gZ0Az}%K$zF1qBtAFUWNO5vT(J#(xM}3((rUg24q5+|ceL%sTYU z|HZjv3_yhj1_l6_?=~*S1O)K;wgFrgkzoFReG?AJ*P^=6XFM3f|1VzYf6_TovQ$Km zhK2^SI+&fMTwH465mKVdN(&eiuQw-)5i!gV5{~b%vIj5;m<N|TL^%|EZjYFZ2q7q){0gh8~2M7#Nwe zvoobn@I_1Fcz_~lSPf1+VS6HUCSkRO*^0zo9Jg}NEGqUglon-fKN5~3c#iC;kXIE>7$00AzA#6mpy%M_PDO>u}w z13_E?Yj_Tjhbc*~qL?y^7s9egkg4d?&b1a46F3==k-?^6xa&{R-glh$Iv$LwA z;#APnb9^9|qyktmfN#J9j{`iKjg!;;C6tm|XI!l`$|`48~0W z*o#(xD!M*hj-5OQei%>jaKB875g|al(^+o@Bt0q{H{DrpW`+!v|HY0VYxqeDRi+=?IM^Zn?RNb>y-MCD5Y!Aoe?T6Dw3$$A$WD+a^Gj_iZfxbH_g`|mlyW=Br zQSyGBh1^h^Z}$~NL$;29KZ+yGsCGH}DYz|+@KElDV>^7Pz#2KQOCcg>FwoI0TfeM;fPZHX)R(ESq6dg!*!WLQb;SG^9dD2&`Vgv{0ESDVSvkehmbZ3@~8|yI~MM zDTy(R*Szpn;;+h90H69ySw=>t`x%ILr!8aghLk=Z z`34_Y`cyY)yQ30lGZ2arS-l|3piQ_UCXKMsGH1AZdwb(-j9Y6Sn;8TDEb|47Hu_Wi z)S9$NjQEP=98d1h#Jd5oSAFyOXWVa~zAkM!y<76Ioc!VjWDJFJ#=8zsy^QNw3$FNa zT5;dy0x*8mB;6-~kn^}v(oB8!Z&6FKvAqL)2XRVgg@Fc#m;=(OM(ILS%Bf1zh0mk#mW49p zh`S`;$K&_?8F*(Uj!CY+Q&;&u?`QmTDXFL>aDaIO#th#sSqFLaft(zOqQy1Dk9DCK z#OW>fzA${yM$B#y@MU#0ouryC`!D)7rl!KuGF+;KUX%J}BtiAL?Z(fnn(j&uKly0e zT|39LEwC{HGh?L|=P=hXcY+=q7p% zO5&ZP)8Xvn>Cp8o&#R{Kl_IPfHamd%hZ}w-VnrJ~1Nxa!ZL~DVo<%d~Mi2=VRVIg# zKpMUIRdh6(7rnFzpruf8J6`@a86p9g5>kD%L>2&M!q#FniC3aCbG<7Srj+BOGf$UD zthEYV1eqZ*#(8wVir#@2eaNScdswtvloChdvQe4sc=uG0fQB=B+KeRs?Jl(Di&A2vcppzVfCM8w;y~gbw(9LG^KoaG~|$zs~DLkX`S>zY0BA{h%m&P{0R! zTXdc2`T+AT)X0{APWH_j!$Qd0H#f9;6UuKqNBjf@r5{I_r8-}n%E29c#Y$Icrl zX7E}peM3_PZH6pU==+D|bfG!uM0l$-ag4_Fi9JA)dHdPg!hL0XbLk1C5j!~kLSDiR z%;+G`p-KJ@9UWbU4GuTUU05JOh%_5~kUI*R*q>$2Z7u3~MimxS2MX_*RJ=y=G1NjIq0Ng_ec8r? zu)5JoI}S+?UT=$U0@-B|3SfLff0VtB;#-Y3o3xovglq+lb;}GsPeuvCUGNqWN6F5< z4NRfJfkG51t-IxdCV~+ASKuWGSu{J-Bi>uN5ObM`f%BlA^*}eH^A8xq;{JpqkO;R2 zM1TD8keA@z!2PCj^bcvf@n2?Hgkc)~5aENSTmSW+3YK-O-@O7HK1e%@2OO>Mr>CdTz9L>Md3lR5=xyP0z&QL*?uRNOKLj)_P-t}!jPx5ecqpTTdJ}ekK1TW-&XyJyuxlZ-Kbj)tp8h9L+Of}3OgZ$4+I=sf@$-gaR5|$&ms`^faVv!$nO{?H_8n}N@jJqF!nJv z*x?!#_aGGDS&GaekFOOOivKCH=e~dCUVf;+{RWy~2rP?s{ulOS1(X|fRV4WMbRAFD ziL|#rF}I5ld|x#?mm6Ewz+L=~~~1pU`Z@&cPt^=pmM{c%Dc4n1;fK z2uy#Wn$_ZBK`a*SW)GUcO5PuTA$jGT+66**5>I~!!Olc z3d|iQ+nFW1_DO$#o-quU`&pe-I?ra#)Lfj{QSZ+dVCbYM7#*A%9-fbxc)ZxHpEi$O zuQ68NoDz7leus|O$H3$3Pddk!gVxT?e!|m@r}bzbq8}4kR^NgXg%JJypP&nGC`NmG zP7pr9K22m)SK==>c=!C_d%4cC(Q4oH^%7&D98jSQ=!Dg0kX4$Ak5Chn*=AU9Vx-(Fp}tlJy2 zNNwYH|NHvca*?SC8QD6z4?*kRRYeCE{~Q&zf|OLizX|f6g83FYAtWpbVo#_BIxW1p zSi;x2+ABNu`5-Pf{naS6$L{65B-APrG@KJw+{NW{zwi&zw>*2EUxmFdEx=Y8YW35% z*hw~MsT_6TX6nPYtwou!z^4+fJ!@?LLKi*FVSRXEiC;Xq3AXzGqkeaQI|&S-b|6&t zR=MLKnMFzP=Q@6&eR3#Xfgsy)qwda>V4;-zg6Qu(h59J?duO z(6qNNbIuUhdV}G&QZfF0>~2EOd@=s;i7?Lx*DNVXeMg;b;ucZN7rsAOqPHNwN*Tov z*?zFV`Esm!w(P`XpoCFtek&AbD{a7qwa9}t168&+;AjButQ&%ojvNtGw@y8g=6#H zTt&YwXL%OOgN7{FGMrm=T-*fcMt! zxPVaXLT7!Gmq56X=k}n+a(@G;6F_$-kAz^35*Jq&28fayK}4Vi;(g!83%}#);IKG+ zy*eG9+Wv8>@|f$V*(}{ka;m4N^Lx94+^S+`I3Ac7RZmM4uUG_!ERg>4NM zS~#{a#&8+dFrZ0FPEB!<71v_73%nma9>q_6x6V4`Tus8IuoELjO4by+*#Zbf?Gr(X zhlr8FN*w?&T29VgKor0V9TpwU_`G56xj<#xlS|3S$xV27_W%6B!NeSaOb1|)kCbYl z#wXKI5$Q|OYJLYgKJ;b#hP1P<-RsKA%CL(6oN2F#$N!cLK0qSW&ptx%&HuBpAOC#- z?fO<50wbws!gB#T5X zt3r;YSQU(x%QRRFOiUI}l}y{bj$s~}{%&ORhYm6)Z9&rv^J;#6KCI6R>RD{`IjeDw z%Nmcc>w!?9At=pd;;I~wtVomnl`(WJt;1tKZw0`Cvuc=Au8%e+`?ZLzfVo1%E7;nW zjM{*XW&s?O+9jH_%io_nLmDWcaFFQg+SSzsZhg?-tif(Hi;N4`dixn|2vdN2X985! z-2@t9&Vcd{mv#(+_S1FsW1k!8z>j=z9D-1W?Q!!5=WQfE9|(j5?a;}eKY}$^kl?Y# z{eV2y{-uyFf)J%g%LOzYVouH*@=hmzfMi*Pxxm;S61tNAG;O(FVgbQ z*qjtVZ~5qpje^;#YUAHcQ;NZ$I!!t359Z}wqXnNsto_s^LY6Z?p`Q4lY%ecE_e;I} z^Dao2N4^zEzB_$<+ z^0x%Wx|+2a%A6K?VVt*-P$povWd=nE8fXwV00is1Jt$NTU8i)izOh@(XiEXwvptJJ z22L9=q(X1&3+iQ4uT4f_3`G?HRR_WG?Qd+HVU-2YH>CW?6}B$T3fNBvC`87_7LUNM zib!g3jts%jM!dvHz57Gvy1HK=S;7_K^U3?rCQv>i6znp@-4bq!5nV8-qhSppVjH8_ z1;J?A_<-{a62<|W`wC?-G5p5M?df=v@L$D5UOe6>_Q#%9q+V*6ypS zGT6}-!`qYQFs?L&H{0NdNRzRbc_JjIi+dwV<8Q~+`TL}Olv*%ms!afxOPiH=1VF6n z-?!M0*WpW8jM)n*r z*`ij$6BLTH#~5BB5fJ@|xFpQUjstyd1aeS-cJo^Qw7TEg%Lc7qVCo(;h-BY~Lz73Hk zi679&Rd3MRQF3;N$0QWF%+duC!*x07`$GxYk;RUnH@1lJFIXLx7?m{9eES{gY!G`F zx&%|VZ-VY7L?T{ZizVQ8octV|I@?;du3a@;bY^nTOkf_cHc=` z=>Rz?DiPXBvQI|K3I>$FoJ6_6f|-FbqXzW@q+D1ux&YvJl%=35N(-?&enC93TZ;2g z>6D3gbezfrliS;!R|TxBw`}9F(9xKJ24j`Xmp~n@gv}dMS{?8!=$9F{eN08%4^S`z zoKScZ1bDtM)%9U33dzepdrWc}58DtP1^Jz5EcpJ(v`QPlCp`QO2}5NKYR&Xxb6LU$ zfX_aV zjE1LQpF)U^IU^;B?m}CNb>hS)#=Y}1 z1@Ez^MiNR;h-nWN9u@%+o~IMbT_%|`YOjr4kp9LM`9OQRr-08#!y%{AngHN#LWoYI zm~In1+XA)wjQWdCt8t{S)T9gyNH@U>qCh9vJqa4zJOH+&0wI~HdH7253yl_bTOrz` zUTXr$)sa+!1?9|)Zo30=e0*)#1$3L!?rEY^;txb(Gyr7MoImUS;AaLvMhG2LFNEkQE!yI0#WOTkiXj zTQzAP<=ld)@umEs;z1dXK6{Ni#WMkS+LsjBdQG{`m*1U3*>OAo?Tqs|!QDp1a~V2X z0mW&Vlb7Pa+g^a!#`(mp2ET;+M!7&Q#BONfj3gL3C!-#Q5&m%h^C@9GOI!oB^KOV7 zN+bYEG$VzWTdyMJ^!Kc_4~V~mME#WO1MbV%C#uJ1Ok3RA4lGKM3Gy~_F193fOeWH| zJ_n@xk*jQV>ARq5kw0Ht`US@i@^4+7QkL$OiUGF2wBHoM)Ju{`pBjKUt})r?I=BZd zoFM%q7 zH#V{tojP{B$@!3&1tsPyk)rdEq-jl)>fCk1WEB1QpWAAy$t9VrHUt6|y;5pfySLM@P{iRPB)3)=1xasX{?g93 zf=IhXTVq3%h1`Y)9G9MxA$7V6A91ft>eazG?15)aQVP(<2Hz?plTcB z9vz$>*fLOE|MaW!Bj)EBjo2pI63!7C#fP!tC#2@YubK+L-9$IHB=1R7oPo}pgYq$s z2{~Ez>5nE?=Jt!smp{60LHy|?;cZ-^+-rt{$2s#5q~287E}WGXEif*})>nu_lYS!! zCosu?(w30oqlX%5-RPB$w%1@1Ua=os2ffb$!Lp9nWN1OkNklmhIdvI|9=}`9-XGW( zq&HKlm=>edod^V|N*zi(K&Mao;oH#{qsl&m-VU-rgsr>-bClDN(i{i8x}$21c%HPv zTVMJR)z_>?Vd<;BDI^ovz3ced3|;w*NtI5QgWP)Q4@Y7HQqq%tobT26Rsqv9_FwqP z{Ogp79w_P8)Gy(CLiWVX-%%IP?cJ4l50G3VMaBVGrJS@Iy8-6^1F2sH_p#levy@|N z6b|u(pTug(B>WQ9dhZ!jMFa&SWATv!jhCsji3>_MJikWCA@0QlPzExn5%wLjbqk?M z!8jlUuw({(`SJ{$x_h@&!@eL?(OBTi0#aiW8U)#OJT#xSL7cBkQmje?B@ZWB)9g^} zp~s5~dM^PzX^{7sYU)vFiTaP}epEo8iA?WOQ)fZf23*p(8~}+xVn#C5-s&Ppba}Z9 z)~Y4FQOc!>wY?udJg5R(`5mOagt?^C2)m`P*<$S51RO=M%HD!Y{+Zk$Cg`|dY>lMx z|AJr}uz^^)(nnl@chOl`N9mV6&BpVq%d=Eb0qx#=z+uaai;!;?RFM{dRv%1khBa1b z`3S!WvV8uEw|d+VT$XR8M@$M7@!bB#i0+!%RVzpzGC_N(*y6S+lMmtV#rFw5xbHmr zMiGjLdf8^P>QbCENaq<58cukI@X0MNo7QF{b{XMqTd1bm4#{1m{slxav8ZQdQWL_A zAt{X868b90dA$D{T5|eTwJL%7H{20q))z8Z_T&W(P=UlGP(1Ccqw~vd`=M|t`2;+X zt2l>Es>X|hK)6l9VF6FtZH-V#ucdHimZ)ajqMskp20_^!DB2$k%qtR{(C@0@zCM6u6$vHS zxeqeN*_xS2AnASa2=)<#4KNEdL#Q8}v_6`}2JMf;T|ARX^9dp6gTD7mp5ZSPVG%?P zVCo+}IhB+{ON}pwPn8Etj#}-xfF@S{>lQnYw)-}#cG2v;^v^lq?(q?&-Tl2u+c_Lf zR$l^53AzHv!*e3qdX;>iSUFE)gAUm-sU=3P4G?FW>@IdQ?X;o;Q1IvY2yUTd%1J<6 z;vb;F5gm9Kacy|H-`OgOR~X(jwN@0>7_0(e?T?xq()H($lzz)^6WAp$CpT`So8dRX z=Z(sZ>hd64r;R@#!Q6ca$h!Z)QhXejD9>ty z{NbBS6jy0i%tqjfy#&t_<a7+XQ2Zi47bhmWqNP|3b{3Kkq((vObaxY&&~oRpOPn5)KrAG0E_Y06Y3V@@Z;5*LQUS#D zPI~>yv9pmC1?50-G!pl6v7V>=J9552_Bq@2GHz1CvndDYpCR4M{GI^BqCh9524SdI zkFU}r(gA<=^xGh+fK46{x{OIFq$$CfZU+(%Zpqwo7EKUy0MtMT;YqNcV)2|PHsZkX z@UG801Pj5E8hyR3WBpH@VsEuW`tlRS``AiBKS}V_JkV+l`K7V-PU7La6W)H)#bPRp z?`7qUrh-`}?_FOZ>$%J(Mt3|zWcnw4Fsn20L4N+LW8vA0M~^VurUun`Vcvc&-s;dE z(NBVgAbcbAr+Lg5hDO(ou-`wUEKa@dzGx($M<5C&%;LQdB!v+wl>aA7)bPUljbL;n z`(&e2{bfJb%J(GDn@|h86hPFWmX;O_R`ZR{`LNL?+qcdh=wM)QKuX|xu%g7t-EsIA zhI4rDetfXgfr06=c>(54Kk!K+I8in|<#w*A&8yNq7=Zyz9@aobb#L*7kqd6qH;##+ zkiP&n#cVHa-_H(g|9DS05FC;z&sLgq)%)Lo&}6K#m8KXz&W6*h^MZl`P((n+rg8gx zmN^72Za{$`V$+R72679mv6284!jcZ)hFammf>%sOVnP4U2hKIho+#`*gGea$l<6+o7uIwq{Dq}0U&O!fj? z9j+0hRM-Q+JO=2clGyA40(2BXASb`Ov_jDb?=0Os z7;gZHSR@{jRxFTW`&MbnRpALuGo&rXTz%{oT)92 z|MmKug8wNY85wIRNJ(}HtbE7wTCb*39zKF?ty84 zf-W765Cg3Xds~Y%=W<;0k<|7bOw!Jn5WY&lZ)75HAE&12`oPX)#6{q|C%6IeS1@t( zbps4TK+x3)BU~Fmb@7zs7TJO2Zw>nswy&PMr^!21Q#h5|OFJO_jfb^~a%sPW#=x445^L)PA&JJ;` zM+K*I!yb2Iig57z<@k6QO_Y#iefE{$N0CpUDY6^SLF(eREBJ$$@qGTJs^KdUwBo$3|`_+ru)&upx6$JK#|WKhR5n2%`^|Zuss}^hz{i zz)Q)he_x;M1$2oUR`uXRB_e}BW2+xYh}{f3g4kE+_MhBPP*CEE4pl>sDAl0Qv!m5x zB=l_42STUG@LWb}WVOF5TQ((54xI?1D3{1)MxyBVm}cV zv4#TNimyr52x(;G#HwKRo_cC5%Kj%99uyQ6QPndB8=(UX!yTM~Ow(4_W|6>D)4NF! zp3vV1TU%|^*i}NHhtl%-1y1bZ#;1fk`3i2WIF|8&SYZqv+2MrjK zdQT1TtIul3$y}=?&E7NAku?zygZ_+B7%V|=CKNdTM<*MFU;uNjzP}fSPU9 znL(D5CoF)_z4#f7GePFAZ_HU7@I1T4>({-?RyxN!njDeiwJ;G}6G!5lm{wiSsWD@P z#!+7m5a|a!!Y_$Gb0;T{(iphN=Ps%AK3wGUe`pQ(T!;lo!mI&9!=;cz<%g_SNpiz7 zgKEgPCBkC*Na%<$xCM23T)$g$2=9s4&Md!hK~;$;=LM8MNE}JNEGx_4PZe~`3i-mv z4QISnAQi-3+4s$5fU<^+M4FaBNM4B#9syZTW95YrZk{;E)ocZB$5RRrgsden^&^hF zJLVuhQrk)oh^AsT-y!ngOz%9fTA(SqfTT>&C#y1{GYdoTDPwQ1=C&?mH**L_J@%`i z9yNlJOhL2sIbA{%5}BVw4YHA71De;EF@n&2$u|hTRl}Vo=Ma8 zBc-ID4@l?i@y2nmSrLII%3{&ACzo;RY}1@#e~%_noDf+$qAxk=7~)yb`Vl$+pX_!guzBI#EqD z;Q`K21&*aM95nhowK}jHv zE`H#}B0SO}Cex|B@e2f@GlEqNgVHZcYvHbeG~Y`QbiO4_ZPBe#p^;CaxP@HH_g~%!oPS_*0i)e zz;WaWGbB^KhT&qNHm*wGuuu2LQU1KH?QUGy@hDGOH6+#)l2?KN@#ASZ*JbnaeosnD zT#QDOh~saS;=Hjs_G`nKp9$JDfC$~=MB-RRPBiGOZm^fl_~kKGr|GzgBhMSa1gDUO8C@wDVO4UgOSJ{ zHI2`10+d(YzhC$|GW$__=C1(?G=cTKt=c%UuauZ`qYg}i`w)!2qItp@Fqqr5HqZo= zmHOZ_Wh#1W&4k;Y+8nXOW)SyX^NI&{>`eG92dv8FzYQWKxlpuWnNVO)|0SzEQaZufqZck^$tmU^YstUB}-YWJdhaC&ZC=AXLB z;l(OZDt&*wOrONy3Xm3*V8P}C5Z8X}S%)ox*rfMw;Q1n!PA`N6TjA^DHQ?#v_2PcZ z5lkY3>~32`C1xdfQ$%#sp`MRSC(i5w`PW)~t;-bcp~VM;0|@ z4B~jkZ6s69%51_iLncPXlRWBLbtF6P2j^q=7iJ-PA9fgCNAZW%lJN^0Kl|2XKf}Xk z2BSVASO=54`j-U`DZA)fm@FoZKGl%Wt~{u&LX-bVXgQKCDLJ8z8BLm~#2x=003|J6 zBjSR(`22!1*HZ56%UDGr zH0y5R7-+j>LO0DPW(+)b1Mf#RwV9pA?Esl%$*0PuVZ0$m@O&2y%nPK-EB2QLU#p3W zt*0aCerc$_d$f1u)wdwY!T|hDjRYigY464u|%E@S2xQtWKJe;$BoPv{%Yv4HhA)E>)NRHdHIUoTxg7d8ubhjQ&8) zrSoA(6l#S0*p0hHJgVn*PdS{>)Zz?2*y4TWAie;3Hlx&lTu2sQ=qVPp*jwzlaQB)9 z5S!m7*lGUp7;`v3?BFusilBzTVDgT;?l#3+x#Ur}tYAp|h;ClY$juio(q=)$Z6?{(vwZBk372auC-|jO2Ib_f`x*pZPrV@A%rv|LddrIoJ{&SncXWi)al|1}L zQqmy&omi&0Uvuerr;gG`qwAgEH8Lxb>XvtFjIKSJ7KwEot~nf!NQZ#S>Ik*?4`uN%jwKXtna}t2--M`3C{?M>KjEnbe#- zdDHQfue>v}$(0z#wcv7*O9vs1T&=G@n~5nCqtase(vq$BX*Qz8ceZOdH0rkl0)HUn z(k^)TW9d)fmFWB&)9}6jY$HLtV!oo*|Mz`w{+F=wzb_y7|Njb`6^$Tr6!AJ@35Q6s zzZZX0Y`k2dg#w-z{42|+$&e?$3b|$d(!_yC)Dk|^n{MQ=*9*V|P;T^h`6mG?02T?d zJB9?rFcj%W2mhi3R1O$N92j9=n4+Jmp1LDs8g%c9;(#7NQ)Y)eoi0M__ zKJd}306_}j6!4`@VMVXnfn#(>hrg3kmGe(MSh-;-q66XwXlv9{dHM#AZ<7+dpSAZF z@kQD7FgJ-_?g%Q~KR)KiZpE65p?E>JjD~^H?s%U-+%omW8FkP zFa_i6PgxvsxuCXXu8vE()J4mwOMEG5uyW#PL_-l2%5{=UEKy06=xF4wuPbG*;%^?W|2a#HvZ5F`wdp+M7VC=hx{ zfUM|mhXVluPt1xnC?jg%E$`tcTtMQjQ3)sk=+*iFi-Ul57nCr}ymOP_$$<~Ju8ou# zt_V$6nD{QUT?~R31Qo$HI4Iyt!X`n-$@#aq;AY8@X&t~w1Xr2sc*J`*n48K#C$;h# zgdB9?%MpCMyu_zZ8+|79{=RY=KoCon=GX*7uAA-MB~sa)?%`cr+B@B^1OfLrV)E^K za6{nex5E#TT_!>T9SjU6}a`5eF9R};KpD< z&%JDmM}*2sNu}jMpvspGh&+>Ix@gbz(A-0(4X}vE>@srqc0a>aA!TdMwk`~PFHB0% z@FS^srt{IXv~FQEAQN_;5emnDU{W`Ee(k*IfL$v31A%wo3_Y-qCq(X%SYokQ>Tlq* zDn%Tr>$didDMNzPP{O&IZ_R#q#E;i(cUM!j*~-N*`#XzK=ab8zMxjmg zocTL=vMTaSroRAB^T?5!!Q^&5__7k-KsAS&x+%1@yn$Uhg$=$leKuV$PU#c*4hv%D zU!3i68iXPjcC9EO&Y+E2u-*LvhmzBt)D#O*ZoP9eO*VZDf!g1E2_b8C5Y44AEsF4f zu#w6{IS|t;D(3WLKjpELPfVI|ny;(KY;yd}*t_bVA{Adehn#C8Rq4N2=)V;r-wC-~ z=~~htav~on1eH3#A-cDJB!uyxdOVj7=72LM&XbZ;XpNZSCyz}ySzhnEV=T~FoPnfc z!3Yfhqa4g~VsQ40__t*~g1CYBo3^O#BS8=aeI`twIXKb+im+I@&V}J@=~#W$dw56< z3kDYlkmcyZ=6)FJQ&r=~?jpeDl;d$$hmWkk7uYekeDz}`gX}1QgEBC3)Zrenr>U=* zs@cDdV^YFG2Iw4@Y%1}A*DjXCrdaHl4-bAvLR^rtaP$^j0@U}NMB#Zx$Et5&bNM~h z7S6T#VHGQAsM34)R^oK^AD$yJ3ShjWNN@Tq3X@u<=cm6zufxWBUr9?_C?;*(-lrgB z-zsCsW)ORZcZ;OXG-3@s!Qij<)=ZVX+d)+wvpnNlMuyAM(&f94nno4Sn_Km_&hUX??Z zdQPB|XAPDI=ZRNwsTB^otbd8Wp0M3paTYW{39#oG%3{N3JlTG#IpKw&N7#RaDfg2^ z*%8#~*5Tr*&gZ4@9wfRGtdeZ=DSL~QO{f443-6%1ofZb&nuTJE^)Uz;kiKeNebH>4 zliv<4%8g@N${&|i$UL)b;NJ(Ect#hHg(WT<-B=Wz^k$g<*NsQID>YkEJKaMlKnyqD zdrRI`73Yb?ozCetQ?=ypAtBSn2-Xra*Cq5tFUc?<5Uy&2W2}L<620C%vocZhZ3aSl zfX4_J&6cPS6eg|-wo844n(OIH&57=OjoepLsICx1JQ_ySVSOW!92uGYiC4(jw1UHP z)hWQ=r<)O8&*$HL$SaUhDyC)_xIiy(_fviVlZbhu%#tR+a^BnB{)8HCLO5k{Fs`^b&J6vTNY7 zl3|*>@;Qi$1WMGIAqh=W5ww=BobwL$z% zg?hhBUyr)C!2;~)D8CjbZ4EJN9CiAi6g#)nUWd9UioKz=&b&c0evLxvsQFX%9RhXsG9~p;S3ng) zBPEG1&eLkCv?7I3F!{F?=aAG_+#a`FmcS5cwRt7uY~2bETN&qBA$Xf(}T83@2xNtT=X*T%ytlVwDD0F<;R~#^@2V9qsl)=!9 z5_#5Jkd_lJ$xm?TT_!TrXgDR-r?lvITeA7wwbbBJ;=W7EaKE^=I1y*>kV`kawI9RP zV+%e}f>x-xKl83QM&NY0bFuyz06tIq6;Pb&$(M0M2y0FN$KO%j1=AZv1fHyO1~jE= zf{{%2#z5ozH<^>SYOFsipfj4Fy@3=wZc`5~NlxeQx_ zmoDOT!81B)-0yzvY6hO;8w;wE$ecrm61&EM3BY69LoJPhU2cQppRHPG6Fz5x3Rkut0%jK(o8m@!7yQ)uKcnkz9?gI(B*B6= z7{c@3!f51exl!Hnf--|r_3=Xi;8(eac*inQ*!qwNgqknVGvUZ)QhAD1reRfiG2{RtTbd|;Ii0=wNV;1AaT!sjb2gJf z$(ZK>Ds2`-ja?+I0@1NF?7e3rQ+`9b^CI2+4cGo6WV%uLmt=um+*0}@BaIt?3#A$I z@AWt8stR|P4)I@ve}f*ZBM<)>TApEIe*^=0!f~$DBIPBqy&5+@oN!!TxQl=ZmL!Pp zslyr9=!(PoH z{_+A&is>3T-WLq@0F8fc?fu>9Toyx9%<+-pdB0~g{^4c+4jrYgrOd-jse=6WaWVF1uxO<* zy;|SaEi(7EFl2uQ;FlSR^kj;)k$m>wd>I;fw^=^}LO1{E>1Oica}=f{cWcm0P<)SW zqjj_m)6$?>QhYP~IyXaBRK#0yVj%|@c6(tf(U_wd7uX~-;z?lxtN+ddxC(Z#pPC;$ zb){etT0uziSN#KUbXS&qa`WJ18oSJC^dFF3%4>G-Lufcd<+yl3{<&qKE@4DC08xjK zt{EKX&^q-6euon&=aG_Ra|^gq^$@GfV0@Kqn-D!2AgC=@~d zPU!wG7`vm#l2{}oI3XLEMn!y-6DH2bFfC8e%|p_Lo&_8(>Vb`sHj*t(-Uc;D?xqAQt_h*_8>ZebtT&Iajr4KluwQYG8hA!=9{34xOSlxBEZb}R5@UuNhM?lHvrk|`aRQKiCKvFA(4-lLex#E3CD{C(+gTuS-Z)_e+$cE9*N1oDcgzXzKK zg1+j2Ul!k6JNuiyb!qQ*ole%q!nmvn();J!7geNt=wNEWRsD~;Xu>8~A1u6zQ{+=UxC|3c)j&)7mj&-+L$q3=iKU{z0t9d0mCo4d|#${#FXJf zP4c+%3UY}d%Vv(+&H`kabVgCoJHrIO(=;92Pok%_KVqC@TY|y0Qmpk(OQn{U1|(c> zCXcy_-~%$ZClLpw%j^BPU@}22H(C2|7Mx|e9!n}ogk57#l@2n8F5Suw14e{*`nq47 z-XT-amuRHu_@j-^jl*8UeW@g`r=9wNO@8J6SGzNVV`rpaFWV~?7Z*QaQYb zr6+KtKQ)vWiQjn@`QHvG!Kwh|%D-Bj!RNXQEOIG2aERdeK%+#$P0w7lVNP<8O8UahX1Y z)?jhV8gAGyKY*O1Q0|s3ifFYORZq7&6?@|G_S?`zU|UbB-=5FzI77LdhhIqG9Y9D| zX`}zTjuU<|%1KIYgKx%Po&$L8kxY@S)Z9$gCSm8Pic&}B^mLQFlcR#prG_Z-L#Dx{ z+2yLS98H^r##;BjeY~^__;1FJV`u=xLo-0T6D}cvT_yCwB~OrH;GT)R06mf7UA z3x7a-uQ|v`_2TcqGkpXr@cr;n#Wnmj2~h zUZ}5+0Hg!uei`tE;15IZ_$~7l=6er#hEIM;=Wn_5hn{ar&l20-72^CX34h^>sp{R4 z@`4R{h(Ye#TZsJI#LaGNG6y>W;VdjrDM)9;Uh!++>N*s$Fvj@glGQ?j)QD3oy3=0Q zuk}x=jsf}j<5;4`mP$u03GB;~+qE?{HL%&U{WZer$3UDNJSU(I%)DN?cSgwHrM!A1 z%1?o1dxOXQSIB6xLRN}X|Kyj`-tX6g-n{Vl`#Rojt8%@jarS42fI!L03x-*oHDkS> zVSA6nbDys(j>EYVqlfM@l`5I5T-YyGw&qd^#dKi^ zE;VcbG63u!YZpVGO5ji^g%6?L>kf&0{`v!z3lDA^h=&{m4|a9o5s?*+R43=WD# zidl4guV1K=FVCwT+MTyo>zlnK6gm7_y^oO$Z8yX3}h z8Bz2bBrR&|PH)>u&$P|S@`f92@N;Ezy}W#!+QW0*zLdXZgou{crfG>fE)ooSv-wSQ|r#`LhA1C?L1C!Q=s* zRnt#3fAgvR8Ed+RCU(A+^lkQn_S$QrZ|<=nQ)0KO`RSR$zK)K53fl0Rx|LX--;C{wyxy z!u`Gu**8VL*kjt=3WB+By;~_hH!W>hQ#(v-+^Y7f>QjL>qR{uqSP>@b{igLZKPYJ$ z7~{77l^2WlIdZ1m9s!LARj%BhO{P>_d;kQoot$WznNK}B4#q4v^o(yjuVt6T{0i({ zV@&m~>X7TCD)Tkl?EP9eN(lI9kAMOw0Qf+g2en;7benBH*D(%*Tp26i{^bStuhZ0~ zxgfor1cGzJH$oxSPS=CD$9;wkSUj}|t}&%#vNVo6m&p~<5!@(L zcRzt&kYa$|FX-w8`_%%JTS4c$iZP$e&mXa?x2FcW>q3&Kzvc;yjZV%wDM?o8A#Dr| zC!Qq9U9HqeL3hOHv-O>Dz?UjHAn_W<2Twb4V1nHvV^(yJ7vr^!`8aR)^QjYuokGtM8h`CAvT#6l-fn4!GE&q{kzgF)r zij#le2-U~(gopT_!pV-Kt#HYOObgQH)+ z*#Dn9cj~3ZA((za=m=MMka^hCmY=2&osfSaNSSm=rp}A1e17jmUvE%@t7qJmKSNWj zpN=Z*+-uw?7PDW{U}hsUTylTaUD-%ISxt?ca2X24Kh8Qn#=H`OfIEVd9c;z0!3tW{ ztwR1&;)9<<7R;UEn17!%c7i{f0%F9TjHv%8cAA|rSCW%aiuRe zXv`?R8{NM%bvzO^jb$ir0H-9VW+Cu(d3fP$d~)&$*r(%>LOU>)L#Nb(A4dDM&bDj{ zU*o?%cew7(e{|`d>eKYR&X(U~jl+}mx*G2?6Ba^G)Cq|BRP`++v=|#nv3@+!yr)(T zYK6X@9^grUR|wYfGI!p8-#kgaEYUOlVmqtVw!^J9WI&&_`pd{=u2-Ax&Zs*L|(*$DFx;muHB!dx6s1l~?lm+PwaRFe>+I7VJU m!Kx1a9I3f2-cMkcPiV6i`89rM*9)G4A6-oYjVd*}i2nhHRjYac literal 43333 zcmc$`RaDhq_$RD@bST}O(jnd5ErN7|bVzsS0S?_=(xTGc-2#%*2uMoDyZQZR)_Uh| z?&iXE1jKW8JMvfv*uQx3(g6_$e8V!TsC@bJUmE}KU-wA{ z(m5?HM$?Rm8^;_v9xng399Qc$jPqW;mXnhcdAOJvN~DY3?ATtYGfkvZfkZ~KL+W`W zBO}juCq#U2zd0RJ^Yh3n zbb`_7_`Ca?^^E=aSu`GN33JPeJ+WcjT*ZeP?YfQQkwz#K+I_argLN@1M4Zll!|mNaExe9-F1>46$;qkzG#f43@^%4(U?9iz;r3rRItd55Ju>bQ+Wur;G@e>SSsDH2 zHCZtK#-5XwKWk!(+tIH&({M0ASp@}&G6<>AC*mhgXksEB^T%Gp&1lqYD|v7 zXEzy6V(9N8ffrkV#SnDFT2eGLH1zlP-(2@{-Jjkj^P4yI@bF0IFhAR!$mO(DrW%pZ zuF~S)KRU7_eqtWWc&GcrRwsc{DrS=jl8eP!^VHsIMS%YoVuopHuvQ{6*7}rL5S0RoH3gJ{po;280rvPGC||iqbjp><5aRJ*685c zmD&DuaaUK@{X2*Q@p;bCT8BvcM-B&)r%BhrBhxq`3t}^!Rta%&cywYb;-)Srjlx^a zGSzQZYST=J+~%=_?@T^)3)@WO2ptBUZ;!}4)^t32Z4D;Ol&aKUP*G92AFpQ9sgUZp zT|aCN#NpAa28`h?HNzsHzrK(S-5t*^6pw^g&f@L*UirbT#x`)s%&E3JC@6^d;X2rE z>4zHM2Q^O!G2h@~yRQJ>0EDElRTgDVeJPpogH^T9&DllD!~SZU_tnwT04ZxQ%yLmPMf`cqz%!YlFSy&dFmI zcSj9t=w!l*>FUMuYA=>Bzp+!rM1N)+2@tN-Z%L_Gpk`+^A4xGE+(J=&9sEVNfu%6- zaduWStP{rK&cVy`&#vFt%|A99^B4vPt`BjQ1)EhfcvsWa&-qJ}lzpT_SW^>-8rTC?AziG=~-NiGjyB?=I5Jh#*7G3X9L*ziii|nzB6Ts zQ4!HmR^(^IwJ}0=`N{Sw5%Sa(vmE2BQU5LN-EAjZx~sGHsHQA|a{A+9$goZUllWha z(}{1<9orw_N4}U+Zv8C$%&$>rA{Ar0`ePyL2R)Mwj*V=k;>%GQ5;lFTXg%6fbW3oS zNTcQTyS#^kt{?A?Mea`|cA!hBJ#`3M_Qp;1(Y=hn7dx&uP`Co1%ie1~=drDi7ysrB zT{u;3$FulQ@K~tB89aBh-L(-EQRj#KkXtyfW=GFx#2`otDe|(ljXGG=e%HSdJ{3}n z_tl6s3lPgbtdJ?q33AM@EA?b@~Sa0XL>lofhoG-4J3HgI4@q z@di4T97WwqYmV{|T|~0*DZkr&I?rid<8HXDjCu}OdwqUs0v5|Rrh!+h-f`oJLkzb= z4?Shp8G(a^zh0r>s)k98CQXsuD*DTsvj0^q{~5wi@*yVUmO%JlqFhayj3lB9yN0GL zt$}t)uMqgN}1eBC7HK!n~HTv zYOH)QR?Ce})c8q)Nj0H*BLe%W;fAtQq^d*vYC)$40X;i0=mGAka z>|Dc2>NpjYz4|yzO~r)1rfxHhq!Ei|4G;DvI@%;!1Sr1TZrZ$Ne5GgHb%K{@ z!gAQtb~zwnb=T4(ep&Y($;an?yGCBrs{OWf&nZ?V59onRAbY3w< zChL+a(*X#zqYo1k<}w@HfHoFm9O1iRoneU0-b^V*bin7ITMA;>Z(f0xq=S(T|7g_=XWUHB&_8d0hSuW4nM9~Gibb` z5kXym>?9Y93P)g$0t`X?<7NT@l~SSw0U9CKpy#R>fF(t0fi{MIH|By7#9!;Z|2FN) z)(-Znygb10r`rdx$OKMqMnZ1=ROvjU*4yLZ-#pD&NnmVHk@d!+Wo|N;BgXoG+@y<( zD)nA+Q92=RL(wZAN~&%|=ZM+Q2R~!y;_TT=p>lNPA#z(KI7DB?e>FHvjM2X0cijs} z?6YxU=7}-eAYApkvy;m-Qj}Z&WQ~W@71=n>@T&1N$N$ljyAK*nwT^x~SCL8#qt#cj zA>?!brK<1Ys`IC$Si)Wo=fxv`Do!;hc&o>3Ffm$0;TdM!ElTRON8z;AX(s1MD}{?g zQW9{!m78|1FvCTi?J!mF3XA$ik?{sUg$UUtz0i9*`9oRC%T@O^UnrFTogB)9;5jNw zGF<;akt~PX!EzHPUlEw4;r>vrbN~b_aQ9%(%`-BRd$yUBo5#i&(<_BeH>(>zZdNs{ za-fBVxOBv)@j6jbGN&_YRT?qKf9ynDu2qaB{;JSfnz-)lgx>iOK_ZKa&n6lZ1GnKK z`&z;!YJ7&hBn@Yyv9tVdrL;>myM7$05H)ii!9@sB7T0fbH*yMvZk(U>%U-s+V=da% zI4d;j_uHw4)VX&FguGI8i_wE8fp>Uw30%M7aH#^>>VMHBlFU)X37U9S+59%Z9SF)# zQ*|OAB@BkTOTF}_YVv;uooLEsGKA;OPtF+79Y~6>DXv=zbs7_{AW~=Q*Rv*L_OEFP zQm>qGwZkisFB$vmR+Mw=h*mlizJ5txWI{CWx-L<}22a zv2OS(6?~D)_ApHxwp9=`%Nf_{-U>Z@cA}EU=BFY@pgjI7q|2PMUPaN4Q#}tjN}@%_ z$c6LNZ-UNAV#bsoi(tnOh}U21)a+=iiH9N&&2VRkzI8Ovj22h;o|d$fb~gSMVi~r~ ziM=k&L*|`fL_DnU>oW_R^TE$58Z`6ar2KGddQ;(*g2aD+<`TK;J69;JvEFuoZbG9E zp!A~&%O5dU^P*+7r2L8<1ESz~mJiig#2l1cDHM|_d>z`tJ+L&@XIEDPJ;Jwpg|_aF z@AV=ohErK{`AW4>LoK+sBe7J&(oJT@vgIt<-soCfIx_K5ZRX5DExsKhQO+;H;S_a@$f zZ@y@ji)TC#4|13m)Fm%up={Hd#K=}w@@O$M;G1G^rZVYFs}-IXt0ML3IqAn={L~wQ z+s4m=E3xoZr+bIxVuZ^;zJ3LOf^7z*Gg@Ajtq<`9Rv`Q7;B1(|54$BTQd08je+Tn) z6w;<+wO=ZIp zcM12li(ie={^D(DezZiOx(R8ujWc69w9*ktBh2mOmO^IxgF3Q`Gdd{RNH)c%MRndc z9^lgt(HWhij7u6S!ceRhl(p31wwerJi07a^i-=|>|45_JQyr9zH4@{+n}i^>;Rg3D zJ%`-8zphUmAbakYntd?w^F=SH(#D1kUklbYn_){uVVA2FhGpS2{%p-$uxq(pio#)( zhx6Y(Pfc_$G&<#3^(gfE_ox4qEUlWj_MNy5F|YAgouoZv+@$S6iV?zj+E;LH10_}I zM8kvUSkq9)(9cXP(;-C3H{9r1AK0%p+{=DerdKzY+$e0*^L%7U@03rT*D3F1ib?Gi zdtKl}RDWmDmB3&*_P36I+j#uDYS_|hYl61+hWvtg{qSPGOT)UxLahADPMCXhef5A? zqC3nVD7^A~cOTM7EUHG7#n;D^Qq?<|B*dF3^lU6|J7ejr6L=VAN|cCZ70zDGdu{#X z_>Boaelm93)HWuJc>T947(s&>5?OzEA%&zEjns%*V!%YD8qoGez-03pV?m3`;kfOJ z^jDY-740Ug7^(W$MV&_mx1D^iX_8y_o??DM#o>iM5hi{HpSmD+eSf2)OOwm4bk1oe zhTus+7LH@IBp;Laqci=)3)#k>RN~{4vMsCfWeJB3h=bP(3u5cnpq*xj!+CTIwxzm-h7tp(w{2=J|X%R}*ffUs()^sOi*90f%}@+OjdJ_~X2fHrlWu`*5H3 zSgw+6YdGV(aM)zD6;~B^zwmT2n8g`IPwHG2qP}i2AtQeku$U@5LQ%M*Iz8WgD;AFU zF9i@ZUG124%)s8mg`chQzw5Vpy+(uh-soli9z*DSkG(U#{e#230mh)&_wF*0R*AC9 z&ct5Dd}zwWCEbatcDxw&LK63_*}`1iT@kEy-1}c&-ZN5NVKgph`6~YTWR^woj|jn? zo8UMq6W+ya!PX+c+Xyi8uN`50E<3V8zE=Qbr_Ta?#9214=Wkq7YJHjk=6qM=T04)p^vH6rhLp*c!P&7ob zl~v3N)X*;x2#S)Hk_FDITmDjxK?0Rt_|j5RY(eq51FP_VQ1&O!M`=gdE~PWjLVVMb zbbisN&2CeB2}LZ=io%*l(AMVMVm z8YL z9^QA-H6S$D(PaqmI=ezBGR`O+ zfhfCX;&>)&mD8pM{M{fH`OY|T2BYSnWbJ*L?7U@cOa7`t?;Te{It>_By;qm21ItNSbEuw^q$Vw77e7?;iU#<>*?j^W_P-Lfhg zQ5F;jXKa!DUs00Tho}`w4^i~ts{#FCyZxGIVbj^$#DC{Q4ozdXYi6diS&#rEAcw1p zlM+r`dF8hU(_3>p^94+p^wDocr#2WO_l~J7`i(Es0!nkdx%8s5BKE7$%l8 z^Ip#2v!CYsP^CLck7x@GXLs}!}6dIUrt#@-B5SxTBeQ@ zdE`~1n$uMHP=^`))nTo@lI`*k79O?nhdvfTUXfgyOW=9;qixTk#-z-v(pD(b(VEn~$ckd%UNGp_(mIEA)SQ=qpNNvqK07k5pzhy2`ZV zH|U=Ua*#4^fS&Sqt^tza4ddH1!b>~tJdIN2i;yo{$fn`Z*ihDTCd`=O!KATH*~dD+;A$w5X8Y8Jpcx*vB6UxKkd(qEui1jZc`Ay>RS?~{%Xrr^F(A`_vp<%AyIUtaTfiMN&fu!2*FQ9*lz?2G zO+D%i!GHU^HuJo`R6}%?Zi7~tYS)uPhYzhnq57xJVbcLu8RqsU#P;@f;1rOuoAd(D z00DzkuTUE8yoy~X`{d-rX|sPUlV{?eQrr{k)YOzMLrk!Uk$H1FiG&)tkPu1D=c7+@ z%E~F>75%42J1g#M`t=rQSKnKsu4;Pa&EAqR-Ng0m{Jp<9&)3-+dG}~8DJeNPVmkN< zY4?MUoS#;Bz};v%=VHC3yKnI5(?}#19WpLcn(-6FGA1VGe%|M%VB^i}sp#<zmOl))1}*;{|$R16Ld+N_}?pvr{B zzvOt@Ip=iSZSXd{6QElt1-tIdlvcmlRp(DX#_PA>tr|!sWcMq^b3-}MvkXlyhZ$?q zKK|Q`6KMwogc>la3k(tc-R*np4c&|JeK67E*#h(b?${C&6T{JnxP7iq0De2?dGzlH zhz)E#9~U@UYM40bY6r_He1Fmtjmyjdsp_9oIatw^5Wj8^p;;N6|IXZl?w*2 z@3Tyx+vVRC-S+*HurN8F30k9zy(vVI7A$^2^I_~D>&@?J z_dMT8uAx@`{J83Xv^((vjetY4-PapvZa_1>IqAUwt@`cDidrE5m*)CqjDmmO1n*LB zIq`P~?sPp~^$<+tYJ)>=k;v1%OHl%sGp|W+ghDC{MfjlG)!&shuLI_JR^L}i4xovE z2GDrZBy?d7q<=uXP74ku1`%iPCnYeNgul>;7i&K^afEKTXduLK#9r>t>;eG|iezkT z49p5k)nIru=o)*;M9l54T%im>PmVtPk{h%`f;`x?4X}fmb$=YrmSgqkwRycuJ_x@8 zUYp_E z*BAnWr~0UnCRMUxkAZ=aiqMKhr>qCS(l!M!286sXFV4@Yi1q4BURh#cVZFh>xd{UA zowp1aI>inVn^9+xTq0sBryxx6IHgq7Ym^KX8&;sRl91>Z%j58k=88OhC;L_m1@@2# za3Xe85+-+>KOd+k`xGNe900?|w{R*D7NOv0K?yz2pVa~>6!_0qEAAL%!dc`{w$!to z`5*-&`ARuPY}4>AX|eXtzmmV(%vb9*K}q0yShXs(>n+Bpf%sy7Bc=FkXZ~1cXQ(pl zXcwH95;$(!C56!_f@#{Q)vEeP>^wX$fPh00crSR;3A;U#N~a{Qx!bVj$LSyNnmwiF z4>`KhV%SMuSak0Eeqw3O7%GzNk`*KD6Dx#=m>_so5K1Ytbq_1)Ft^bU~K z?TWJGX-zJ9RD~%h0v`fzyrofp=(o7Vs8tuA#}e_dXq2E@i#s-d^Efq`4ygynG$Hq$ z{dAGs58Fi+!*<0hRWbHgMz~>e@%o_1U6M&Q9Kw&16?0JhN->nomy&(}qNXvzblK-H zx(RT!ccMwGn1q6j{oQs^z1j4 zL*!ci)93O4dGpg`-b?mv;B-c!N1`Al&``gE`wAE}6h2AauRbw>G8f9wb@Bc9wKR#E z?-zc*dtQDouP1AVEN}E61qD=v_KQY~o86yMsUS|tXo;x&jiPOm z?sqmn4_Djn0QTdw`N`BP2R=J+!;(e({myqIrZx{A1;4uDCoI((!?IfeEJ1B(bhyLn z4O=LED3|B<;pzIlS#O#=zC~D_O9X#^Z?Eg0*>a${-qT!HYnDTuZZYU-@zm+w+Dk7T z(kXt|0yUk340y#()Z^LowE#*%fpgLar2F(5F_@2(#>5F_1X&4GUlva>UY}y%xZfJ<}ZnB=r_Z;bnmr)%q>%_h$;j zg$ZI}Vtb6~1fqU>F-}Hxf)|q#XU3#IU?j6x+b*D6D2VuN(43jq{|e3E1~g63ivT$S zy2yqze-kj)z!&)uTU6c)TcDQMBGM{lNLntuRK=-s;d>>U*FqzoBwBR$??A?G_5}Dj z3NF=ymKKsq`uSm>=DrXhJa4g*O(j7d$92)oL9|KK4Yp;kOm4gTED?>)wTK8r>;mAx ztB2(!2C%B+2;#Bm(HpdSfSDMiCZyVvd;@BzPOVWFaA64<3NW{j38YaNHOm72_&hya zMG#Xs06bF6?WO!ck4r(K2Yyj18dp#178GcvpFr%!Q3u4I2hh6 z(6@a7$K)Yh#9vr9_VM8kD_Na_C=~P)4GM1Ki7rT>30yBI%etVd+38n6v=0H22ljU< zJpZVl3Glq}1wjV_wQn>>s6|Z~Bq@d@r6I)S9jJ-Ph!_}8rvqd>whNurQf?T7Cm=WA zwL&-jJbAQvB41Pf$;!(^ZzyShe5`76-llw;tnvJ#okRlljFgm=oE*qnYAQSq&*^6q z;^)vsL#8f$@!&2P=0p~s%k9Pf-ky~!w$l4|pAk${ZSjeT508(JcXvOu``mDt4-ejj zfJ&dV)K>+a2AaUpYMa2^O`k-ueDW~JVTg(bwBj+?{5GdS{zhrie`*(IUsOy-BV!ON zkxBNyzF7k&-tO18a@Bko-W)7B(l zv!!{sb_TrEVTb=r!y)Xuw>&shL1HMe6#;)tKh1n|b_ekiJl=HYYfm=@s{rIbAE2~f zoU?)HNRJCIb_GNcG~z$MzT2#?J^o$Do`59EVZ`y{`LXnE9GExJh@}7F-p5sN{kR#n zXxXk!&eZD-#8+?({wy^(gsJrYhl2=pt}0 z>ILKTz=8*gTmd)+Fs#OD9qAW@-{#0?@Yi2?X^MoOI%;lQXA%S{`{VR(P^v1 zbvT&3Nf1z`xw*Z0XS?9|oS)%)UY2?Qg8r_w@GvorYB*3T)h`mE2`P08w`D!Fd_@pp zcDnMm^jpAZw!HImx1P7`Yv?evb@v$V&PKXS-|lxGVJuyyX6Sp|EaCMo7<+TNQVGR` zd^}9K${pnV4mM_6oUZOs1NTbHzSUXsDNTZqcSiQ@5d*ikPxGeXmoc?fv`S$uUDscK zU?Ek~`9ZHXH#bd9O}CQ(JcIIiNXugo^Qz{HzuN4y>t|_;${0U7zUKF!|Iq1hniu3- zst1WuArm}zHfgn6xGyt4rxMY}Oom!`JALYvPEDI588=W8@MP%Q@bH}-Y$BLu!im29 zXO;DkueM7`sm^RH{8Rk#L4^Nc)9%PS*RkK<~(bikOWK4KM9f z`?j`o^stzL-%oEwxK%^uGU>Vi+m{A$vqM^3qnw6Cc$sN_G~-8c?F&az&bQR1OIO)S zb=Qw?R>M44m$25#d;dHFP&QU!I@j~IxN^k*xWj5VPFv< zeGYD!!2s?6s<6t#t!wkxU%T(P<44!XFduw;E8Q|*z4>=u$6bN1UGE|Kui$YJrZSch z4re&M?qn>mpoxHtzgE|$t;({xXn>}AX!*Bolyz_9@+(_-s{ zbg^Nil7l)!e7*V~+PX!BozFfLVZDVq4 zw9;Cf=84~&-+To7&ic}Djlr3p<6)#&P3+NNRSV|B=1@)QeC~c`&zm#^ZxJol5La8< ztTBt38VpTPhs^+00v%k)_tw?StjOt*)R+I_pD?iB($CzjAD=JT2~9` z_8}o51Ek)gyyIUhMY1McuNRXfGv`jF(0C#xwxHKnGP5yT2%ezyK*%{*RuV4%aZCpq z@XW_+$Q-?wM;JXYtThu}D=I1iX$9B6%S~2O1=2{*K=9}0(DAw*=tCYJ*Z(C1nMPL3 zgZ+Fc{C~W582CU>{(&cSQ-aOPOqp!cklSH^2P@&&?t9p6UZH=9gR%_L#HMYs{Ehz% z6&b($IB-;=@K~$)zkqsjDZ$9!9MBr}Dcb`y%W2UN=2Q#{)eywD#1ZDJ>2(&Bl z+(2$*EKR1F+(xjjLRm;O8|@he3ReJdKU!&N01$cF|9^Vf$#F7(={}&h)U;h@`1G?^ zxcpK7qoTXPO(NHdnfmuO`Aq{#=2#BZ;9dJCF_Htz2^?E(kEI`W0152_9YI?=ZR@$m zr-$wO-x6`#FE;}GyfcNPR+N(iIm*bWD1MIKF>sAP zSG3ANrv}s@=SMa)3hYHs=X8-*xZZuvUOpMeGUU1SMi4V_zbwWx0?_2-R zUZVv*%FD!&w)sE#ZIVZ`0sUg7#hnO&XMCzqrUQhDp2MWq9m9a`b$~!9fEw`@1jGVv zif3S#{}mOaEe5Ds9b^H?Ku8gtg#THVkgoOy%k(Ps6S3JFusF;xjxLf?Qb)hOGroH_ z$NN|VO-pNZ*&V;W_Lyc02I*7zc2FcqA_j`MXlTqQ^Ta?*s;5$?9&rSbAqLBS{ovqW z`*W#C5F|F%Zte?CwIMo?vwwXxSCCtSTU}j^`Ss~L;lR`T+5o;g|9VuAn>v41YwpiR zR6u<87FimgNHG2X(vV;!Gp|la<5TXfpJFz)6)41q32bE#sM1DFJ2=_U8leHz}AyfttXhEVtI( z-Tkv#UqQ9eeuZEBH%MxMX`h&wh%*U^q*KmXf2$lC76!I*d_d$l-doK*FoGD!4-j-! zn*q>wT7@Nv7JuqzmF~7DYx;dLr=9|x|IKzPfVs&`I_ep0eEyGu+nHR}8^^~g=|H)f zMqV*hCE~H~6~<2=c@8^36pdu0QC^UJ*S8TIanyIswj-ydLx};8URG0 zdQHy0xBI1U-n?m?0!ow|YB;A9wjDQ7Uw;fia3Zrt$tZY>(>ROx@Xh{zAojM@OLOfc z84cZoQ+{eWZkO09N*nrM=o|X8fH53{EM*Y?9nk--GLT|SNH2nqZpx+zLqu`f+@O}39A70UR{hWmw(-2|>Z6AC_q`5~yPGD~}xz&hN{ zzX00*b6zBZ{t0AGHnxX~o^t&kZ@^-{)vA=u_Wwtnr36bNnxe|U#Af%4i>n;OX0?yO z+{=h1u+M5DyF`&7JrsE(3NllQI}gKEb$9kA|2q5!3_9Ix)jSf_6!Z{PN(Fn1@ zR@Z$@nsfo_0f;fMK4%pN*vJbl)alQk`nS_En({=LGC@7QI$q0FtA&|51fPD9z6i7t z2GB;3l0n9B6;x=j6E^%a-`PmhuHN+F8GHnL5(}{?C8bJ*R4^WFV>mRx#w8!5G3o9O(g}W)Py_mfQw;4N7g#^*{tf;n%V< zOa1|!>$57^w>oxk_@er5y%K>8w;h8BNFTmqP#Zx3&Alox(a} zdE<@(JugnjA z3roY%4pgRGj}4^T{=COOk=01=*;y~(tfI$W3cyx(U+*Hl_dx47Q4{X}$5P6`; z*a5}#^cOKSvV|HIiX3Tik~toYis*WIy!Os=xoD$)MNhC@+t^Jyx21K`cj`sH{$hG=vaEBH$KN zQ5(7Ch~ppFvp>h;XJEH`W zbsuUBTrmsTr_9uuy9(;_Ol#FKU7WNe3DfCvn;dcLUZ-)4xT>H(!Ee~I6e(P!$4Y^+ z#71(18uebrvMB8t4+9ysPh|Lx`OPfYU}XHRh^b2GU!Lu5Uy$>YECWZNSQG^Cm2(6= zZ_doA!^@(xfcQVq+spgOsagEK(2DvMB0?m&+B@{q z1zq2!khDN3vh`K-Sj1qF-~4z0VgS=%w3^higHDRx^_lV<8lJ{%s9lRVW2x-KFKCwufMJ5o`%W^ zjUIynw@V?nY3OXDWbhkr<4cr*g)I1;Q$nH3(Sd1?&Ly6%{jwB<8%XA65wNG}>-s zyP%V>)WZmbSvUfvOtRj*2%Jo+w53+hdhAYBC^@!ns|UL-?mm1=A~@TWJ-wlWf>Sxz zu$Nd{K=RW;uVeEa&*Wj1xVszItTA{19Bo#SP{XLfMhc=J*|66SIsy%+pkUTf61H2_ zjH19t=aPN+yBFs;ivSCZjPzK%WW%a{eK<`fSJ=Ct7d1t&wdmuK2P!TSsJN%*7PeEM z+JdgVaRIEq7?oq-0hTIfM^u1@LjNkFY?Asy8XeTh^!WIAVDA=za{`oBsuCm=6e_aF zf?wd`L_tZ}$a0el2<1n<6$A-c%?Mcqb}V8mz;D*PkA=q7--9N88{YFyLXI4bejCV- zD!uo;SSr9D?pj;Rg>Ge1U=P~VxxPm~o$VEJ-3J=Hc>p~D-Y^6FbfFB!MGmgDvfh0N z5*Gg1vl~>cF95e0if2HccuSCQPAQXtD;2IdXqFp@|60AC&ZzZ6wVv1y(5-xLMytyc zo)y@T=Q}5Up%Mk7^M?Lyz&&!U0XJ24Oy9q(SH&m|U`C`F!hQusKS}*|a1z*tk|;jW z6y=sqm2T2(H~w8y97ch%?XY0avcvCT;Ua#Bp$=YFZj@d+-ffWwO#bfPRN*LtT{cj{ zLE*A6-j7Rn3?+frf(}Pc(KHu3BiBE0kmUnG$_(Zw%q!$90rzoUbv+}VlbuY5jIQP1 zJ>lV~1VPiA-)VM#0Qc`W@8Yjd%sU0JBBXBmU^{{8H=aN>0Oab0(D;|zbUsh$9u@j98XdKOxl_{J)2rzg? zxp4e|ge27v20YwdbzDpACWWESU2ylOWCPhmj z|LcBRA9JcY<+FDxB_&l{Qc`k%H1L${5A)kO9xKT7ruySEL%noHDdrLu_5-d$sY)*H zJWyeeH#dVZ@k^64gGeIBEEMGBo1M3#8XB%ZBLwZ|{btsGeq-Z%b$NPso#Mr>x9w5EF|>q-O4)Dbxpnq^_>c}NRQj~j(j@(_hV;p=jd)=+zbE%6kMjp&pK7vK=%9fM`k|*Eko9dxVb;R2=|3VuC$XV`fJ{T`w1!&u{s;q zb$V^Gy)q;`Iqe>Fa;bTJsnfdcJ`i(H)R$x5K=&)g ze~7?ecTB0$K&zqy@AtmKnqfx$J4hD5!DbUV`hGLI|MP!Q6*Dj}0OP6Lpsm^I5J`(f z*28@~Isd%c=h}r@+-&P3Q)x{RdN$F`zhNtmc@lYij)UQXY{;72Kg5>qL>ZR$Pe{%x zQd3jZy5p~p=gCGMEJ|zLNin=@4Y(D8!soCn+qHC|N1KKP1sfzHS?VCu2Hd87ItW-f z4g%oU0}Kjg>~B}D;*GJd;x6kr-tfK#dHBR-;?U>tEQm6fpGC!8NQC}xxloszL!rd8 z>&ECLB=i$)TcOW(qkSXg;~qf#M4Fr$E{6Hhs#~OOpBp`8O~+E~H$%0S8Mj;4%j-vW z@iAt^9^L<-WaTsy!tb{S{HbMYYil(%HD~GPX&@G)5(f~DQNQ_{(>ix%98LS<%(mwP z@}(8#uR^E27(5hB#y?N9sd&8R^$YW)^29fi3lDR_6H+Bh%$EjZ;>XNSyFA;?J;e(b zV={?MZZeXe%vN|WUA-ZC!il*f4L%MgH8m{C+Qje7_vh|?l~Ir4TeRkk6uz!tT2hIB z?_FZ5<5qxf@(8S`X~=x2O38JnjYmft8#h)|jLA}eo+<<|Rp16C3P>UmH%321Z%<+T z9M!5B&4szqnHNO)(f`!UlYctNIaIfwY=BmCV{u)d$dbjEn{nP$xKYak~7o(4K80ROzX5oY9>dX(Qu{n<<0iM zzqdy0e)vmhK5e)HWKMTCw`cSB<#x|9kqgk)X{o6fY#}d3e4*-0y9LvKQjysp*>HEB zuMj+Ex-%%Gg2dY}{Pb+^Y6}v*wpeu*SpOVMt1Oe4B)P^mG(Z`fEOGAKVl`^8@0yD z-g5-sx31>mSu^Z4T)84U>*hz~_Ico3ThuMNz~7y8+#3bdaB@EfS~$=qWUT>21d(zx z;>K`{0;BKt!YO9N0+CAcadC1L2Ft8tN^>{5&Y>P)<3a=UYvyPBC zaDJs;{DOTc;y!m8DraB-VWs-!p@XGyBv*cU&*xL!;dH%Qq#G5=SIqS;`G?^34(oFT z&IN<2(r>v0k-Zq$tCP#G5D%uSN{{+00#x#~UT`b^&k*n5)va-W8d)N_<1J&|1(EZ*i% z^&)yBr`a;V$@=!O3dAp*<^R`dC@?$yX#A5j?lJ**SYJ_{+2R>+XBcIUFIHq}2qS{RMJHxXL$r?e403CV{*5JSL zEXqH%*J6vYjQ%?B*F6+vcm*>^E1$5>pYHctp~su%%!Ug!_T`IDCL|#`lck_MymYqJyV!vB{F61 zTD9iBdvsv{r+=VyVdfBWfjd3q#<VEaa`nL8hk1`qe5oz@hhWOW^ z2WjTUq)5<*`EP26WSc(KHg&zFS3bN~*Y*(Ket@s!Q(0Du*1lPv z1JE0V%`gq(FTRnQ&oLH9g(7T#5I|7mtKWlH<`}s6&6$CSj(!P^3ov77t%UIKPn`;g z$#i}CZnEUE%bLUM=`}E(efZ(|`cx8O>3<^ru9jT+5Rlh-?0&fdi5ZMJ)9(plV$!e_ z929i6GZyXh6C}m~Qttmxl;?IDDF$yYrS`buaYpiAe(h{c@_)XyEdKxawL4LrkbuB* zO3v1nDIA2%p3Um4W+_x+UdOYop?)zfa3{STK)PrA2ysYx)^mZ-#Do5o>G=j52xr9x z6VcJqmH?;?lJp!9FhTZMq>0l&+589C80qmAkg#Y61_tPOd9}yA;sInQ8B1|BGRo`d z=qPe{1#XRk98fK=Zhd@xff%IK>}tJvZE<>jewP_o$ga&GBm^$#zgw{V0TOeDZC*er zwj>6;xkA1fNcYdKZ;=B`%p~w7Kv0EX;8|-&0##L06Z=g+$lj`IJlp8hYoET$cLz^S z0`Zbs>A}FD;e_BHh(+MC=vfhaz_dOAo~T=@Oak86IP;9>M;lPLw9YOsxgic{+Kbn1Rj6TnWO!FdT$S08)n|mBqt|d2Z@Ca0F`1*wThLRXG7BcYZz-m`_ z{qNc`HRcRT47hOPzCSI6j)L>HcMS-uAU~7Q`114`%#Y&(U~#E1&(C!Ltd$J_IZ&il zfa(Mu_5h@=QNRv>AOIBI=Uc(uivY9HP*eL{Ov%tFq<}1iz=!g@+Jf5R=aHBlZQ7J7<~lr%!(d$oxlXz@51=aH|~L{r)`t z@*_o#0l0Ake0czac>(GLZVM2ka{@9Uz${54KLlDs21tKM0F@5ccoAgO_U_{;B)}sb zWW)FE0B|Jry_f>(+0dkw{o+@1*R)T8UJ<_t-mH`)0!+>F=mj>+`wA_Z?h;2pKm8tW zEQhgL`33Iifa7AT)eejWz(Hhtbvpcf1s_4J623d+^pbiR7OZMq+}OyQv1$99MtZtG z2b$D)Iwu|2n}7+ZXF7so2sjqd^!08P5m|;q*vl<}{xphRp8}q}KpQH*GoBqSw}@Qp zc?;5rk*wh4eglucxXlHkp*3Qmu?sxCk`K^?L6E>y6%Y#pKq0=ouYiz=w1aI0$Wr}V zd=%f31yE0b8zjk2=nHc2L;2^Z)b#XLK!9`&jvTCgMR8riN7(&^m}3>N-(1oR8lcY0 zqHWb)J*Q^)z<|3SU6Z%PbYm(!PB$RUkEy_Q?r*UeBcx5R=J&eT1MH8DLB9>BMFLp0 zT!Z1oz#w;1VFORt_%Gt%Avz>xh(rjFL8|BlECTQzBBZfgFEzkM%91+d6%g0PjCdI@ zTC9q=Ol)2Bx9w`xCCMcp987>nlem;G>jp@B789hmR5>sso);o}_bAur3<=6${gOnA zb)U|f<#4KS0PMAs1EEqWX=&&q5I&1O1mtDRwcq}!0O~e*AoZHdgb-AY zMum?ecDVhd8>P{7+6uopLNmT!#uQ5)1ei|2U16D_K}r2dI%Rg;FctKKNnM9Fsc!IO z62jti{?Bi%hbQgAqzQGzC9|atfma{~BbOKP4YCZi;8#QewkCmR{I||+RAiE53ERO4 zS@Mbt0tI2a8R=fqKj!e)<9p^~c7;+1obcn0~%N^`iE6|5*1!N0< zmQlq*Q%vZEyd`D$TC&soc&TegK~!ppO|JgVm}McCFZvz{c}$zP&r7;{D4(?Y&q5v5 zFIIDK>J{VF;)F<~IKU-|u+-k|Y+>Jz97w^F;+QyZHOap`XV)?UwSIpo5(SSh0ndPl zI^nYWh5fnf4y)(8^$dIh71jrXa&;O8YjI&`dTZAp*>9jz6(J#)ts!Qc`5XAc|a)-L#Y|#NAXvmLe z)bXk^ClDZ+;AOEIjWvHyR}y>(EQee^ddr65RmcS(0hcSs9@NQWTOoq}{p zNp}bqDUu@HC7>YEje;U2An~5-`RzNivw!W*?Ck7c&y2$Z_kG3rp7W{Gd?zO&DGA@d zp9M-OFTpO1*3r9|&vYbZWIo}{+mVIkB1*YZtl#jODJ`mIuV5rDhW4##7ayP~q!~<7i*fMDd53_JJ3=-}aH}06^DsfFk_NeMa z8rtx%cdhBk-1>}u%zUkkJb4ZZum*}IryE0t>R71N{b$|#>qE)6V}^{e6epr@D;K(p z+`7EHL_t9T7j=^N-K{$r8n=L&p~A+)PI6vsllpl>N8er!dt$UQ0-bwe7f}m(Liox} z5>Dn-uZU}D%j4{ip{CMQaFi61oXK_%r-%#!`FbA8X8x!fi_n9fyPxw9%EFC?^)nMz z=jeVk7QRGoQffmT9sF83R=v;({Er~;B;1S`>v;w!@I1S}6uV2?zw0;dt}|mk#pJ@A z$9z7+h5thh#S-Lro>;R5Vtt@=;^3pvC1zw>M_ILC_ox=) z+$FTD;gu61$6l`r3i5GP5520PS{Z8+3qvTS$gzq#?A<$P2tnhj?UH4 z@Ym*!1!wtt3@Nb?%hGQP+NJRimJYRyJha5_j3}O*a*%$tVe$ccLt0jsxTm}8_qPrd zg61Lx^pI))C-lzkepzR+S3N(!ynB!#h8KOlw**{*d=lp4y{B+&rKPYo8W=x<5mA{K+U-^f#dxZJ50N z2uenL2CXJDB}-zHiN=SmO{EWqo`UI{T);*Z?g8iywOf^{AhtfqVSsG&G4fBz0=m`~ZIz*>*_c`rULz{8M$Fj89q4M`UU&so9UodtiX)j#&|D$zd{e5xgAvgUNj|p+@GtU)YEbe5KxOO8 zFTSo0+~(IRbKX#lA6Cj(%%$R?o}W#OBz)BVU&<-jLcXw znbe3?O_Ig&-kD+eB7M4++CBG(mJA5Xe;MY%9oQ}2*P`2zLzrg~ph`H9b$A6hEMC)p zaZks^|8fCm>HTX(#Sh(e3W3h33oQ&@DMwssEC^ZqIUY<=v2su5n~xw>iPQ(LpHpF` z)^-SFCCo$`#arEfOJjQRy($sVzMsEJplEEEMha+?CTI|B)C+p(p<-I#eSTxadn}b1 z1h^+V%PA&~9MzYUfe(dHjv#QT6ek4yP>bix$S zp|KKZ6+HEIrF;jMt|JTsD7rXKrA%IvEwXlk=`aE&#(t17GVN?hZ!w?VN% z);VBG6sE86(f{Z^;bCa5ah=^~I&Zt3@J94qn@1pQxAD{q0kCE5)+XzF_q`=K$Mki@ zzL~{p`7Q1iSxvWHZ$;g-D}j^1+Y3n*J^ea!OTdu;<2?)BrG(YD?J)1b_w`z_esRMH z+9F}+Ik96|C(QAEP?sgM?%REja-xcW1|YY3{_o!7vMbwY_u=wnV~lN&$Q$K133j2e z*8#CH$Y`{)1Tb!U!6ks!>~%?Ou_@ULz30p8>t4I7Tawgg)RdHt)a*QK!&wIqaFHz? zbOvk?qPc7n=mFY^z^9T*zG z9JF@eH+c6M3N-W-l$6;pbG7_xj{7tn-1QU@i)ImX-QP?94+DhQEg!fxE-t@0@4a3d zE0BShGKw}?9u13nlk?Vh3udIew{IwK>~=cVyexg$+ta6F8hgioXYCU02A>lIGr%;l zb#@^KpGn=$U858c+5nfNBnN#i16oYxF;c zhcNWDIPbRj{5EcIeh3Xco!?sW+eUquoKMM?{5a;}3l%HHK_1JW$Dbrchxng79GsB* zx?;&O|0(1Ovd`cFPWkfeGq3`0@W$RQ{yxbz@2i`aT-yFsP*`!UFhlfY?8C^#ksz)< z%pGGuT7crWff$+R1#W2vle6;hIQPVoApW@@64}{yRf5cc7o+HLc>IMgRL2Kpsw6k) z@{$uHe6>%+_m_1ycf5xb@T7=|iG?6==>H^#uCZ3RfB!y+DH2w>G=94<;nHf?q6dh3 z4uvL%l+5TqIo=XlH4kjQcy7-02Qx94fagZQ$Reev_x3$^i97rK;HqO}WGwyfemVf> zH~sE`{iSKP3Ie##eN0>rS@x|7W?MFuA!mfXO&OW0FilaK{L&yI`pSF|#PK(}jk;*?D&F#;`DwFv^%vwIzZC4lgQGoTABc)-}sYTkB z;J1Z~%iJ5%oX0aW*rx%sLr2}oCM>8v&u=@#G!(r&CeD!>an}AIekmTTHY*i$RFg0B z;{ApN>VQC*2B-~VkSK;4gyh=Y?mU%1{+e*A_Vd3xVT>*%8~^~0mT zXAT~Bwn2*IPEJ9=Q4UuvZMXvj!BkWa#!vqZ|4MbP(y527?*g>h{)EWNUen7?TT}f{ zS04!)ZFr)9z4;%FcB6(BVYcuQEShUr0_*!DKWfMC`cfA!&O7TCO`YzK zo_@UP+!pRwUs@{pdhhtphD-Xt5d*j&ZxiiHr^d#3IXMT#T=7<3cN;wL3{>`$+r%VG zop7p94yJeq|iE#N3?CQpi^~C=4Sz=0~2+}a8$o$PU&J$Iu(QRll`F$)@*w;q4f8;WiAJaBi@W*y z(p{C5w+o59fqT6_&VSpTJWjEzy5G-G#_{Su-)aL2ydZF(LXoqEfY0`?;<$O*eyeP& zOg!a0<!wb4qyp@{s^R;mf9FE zdk#)2gWmMN_o`7klaMwrIZDu{^BHAwlyk~<7v}zUswl+JLrbu_JdM#JJeV(8{#;Vq z^qrYuKz7+?Y4k`RA@6fuFDvz|HOkdd-r_BHogJSd@) z&Y2&q4$6&iiko>zx$T!06qo}lwe}YIJmS7PlD?pfN&(ac+9|5Oe0t$|t+kEylLSF+ zDV&R|tX9_MfA(ZtZKJ<8Ta0(2YvzCL+I!yN{_@Kgs~BUg_nTYj{4p;@VCW{Y81DS}v(@ zZ=jVm2<>W1Q(l5hq=HiHsw`|bZ|oz)i`K*V3~hzl)qkvYcdAUSUEMcC-U8?{Sk=D* z?`#^QVcsNa*^zic!+#p4*fRYe}ul~TDmI7TgX-f z7m=z1NDW|&CdS8K0)I*FkX}D__UN==US9*1e=<0)GSkvBGd*F@0P8s@1usHx&|+dA z43nK9RYY{~U5Z|GV&cMPHwaek>XKL2*K4M2N%sE!V@+CeSz}Z~gQ#w>g@wgvZsKAnzdLeazITJf0R9K1Q=k9;Xr-}VOg!j^$Wl;O zLX0je%NkB3ld>5pI^CdYu6#0X8{`RhoH<7pM$;wR7Q}Tu(Y|!CN4S%qgEF5 zypDVTH~*ZjLPVcVA`kri{Q-vs90^f2rnx|^KulpjUX|C{k2w>2?f;Kkt{Q}}r6tA1 zy@@nbR8$(xFhf9kM^at1oT6g)C2jeh6+$e_wVr_Ep!-TZ7(!he3mNGN_{OWps;T2qXZr8rYz(t(V1P-Q4{B`*|Cf zJk2AZlwN5Idd_Y?_;n`Dp0CylC(-SJ-(lc_n~2XT&+Z3BRUBKj>Jg4tiWv9??3K9L zwI6_*#DnylZj0>)2_d2U;Wq%S;bi%SpQI)v4t^94R(ct)A5+OfHC&Pe5;0~evUgd` z;bpOF-C+im2g64z7dhN{iwt^OXyTJ)h1}uy<-X9Y031SLiOb=-QV4KcFi?|&PM}nJ1Q6s)i0R1JME3&Nl$tR$SHf?uUp=3?p60l;$;IM72Wn8&(nyD1O-BIO z4OIdMp?Vn5JYNJo%~gs4%oYwNO{YFfa8ZJg-Sy#TRAzhvmi97@eokdyNIKm@o44zS z*`g4~@+UmhA`TO!Afs!Rwyye*y4Zpbt(9Haq!>d8F7^emn@3Fz@RR~xIvRF`MuiR0 zc@(tjXv+C~mZ9rHR40DUC5$(H9AGVIZ)i%Yyp( zc&?G({RHA3=&8be^k!fx6Er2q$Ct&7{+scLP>Er`B&E8VkNG%Rg;ox09IXj`?K68! zd%NtV-U%QRWv_uuK&m(-+nhjb0Osw7t1_}GpEn?%4DD4(Csg+Im%HAQXL-El(n9eX zrOYu%zMML30imRxFFe!;EKU!vz^dayt9Y^%C|m$Oi5xb1XL2OY#st`gs55n}s+fim zpa%aySF5woIPoe1z!;TjHKMQ*gw9Jo$w^Av7mzi=)Lc()2lMCWV4jRXqT;|07&z(t z6A!v`G>0RE8x;o;OO0q$U#S6lZ?|K8%Cl8vVZhceCp36_y1QXS#8=Tqk4(P<(1!M% zKj;!ZyKmwZi=!X8y7Esj7 zNy!)Rd;xI6)%87*ydMD0bxX;8wR=uvYsBusz}S4MMZ($lwf8d9R(`Dyls{F)e^|tV zo*Zos$p=Z)#KgSM?XM0ewL>8H44$rFD8GtMy~0}2sentg0s{w_RvQfPaGJ{DuCFVv zaF#v>l20#X@S*Tig@bu1J84Hn9Wk#T2H8Lm{;nXkP0>eXNhU&%+`uPqcFa8~NdfsD zaPFD&vT*N4G>J?UkH{bpCejw)fe6bZ0ga9PCJl?ALYo>SeX#SvOLe(1_#!SBMqsT1 z>Aaak_^s&ztT@z9Hg@7E1i`yt-4-(&e(NrrpRpPqGgknUIs@HtN}WPMLc-F6Oc*&` z)_PFC91ghUWt-s*u9yPlZnO%W?@}m8i9Mjig)63=1HV#Ao@@vMTxkSgame}q`2sT7 zPvf>22ljmt*Dg%@Z=h*N8%|}zlPkSb5TBUHdX^TITZumfg?zzjWtOeR;>S1OsI+m^ z@4aMJ01p_n9v=H^YJOeG#+eqs0MkgZi{I~M5g)!bYgnq94Eb6846$)14C$4U&v6P1 z(Z9m`&JM)@u+RYz&Z7|c0f-6YDYGpgt9-bXp_E%_Vd~kJY%DBUHNrvcI)zVv`Xa{@ z738*`0qnN?7D}|Z@7@xqt4TgO%{L350-E9Xr-uyW>AM6>%B>(HSi`>}FmGE1X|uFj zkj+g1RbT5Ag}E&SqQ+F<>l5k__5e_W05OzM(*_mU)n?A%;ANUHjo?(hhlPc;p`rpP z-!vR%8D{_^a#z${BHGu4)*ujCwu3S?y582Ck(g`|NKH#io0++U)Y z^%PwXi0*d3dbGj*2vhkuWK%;kfO>Ml+>BVuux_Ra#z>q#;D)m>*l14Nic&cJO@3t0o06T9os>yVMC5U@ zw+ue9sK`iZpw&W-cJYyK`ECQiH#o?XCcuSK3x}9;y8B~QEiJQJ8?2Ue`+UER=EX4N z^UXPeaI{+!p!hcEc;a~59@*I1R`!%JUz7g%>)qzCGhU$1C#U=CpfGTxwl_}SP5dp% z!N}d?EGPZZ`I4s3J7+%MQSh?to76u!dI@C<|7E=&9;rOPB-T%6F95CwAz{Dv7V;Ei z#Xw#FG*U2n2;ko7_*U`$D2hmwT5T?H_|HE!R;&RL0UwE@)y^;P>!S#tD~Sb54>RR9 zrp;Pgg|8Y{iZc2iJoil2c5!)pu^;Ml57Y5JM}=ardEBbxvDE9Ao?~PFznliCWFBg1 zd7bZXLDT;a<}j-NWJAN9f_kxuq+rmyx^PPg8T~+{b~mcv(o=0Jv&^U^*sJF6TJ)6X zYG41EX4BzX2AQ36q7-HF?0#1r6PeOQv#6X_)7X12{&E7ls6=M`)j;amql*Lb76&?rWT7vm1KmP#eL|0C$m#63)rHgqob$i``rJOhlu18 z+EFN7_5eWCL=ywy`nAdKm^+$&m(tAhcUGF*B=68SI?=vLO4E~zzRpoowHD$WX&2d! z{JRNso*t=hus+=TN5sAD-M2cK)8kxs1Kls-cfP1fwb6WomW;@`X1S&P>~nD$7;$@I zPfBW!Glc@=o258M{_qaWyF7LG6rR8Q*`_!l?jFuq`QO``6%UY;fPes~yn92x2i7yb z43zt1e}%6qL-#YB)=&BY<;PV6_xXlSqNK$I%`)4HCxyoefD&IX6Eu_&#pSrv07D?vpx)?!n$*0Crr^caBx^>H zCB~)KljJTix2MIq?T#!zez+BQko@W3mO03mM@?bgWJv`zs#%kJkG>3DUYgZnAXm+k zcUPxj-`p|I(E>m6nB866H~YMlE8V9;^8K%6&2Rq=UgK_FH}|aaUw?*uE|_0_vm$!( zD|oBNZh&fqh9DILYZqf=rf467C6jdOE9m5N*t-9HiE=mj`OEogyJ=u--DCJ^4sVga zF>lXH@k^ge)y9#H<-UHTTr7gA9#p9bF@H24Men1Z`3+>?o#PoQcBbUoY20l9n1GE* z;&XcL#(?PliN7%bV83qW=u@nw?rw{;yx|NGKl@!VyEr}T^Mggh@)N)#`V%`CU4c60 z4b>0iQK{*kC;LtIygVWWI zDh=VL9Say9j84BCUVTYPcjnC-6MayaVX*ESoa4w#yWzt!O0e%AV9aDijq+GCjGJe` zu&A)0g?qMQF5^mHPtRd!dOG=k#Owfzfxrj6;&z~it!g-GVl9GT0=GMlFP@3on{hmt zsS1>n=@eu7Nvgx1pNudKHb21Jusk>{W{&Nl@)w5)Y2N z$W5)Bd3jZ)vN!S*C7QFH-kA6P@swg^ja0bkWP%E=*(<1LQmhyQ2W)}3N3WRo^TZiTf&=G2Ww@=n!zvW$$Tkg{=TlN_QfJbZcp1KR4bFZrtagcRK%g<{uX}$OcA)&zkgay4d{0W5=2tG&H2ZQ#d&i3Fh?I!{Mo;Gwk zm!BUjmDVpL+3h`3-r0UB9GCr_CZzGSpx)0`oAXBKZxFfPc+O@Vcw zD{nZW_x1H44Inh4R`Lmx$TRrvzan-M06}ZDZ~#I?H-Bv{tI_J@&sLJ)Lz`Nb zae`Wqrp|(b^miUvAkCsCI_@8hTI2IpOtXiR$~7VJe=sFFj$KQ3CjCk1XJF|;I&4(} zn}6OW(#C0arkdN+5fe|r;|DZ6Gn-`F1TRF<&jfURR~k&msa7nPG!wns0LcS?d#}W$ z3nQh7jKgs?|v7B`UUOrbd|XbKwQes>9z+oY0ozGtWunu+obxL zW_Hsd%A{W7x*^Zn3H>%C6hZ%!nUXRANDWwg)hUpABiO{EcXN4p8JK@*@Mm9s)XI}k ztN{JX{=+-Q*lUwxeLqfi21nYgeptRuPb*!E)=0J=GoP#TF%Jw31Zy;i*It?rfyCFn z1&lK{z56manL$ak4*6B!dj?sd=*1;X4~aqQEp_Osq0_!!Yct^V?Q)Zf^uKGrLHa+Q zo^!IjHA$qaCSLy(^MBZU{_n4``hU9i>i_MZcTgrIA}T2cuCoMgw_e?^Hqg#PpWkl=3QWjl zwOm`^0+rwcpqXLnQbiU+dBWTz>AjQ5q=L(__qV&J2S6PM5ORPijjz`EHaO8PU{*tv zbBMd@r=2)pMlXmt^uiATOo{CH#=j>DU>V@BX#x#-@87?Nq)5=qHaLFy0a$9a$-CZ| zkYR-0V`4H^1?j45Nz4T3)bbWmdLyBWfk=C{krCA!z}Kc(euTb`>@lDN_i(ceU0ht; zL5&O_)oZ{2w9h&aBF07cA{YcDATz(Mmz|r7>@=Wkavq0(H8L~bQ1nYr814WYaR3m2)nDhvc$PN0N{(d zKeV_&lG^nj=GK4)cv>?wSD*=+clZ-J!mDEXVy;W=&?F-wPQ;X{bp4Wl7k3K0)5 zwopQ1!0`ZELFvnvRt<1Xz$^(E~wSMNwdpbX z>wClVKoLtQm~yA4^?@+WyjAe4tOlgrZ6GqB%e-yC+H$%DF6862_uaO2n&O-yEC`uzr|G{8|JckY-DfF0{ zC`fmZ9fe+hi{ypR&Wvt;f&H~7eCChI0YuJWCIneQ8%U5Pe0~k9)-Z^J*2h+YTovw$ zz@sj}^!UY&5xrt#5;a%kt?e$@|3Cg;>H?du#b-Tx!%uShyccqYXnGMsO@YByPm`fQZOiqKk$fK(GFO)sm!Q zcG^-<1ka@#lO50dN_a*DeOyDN@S71%{S1zO{(})zz||={(5=gu#SD_?e}LUBe^ULu z_=%3ceZHULoFIFR{YgVzM~2ajKUM~+Y4oS8Vm|Ma(1jt}Y#2Rb zN-E|PuP=48a6?Jc)tm6uTuZ75^HfwsFHw+p-D1Z_m1RXk(ykM84##A!?mQZ&=V60K zRU3~&0R5Eh0!;18eV?ZRi$vb_DOuK>>zAm#9nQ?4s!rroW%Uk#?K!2)&8l>zoJ8K_ z6DYFZA>xkRp)deyt2|!3H5>39g?KnoLLZdEbqpsA;Dk1xq-4cO(qK+#g5*)9u=bzu zW-$Xa*CoWT=OkIGWfv;MxZJpeXIN>fHpX%RVT_X~YJx#;ZxUj1tH+$E1z*n(_$6MN zjc&(gmZ2H?%|^5fpPcpa)A{(dx{z#0gT>NJ_#vn_kx6hDCeC+t(RqI+Le#L?rB>$~ z-B!UdfJyP~fvPmAGRCXiPqkdeoPZZG64Hpd7N#)_+St}IbnT?1qId^zv87X#SQG=E z*FK{*xdPc53G%VUzL+*bL!S&|wL5kht&xH^nnC?xS4{GtgRF>QA)y;cq0>0MU;wDr zmWKFH^2x3kwZ$On5ojWnmvN($h+F>u)` zghD9F5BXuhJ`!Rzgy>+bE+w4X&w-m^UWd0Ef zm4Kw4JoF9b$&9!q^~;=gY^4khbY<>&yGPLbDX6m)RN(%@{{e+qKoeDez$d~`>;X*w z6ZiExt%$fl?JgB5dr@g9JZUi0Y0;~uqNGH?Pn110x-%P$N|gsOk3zIPO7jV(<@_=6 z-()Rhag7^>y+TBLMz)2tWezqnm^2dgGlHt;6d|ivA9H{^S{t@>|1h zM+|h-r7BRyq-d(uar5O#JD}!)IFrEqITO4Mjm8t`7l_dzfzX7Zx%))i%7YvpK z*95{@Vbb7y*Wv;oW!T#y8;fF4dYq zZ-KX=`yDK>Y&S6f!N4umSC`7MyPqK~$$5rNj{7l1sEu|A-_z`0o9&Mb&3Nedz4axr zn$*+SlZ)=u#rUz@$%=;>An%ojTkSv52Hz>WS=%}VU>1>Z%MeSUIEJdJ)1YVY32D^W`acoP%8M6hhL zHT&+iDZadhuS8i!BAzy2+o!O(-3xCk6SnLqW90^Z_3Klej&NPT60;99T(W{*rKWJP z*&`3J+Sl|6uyM433j)AY^9E;{Wes>KW19EK8uMYXB#^$k(jrfdiunRO)ZH85Oov3E zFm4&zq-vMT^HU%|Oxgm)<*=H=Tv9g6rWDrJociRzmB`-p3fd?t;}BVoZ~_DO!!2E0 ztlK>;%b)g|Ov9{MMyUktaQu~xu%bs?Rp?6sxY-pBAi+++lr2xt-odgxn?hBZJ+)oJ_&B_s2~Ccp>uDMJAn{Tb_hJSZp&b@tE0 z>oyu;8$kP+<;mMyufd(`4bRGesAXSoehm6`6-8q-&D&vv3_+=2$t?CIbvZ{h`z|)< zSp8?y#nV$LKf@E&m$_2-`kl`M-`e!#yGS=728(PFIRhnUgq=>NYv_IGO=0bY>MAf{ zZdJ^#_0fzq*hN(Kr?;n3J7uF?fl(u{S53rvSE%Os>@mQs>I&VOVzv@p_t06+ds;pt zDo$VlVebXnw3F#hc#4qvOn6;a4G4G0$~B{vw-jWyx%1?l#Ut#~gn~)Quza6XvZRj4 zLFw4b2a+F_3|)JtBRFrNa~QjC8W#=%)dJZlUDqNUXgG8AnfL1A!@S*Ez_(!$>EZ>3 zOx85wzLAKuj+DbDn6txoaO7Y~L*$2w1oWUn_m|hV2va)?UcOuinB_7-_4p35#5Z80;OQ69K)7Q)l*G<5f=jeOAbcOF_Bo-oM8$EetCI=iM%@ zI#aB*zIC{g zrbJ2n@ORLW!-JuO7tggWgOl@2EtM4kW!QzHcCcn10(Bo5POL-RqhI}aY!=VA3Oh9K z4&wpwzN{Az+)!MFYJc5H(wjC)d~qcfo{t>+&^vw8?}SwvDtBH($YVovNKsm3czFLb ziQml?-Ic%9)zy#97g{`E1nn-NFcbMt+8G+Mj5wzeA?0Nr-hapdi{QYl?zYjpO>+s) zFMW$Y{pso;c@ucJ-aiiLZ&-fmO_Z1mzdBa!eePt6t?K~Ai8p)L;YjOa*cbQma=Y`) zLSSr)=gp_icRgziAskj*Ih!Z#$IxFMQ5RBaxr;ja7Okx>1$V zV#l`n2IDd^r0a3nv1iZ+1g-QXZ`r-xt+e<*gpYHP9z<6bvpfIc&CqL^zx?s0YS2ZZ z(ztE|Qo?>f%sG&sYdiHji=U9SmcOT7O+scIge84~_!I~f>s<%Y@{3$(ZF6&{%>uXw zPO+WA7=y^^rGW#dXsg?UU>Kl3_;9(>K~cliW*a6h(p`> zRGc$dEHc2b6b((&1gt^(dG&WF8TE(Vk4A!H9tRhc7;J`nN0B5-rt^DTd`-ke?W^7He9 zpP8)8xY5-TW>J23aM4u#dt5?(H<;$QASpfl7_=ICP1LYTCG>O`Op!mUKDGHDIl5;e zy(@zWRIg25ap)|Huhl_89fS56vZS_}KlyDALio_gXe2skv`ua7_!5lXsa^XP2Y-eI z#|+-yCm_i%Cn`456r%aw;#0MHc4Z5i9L;o)MM9ecZC~h1O0W(O6ce-STvN$XqWJ#k z>*>dggl9kH<^&z5*a^2fB!9OuWi@_=NJ)(|KpEk|V75z9NQF4Pl^Y1v;q8rnR`46?&i3{>I~LIoRdbj zT2b&#`luA9p=ao1gtZzk+k+p$<_G2(A};ebQ-Oe^A3e&U-C!q_1lw%nIlvM99EHJa zxx!r$niS#){|^9Ak`1IE3_h{>m!(G3Afl-%5;)sA{naHWSal)G6!?p^kwHTpkuJCZ;<0~ z_-L6y2P-Q@Sqo6A*ngwH&dZ$LlkTB1nItEhWq?o%{60DDCbTMo=kTEhI20+b5IGA} z@rHgmju`9eB9XY#T@6Zz98ki(GIPn8*iUKj703~aU*vVc2xP}B8R*XJHL7PeI zuS$a&6-!Te`GbR}?idssCHzypm$G3ZH?5aJc?d}caqK$kwa=EF;0UxeO|#@&Hvq2t z;SE$LY<0-vJzI4Kpn|DxxH3#=5WenXlefAh*Ev;3;je%5v%p`YxPWbH7EeaqN$w)r z1A&W+i*>Tr7%S-dxmp;-mDH3KpO7awYe>h1I|@#{1rC`g&(nY7*RN&WpQC-dLbcA} zA*WLDd-Q0H+~;}cjT~zrY-`Zk0Qx)n=C7HWXTBJ8eH`cWVAG#1(;#~fJJoKCMei-O zVBNwJhT;){=XLSb_n4_$%_jS3=(%EcRZ;fMC?b{T$?b5Q9_@V77r2Yh9VT)%S^wC` z?};$jlM52**scJGNwLBt9}JhyI>HVqDN!^5V061s?iqD~r1xuH$8OTlq&T6^R4?g! z^T27UY*DgwW__(+Bs&eXT(I4#!Vxrdo;V8Nh*wcXRhAVaaB>>@@H7`X^Wtde%k5ji z3nb&d7X9eDE(dq9$JSRbx;3kts6HYRo{>QVL%g3f?Ev1?F@KF3sc_rrE_BmhT6|nQ z>cVbjYgd1J%a_BYg^%^pPh;+ z{7;}{yGB3z^||Cmu`nzmHDQYy1-l&TMenx* zT}gDWln3w)z+;`~t&zqqXUP?hSv0cd;fIV$=If$M_)5*;{E}Wjm{lY5nt3=!Jg&{O^*8k{{hBt5R+-2Mc$2GLbmV>7!k7&MQb#jbR|YHuKcCyBOQt@ zaiNW#@z?%ib`*CkT5a_Fn*BA@9}&3}W2`s~PL^opPL|B7V|bONnp*AfGzc6JWFVvtf)>hbiY3zNy`z5;G6!b<| z2Du5a1^tQV(}fg;Mf?qjpcY|&^xDb1KjS7t*CiS)Kn&Yg0F-ZGd3Wu&$1bR&>Il5H z)rs%Pbnx^(}sZ$m@dm8_iI`cVZiJQQ4_iqO?3-wB}K5j1`P2s|#gf zXBnzt57SRLQ;XduxMgSW3V@mQ7zlA-uOA}7tM#Jq&e+@=E;)$33hmhdUA%M9@Ca!a zvi%8O9gZj<&QaA~LD)L)xt;#}40F_^SwP@PY)JtbF885@lFEsv$9YZ}akSSO0i$E6 zkUDGP^F1&uaDoz$$rS&Sa-qVEWpET@e%`0XX*kds(pQw>q}MD|ej3Kv-=YAr%)~YN zVZ^fU7H|9(o}Nl8*N2ZX{1q(#YYLzFbUgdG6j<~~{1n*@n)Tc~1{>zEW#YR_8AZS& z_LJPz$if+Kj(-Cfi)k32D;BC63rKZ5NMgWZH>i;_;dl0oIQbOLPJ9fBIC9mz2}`Ga z*bbpGr}iva5WS7Wu(J% zWdJbiC$Y9)VJ5<`qMwS#ASWY?yC7hWX(}T`HJ{SDDOu?z&1Wx4uPZP+@S#1>FUNxH z=*8yyrx#c&cOy!eiAKo3o%KI67V|%3M@xI(j@m^$eT)B_(dP!bOW!!C-gQ|zgwQ79 zVPjikGoB(B-m+so|Fy6*tN7*Q5euH;@WpO-KoeS>jM3kag(CNo6Y{GojgGO{e<1Su z3lPCP@UBZs7GdP_u-*xOB?U%Wpx;*S0q_cgF8yl+4&M+mPh$xdmtKj-ePG~Q z!{7Gap1`1JFHomfim2c^f~Gf*^r87prFTk{p_lj;Mfdt6*Dx_@XAeMJxUvN#1(F^q z06k51TAHFgzJp0}R6-}52GP%1(o?7vmCXK~QzfBK8B9PXv0c2FXKU+usknRGOrb*e zTzuS~53poTyjz@7mYeyzkm+9I7w`hMft}Gy`%*AN9V|m7LyVaH_=HGyk4p^Qve};`O26Sqy=7;$V)eK205Y}Tu zS&#iU{;qVx&R)Rc<%0Cg*yi$Jsyu2XUHZ8~?fLXKAM$CjkTRJ?^t4bAu`j=qh6QmG zjiX3XrIfFb;2A@T><`yJNE8Yo%olRGG^f#7C#LOD!1Sa1H3F$C`aOYx4lhO*pdm7H zf%ffWowEXdf%%YNZ=XFum7tCGVe8MzmbJ9o!<|4qLcXS4xFY|#aAM9iTwXeSeEQ$9 z0!8ich#=fAE;>zF>nYFr&rVfn0*w$<8r(BQM&wbqLLU+CE8Oayy#H*Fg2s&YQ88Rf z_U1ZVG^bkcT@#)rsN0C5(72kmSUwM~p5pL{M*U2nFZL1cma&gzt769paS6EbeJE=fy-odc ziIBBtF76r?Ch4^od}cAk5b{ozZQV9wQPko@S$g0UITJ9D8bX|nJ4vcw_cd3T!s3a| zOyDGGY+{75Nj&c3H0}rK1W2<2@<6X3twLzT_)FcRzY{xLNJ$jUvRlfS7A3AA zJ;wVqdI=+8qdWCi7)TV_ZEQFO^H2h~iWguofhT>wUk?)ej00A>0@Pa_sn2;unai&B zr`2P$VDKxIcs&=2pHFD>CXsXS$y$}?q4H^l#(&)ZoTGs{A~xvZu5C-BbZG&cL6>;U zjcFyNe$o3-DOG$|`eV68{he)xkl>Gq*R^;~C=pM2hCA-M3zvbQc0%G+sLx*F69|yV z2>H+&>YcM1a1Hq#Jx{1nwg(b6AK<+DS8&2N91&zhSe)`r8o>u*`&^~xM~oPZTz~xx zJeEQ;Hv8{0tRL_HzB2v4e60Wd@&3R5FE|sBZBme6!VGY2JvqhBKt41;S^nE)8K5w+T=PdgX2E>s<|+km z8lo3kTeDd`acP1N2}nxa`{DCXFpD_C_XOQtuNx^dZe%*cfv`G7M1j%qJQq0xsE0OG{vTr-Vd%7*g@&<%Pr*Kg6i)dIvyL z*!J(2P!j!HS*;TQFr6{`S_AP_5R800HYGVJR&E#;`Yo}`@4Tu5by!!4lp(G z7}qjyBO%?-#yBr;ioCsnOPvY()FiE^B_HZu4*5ofheOcXxS0F%MabRf;CKZ?biXoO zNEQ!hLL0ZitN}^QXd$x|x=aFpXrg&K@GWftp&wwNAtF++SM>-{R#H+sgF|o&MJq`t zJTkI44*+jiA14;IWefMe;#O4WGAz6>faC%An0nk&az3wa=&EUI-f>^U{1O=v5o4jl zrss2Z=rD1Dk!t{VUDbo6Gw|1(cx5p+2uLK_*AbA(30Pl+Bu`&ovFwp?1m4Ql$$bB& zbp*1G^9YxtZ5iuvLmk?Iwuo_W7M-;?Ot;=>3@ zR<10@`9ce@{xUKtgCL8UPyRYyoD|1oqnmZ4GG0^eUW8js5r4wKxLD8i=tyu}04DWV zmy)tfaH@T3TrJz86xR8j+m;@ZcIn}?=rRCvfU7p%0Q&YpB!KpHrzg%ate~`RYs?KD zA48T}Q2fX!(j6w@DcS_^hK*r;Aniki3_$dHni2!?7T$%NcB!n@%t8IYwK@E-jQ7O( zXDwl90e8W+A4kR8x00SP{NL07xvk?CGijk94ks+8)b!{IHST9tCJu1#-U7=Y~jiTinN+J21j5qh+Ll6}3BCM0#Rg?EL-Oy@4wKn`J$`*H3YE!cbU(GmuI2M zj%5pDKd!TjPT6*a&hgPSdlCDU6l~Mm=I2)i=VFCL+2r1fSYVFIT0PRRM+>?8RGm7!5mv>1LX*Ga7 zK->(570C7ukT#Knk|o;WJnV}D){_X;nW z&X6wI0$TMK#5t>CCLf$)9#~FmFGFYhnF#gn6dCU^=#YvNPsEs0UzQa-T^Lsf77t9P zHt=%$R)8}kI`T6LHIKc68${i_Pqb!vT?t_Q*&mn}mp(sT*2fZA=DI*^ljLN=)#e>W z6Zd)}_Ke;bjy&qZqUrh>lLir#cXOo^R{k|o3%VZzIz;q0R@EA4Q4<~VxR|19P9^}i z=8)WQNMln@&<_SSJrny(5EkB^b%oakF)$Bi@X|$g`cFNpuPHwGDiKx5&vgtH>)i*TV0M#smEV4W|6VAG-cECx^M)qSiSYa3-n1)KxW zo!BdS#-LbL}1t zD52K$=GHoc)~E-vR>vPi_O8$QC^IOX{tjI;ZlrTX|MjfAD`&}A70Nh~3(KjPSa&44 zvlReY%zIO?Wyd?;v;E%OkGUjx0atkwEnsg(shdP&CWzEf$}Nb!I`bC6UO=e&8Nvru zt4Z4B3iTi!vM(>WtC!-2Vwf{xQfs_6Ax5bffliBlgG~;HCv(W{YpHG<++!LQO_NA) zy3^q^2)z0Mh!-3A3aFY|Ql8n%<*JVJ(9kd6{2qZU1gTkSWU&X`mFla~Z&JwCX68p> z$?B}>MFGs@*ui%Nl5b0}Dx}sd^&yhEVWsS)r_24usqjfY0rl#uH*xX}gsZBT8oVFF z>(%Z6KHfc&atd)r6FlkmriX?Cq1fN*lMuZBUE!+$Beu~!M`airfFElQ0wc9^%gzrTd; zx`=MHHZi!C*8#Fx#Ccv`|HIVL8!d!I%6(hTEa<6`nV(Yp^JAu(lmV_BK`lQ+N-Sqx zZ{3t85aof8t6u??$iO(A(RJ0esFWk7hO6PQ%|!MjQ~xw zXjbO0*;h7k?Zh5`-RNpQtZ(>3M(6!Eb}g~{bm$aEGmp!B3jh!$yp?1ZH@HCB$5yVn z=0`vqm3hzoscY=_lyPRjaVs#*V%Vc*2&!TgO11nQh`lDNEft&tuUn6*hNM21Dht3ZenFQTiy9l=kOcaB{iD*-W5Y;$KE< zo@dM?w5KJCJJ#ICB#7p;c_ctOi2qadj*3yTrfF-*)=}ZL<-$^aRN4ceh-Z={SW<%- zMZ!zBZdu-(i0)hCO;L#Akj>^MxXcK|&EgeOi(RfAU|6t{vix6-on=(iYrDn)K}v}s z1nCB)K|ys1^m$DIUY+@;lF9a&G-AIJ^u*^J08ZiIa$|YHTU55#BzU~stC3U zz5CHO#7JEbZi(7PD!A>b@VEh5@9Gtr`{vpN{48>Py^-8gMpU6h?Q>O{6ziebm93Pa zo1_YPGS|Z5^v8rld$fH<8e zr1HlxkpFp{tfu;Hx{H@yQ9-q%dRpvPo;+GN7dw6L2`<|H_zN(4$J&GqA(FT zZlQnxCVQnIu`&p_ZIs*x?(%qzzfbb3@T8h9lT^?AkF( ziy%_PNkCKzF3k*Y(BEush=%kbK6GQa&)0=X;`NBjX=VBz>SHl75}?U~sUcYHLV+x) zZruloR#Xa$2HmO`6oucBL3>nRhWt*;^e{}irCyjm$9Ua{omP0(&$RE%u<%$D z6(uD^fE}+|%z9-YcZ|}<+~G+z=JB!|hFbPGtjO5O(ZToSd6!qp6X+V_u^L7t@Q7N} zGfC1`7_3%1*OR?akfru8ZF-|7VOdUbv^ z;Wp?Cdbi$@bO@(kO-jN`e1Mk{{iOmymG|zthe3RdrZTmC;umk~Y!TP%dB5!!nytH8 zKIBp7Bb8k%lmjR+s*kOt;1`CXZVAdo5q2ZS?)Xh1PewD`(okWEGjQ2wqnas|xONH5?HhbMC~`SV zWgf|y#ty($*=1Au*_Rj7fA~sx?XlVzFj0~^8AH=K`GkJ+t}*ev#Z6{4f082@Fi65k z^4e(%mH4rnGqJYo_K9v~nyojn2`b#m*rSZ?htOBO^` z8h?g6%|2&4OoOAVB)0`Tft$)iL^rAm4MGyEqxzMl%y9j~ogk4b47m&5RB!@{k5Qi_ zY;!Lir6jOg`Uy2P*^o-B*TQk!O|*Hi=W~Wj`&aYVsMHc#$w-m&BU)}ZnIo77En$om8-y*P zR@4?6-fAfY4KqiBXhmrYY$uXnE2YA%iv761=+=;+%}i_{EKAZYX7)7%;10}zMt3|m z^rk*gkx?brrEr8|rIIraF=kcLBBfH91JPm{ZopI5hI zQ2TvE3SF)Muh|G5Sw9$W)r_L=p>ph!1vSCB0;i`ycTuKyMBIQdGWep!H^GVAB}hPD zWGrC>KC-GldK@P|OSwqutUM7jGs{%GQmgcvcUOZs73oqfvp+uV#&n&~Moo48}!tB%0?A2z6 z6m@$0@4T(7Bl#j}3W{t~Z2@mAU<(NB-VPZ1LqkK+{Vwk?qdLwJl@^v*Zr&}ZqH?{~ z@gU65D3yUJeR73hecdTWw516ya5iaJP{$@Nii5v#PdTbjPwpn0nt-EDskvW=8KIq& zp2!?I%?)fCJAU3zEtXy;zt-Y%Pd&@${}_KrqbN%F3n9pEEIWJkn_XDzpY8g)o)yZt zv;>cLA!k2HAd!v$IoVv4xYU%omnU>VsD6SPM(!I&p>N$4Z(;H29+*EUxdZ z(fCtK74dUTi{M&&L`i8z5iM-z%k$a{cXLr@LX7?V9)Qkf92s8gRp_E55 zD`N6QhdGEfp*w@OqXJ&5MPgEZ6EpvC?O`s(yA=Z}P8Mwz5vD+2>j$mtwkQ&=+CwlNUicP-{N{W`yRCIyqB?)f9W|HH_f_X1Y8PBuCK`06w zic(k0MeJn-y{veW4^(;GFf3RUsbzD8Dsc%2lYV;RGV+|~E08(?50Ug z?BqvF9Tsq{$u0zMlk5@;_7?3QfXhA0khfwNh_KMI!-vI6L!fh5PY&3@YOXvYQ zFF|t!L+2cUey<6laLwl^?kD^lPC8vXO8Q!_{4xKXvR-rlp^q*U;OvxM8Br*J{I8VH zp*<3b4B98dQ7Cn(G?g_mnSl-+5Yq*nmp?0`Q$~|5JkOeZzykv=suqyk4}yb(&oZ*) zg?b-zZIv4v(wPV)r%{5`K|!Gd3kG=o=?o#7Am<5YL657Px{2>k9aYutN1oF5=lTn2_9)Bqnq5JC?)kT6Hhw0Bk*sg-X^ zr%QUNZNw4&S9#tXx(B!?>1Lczat0C8 z^LACWyUcvHPc*8iFKA8d{_YUv9~8hEBuqwSrMo$=6fXt@1V94B0~|BfZ?$C59xrZa z0)%iFBYn@#=Hk|$B7zRnInC(6G{YUgE@dU9Y6r25n*CR@LcJzxhOYd(WAY16G^SRX z3x?>)SZMoP>ZcPJUu=)lK#oFW08d=5qe|VlYMD;EqQ4pCf!2!Ixv?c3w*FYf(5*5f#67qYTB zh=#_a83K*Ew1>8{#mKVEzYkiD2}z3sr=wLL*_|GINY98tN;r>`#@}ocRjjSI)w+1G zgoUf#_@CgkW4Huq+(d~NQDoU@Zy)l|CcUen9P6UCy4_6K{TX7k=5TqZig${%@8Ysg z`FwZxKiD~KZS6+cQmEKgR7PTgPHP(5qMg$!ojp(YL|)I=~D0%Z$mm zOe$s2z|-?YqYp}8vd~RF_`_Y^;v>77qr3E6;MG#82Av;}a|+1a*-YlU+AS*YWf$5F5_Q)h;+^Qx5$K zOVOh0MfrDsbZmSP)k1$VFR&pn9f*Yk0a9pg`cGgw+}W#fJze?{mu@rhFjJIJg(K#3 zm*WS#8&1yqLfOV6S5{E-@f*K%uX{YhU~jQfuE1H@|NK#AcB99+p@Aq^rF(N}Da?TG zO9_qGWnP*+z)e*ZPV)%A&-HMUqFdb^M&7|GvjSwQmlnTP^`!H4s_b!$C98j_?)@0- zI4hKoIuieTRp0k@k5rTn%PXpjDK=>4H+#u+OJeSvsv={;Z?w60O_up? zb+TRADoZ~5dZR`9obCUJO!HFi*juz2{sr!U@Muu5J1zsWt~*5d_|y=@0oWR>gJYti z4u(#iGQ6SB;AuK3N$iJsGot8R>Rni!KkibLdd0Nv9ZslfL)Nl=2lf{#)@Yuz^TxrX zpWyNAE^B1W0*|D^)^+oLQq$*>u<(AUGSm0euJ_$rG?V z{#@;6f%vDw!;wW>8SmFjbBY@5hFEk=Cu)Rm{}^6A`r-9ubhk%tmZXt2y`?X5cKD71 z`AHj9Og5Q4u_(doiQ6Vh0i(d09_w-2oEY{pMjzX(lE-v)U{8E&T>l$3D-P9$$0ON> z8qti~FSp6LbOoCbueY8~3r}wyiA>X6tQxO33NH; zD&NC*DGer2nRwZ3_)pCb;s3wp=c|hU4-|UK>3Gv}Xm|Ju%x-G#=eB5ICw#qW-Gn72 bPcJY6zKdT+GBb=}z>l)Lx?HJ@Y0$p_z-}$b From f9e9e3afb69786c726c4f7d4526ff37829293810 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 07:51:30 -0700 Subject: [PATCH 072/117] spelling --- .../enable-network-protection.md | 6 +++--- .../evaluate-network-protection.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index 25cb0873bd..fbd863f1ef 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/09/2019 +ms.date: 05/10/2019 --- # Enable network protection @@ -87,7 +87,7 @@ You can confirm network protection is enabled on a local computer by using Regis ## PowerShell -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ``` @@ -100,7 +100,7 @@ You can enable the feature in audit mode using the following cmdlet: Set-MpPreference -EnableNetworkProtection AuditMode ``` -Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off. +Use `Disabled` instead of `AuditMode` or `Enabled` to turn the feature off. ## Related topics diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index c0ed880905..bcc8af6812 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/02/2019 +ms.date: 05/10/2019 --- # Evaluate network protection @@ -22,7 +22,7 @@ ms.date: 04/02/2019 [Network protection](network-protection-exploit-guard.md) helps prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. -This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visted a malicious site or domain. +This topic helps you evaluate Network protection by enabling the feature and guiding you to a testing site. The site in this evaluation topic are not malicious, they are specially created websites that pretend to be malicious. The site will replicate the behavior that would happen if a user visited a malicious site or domain. >[!TIP] From 08579d2e06844a862a5255c0ae7cda48815ccbfc Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 08:55:04 -0700 Subject: [PATCH 073/117] edits --- .../create-wip-policy-using-intune-azure.md | 70 +++++++++---------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 3b01319d95..c77253574c 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -566,50 +566,50 @@ After you've decided where your protected apps can access enterprise data on you **To set your optional settings** -1. Choose to set any or all optional settings: +Choose these optional settings: + +- **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: + + - **On.** Turns on the feature and provides the additional protection. + + - **Off, or not configured.** Doesn't enable this feature. + +- **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: + + - **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment. + + - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions. + +- **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: + + - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu. + + - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. + +- **Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). + + - **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. + + If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. + + - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. - ![Microsoft Intune, Choose if you want to include any of the optional settings](images/wip-azure-advanced-settings-optional.png) - - - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: - - - **On.** Turns on the feature and provides the additional protection. - - - **Off, or not configured.** Doesn't enable this feature. - - - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: - - - **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment. - - - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions. - - - **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: - - - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu. - - - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. - - - **Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. You must already have Azure Rights Management set up. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. In other words, WIP uses AIP "machinery" to apply EFS encryption to files when they are copied to removable media. - - - **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. - - The EFS file uses the key from the RMS template’s license to protect the EFS file encryption key. Only users with permission to that template will be able to read it from the USB. If you don’t specify a template, it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. - - - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. + >[!NOTE] + >Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders. - >[!NOTE] - >Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders. + For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service]. - - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. +- **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. - - **On.** Starts Windows Search Indexer to index encrypted files. + - **On.** Starts Windows Search Indexer to index encrypted files. - - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. + - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. -For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates). WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). +![Advanced optional settings ](images/wip-azure-advanced-settings-optional.png) ## Encrypted file extensions -You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. +You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with te extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. ![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png) From a89de968768a50169ab962dc4da7c724006011bb Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 10:29:09 -0700 Subject: [PATCH 074/117] edit --- .../create-wip-policy-using-intune-azure.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index c77253574c..2ca3e9daf4 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -562,11 +562,7 @@ After you create and deploy your WIP policy to your employees, Windows begins to ![Microsoft Intune, Upload your Data Recovery Agent (DRA) certificate](images/wip-azure-advanced-settings-efsdra.png) ## Choose your optional WIP-related settings -After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings. - -**To set your optional settings** - -Choose these optional settings: +After you've decided where your protected apps can access enterprise data on your network, choose these optional settings: - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: From ea8367658d1826c9c2ea3bbe836dc2c1b8279159 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 11:01:34 -0700 Subject: [PATCH 075/117] fixed image and list --- .../create-wip-policy-using-intune-azure.md | 74 +++++++++---------- 1 file changed, 36 insertions(+), 38 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 2ca3e9daf4..ac8ada75d1 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -562,46 +562,44 @@ After you create and deploy your WIP policy to your employees, Windows begins to ![Microsoft Intune, Upload your Data Recovery Agent (DRA) certificate](images/wip-azure-advanced-settings-efsdra.png) ## Choose your optional WIP-related settings -After you've decided where your protected apps can access enterprise data on your network, choose these optional settings: - -- **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: - - - **On.** Turns on the feature and provides the additional protection. - - - **Off, or not configured.** Doesn't enable this feature. - -- **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: - - - **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment. - - - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions. - -- **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: - - - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu. - - - **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. - -- **Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). - - - **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. - - If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. - - - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. - - >[!NOTE] - >Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders. - - For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service]. - -- **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. - - - **On.** Starts Windows Search Indexer to index encrypted files. - - - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. +After you've decided where your protected apps can access enterprise data on your network, you can choose optional settings. ![Advanced optional settings ](images/wip-azure-advanced-settings-optional.png) + +**Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: + +- **On.** Turns on the feature and provides the additional protection. + +- **Off, or not configured.** Doesn't enable this feature. + +**Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: + +- **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment. + +- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions. + +**Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: + +- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu. + +- **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option. + +**Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp). + +- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. + + If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. + +- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. + +>[!NOTE] +>Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders. + +**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. + +- **On.** Starts Windows Search Indexer to index encrypted files. + +- **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. ## Encrypted file extensions From 7c773be415354c7ad36ee5f628d9aa7875c5b326 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 11:02:03 -0700 Subject: [PATCH 076/117] date --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index ac8ada75d1..1d57580668 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/08/2019 +ms.date: 05/10/2019 --- # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune From 5a0d6d9e959aa2c19f362029a757a85c08525dd7 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 11:12:09 -0700 Subject: [PATCH 077/117] Update hello-hybrid-key-trust-prereqs.md --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index a4a1cc41b4..4d48eaed74 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -85,7 +85,7 @@ Organizations using older directory synchronization technology, such as DirSync
## Federation with Azure ## -You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later. +You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) beginning with Windows Server 2012 R2. ### Section Review ### > [!div class="checklist"] @@ -97,7 +97,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat ## Multifactor Authentication ## Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication. -Hybrid Windows Hello for Business deployments can use Azure’s Multi-factor Authentication service or they can use multi-factor authentication provided by Windows Server 2012 R2 or later Active Directory Federation Services, which include an adapter model that enables third parties to integrate their multi-factor authentication into AD FS. The Multi-factor authentication enabled in Office 365 license is sufficient for direct Multi-factor Authentication against Azure AD. +Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication (MFA) service or they can use MFA provided by AD FS beginning with Windows Server 2012 R2, which includes an adapter model that enables third parties to integrate their MFA into AD FS. The MFA enabled by an Office 365 license is sufficient for Azure AD. ### Section Review > [!div class="checklist"] From 33bc56ed1e0f1e68b4ffdebe277e2dc44a36fcbd Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 10 May 2019 11:13:55 -0700 Subject: [PATCH 078/117] Update hello-hybrid-key-trust-prereqs.md --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 4d48eaed74..e7e22f7c8f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -97,7 +97,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat ## Multifactor Authentication ## Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication. -Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication (MFA) service or they can use MFA provided by AD FS beginning with Windows Server 2012 R2, which includes an adapter model that enables third parties to integrate their MFA into AD FS. The MFA enabled by an Office 365 license is sufficient for Azure AD. +Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication (MFA) service or they can use multifactor authentication provided by AD FS beginning with Windows Server 2012 R2, which includes an adapter model that enables third parties to integrate their MFA into AD FS. The MFA enabled by an Office 365 license is sufficient for Azure AD. ### Section Review > [!div class="checklist"] From 6a6fe30fe138e9f0ce63896660bd5820a3e92ecc Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 10 May 2019 14:36:01 -0700 Subject: [PATCH 079/117] Update safety-scanner-download.md fixing NOTE style --- .../threat-protection/intelligence/safety-scanner-download.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index 5a4ea7bd10..69dfef35ee 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -22,7 +22,7 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from - [Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732) -[!NOTE] The security intelligence update version of the Microsoft Safety Scaner matches the version described [in this web page](https://www.microsoft.com/en-us/wdsi/definitions). +> **NOTE** The security intelligence update version of the Microsoft Safety Scaner matches the version described [in this web page](https://www.microsoft.com/en-us/wdsi/definitions). Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan. From 951f8092f962a0932629e8b141b25fdf3f91e2e6 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Fri, 10 May 2019 15:12:41 -0700 Subject: [PATCH 080/117] Release info preview (#162) * Latest changes for 1809 issues * New Announcement Added * Latest Change for announcement * Updated link for japanese era content --- .../status-windows-10-1507.yml | 22 ------------ ...indows-10-1607-and-windows-server-2016.yml | 26 ++++++-------- .../status-windows-10-1703.yml | 24 ++++++------- .../status-windows-10-1709.yml | 26 ++++++-------- .../status-windows-10-1803.yml | 28 ++++++--------- ...indows-10-1809-and-windows-server-2019.yml | 18 ++-------- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 34 ++++++------------- ...windows-8.1-and-windows-server-2012-r2.yml | 26 ++++++-------- .../status-windows-server-2008-sp2.yml | 12 ------- .../status-windows-server-2012.yml | 24 ++++++------- .../windows-message-center.yml | 7 ++++ 11 files changed, 79 insertions(+), 168 deletions(-) diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 3cab3fb9e9..16bf511276 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -61,9 +61,6 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- - -
SummaryOriginating updateStatusLast updated
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 10240.18158

March 12, 2019
KB4489872		Resolved
KB4493475		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4493475		April 09, 2019
10:00 AM PT
" @@ -74,30 +71,11 @@ sections:
" -- title: March 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Custom URI schemes may not start corresponding application
After installing KB4489872, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493475.

Back to top		OS Build 10240.18158

March 12, 2019
KB4489872		Resolved
KB4493475		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
- " - -- title: February 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:  
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493475

Back to top		OS Build 10240.18132

February 12, 2019
KB4487018		Resolved
KB4493475		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
- " - - title: January 2019 - items: - type: markdown text: " -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following: 
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480962, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493475.

Back to top		OS Build 10240.18094

January 08, 2019
KB4480962		Resolved
KB4493475		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index b22aced938..d444c69dac 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -61,16 +61,13 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - - -
SummaryOriginating updateStatusLast updated
Zone transfers over TCP may fail
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Investigating
April 25, 2019
02:00 PM PT
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		OS Build 14393.2931

April 25, 2019
KB4492241		Mitigated
May 10, 2019
10:35 AM PT
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		OS Build 14393.2848

March 12, 2019
KB4489882		Mitigated
April 25, 2019
02:00 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 14393.2848

March 12, 2019
KB4489882		Resolved
KB4493473		April 25, 2019
02:00 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup.

See details >		OS Build 14393.2879

March 19, 2019
KB4489889		Resolved
KB4493470		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Resolved
KB4493470		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Resolved
KB4493470		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 14393.2791

February 12, 2019
KB4487026		Resolved
KB4493470		April 09, 2019
10:00 AM PT
" @@ -81,6 +78,15 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		OS Build 14393.2931

April 25, 2019
KB4492241		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: April 2019 - items: - type: markdown @@ -98,16 +104,6 @@ sections:
Issue using PXE to start a device from WDS

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:
Open an Administrator Command prompt and type the following:
Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:
Use the Windows Deployment Services UI to make the following adjustment:
  1. Open Windows Deployment Services from Windows Administrative Tools.
  2. Expand Servers and right-click a WDS server.
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
Option 3:
Set the following registry value to 0:
HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension

Restart the WDSServer service after disabling the Variable Window Extension.

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to topOS Build 14393.2848

March 12, 2019
KB4489882Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
After installing KB4489882, Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493473

Back to topOS Build 14393.2848

March 12, 2019
KB4489882Resolved
KB4493473Resolved:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT -
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue was resolved in KB4493470.

Back to topOS Build 14393.2879

March 19, 2019
KB4489889Resolved
KB4493470Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 19, 2019
10:00 AM PT - - " - -- title: February 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:  
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493470

Back to top		OS Build 14393.2791

February 12, 2019
KB4487026		Resolved
KB4493470		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
" @@ -117,8 +113,6 @@ sections: text: " - -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507;  Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480961, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493470.

Back to top		OS Build 14393.2724

January 08, 2019
KB4480961		Resolved
KB4493470		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480961, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493470.

Back to top		OS Build 14393.2724

January 08, 2019
KB4480961		Resolved
KB4493470		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index 10d69d6cc5..c0cfa4ac36 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,11 +60,9 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - -
SummaryOriginating updateStatusLast updated
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		OS Build 15063.1771

April 25, 2019
KB4492242		Mitigated
May 10, 2019
10:35 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
April 25, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 15063.1689

March 12, 2019
KB4489871		Resolved
KB4493436		April 25, 2019
02:00 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 15063.1716

March 19, 2019
KB4489888		Resolved
KB4493474		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4493474		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4493474		April 09, 2019
10:00 AM PT
" @@ -75,22 +73,21 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		OS Build 15063.1771

April 25, 2019
KB4492242		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: March 2019 - items: - type: markdown text: " - -
DetailsOriginating updateStatusHistory
Custom URI schemes may not start corresponding application
After installing KB4489871, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493436

Back to top		OS Build 15063.1689

March 12, 2019
KB4489871		Resolved
KB4493436		Resolved:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue was resolved in KB4493474.

Back to top		OS Build 15063.1716

March 19, 2019
KB4489888		Resolved
KB4493474		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 19, 2019
10:00 AM PT
- " - -- title: February 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493474

Back to top		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4493474		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
" @@ -100,6 +97,5 @@ sections: text: " -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following: 
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480973, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493474.

Back to top		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4493474		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index abdaf311b0..2618d42ebf 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -61,12 +61,9 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - - -
SummaryOriginating updateStatusLast updated
Zone transfers over TCP may fail
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

See details >		OS Build 16299.1127

April 25, 2019
KB4493440		Investigating
April 25, 2019
02:00 PM PT
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		OS Build 16299.1111

April 25, 2019
KB4492243		Mitigated
May 10, 2019
10:35 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 16299.1029

March 12, 2019
KB4489886		Resolved
KB4493440		April 25, 2019
02:00 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 16299.1059

March 19, 2019
KB4489890		Resolved
KB4493441		April 09, 2019
10:00 AM PT
MSXML6 causes applications to stop responding if an exception was thrown
MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4493441		April 09, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

See details >		OS Build 16299.1029

March 12, 2019
KB4489886		Resolved
KB4493441		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4493441		April 09, 2019
10:00 AM PT
" @@ -77,6 +74,15 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		OS Build 16299.1111

April 25, 2019
KB4492243		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: April 2019 - items: - type: markdown @@ -92,17 +98,6 @@ sections: text: " - - -
DetailsOriginating updateStatusHistory
Custom URI schemes may not start corresponding application
After installing KB4489886, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493440

Back to top		OS Build 16299.1029

March 12, 2019
KB4489886		Resolved
KB4493440		Resolved:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue is resolved in KB4493441.

Back to top		OS Build 16299.1059

March 19, 2019
KB4489890		Resolved
KB4493441		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 19, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
After applying KB4489886, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.

Affected platforms:
  • Client: Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4493441.

Back to top		OS Build 16299.1029

March 12, 2019
KB4489886		Resolved
KB4493441		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
- " - -- title: February 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:  
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493441

Back to top		OS Build 16299.967

February 12, 2019
KB4486996		Resolved
KB4493441		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
" @@ -112,6 +107,5 @@ sections: text: " -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 causes applications to stop responding if an exception was thrown
After installing KB4480978, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493441.

Back to top		OS Build 16299.904

January 08, 2019
KB4480978		Resolved
KB4493441		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 3e58d9c048..9fea9cbeb3 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -61,14 +61,10 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - - - -
SummaryOriginating updateStatusLast updated
Zone transfers over TCP may fail
Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

See details >		OS Build 17134.753

April 25, 2019
KB4493437		Investigating
April 25, 2019
02:00 PM PT
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		OS Build 17134.730

April 25, 2019
KB4492245		Mitigated
May 10, 2019
10:35 AM PT
Issue using PXE to start a device from WDS
Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019
02:00 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Resolved
KB4493437		April 25, 2019
02:00 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 17134.677

March 19, 2019
KB4489894		Resolved
KB4493464		April 09, 2019
10:00 AM PT
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		OS Build 17134.556

January 15, 2019
KB4480976		Resolved
KB4487029		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4493464		April 09, 2019
10:00 AM PT
Stop error when attempting to start SSH from WSL
A stop error occurs when attempting to start Secure Shell from Windows Subsystem for Linux with agent forwarding using a command line switch (ssh –A) or a configuration setting.

See details >		OS Build 17134.648

March 12, 2019
KB4489868		Resolved
KB4493464		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 17134.590

February 12, 2019
KB4487017		Resolved
KB4493464		April 09, 2019
10:00 AM PT
" @@ -79,6 +75,15 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		OS Build 17134.730

April 25, 2019
KB4492245		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: April 2019 - items: - type: markdown @@ -96,17 +101,6 @@ sections:
Issue using PXE to start a device from WDS
After installing KB4489868, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1: 
Open an Administrator Command prompt and type the following:  
Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

 Option 2: 
Use the Windows Deployment Services UI to make the following adjustment:  
  1. Open Windows Deployment Services from Windows Administrative Tools. 
  2. Expand Servers and right-click a WDS server. 
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.  
Option 3: 
Set the following registry value to 0:
HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension  

Restart the WDSServer service after disabling the Variable Window Extension. 
 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

Back to topOS Build 17134.648

March 12, 2019
KB4489868Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
After installing KB4489868, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493437

Back to topOS Build 17134.648

March 12, 2019
KB4489868Resolved
KB4493437Resolved:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT -
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue was resolved in KB4493464

Back to topOS Build 17134.677

March 19, 2019
KB4489894Resolved
KB4493464Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 19, 2019
10:00 AM PT -
Stop error when attempting to start SSH from WSL
After applying KB4489868, a stop error occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh -A) or a configuration setting.

Affected platforms:
  • Client: Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4493464.

Back to topOS Build 17134.648

March 12, 2019
KB4489868Resolved
KB4493464Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT - - " - -- title: February 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:  
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493464

Back to top		OS Build 17134.590

February 12, 2019
KB4487017		Resolved
KB4493464		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
" @@ -116,7 +110,5 @@ sections: text: " - -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized
After installing KB4480976, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487029

Back to top		OS Build 17134.556

January 15, 2019
KB4480976		Resolved
KB4487029		Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493464

Back to top		OS Build 17134.523

January 08, 2019
KB4480966		Resolved
KB4493464		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 2b50998415..afb53b80c9 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -65,6 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -73,10 +74,6 @@ sections: - - - -
SummaryOriginating updateStatusLast updated
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		OS Build 17763.475

May 03, 2019
KB4495667		Mitigated
May 10, 2019
10:35 AM PT
Devices with some Asian language packs installed may receive an error
After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
May 03, 2019
10:59 AM PT
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
May 02, 2019
04:47 PM PT
Issue using PXE to start a device from WDS
Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
April 09, 2019
10:00 AM PT
Latest cumulative update (KB 4495667) installs automatically
Reports that the optional cumulative update (KB 4495667) installs automatically.

See details >		OS Build 17763.475

May 03, 2019
KB4495667		Resolved
May 08, 2019
03:37 PM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

See details >		OS Build 17763.437

April 09, 2019
KB4493509		Resolved
May 08, 2019
03:30 PM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		OS Build 17763.379

March 12, 2019
KB4489899		Resolved
KB4495667		May 03, 2019
12:40 PM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

See details >		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4493509		April 09, 2019
10:00 AM PT
" @@ -92,6 +89,7 @@ sections: - type: markdown text: " + @@ -104,7 +102,6 @@ sections: text: "
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		OS Build 17763.475

May 03, 2019
KB4495667		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
  1. Go to Settings app -> Recovery.
  2. Click on Get Started under \"Reset this PC\" recovery option.
  3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"
 
Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround: You can use another browser, such as Internet Explorer to print your documents.
 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.379

March 12, 2019
KB4489899		Mitigated
Last updated:
May 02, 2019
04:47 PM PT

Opened:
May 02, 2019
04:47 PM PT
Latest cumulative update (KB 4495667) installs automatically
Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.

Back to top		OS Build 17763.475

May 03, 2019
KB4495667		Resolved
Resolved:
May 08, 2019
03:37 PM PT

Opened:
May 05, 2019
12:01 PM PT
-
DetailsOriginating updateStatusHistory
System may be unresponsive after restart if ArcaBit antivirus software installed
ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart.

Affected platforms:
  • Client: Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
Workaround: ArcaBit has released an update to address this issue for affected platforms. For more information, see the ArcaBit support article.

Resolution: This issue has been resolved. ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809 (client or server).

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Resolved
Resolved:
May 08, 2019
03:30 PM PT

Opened:
April 09, 2019
10:00 AM PT
End-user-defined characters (EUDC) may cause blue screen at startup
If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup. This is not a common setting in non-Asian regions.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue was resolved in KB4493509.

Back to top		OS Build 17763.404

April 02, 2019
KB4490481		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
April 02, 2019
10:00 AM PT
" @@ -119,23 +116,12 @@ sections: " -- title: February 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:  
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1  
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2  
Resolution: This issue is resolved in KB4493509.  

Back to top		OS Build 17763.316

February 12, 2019
KB4487044		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
- " - - title: January 2019 - items: - type: markdown text: " - -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:  
  • Perform the operation from a process that has administrator privilege. 
  • Perform the operation from a node that doesn’t have CSV ownership. 
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Mitigated
Last updated:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480116, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to: 
  • Cache size and location show zero or empty. 
  • Keyboard shortcuts may not work properly. 
  • Webpages may intermittently fail to load or render correctly. 
  • Issues with credential prompts. 
  • Issues when downloading files. 
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue was resolved in KB4493509

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480116, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().
 
The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493509

Back to top		OS Build 17763.253

January 08, 2019
KB4480116		Resolved
KB4493509		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index ef1b22e4bf..0ce3cb79c0 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,16 +60,13 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - - -
SummaryOriginating updateStatusLast updated
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		April 25, 2019
KB4493453		Mitigated
May 10, 2019
10:35 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
May 08, 2019
03:29 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
May 03, 2019
08:50 AM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >		March 12, 2019
KB4489878		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493472		Mitigated
April 25, 2019
02:00 PM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

See details >		April 09, 2019
KB4493472		Resolved
April 25, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480970		Resolved
KB4493472		April 09, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		March 12, 2019
KB4489878		Resolved
KB4493472		April 09, 2019
10:00 AM PT
NETDOM.EXE fails to run
NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

See details >		March 12, 2019
KB4489878		Resolved
KB4493472		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4486563		Resolved
KB4493472		April 09, 2019
10:00 AM PT
" @@ -80,6 +77,15 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		April 25, 2019
KB4493453		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: April 2019 - items: - type: markdown @@ -99,25 +105,5 @@ sections: text: " - - -
DetailsOriginating updateStatusHistory
Authentication may fail for services after the Kerberos ticket expires
After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

Affected platforms: 
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: To mitigate this issue, use one of the following options:
  • Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.
  • Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.
  • Option 3: Use constrained delegation.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		March 12, 2019
KB4489878		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
After installing KB4489878, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
Resolution: This issue is resolved in KB4493472.

Back to top		March 12, 2019
KB4489878		Resolved
KB4493472		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
NETDOM.EXE fails to run
After installing KB4489878, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

Affected platforms: 
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4493472.

Back to top		March 12, 2019
KB4489878		Resolved
KB4493472		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
- " - -- title: February 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly. 
 
For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color. 
 
Affected platforms:  
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493472

Back to top		February 12, 2019
KB4486563		Resolved
KB4493472		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
- " - -- title: January 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480970, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493472.

Back to top		January 08, 2019
KB4480970		Resolved
KB4493472		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index e159932ae6..a16b0e0d20 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,6 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -67,10 +68,6 @@ sections: - - - -
SummaryOriginating updateStatusLast updated
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		April 25, 2019
KB4493443		Mitigated
May 10, 2019
10:35 AM PT
System may be unresponsive after restart if ArcaBit antivirus software installed
Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
May 08, 2019
03:29 PM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493446		Mitigated
May 03, 2019
08:50 AM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489881		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019
02:00 PM PT
System may be unresponsive after restart with certain McAfee antivirus products
Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

See details >		April 09, 2019
KB4493446		Mitigated
April 18, 2019
05:00 PM PT
Devices may not respond at login or Welcome screen if running certain Avast software
Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

See details >		April 09, 2019
KB4493446		Resolved
April 25, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480963		Resolved
KB4493446		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding.
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		January 08, 2019
KB4480963		Resolved
KB4493446		April 09, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

See details >		March 12, 2019
KB4489881		Resolved
KB4493446		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4487000		Resolved
KB4493446		April 09, 2019
10:00 AM PT
" @@ -81,6 +78,15 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		April 25, 2019
KB4493443		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: April 2019 - items: - type: markdown @@ -101,16 +107,6 @@ sections: - -
DetailsOriginating updateStatusHistory
Issue using PXE to start a device from WDS
After installing KB4489881, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 
Workaround: To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:
Open an Administrator Command prompt and type the following:
Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:
Use the Windows Deployment Services UI to make the following adjustment:
  1. Open Windows Deployment Services from Windows Administrative Tools.
  2. Expand Servers and right-click a WDS server.
  3. Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.
Option 3:
Set the following registry value to 0:
HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension

Restart the WDSServer service after disabling the Variable Window Extension.

Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		March 12, 2019
KB4489881		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
Custom URI schemes may not start corresponding application
After installing KB4489881, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
Resolution: This issue is resolved in KB4493446.

Back to top		March 12, 2019
KB4489881		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
- " - -- title: February 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

Affected platforms 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493446.

Back to top		February 12, 2019
KB4487000		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
" @@ -120,7 +116,5 @@ sections: text: " - -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		January 08, 2019
KB4480963		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480963, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493446.

Back to top		January 08, 2019
KB4480963		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding.
After installing KB4480963, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493446.

Back to top		January 08, 2019
KB4480963		Resolved
KB4493446		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 102f665769..689abfde38 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -63,8 +63,6 @@ sections:
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >April 09, 2019
KB4493471Mitigated
May 03, 2019
08:51 AM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >April 09, 2019
KB4493471Mitigated
April 25, 2019
02:00 PM PT
Authentication may fail for services after the Kerberos ticket expires
Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

See details >March 12, 2019
KB4489880Mitigated
April 25, 2019
02:00 PM PT -
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >February 12, 2019
KB4487023Resolved
KB4493471April 09, 2019
10:00 AM PT -
NETDOM.EXE fails to run
NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

See details >March 12, 2019
KB4489880Resolved
KB4493471April 09, 2019
10:00 AM PT " @@ -91,15 +89,5 @@ sections: text: " - -
DetailsOriginating updateStatusHistory
Authentication may fail for services after the Kerberos ticket expires
After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

Affected platforms: 
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Workaround: To mitigate this issue, use one of the following options:
  • Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.
  • Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.
  • Option 3: Use constrained delegation.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		March 12, 2019
KB4489880		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
March 12, 2019
10:00 AM PT
NETDOM.EXE fails to run
After installing KB4489880, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

Affected platforms: 
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4493471.

Back to top		March 12, 2019
KB4489880		Resolved
KB4493471		Resolved:
April 09, 2019
10:00 AM PT

Opened:
March 12, 2019
10:00 AM PT
- " - -- title: February 2019 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

Affected platforms 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4493471.

Back to top		February 12, 2019
KB4487023		Resolved
KB4493471		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index 831a726f86..be5f206c02 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,13 +60,11 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - -
SummaryOriginating updateStatusLast updated
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

See details >		April 25, 2019
KB4493462		Mitigated
May 10, 2019
10:35 AM PT
System may be unresponsive after restart if Avira antivirus software installed
Devices with Avira antivirus software installed may become unresponsive upon restart.

See details >		April 09, 2019
KB4493451		Mitigated
May 03, 2019
08:51 AM PT
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

See details >		March 12, 2019
KB4489891		Mitigated
April 25, 2019
02:00 PM PT
System unresponsive after restart if Sophos Endpoint Protection installed
Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

See details >		April 09, 2019
KB4493451		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019
02:00 PM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

See details >		January 08, 2019
KB4480975		Resolved
KB4493451		April 09, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

See details >		January 08, 2019
KB4480975		Resolved
KB4493451		April 09, 2019
10:00 AM PT
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

See details >		February 12, 2019
KB4487025		Resolved
KB4493451		April 09, 2019
10:00 AM PT
" @@ -77,6 +75,15 @@ sections:
" +- title: May 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

Back to top		April 25, 2019
KB4493462		Mitigated
Last updated:
May 10, 2019
10:35 AM PT

Opened:
May 10, 2019
10:35 AM PT
+ " + - title: April 2019 - items: - type: markdown @@ -97,22 +104,11 @@ sections: " -- title: February 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Embedded objects may display incorrectly
Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

For example, if you paste a Microsoft Excel worksheet object into a Microsoft Word document, the cells may render with a different background color.

Affected platforms 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4493451.

Back to top		February 12, 2019
KB4487025		Resolved
KB4493451		Resolved:
April 09, 2019
10:00 AM PT

Opened:
February 12, 2019
10:00 AM PT
- " - - title: January 2019 - items: - type: markdown text: " - -
DetailsOriginating updateStatusHistory
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Workaround: Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		January 08, 2019
KB4480975		Mitigated
Last updated:
April 25, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
Internet Explorer 11 authentication issue with multiple concurrent logons
After installing KB4480975, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:
  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.
Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: This issue is resolved in KB4493451.

Back to top		January 08, 2019
KB4480975		Resolved
KB4493451		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
MSXML6 may cause applications to stop responding
After installing KB4480975, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4493451.

Back to top		January 08, 2019
KB4480975		Resolved
KB4493451		Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 2a4ba41456..64f62b302e 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,13 @@ sections: text: " + From 1f9ba5ca8659274066e82e3671004cc7097608bb Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Sun, 12 May 2019 04:33:26 -0500 Subject: [PATCH 083/117] Solving issue #880 --- .../deployment/deploy-enterprise-licenses.md | 53 ++++++++++++------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index afc9f144c2..038c839c38 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -12,14 +12,20 @@ author: greg-lindsay ms.topic: article --- + + # Deploy Windows 10 Enterprise licenses +>[!IMPORTANT] +>Licenses E3 and E5 brings windows 10 license enterprise with them, this tutorial is special for the use and implementation of these licenses in a on-premises Active Directory environment. + + This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). >[!NOTE] ->Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later.
->Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
->Automatic, non-KMS activation requires Windows 10, version 1803 or later on a device with a firmware-embedded activation key.
+>* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. +>* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later. +>* Automatic, non-KMS activation requires Windows 10, version 1803 or later on a device with a firmware-embedded activation key. ## Firmware-embedded activation key @@ -35,9 +41,9 @@ If the device has a firmware-embedded activation key, it will be displayed in th If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant: -1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
- a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
- b. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
+1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license: + a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3 + b. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5 2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. 3. The admin can now assign subscription licenses to users. @@ -59,7 +65,7 @@ Also in this article: You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD. -You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. +You might ask why you need to synchronize these identities. The answer is that users will have a **single identity** that they can use to access their on-premises apps and cloud services that use Azure AD (**such as Windows 10 Enterprise E3 or E5**). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. **Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. @@ -72,6 +78,13 @@ For more information about integrating on-premises AD DS domains with Azure AD, - [Integrating your on-premises identities with Azure Active Directory](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/) - [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) +>[!NOTE] +>If you are implementing Azure AD, and have already an on-premises, you don't need to join the computers into Azure AD, since your main authentication method is your internal AD. In case, that you want to manage all your infrastructure on the cloud, then you can safely remote your domain controller and work with the join of the computers into the Azure AD, but you won't be able to apply fine control into the computers using GPO. +>The whole idea of using Azure AD, is mostly when you don't have any on-premises servers, and you want and enterprise administration of devices worldwide. + + + + ## Preparing for deployment: reviewing requirements Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic. @@ -151,12 +164,12 @@ Now the device is Azure AD joined to the company’s subscription. ### Step 2: Pro edition activation >[!IMPORTANT] ->If the device is running Windows 10, version 1803 or later, this step is no longer necessary when there is a firmware-embedded activation key on the device. Starting with Windows 10, version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
+>If the device is running Windows 10, version 1803 or later, this step is no longer necessary when there is a firmware-embedded activation key on the device. Starting with Windows 10, version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. >If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**. Windows 10 Pro activated -
**Figure 7a - Windows 10 Pro activation in Settings**
+**Figure 7a - Windows 10 Pro activation in Settings** Windows 10 Pro activation is required before Enterprise E3 or E5 can be enabled (Windows 10, versions 1703 and 1709 only). @@ -176,16 +189,16 @@ You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings &g Windows 10 activated and subscription active -
**Figure 9 - Windows 10 Enterprise subscription in Settings**
+**Figure 9 - Windows 10 Enterprise subscription in Settings** If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. >[!NOTE] ->If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
->Name: Windows(R), Professional edition
->Description: Windows(R) Operating System, RETAIL channel
->Partial Product Key: 3V66T
+>If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following: +>Name: Windows(R), Professional edition +>Description: Windows(R) Operating System, RETAIL channel +>Partial Product Key: 3V66T ## Virtual Desktop Access (VDA) @@ -211,23 +224,23 @@ Use the following figures to help you troubleshoot when users experience these c - [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed. -
+ Windows 10 not activated and subscription active -
**Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings**
+**Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings** + -
Windows 10 activated and subscription not active -
**Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings**
+**Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings** + -
Windows 10 not activated and subscription not active -
**Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings**
+**Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings** ### Review requirements on devices From f2e7db1c27a2f01fe8490dc7ce55e3f62a1b8352 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:04:55 -0500 Subject: [PATCH 084/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 038c839c38..ca9c5911b9 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -164,7 +164,7 @@ Now the device is Azure AD joined to the company’s subscription. ### Step 2: Pro edition activation >[!IMPORTANT] ->If the device is running Windows 10, version 1803 or later, this step is no longer necessary when there is a firmware-embedded activation key on the device. Starting with Windows 10, version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. +>If your device is running Windows 10, version 1803 or later, this step not needed. Starting with Windows 10 version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. >If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**. From bd221ac09c378556b5d5b985485edcc9805736fa Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Mon, 13 May 2019 10:11:25 -0500 Subject: [PATCH 085/117] Corrections --- windows/deployment/deploy-enterprise-licenses.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index ca9c5911b9..9a03873d7c 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -19,7 +19,6 @@ ms.topic: article >[!IMPORTANT] >Licenses E3 and E5 brings windows 10 license enterprise with them, this tutorial is special for the use and implementation of these licenses in a on-premises Active Directory environment. - This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). >[!NOTE] @@ -82,9 +81,6 @@ For more information about integrating on-premises AD DS domains with Azure AD, >If you are implementing Azure AD, and have already an on-premises, you don't need to join the computers into Azure AD, since your main authentication method is your internal AD. In case, that you want to manage all your infrastructure on the cloud, then you can safely remote your domain controller and work with the join of the computers into the Azure AD, but you won't be able to apply fine control into the computers using GPO. >The whole idea of using Azure AD, is mostly when you don't have any on-premises servers, and you want and enterprise administration of devices worldwide. - - - ## Preparing for deployment: reviewing requirements Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic. @@ -225,7 +221,6 @@ Use the following figures to help you troubleshoot when users experience these c - [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed. - Windows 10 not activated and subscription active **Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings** From c020150f3684eb897ef425c8c9d4a3a7d0008685 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:12:49 -0500 Subject: [PATCH 086/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 9a03873d7c..8c90e9f4ba 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -24,7 +24,7 @@ This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with >[!NOTE] >* Windows 10 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. >* Windows 10 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later. ->* Automatic, non-KMS activation requires Windows 10, version 1803 or later on a device with a firmware-embedded activation key. +>* Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key. ## Firmware-embedded activation key From ea00510908b1f1de7bdece0cebfa77aab8d83dc1 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:12:58 -0500 Subject: [PATCH 087/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 8c90e9f4ba..83fbd2a73f 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -64,7 +64,7 @@ Also in this article: You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD. -You might ask why you need to synchronize these identities. The answer is that users will have a **single identity** that they can use to access their on-premises apps and cloud services that use Azure AD (**such as Windows 10 Enterprise E3 or E5**). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. +You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them. **Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure. From 67f98f7e71c82dcdb80bd8042948accab6e44060 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:13:06 -0500 Subject: [PATCH 088/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 83fbd2a73f..9721ecd2be 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -42,7 +42,7 @@ If you are an EA customer with an existing Office 365 tenant, use the following 1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license: a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3 - b. **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5 +- **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5 2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. 3. The admin can now assign subscription licenses to users. From f5ca28c6688d8184e914da54a4a258bea602e573 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:13:14 -0500 Subject: [PATCH 089/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 9721ecd2be..cdecd2c70f 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -78,7 +78,7 @@ For more information about integrating on-premises AD DS domains with Azure AD, - [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/) >[!NOTE] ->If you are implementing Azure AD, and have already an on-premises, you don't need to join the computers into Azure AD, since your main authentication method is your internal AD. In case, that you want to manage all your infrastructure on the cloud, then you can safely remote your domain controller and work with the join of the computers into the Azure AD, but you won't be able to apply fine control into the computers using GPO. +>If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers. >The whole idea of using Azure AD, is mostly when you don't have any on-premises servers, and you want and enterprise administration of devices worldwide. ## Preparing for deployment: reviewing requirements From 4ad41520e7864728f84d69c50b0ea11cc417bcef Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:13:28 -0500 Subject: [PATCH 090/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index cdecd2c70f..38252eee03 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -79,7 +79,6 @@ For more information about integrating on-premises AD DS domains with Azure AD, >[!NOTE] >If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers. ->The whole idea of using Azure AD, is mostly when you don't have any on-premises servers, and you want and enterprise administration of devices worldwide. ## Preparing for deployment: reviewing requirements From 33cec4871e6275f66bbaa57f1b32b20f1257d8b3 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:13:39 -0500 Subject: [PATCH 091/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 38252eee03..b1b4b2b9d5 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -41,7 +41,7 @@ If the device has a firmware-embedded activation key, it will be displayed in th If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant: 1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license: - a. **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3 +- **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3 - **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5 2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant. 3. The admin can now assign subscription licenses to users. From 85e9423476bb32060213ca9bb7e15691c189362d Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:13:57 -0500 Subject: [PATCH 092/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index b1b4b2b9d5..fd04ba220b 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -17,7 +17,7 @@ ms.topic: article # Deploy Windows 10 Enterprise licenses >[!IMPORTANT] ->Licenses E3 and E5 brings windows 10 license enterprise with them, this tutorial is special for the use and implementation of these licenses in a on-premises Active Directory environment. +>Office 365 Enterprise E3 and Office 365 Enterprise E5 include a Windows 10 Enterprise license. This article is about the use and implementation of these licenses in a on-premises Active Directory environment. This topic describes how to deploy Windows 10 Enterprise E3 or E5 licenses with [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md) or [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) and Azure Active Directory (Azure AD). From 73007e7e463bd4fa727fb2652090d6287a4f9063 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 10:54:17 -0500 Subject: [PATCH 093/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index fd04ba220b..c202b6f22e 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -159,7 +159,7 @@ Now the device is Azure AD joined to the company’s subscription. ### Step 2: Pro edition activation >[!IMPORTANT] ->If your device is running Windows 10, version 1803 or later, this step not needed. Starting with Windows 10 version 1803 the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. +>If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key. >If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**. From b779a2462eab915da80af93e2075aa45b39f115f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 13 May 2019 10:17:20 -0700 Subject: [PATCH 094/117] spelling --- .../create-wip-policy-using-intune-azure.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 1d57580668..18eb0da280 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 05/10/2019 +ms.date: 05/13/2019 --- # Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune @@ -588,7 +588,7 @@ After you've decided where your protected apps can access enterprise data on you - **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy. - If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that everyone in the tenant will have access to. + If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that all users can access. - **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive. @@ -603,7 +603,7 @@ After you've decided where your protected apps can access enterprise data on you ## Encrypted file extensions -You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with te extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. +You can restrict which files are protected by WIP when they are downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied. ![WIP encrypted file extensions](images/wip-encrypted-file-extensions.png) From 91623a4d58af4d0db2873912b77e3b53daa23c5a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 13 May 2019 10:29:36 -0700 Subject: [PATCH 095/117] spelling --- .../create-wip-policy-using-intune-azure.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 18eb0da280..33ced2e6e3 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -98,7 +98,7 @@ Select **Store apps**, type the app product name and publisher, and click **OK** ![Add Store app](images\add-a-protected-store-app.png) -To add multiple Store apps, click the elipsis **…**. +To add multiple Store apps, click the ellipsis **…**. If you don't know the Store app publisher or product name, you can find them by following these steps. @@ -187,7 +187,7 @@ To add **Desktop apps**, complete the following fields, based on what results yo
MessageDate
Reminder: Windows 10 update servicing cadence
This month we received questions about the cadence of updates we released in April and May 2019. Here's a quick recap of our releases and servicing cadence:
+
    +
  • April 9, 2019 was the regular Update Tuesday release for all versions of Windows.
    • +
  • May 1, 2019 was an \"optional\" out of band update (OOB), non-security update for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.
    • +
  • May 3, 2019 was the \"optional\" Windows 10, version 1809 \"C\" release for April. This update contained important Japanese era packages for commercial customers to preview. It was released later than expected and mistakenly targeted as \"required\" (instead of \"optional\") for consumers, which pushed the update out to customers and required a reboot. Within 24 hours of receiving customer reports, we corrected the targeting logic and mitigated the issue.
    • +
+ For more information about the Windows 10 update servicing cadence, please see the Window IT Pro blog.
May 10, 2019
10:00 AM PT
Take action: Install servicing stack update for Windows Server 2008 SP2 for SHA-2 code sign support
A standalone update, KB4493730, that introduce SHA-2 code sign support for the servicing stack (SSU) was released today as a security update.		April 19, 2019
10:00 AM PT
The benefits of Windows 10 Dynamic Update
Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed.

From 774a98767c45c9edaf490cd3ef55e6d0ab648518 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 10 May 2019 15:38:34 -0700 Subject: [PATCH 081/117] Added 19H1 policy --- .../policy-configuration-service-provider.md | 4 ++ .../mdm/policy-csp-experience.md | 72 +++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 4913c03360..8c6acf42f8 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1262,6 +1262,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Experience/PreventUsersFromTurningOnBrowserSyncing
+
+ Experience/ShowLockOnUserTile +
### ExploitGuard policies @@ -4369,6 +4372,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications) - [Experience/DoNotSyncBrowserSettings](./policy-csp-experience.md#experience-donotsyncbrowsersetting) - [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing) +- [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile) - [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings) - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer) - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption) diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index c0d7b7cad4..cbc286da97 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -96,6 +96,9 @@ ms.date: 05/01/2019
Experience/PreventUsersFromTurningOnBrowserSyncing
+
+ Experience/ShowLockOnUserTile +
@@ -1569,6 +1572,75 @@ Validation procedure: +
+ + +**Experience/ShowLockOnUserTile** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcross markcheck mark6check mark6check mark6
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Shows or hides lock from the user tile menu. + +If you enable this policy setting, the lock option is shown in the User Tile menu. + +If you disable this policy setting, the lock option is never shown in the User Tile menu. + +If you do not configure this policy setting, the lock option is shown in the User Tile menu. Users can choose if they want to show the lock in the user tile menu from the Power Options control panel. + + + +ADMX Info: +- GP English name: *Show lock in the user tile menu* +- GP name: *ShowLockOption* +- GP path: *File Explorer* +- GP ADMX file name: *WindowsExplorer.admx* + + + +Supported values: +- false (default) - The lock option is not displayed in the User Tile menu. +- true - The lock option is displayed in the User Tile menu. + + + + + + + + + + From 9debc2dabe6990dd5c4e8709997902507c239de9 Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Sat, 11 May 2019 11:51:23 -0700 Subject: [PATCH 082/117] Release info preview (#164) * Latest changes for 1809 issues * New Announcement Added * Latest Change for announcement * Updated link for japanese era content * Made some change in Announcement. --- windows/release-information/windows-message-center.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 64f62b302e..bcea3b01d7 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -53,7 +53,7 @@ sections:
Reminder: Windows 10 update servicing cadence
This month we received questions about the cadence of updates we released in April and May 2019. Here's a quick recap of our releases and servicing cadence:
  • April 9, 2019 was the regular Update Tuesday release for all versions of Windows.
    • -
  • May 1, 2019 was an \"optional\" out of band update (OOB), non-security update for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.
    • +
  • May 1, 2019 was an \"optional,\" out of band non-security update (OOB) for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.
  • May 3, 2019 was the \"optional\" Windows 10, version 1809 \"C\" release for April. This update contained important Japanese era packages for commercial customers to preview. It was released later than expected and mistakenly targeted as \"required\" (instead of \"optional\") for consumers, which pushed the update out to customers and required a reboot. Within 24 hours of receiving customer reports, we corrected the targeting logic and mitigated the issue.
For more information about the Windows 10 update servicing cadence, please see the Window IT Pro blog.
May 10, 2019
10:00 AM PT
-To add another Desktop app, click the elipsis **…**. After you’ve entered the info into the fields, click **OK**. +To add another Desktop app, click the ellipsis **…**. After you’ve entered the info into the fields, click **OK**. ![Microsoft Intune management console: Adding Desktop app info](images/wip-azure-add-desktop-apps.png) From d30d89b19b2259e021a68bc78345dc8a464bf8cc Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 13 May 2019 10:33:44 -0700 Subject: [PATCH 096/117] edits --- .../create-wip-policy-using-sccm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index 84ebcf1861..8cb0bcd6e9 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/30/2019 +ms.date: 05/13/2019 --- # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager @@ -474,7 +474,7 @@ After you've decided where your protected apps can access enterprise data on you - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps. - - **Revoke local encryption keys during the unerollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: + - **Revoke local encryption keys during the unenrollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are: - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment. From dfbffb033924d6cd9a79b6195186941dc06b0187 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 13 May 2019 12:58:17 -0700 Subject: [PATCH 097/117] fix indicators --- ...-blocked-list-windows-defender-advanced-threat-protection.md | 2 +- .../threat-protection/windows-defender-atp/manage-indicators.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 78b40b3a95..de4d01bd79 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -64,5 +64,5 @@ You can define the conditions for when entities are identified as malicious or s ## Related topics - [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) -- [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +- [Manage indicators](manage-indicators.md) - [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md index 46f6939d8e..2a60cfdd55 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md @@ -38,7 +38,7 @@ On the top navigation you can: - Apply filters ## Create an indicator -1. In the navigation pane, select **Settings** > **Allowed/blocked list**. +1. In the navigation pane, select **Settings** > **Indicators**. 2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: - File hash From 0e0a602102d712a74a297c084fe633824a554d8d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 13 May 2019 13:36:11 -0700 Subject: [PATCH 098/117] indicators --- .../threat-protection/windows-defender-atp/manage-indicators.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md index 2a60cfdd55..c74b1a805e 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md @@ -62,7 +62,7 @@ On the top navigation you can: ## Manage indicators -1. In the navigation pane, select **Settings** > **Allowed/blocked list**. +1. In the navigation pane, select **Settings** > **Indicators**. 2. Select the tab of the entity type you'd like to manage. From cbf9fa503667e7e718f929b9f7f255cbcd8350bf Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 13 May 2019 14:54:28 -0700 Subject: [PATCH 099/117] added caveat about excluded apps --- .../customize-attack-surface-reduction.md | 16 +++++++--------- ...customize-controlled-folders-exploit-guard.md | 9 +++++---- .../enable-attack-surface-reduction.md | 4 ++-- .../enable-controlled-folders-exploit-guard.md | 6 +++--- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 6dbb17c57d..fe9741366e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/08/2019 +ms.date: 05/13/2019 --- # Customize attack surface reduction rules @@ -31,20 +31,18 @@ You can use Group Policy, PowerShell, and MDM CSPs to configure these settings. ## Exclude files and folders -You can exclude files and folders from being evaluated by all attack surface reduction rules. This means that even if the file or folder contains malicious behavior as determined by an attack surface reduction rule, the file will not be blocked from running. - -This could potentially allow unsafe files to run and infect your devices. +You can exclude files and folders from being evaluated by attack surface reduction rules. This means that even if an attack surface reduction rule detects that the file contains malicious behavior, the file will not be blocked from running. >[!WARNING] ->Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. -> ->If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). +>This could potentially allow unsafe files to run and infect your devices. Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. -You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions. +An exclusion applies to all rules that allow exclusions. You can specify an individual file, folder path, or the fully qualified domain name for a resource, but you cannot limit an exclusion to certain rules. + +An exclusion is applied only when when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. Attack surface reduction supports environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). +If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). -Exclusions apply to all attack surface reduction rules. Rule description | GUID -|:-:|- diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index bf18867655..deed0e6c2e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/07/2019 +ms.date: 05/13/2019 --- # Customize controlled folder access @@ -89,13 +89,14 @@ Use the [./Vendor/MSFT/Policy/Config/Defender/GuardedFoldersList](https://docs.m You can specify if certain apps should always be considered safe and given write access to files in protected folders. Allowing apps can be useful if you're finding a particular app that you know and trust is being blocked by the controlled folder access feature. >[!IMPORTANT] ->By default, Windows adds apps that it considers friendly to the allowed list - apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. +>By default, Windows adds apps that it considers friendly to the allowed list—apps added automatically by Windows are not recorded in the list shown in the Windows Security app or by using the associated PowerShell cmdlets. >You shouldn't need to add most apps. Only add apps if they are being blocked and you can verify their trustworthiness. -You can use the Windows Security app or Group Policy to add and remove apps that should be allowed to access protected folders. - When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access. +An allowed application or service only has write access to a controlled flder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. + + ### Use the Windows Defender Security app to allow specific apps 1. Open the Windows Security by clicking the shield icon in the task bar or searching the start menu for **Defender**. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 1a68651c4f..3b305feed9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/29/2019 +ms.date: 05/13/2019 --- # Enable attack surface reduction rules @@ -51,7 +51,7 @@ You can exclude files and folders from being evaluated by most attack surface re >- Block process creations originating from PSExec and WMI commands >- Block JavaScript or VBScript from launching downloaded executable content -You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. +You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. An exclusion is applied only when when the excluded application or service starts. For example, if you add an exclusion for an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index d761ebfc85..f6e6986c98 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/29/2019 +ms.date: 05/13/2019 --- # Enable controlled folder access @@ -61,7 +61,7 @@ For more information about disabling local list merging, see [Prevent or allow u 1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**. ![Enable controlled folder access in Intune](images/enable-cfa-intune.png) >[!NOTE] - >Wilcard is supported for applications, but not for folders. Subfolders are not protected. + >Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. 1. Click **OK** to save each open blade and click **Create**. 1. Click the profile **Assignments**, assign to **All Users & All Devices**, and click **Save**. @@ -76,7 +76,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt 1. Enter a name and a description, click **Controlled folder access**, and click **Next**. 1. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**. >[!NOTE] - >Wilcard is supported for applications, but not for folders. Subfolders are not protected. + >Wilcard is supported for applications, but not for folders. Subfolders are not protected. Allowed apps will continue to trigger events until they are restarted. 1. Review the settings and click **Next** to create the policy. 1. After the policy is created, click **Close**. From 7e1f1cb739ba64bf813b7bcc0f3970c7b6d48b72 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 13 May 2019 15:08:33 -0700 Subject: [PATCH 100/117] Added feedback from dev --- windows/client-management/mdm/policy-csp-update.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 9d7ac6f259..8e56b33127 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1254,7 +1254,7 @@ Added in Windows 10, version 1903. Allows the IT admin (when used with [Update/C -Supports a numeric value from 0 - 5, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. +Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. Default value is 2. @@ -1323,7 +1323,7 @@ When disabled, if the device has installed the required updates and is outside o Supported values: - 1 - Enabled -- 0 - Disabled +- 0 (default) - Disabled From ddddfbbf4d4a8080cdf8e9cb625dd020253d2917 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 13 May 2019 15:16:26 -0700 Subject: [PATCH 101/117] edits --- .../customize-attack-surface-reduction.md | 4 ++-- .../customize-controlled-folders-exploit-guard.md | 6 +++--- .../enable-attack-surface-reduction.md | 4 ++-- .../enable-controlled-folders-exploit-guard.md | 4 ++-- .../enable-exploit-protection.md | 2 +- .../enable-network-protection.md | 3 ++- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index fe9741366e..20e1ca5eda 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -74,9 +74,9 @@ See the [attack surface reduction](attack-surface-reduction-exploit-guard.md) to 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. -### Use PowerShell to exclude files and folderss +### Use PowerShell to exclude files and folders -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index deed0e6c2e..28a78453b2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -94,7 +94,7 @@ You can specify if certain apps should always be considered safe and given write When you add an app, you have to specify the app's location. Only the app in that location will be permitted access to the protected folders - if the app (with the same name) is located in a different location, then it will not be added to the allow list and may be blocked by controlled folder access. -An allowed application or service only has write access to a controlled flder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. +An allowed application or service only has write access to a controlled folder after it starts. For example, if you allow an update service that is already running, the update service will continue to trigger events until the service is stopped and restarted. ### Use the Windows Defender Security app to allow specific apps @@ -107,7 +107,7 @@ An allowed application or service only has write access to a controlled flder af 4. Click **Add an allowed app** and follow the prompts to add apps. - ![Screenshot of the add an allowed app button](images/cfa-allow-app.png) + ![Screenshot of how to add an allowed app button](images/cfa-allow-app.png) ### Use Group Policy to allow specific apps @@ -121,7 +121,7 @@ An allowed application or service only has write access to a controlled flder af ### Use PowerShell to allow specific apps -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ```PowerShell diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 3b305feed9..57d6a0abd8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -26,7 +26,7 @@ Each ASR rule contains three settings: To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. -You can enable attack surface reduction rules by using any of the these methods: +You can enable attack surface reduction rules by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm) @@ -131,7 +131,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe >[!WARNING] >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. 2. Enter the following cmdlet: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index f6e6986c98..0f4dcde83d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -22,7 +22,7 @@ ms.date: 05/13/2019 [Controlled folder access](controlled-folders-exploit-guard.md) helps you protect valuable data from malicious apps and threats, such as ransomware. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Controlled folder access is included with Windows 10 and Windows Server 2019. -You can enable controlled folder access by using any of the these methods: +You can enable controlled folder access by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) @@ -100,7 +100,7 @@ Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](htt ## PowerShell -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**. +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. 2. Enter the following cmdlet: diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index 58cb4ad00c..56932bf8a1 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -26,7 +26,7 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine. -You can enable each mitigation separately by using any of the these methods: +You can enable each mitigation separately by using any of these methods: - [Windows Security app](#windows-security-app) - [Microsoft Intune](#intune) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index 8df4d37da6..75c4d76f00 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -22,7 +22,8 @@ ms.date: 04/22/2019 [Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it. -You can enable network protection by using any of the these methods: + +You can enable network protection by using any of these methods: - [Microsoft Intune](#intune) - [Mobile Device Management (MDM)](#mdm) From 4a8b2dc1f690a7f0edfce207b4608dd30d5de124 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 13 May 2019 15:17:29 -0700 Subject: [PATCH 102/117] edits --- .../enable-network-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index 75c4d76f00..a3cad38060 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/22/2019 +ms.date: 05/13/2019 --- # Enable network protection @@ -88,7 +88,7 @@ You can confirm network protection is enabled on a local computer by using Regis ## PowerShell -1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator** +1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** 2. Enter the following cmdlet: ``` From 5dc8cb6c1852377314ebaac4ae1f4e8b1db9afa5 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 20:36:14 -0500 Subject: [PATCH 103/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index c202b6f22e..353bb97445 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -13,7 +13,6 @@ ms.topic: article --- - # Deploy Windows 10 Enterprise licenses >[!IMPORTANT] From 6040e1162d7e9720e47d80be71d545ff288f0b50 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 20:36:22 -0500 Subject: [PATCH 104/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 353bb97445..1c21ee3718 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -224,7 +224,6 @@ Use the following figures to help you troubleshoot when users experience these c **Figure 10 - Windows 10 Pro, version 1703 edition not activated in Settings** - Windows 10 activated and subscription not active **Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings** From 528382e2207c4d93ef968cce2d6fbc579998ec64 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 20:36:31 -0500 Subject: [PATCH 105/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 1c21ee3718..f2bf17ad13 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -229,7 +229,6 @@ Use the following figures to help you troubleshoot when users experience these c **Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings** - Windows 10 not activated and subscription not active **Figure 12 - Windows 10 Pro, version 1703 edition not activated and Windows 10 Enterprise subscription lapsed or removed in Settings** From de56796a975c25c688fc74917111f6b3b1c795d7 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Mon, 13 May 2019 21:28:02 -0500 Subject: [PATCH 106/117] Update windows/deployment/deploy-enterprise-licenses.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/deploy-enterprise-licenses.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index f2bf17ad13..25a638d45a 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -12,7 +12,6 @@ author: greg-lindsay ms.topic: article --- - # Deploy Windows 10 Enterprise licenses >[!IMPORTANT] From c9e0b1d57e0067291f01e82ca694727663379631 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 14 May 2019 11:13:08 +0500 Subject: [PATCH 107/117] update windows-upgrade-and-migration-considerations.md --- .../upgrade/windows-upgrade-and-migration-considerations.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index d5eff8daa4..b2bade848b 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -28,6 +28,9 @@ Windows Easy Transfer is a software wizard for transferring files and settings With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you cannot use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store. +> [!NOTE] +> Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10). + ### Migrate with the User State Migration Tool You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they are migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded. From e0e5aa64c2648a982296f756133a5912e01d4a09 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Tue, 14 May 2019 13:25:19 +0200 Subject: [PATCH 108/117] Update waas-quick-start.md Link added under Learn More. Resolves https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1576 --- windows/deployment/update/waas-quick-start.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 9ef541fce2..af88e40987 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -69,8 +69,8 @@ Click the following Microsoft Mechanics video for an overview of the updated rel ## Learn more -[Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) - +- [Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) +- [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) ## Related topics From baeeac3e0909bb2defa029f9d6c8632a6b771fc1 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 May 2019 10:06:17 -0700 Subject: [PATCH 109/117] Moved supported value tag after ADMXmapped tag --- .../mdm/policy-csp-update.md | 32 ++++++++----------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 8e56b33127..3650b5f1c6 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -1188,12 +1188,6 @@ ADMX Info: Added in Windows 10, version 1903. Allows IT admins to specify the number of days a user has before quality updates are installed on their devices automatically. Updates and restarts will occur regardless of active hours and the user will not be able to reschedule. - -Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. - -Default value is 7. - - ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1203,7 +1197,11 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* + +Supports a numeric value from 2 - 30, which indicates the number of days a device will wait until performing an aggressive installation of a required quality update. +Default value is 7. + @@ -1253,12 +1251,6 @@ ADMX Info: Added in Windows 10, version 1903. Allows the IT admin (when used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates) or [Update/ConfigureDeadlineForQualityUpdates](#update-configuredeadlineforqualityupdates)) to specify a minimum number of days until restarts occur automatically. Setting the grace period may extend the effective deadline set by the deadline policies. - -Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. - -Default value is 2. - - ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1268,7 +1260,11 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* + +Supports a numeric value from 0 - 7, which indicates the minimum number of days a device will wait until performing an aggressive installation of a required update once deadline has been reached. +Default value is 2. + @@ -1320,12 +1316,6 @@ Added in Windows 10, version 1903. If enabled (when used with [Update/ConfigureD When disabled, if the device has installed the required updates and is outside of active hours, it may attempt an automatic restart before the deadline. - -Supported values: -- 1 - Enabled -- 0 (default) - Disabled - - ADMX Info: - GP English name: *Specify deadlines for automatic updates and restarts* @@ -1335,7 +1325,11 @@ ADMX Info: - GP ADMX file name: *WindowsUpdate.admx* - + +Supported values: +- 1 - Enabled +- 0 (default) - Disabled + From 5297438f59503b0aa8897169d609d4e185f8a9df Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 May 2019 10:08:42 -0700 Subject: [PATCH 110/117] minor update --- windows/client-management/mdm/policy-csp-update.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 3650b5f1c6..8e9d7a15c7 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -995,12 +995,6 @@ If you enable this policy setting, Automatic Maintenance attempts to set OS wake If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel applies. - -Supported values: -- true - Enable -- false - Disable (Default) - - ADMX Info: - GP English name: *Automatic Maintenance WakeUp Policy* @@ -1010,7 +1004,11 @@ ADMX Info: - GP ADMX file name: *msched.admx* - + +Supported values: +- true - Enable +- false - Disable (Default) + From f066c23a3f08fe7488e8ba2a31922ea69343c763 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 May 2019 11:14:34 -0700 Subject: [PATCH 111/117] Added preview mode info --- .../mdm/new-in-windows-mdm-enrollment-management.md | 8 ++++---- .../mdm/policy-configuration-service-provider.md | 4 ++-- .../client-management/mdm/policy-csp-authentication.md | 10 ++++++++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index b7d977b310..d652e7d5f2 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1398,8 +1398,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
    • -
  • Authentication/EnableFastFirstSignIn
    • -
  • Authentication/EnableWebSignIn
    • +
  • Authentication/EnableFastFirstSignIn (Preview mode only)
    • +
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
    • @@ -1943,8 +1943,8 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
    • ApplicationManagement/LaunchAppAfterLogOn
    • ApplicationManagement/ScheduleForceRestartForUpdateFailures
      • -
    • Authentication/EnableFastFirstSignIn
      • -
    • Authentication/EnableWebSignIn
      • +
    • Authentication/EnableFastFirstSignIn (Preview mode only)
      • +
    • Authentication/EnableWebSignIn (Preview mode only)
    • Authentication/PreferredAadTenantDomainName
    • Defender/CheckForSignaturesBeforeRunningScan
    • Defender/DisableCatchupFullScan
      • diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 91c6cd7f66..4dcc76c9fc 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -364,10 +364,10 @@ The following diagram shows the Policy configuration service provider in tree fo Authentication/AllowSecondaryAuthenticationDevice
      - Authentication/EnableFastFirstSignIn + Authentication/EnableFastFirstSignIn (Preview mode only)
      - Authentication/EnableWebSignIn + Authentication/EnableWebSignIn (Preview mode only)
      Authentication/PreferredAadTenantDomainName diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 7708a220e7..89e6c6a809 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -354,6 +354,9 @@ The following list shows the supported values: +> [!Warning] +> This is policy is in preview mode and therefore not meant or recommended for production purposes. + This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts. Value type is integer. Supported values: @@ -412,9 +415,12 @@ Value type is integer. Supported values: +> [!Warning] +> This is policy is in preview mode and therefore not meant or recommended for production purposes. + "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for non-ADFS federated providers (e.g. SAML). -> [!Note] +> [!Note] > Web Sign-in is only supported on Azure AD Joined PCs. Value type is integer. Supported values: @@ -514,4 +520,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. \ No newline at end of file From 2c927d925b48bdd57f6af159e41773d0e4b08c41 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 May 2019 11:29:02 -0700 Subject: [PATCH 112/117] minor update --- windows/client-management/mdm/policy-csp-authentication.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 89e6c6a809..58790db16d 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -355,7 +355,7 @@ The following list shows the supported values: > [!Warning] -> This is policy is in preview mode and therefore not meant or recommended for production purposes. +> This policy is only in preview mode and therefore not meant or recommended for production purposes. This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts. @@ -416,7 +416,7 @@ Value type is integer. Supported values: > [!Warning] -> This is policy is in preview mode and therefore not meant or recommended for production purposes. +> This policy is only in preview mode and therefore not meant or recommended for production purposes. "Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for non-ADFS federated providers (e.g. SAML). From a576583cdafdca9dddee1a34a8862aa10fc47dbf Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 14 May 2019 11:51:00 -0700 Subject: [PATCH 113/117] fix link errors --- .../update/waas-delivery-optimization-reference.md | 10 +++++----- .../deployment/update/waas-delivery-optimization.md | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization-reference.md b/windows/deployment/update/waas-delivery-optimization-reference.md index 57bdd0311c..7fbacf8aee 100644 --- a/windows/deployment/update/waas-delivery-optimization-reference.md +++ b/windows/deployment/update/waas-delivery-optimization-reference.md @@ -5,9 +5,9 @@ keywords: oms, operations management suite, wdav, updates, downloads, log analyt ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: JaimeO +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- @@ -37,7 +37,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz | --- | --- | --- | | [Download mode](#download-mode) | DODownloadMode | 1511 | | [Group ID](#group-id) | DOGroupID | 1511 | -| [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | +| [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | | [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | | [Max Cache Age](#max-cache-age) | DOMaxCacheAge | 1511 | | [Max Cache Size](#max-cache-size) | DOMaxCacheSize | 1511 | @@ -70,7 +70,7 @@ Delivery Optimization uses locally cached updates. In cases where devices have a - The system drive is the default location for the Delivery Optimization cache. [Modify Cache Drive](#modify-cache-drive) allows administrators to change that location. >[!NOTE] ->It is possible to configure preferred cache devices. For more information, see [Set “preferred” cache devices for Delivery Optimization](#set-preferred-cache-devices). +>It is possible to configure preferred cache devices. For more information, see [Group ID](#group-id). All cached files have to be above a set minimum size. This size is automatically set by the Delivery Optimization cloud services, but when local storage is sufficient and the network isn't strained or congested, administrators might choose to change it to obtain increased performance. You can set the minimum size of files to cache by adjusting [Minimum Peer Caching Content File Size](#minimum-peer-caching-content-file-size). @@ -89,7 +89,7 @@ Additional options available that control the impact Delivery Optimization has o - [Delay foreground download from http (in secs)](#delay-foreground-download-from-http-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use P2P. Administrators can further customize scenarios where Delivery Optimization will be used with the following settings: -- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled. +- [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled. - [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) sets the minimum disk size required for peer caching to be enabled. - [Enable Peer Caching while the device connects via VPN](#enable-peer-caching-while-the-device-connects-via-vpn) allows clients connected through VPN to use peer caching. - [Allow uploads while the device is on battery while under set Battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) controls the minimum battery level required for uploads to occur. You must enable this policy to allow upload while on battery. diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 1c13688e4e..178f964ce4 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -5,9 +5,9 @@ keywords: oms, operations management suite, wdav, updates, downloads, log analyt ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: JaimeO +author: greg-lindsay ms.localizationpriority: medium -ms.author: jaimeo +ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article --- From e4d3a2642cb7501a337cd4c3996569574335b741 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 14 May 2019 11:53:41 -0700 Subject: [PATCH 114/117] fix link errors --- .../windows-autopilot/windows-autopilot-reset-local.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md index c94be655bb..c6b59a7df4 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md @@ -25,8 +25,8 @@ IT admins can perform a local Windows Autopilot Reset to quickly remove personal To enable local Autopilot Reset in Windows 10: -1. [Enable the policy for the feature](#enable-autopilot-reset) -2. [Trigger a reset for each device](#trigger-autopilot-reset) +1. [Enable the policy for the feature](#enable-local-autopilot-reset) +2. [Trigger a reset for each device](#trigger-local-autopilot-reset) ## Enable local Windows Autopilot Reset From 0cb8608ce75b22e80c3102665760d741ed47b9ae Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 14 May 2019 12:03:37 -0700 Subject: [PATCH 115/117] fix link errors --- .../hello-for-business/hello-cert-trust-deploy-mfa.md | 6 +++--- .../hello-for-business/hello-hybrid-cert-new-install.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md index 3c90a6c465..cc631cea1a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md @@ -80,7 +80,7 @@ The following services are required: Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work. These procedures install additional components that may need to be updated. -#### Configure the IIS Server’s Certificate +#### Configure the IIS Server Certificate The TLS protocol protects all the communication to and from the MFA server. To enable this protection, you must configure the default web site to use the previously enrolled server authentication certificate. @@ -171,9 +171,9 @@ To do this, please follow the instructions mentioned in the previous [Install th Update the server using Windows Update until the server has no required or optional updates as the Azure MFA Server software may require one or more of these updates for the installation and software to correctly work. These procedures install additional components that may need to be updated. -#### Configure the IIS Server’s Certificate +#### Set the IIS Server Certificate -To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server’s-certificate) section. +To do this, please follow the instructions mentioned in the previous [Configure the IIS Server’s Certificate](#configure-the-iis-server-certificate) section. #### Create WebServices SDK user account diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 81a325489b..a1981cd9c2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -28,7 +28,7 @@ Windows Hello for Business involves configuring distributed technologies that ma * [Active Directory](#active-directory) * [Public Key Infrastructure](#public-key-infrastructure) * [Azure Active Directory](#azure-active-directory) -* [Multi-factor Authentication Services](#multi-factor-authentication-services) +* [Multifactor Authentication Services](#multifactor-authentication-services) New installations are considerably more involved than existing implementations because you are building the entire infrastructure. Microsoft recommends you review the new installation baseline to validate your existing environment has all the needed configurations to support your hybrid certificate trust Windows Hello for Business deployment. If your environment meets these needs, you can read the [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) section to prepare your Windows Hello for Business deployment by configuring Azure device registration. From 38dbc683bb88791ab520dcbed5aef8f3e322f689 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 14 May 2019 15:10:58 -0700 Subject: [PATCH 116/117] Incorporated dev feedback --- windows/client-management/mdm/policy-csp-experience.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index cbc286da97..4db9f3f778 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/01/2019 +ms.date: 05/14/2019 --- # Policy CSP - Experience @@ -1629,8 +1629,8 @@ ADMX Info: Supported values: -- false (default) - The lock option is not displayed in the User Tile menu. -- true - The lock option is displayed in the User Tile menu. +- false - The lock option is not displayed in the User Tile menu. +- true (default) - The lock option is displayed in the User Tile menu. @@ -1664,4 +1664,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in the next major release of Windows 10. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. \ No newline at end of file From e9f610c05bbd524afccbcc44af408068d290a7fa Mon Sep 17 00:00:00 2001 From: DocsPreview <49669258+DocsPreview@users.noreply.github.com> Date: Tue, 14 May 2019 16:02:25 -0700 Subject: [PATCH 117/117] Release info preview (#183) * Latest changes for 1809 issues * New Announcement Added * Latest Change for announcement * Updated link for japanese era content * Made some change in Announcement. * Latest changes done for few issues * Added new line to one of message * New Issue added to known issues of 1809 product version --- .../resolved-issues-windows-10-1607.yml | 20 ++++++++++++++++ .../resolved-issues-windows-10-1703.yml | 10 ++++++++ .../resolved-issues-windows-10-1709.yml | 20 ++++++++++++++++ .../resolved-issues-windows-10-1803.yml | 20 ++++++++++++++++ ...indows-10-1809-and-windows-server-2019.yml | 4 ++++ ...ndows-7-and-windows-server-2008-r2-sp1.yml | 18 ++++++++++++++ ...windows-8.1-and-windows-server-2012-r2.yml | 16 +++++++++++++ ...esolved-issues-windows-server-2008-sp2.yml | 24 +++++++++++++++++++ .../resolved-issues-windows-server-2012.yml | 22 +++++++++++++++++ ...indows-10-1607-and-windows-server-2016.yml | 8 +++---- .../status-windows-10-1703.yml | 4 ++-- .../status-windows-10-1709.yml | 8 +++---- .../status-windows-10-1803.yml | 8 +++---- ...indows-10-1809-and-windows-server-2019.yml | 8 +++++-- ...ndows-7-and-windows-server-2008-r2-sp1.yml | 20 ++++++++-------- ...windows-8.1-and-windows-server-2012-r2.yml | 16 ++++++------- .../status-windows-server-2008-sp2.yml | 22 ++++++++++++----- .../status-windows-server-2012.yml | 12 +++++----- .../windows-message-center.yml | 15 ++++++++++-- 19 files changed, 227 insertions(+), 48 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 72407b6ba9..046eea9c71 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -60,6 +62,24 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		May 14, 2019
      01:18 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 14393.2848

      March 12, 2019
      KB4489882      		Resolved
      KB4493473      		April 25, 2019
      02:00 PM PT
      End-user-defined characters (EUDC) may cause blue screen at startup
      If you enable per font end-user-defined characters (EUDC), the system will stop working and a blue screen may appear at startup.

      See details >      		OS Build 14393.2879

      March 19, 2019
      KB4489889      		Resolved
      KB4493470      		April 09, 2019
      10:00 AM PT
      Internet Explorer 11 authentication issue with multiple concurrent logons
      Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

      See details >      		OS Build 14393.2724

      January 08, 2019
      KB4480961      		Resolved
      KB4493470      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + +- title: April 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4494440.

      Back to top      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      + " + - title: March 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index a32bfe383c..6d20195ba0 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -57,6 +58,15 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 15063.1784

      April 25, 2019
      KB4493436      		Resolved
      KB4499181      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 15063.1689

      March 12, 2019
      KB4489871      		Resolved
      KB4493436      		April 25, 2019
      02:00 PM PT
      End-user-defined characters (EUDC) may cause blue screen at startup
      If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

      See details >      		OS Build 15063.1716

      March 19, 2019
      KB4489888      		Resolved
      KB4493474      		April 09, 2019
      10:00 AM PT
      MSXML6 may cause applications to stop responding
      MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

      See details >      		OS Build 15063.1563

      January 08, 2019
      KB4480973      		Resolved
      KB4493474      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 15063.1784

      April 25, 2019
      KB4493436      		Resolved
      KB4499181      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + - title: March 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 2893c090ed..2d33536532 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -57,6 +59,24 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		May 14, 2019
      01:18 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 16299.1029

      March 12, 2019
      KB4489886      		Resolved
      KB4493440      		April 25, 2019
      02:00 PM PT
      End-user-defined characters (EUDC) may cause blue screen at startup
      If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

      See details >      		OS Build 16299.1059

      March 19, 2019
      KB4489890      		Resolved
      KB4493441      		April 09, 2019
      10:00 AM PT
      MSXML6 causes applications to stop responding if an exception was thrown
      MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

      See details >      		OS Build 16299.904

      January 08, 2019
      KB4480978      		Resolved
      KB4493441      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + +- title: April 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4499179.

      Back to top      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      + " + - title: March 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index 8eaaa3f3c9..1899a16774 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -62,6 +64,24 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 17134.648

      March 12, 2019
      KB4489868      		Resolved
      KB4493437      		April 25, 2019
      02:00 PM PT
      End-user-defined characters (EUDC) may cause blue screen at startup
      If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup.

      See details >      		OS Build 17134.677

      March 19, 2019
      KB4489894      		Resolved
      KB4493464      		April 09, 2019
      10:00 AM PT
      First character of the Japanese era name not recognized
      The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

      See details >      		OS Build 17134.556

      January 15, 2019
      KB4480976      		Resolved
      KB4487029      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + +- title: April 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4499167.

      Back to top      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      + " + - title: March 2019 - items: - type: markdown diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index b0d3c9f294..7e3ded548f 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -32,6 +32,8 @@ sections: - type: markdown text: " + + @@ -73,6 +75,8 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusDate resolved
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		May 14, 2019
      01:18 PM PT
      Latest cumulative update (KB 4495667) installs automatically
      Reports that the optional cumulative update (KB 4495667) installs automatically.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      		May 08, 2019
      03:37 PM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

      See details >      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Resolved
      		May 08, 2019
      03:30 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 17763.379

      March 12, 2019
      KB4489899      		Resolved
      KB4495667      		May 03, 2019
      12:40 PM PT
      + +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4495667
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4494441.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Latest cumulative update (KB 4495667) installs automatically
      Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
      • Server: Windows Server, version 1809; Windows Server 2019
      Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      		Resolved:
      May 08, 2019
      03:37 PM PT

      Opened:
      May 05, 2019
      12:01 PM PT
      " diff --git a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml index d034127b65..cb278e2cc4 100644 --- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml @@ -32,6 +32,11 @@ sections: - type: markdown text: " + + + + + @@ -55,11 +60,23 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		May 14, 2019
      01:23 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		May 14, 2019
      01:22 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		May 14, 2019
      01:21 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493453      		Resolved
      KB4499164      		May 14, 2019
      01:18 PM PT
      Authentication may fail for services after the Kerberos ticket expires
      Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

      See details >      		March 12, 2019
      KB4489878      		Resolved
      KB4499164      		May 14, 2019
      01:17 PM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		April 25, 2019
      02:00 PM PT
      Internet Explorer 11 authentication issue with multiple concurrent logons
      Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

      See details >      		January 08, 2019
      KB4480970      		Resolved
      KB4493472      		April 09, 2019
      10:00 AM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		March 12, 2019
      KB4489878      		Resolved
      KB4493472      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493453      		Resolved
      KB4499164      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + - title: April 2019 - items: - type: markdown text: " + + +
      DetailsOriginating updateStatusHistory
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

      Affected platforms:
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      May 14, 2019
      01:23 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      May 14, 2019
      01:22 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493472 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
      Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      " @@ -69,6 +86,7 @@ sections: - type: markdown text: " +
      DetailsOriginating updateStatusHistory
      Authentication may fail for services after the Kerberos ticket expires
      After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue was resolved in KB4499164.

      Back to top      		March 12, 2019
      KB4489878      		Resolved
      KB4499164      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      Custom URI schemes may not start corresponding application
      After installing KB4489878, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

      Affected platforms: 
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1 
      Resolution: This issue is resolved in KB4493472.

      Back to top      		March 12, 2019
      KB4489878      		Resolved
      KB4493472      		Resolved:
      April 09, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      NETDOM.EXE fails to run
      After installing KB4489878, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue is resolved in KB4493472.

      Back to top      		March 12, 2019
      KB4489878      		Resolved
      KB4493472      		Resolved:
      April 09, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 1ef62bfe75..2a62a3f335 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -32,6 +32,10 @@ sections: - type: markdown text: " + + + + @@ -55,11 +59,23 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		May 14, 2019
      01:22 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		May 14, 2019
      01:22 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		May 14, 2019
      01:21 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493443      		Resolved
      KB4499151      		May 14, 2019
      01:18 PM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		April 25, 2019
      02:00 PM PT
      Internet Explorer 11 authentication issue with multiple concurrent logons
      Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

      See details >      		January 08, 2019
      KB4480963      		Resolved
      KB4493446      		April 09, 2019
      10:00 AM PT
      MSXML6 may cause applications to stop responding.
      MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

      See details >      		January 08, 2019
      KB4480963      		Resolved
      KB4493446      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493443      		Resolved
      KB4499151      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + - title: April 2019 - items: - type: markdown text: " + + +
      DetailsOriginating updateStatusHistory
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

      Affected platforms:
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      May 14, 2019
      01:22 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      May 14, 2019
      01:22 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493446 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
      Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      " diff --git a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml index fe19c4b36e..36c4a276c4 100644 --- a/windows/release-information/resolved-issues-windows-server-2008-sp2.yml +++ b/windows/release-information/resolved-issues-windows-server-2008-sp2.yml @@ -32,6 +32,10 @@ sections: - type: markdown text: " + + + + @@ -50,11 +54,31 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Resolved
      		May 14, 2019
      01:21 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Resolved
      		May 14, 2019
      01:19 PM PT
      Authentication may fail for services after the Kerberos ticket expires
      Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

      See details >      		March 12, 2019
      KB4489880      		Resolved
      KB4499149      		May 14, 2019
      01:18 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493460      		Resolved
      KB4499149      		May 14, 2019
      01:18 PM PT
      Embedded objects may display incorrectly
      Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

      See details >      		February 12, 2019
      KB4487023      		Resolved
      KB4493471      		April 09, 2019
      10:00 AM PT
      NETDOM.EXE fails to run
      NETDOM.EXE fails to run and the error, “The command failed to complete successfully.” appears on screen.

      See details >      		March 12, 2019
      KB4489880      		Resolved
      KB4493471      		April 09, 2019
      10:00 AM PT
      First character of the Japanese era name not recognized as an abbreviation
      The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

      See details >      		January 17, 2019
      KB4480974      		Resolved
      KB4489880      		March 12, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493460      		Resolved
      KB4499149      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + +- title: April 2019 +- items: + - type: markdown + text: " + + + +
      DetailsOriginating updateStatusHistory
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493471      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493471      		Resolved
      		Resolved:
      May 14, 2019
      01:19 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      + " + - title: March 2019 - items: - type: markdown text: " +
      DetailsOriginating updateStatusHistory
      Authentication may fail for services after the Kerberos ticket expires
      After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue was resolved in KB4499149.

      Back to top      		March 12, 2019
      KB4489880      		Resolved
      KB4499149      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      NETDOM.EXE fails to run
      After installing KB4489880, NETDOM.EXE fails to run, and the on-screen error, “The command failed to complete successfully.” appears.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue is resolved in KB4493471.

      Back to top      		March 12, 2019
      KB4489880      		Resolved
      KB4493471      		Resolved:
      April 09, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index b2a7ce07c1..a18dd90804 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -32,6 +32,9 @@ sections: - type: markdown text: " + + + @@ -53,6 +56,25 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " +
      SummaryOriginating updateStatusDate resolved
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493451      		Resolved
      		May 14, 2019
      01:21 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493451      		Resolved
      		May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493462      		Resolved
      KB4499171      		May 14, 2019
      01:18 PM PT
      Internet Explorer 11 authentication issue with multiple concurrent logons
      Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.

      See details >      		January 08, 2019
      KB4480975      		Resolved
      KB4493451      		April 09, 2019
      10:00 AM PT
      MSXML6 may cause applications to stop responding
      MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

      See details >      		January 08, 2019
      KB4480975      		Resolved
      KB4493451      		April 09, 2019
      10:00 AM PT
      Embedded objects may display incorrectly
      Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.

      See details >      		February 12, 2019
      KB4487025      		Resolved
      KB4493451      		April 09, 2019
      10:00 AM PT
      + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493462      		Resolved
      KB4499171      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + +- title: April 2019 +- items: + - type: markdown + text: " + + + +
      DetailsOriginating updateStatusHistory
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493451      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493451      		Resolved
      		Resolved:
      May 14, 2019
      01:19 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      + " + - title: February 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index d444c69dac..a892f9ad48 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -60,13 +60,13 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - + +
      SummaryOriginating updateStatusLast updated
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Investigating
      		April 25, 2019
      02:00 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 14393.2931

      April 25, 2019
      KB4492241      		Mitigated
      		May 10, 2019
      10:35 AM PT
      Cluster service may fail if the minimum password length is set to greater than 14
      The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

      See details >      		OS Build 14393.2639

      November 27, 2018
      KB4467684      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Issue using PXE to start a device from WDS
      There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

      See details >      		OS Build 14393.2848

      March 12, 2019
      KB4489882      		Mitigated
      		April 25, 2019
      02:00 PM PT
      SCVMM cannot enumerate and manage logical switches deployed on the host
      For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

      See details >      		OS Build 14393.2639

      November 27, 2018
      KB4467684      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 14393.2724

      January 08, 2019
      KB4480961      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
      Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

      See details >      		OS Build 14393.2608

      November 13, 2018
      KB4467691      		Mitigated
      		February 19, 2019
      10:00 AM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		May 14, 2019
      01:18 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 14393.2848

      March 12, 2019
      KB4489882      		Resolved
      KB4493473      		April 25, 2019
      02:00 PM PT
      " @@ -83,7 +83,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		OS Build 14393.2931

      April 25, 2019
      KB4492241      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " @@ -92,7 +92,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

      Back to top      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Investigating
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493473
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4494440.

      Back to top      		OS Build 14393.2941

      April 25, 2019
      KB4493473      		Resolved
      KB4494440      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      " diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml index c0cfa4ac36..6d7e9ed3ed 100644 --- a/windows/release-information/status-windows-10-1703.yml +++ b/windows/release-information/status-windows-10-1703.yml @@ -60,8 +60,8 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - +
      SummaryOriginating updateStatusLast updated
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 15063.1771

      April 25, 2019
      KB4492242      		Mitigated
      		May 10, 2019
      10:35 AM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 15063.1563

      January 08, 2019
      KB4480973      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 15063.1784

      April 25, 2019
      KB4493436      		Resolved
      KB4499181      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 15063.1689

      March 12, 2019
      KB4489871      		Resolved
      KB4493436      		April 25, 2019
      02:00 PM PT
      " @@ -78,7 +78,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		OS Build 15063.1771

      April 25, 2019
      KB4492242      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 15063.1784

      April 25, 2019
      KB4493436      		Resolved
      KB4499181      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 2618d42ebf..432a4cc2de 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -60,9 +60,9 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - + +
      SummaryOriginating updateStatusLast updated
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Investigating
      		April 25, 2019
      02:00 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 16299.1111

      April 25, 2019
      KB4492243      		Mitigated
      		May 10, 2019
      10:35 AM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 16299.904

      January 08, 2019
      KB4480978      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		May 14, 2019
      01:18 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 16299.1029

      March 12, 2019
      KB4489886      		Resolved
      KB4493440      		April 25, 2019
      02:00 PM PT
      " @@ -79,7 +79,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		OS Build 16299.1111

      April 25, 2019
      KB4492243      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " @@ -88,7 +88,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

      Back to top      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Investigating
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493440
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4499179.

      Back to top      		OS Build 16299.1127

      April 25, 2019
      KB4493440      		Resolved
      KB4499179      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      " diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 9fea9cbeb3..b410878b1a 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -60,10 +60,10 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - + +
      SummaryOriginating updateStatusLast updated
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Investigating
      		April 25, 2019
      02:00 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 17134.730

      April 25, 2019
      KB4492245      		Mitigated
      		May 10, 2019
      10:35 AM PT
      Issue using PXE to start a device from WDS
      Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

      See details >      		OS Build 17134.648

      March 12, 2019
      KB4489868      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 17134.523

      January 08, 2019
      KB4480966      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		May 14, 2019
      01:18 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 17134.648

      March 12, 2019
      KB4489868      		Resolved
      KB4493437      		April 25, 2019
      02:00 PM PT
      " @@ -80,7 +80,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		OS Build 17134.730

      April 25, 2019
      KB4492245      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " @@ -89,7 +89,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release. 

      Back to top      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Investigating
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4493437
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4499167.

      Back to top      		OS Build 17134.753

      April 25, 2019
      KB4493437      		Resolved
      KB4499167      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      April 25, 2019
      02:00 PM PT
      " diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index afb53b80c9..957fd88deb 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -65,12 +65,14 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - + + + @@ -89,9 +91,11 @@ sections: - type: markdown text: "
      SummaryOriginating updateStatusLast updated
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Mitigated
      		May 10, 2019
      10:35 AM PT
      Windows 10, version 1809 Update Tuesday update may install twice
      Some customers are reporting that KB4494441 installs twice

      See details >      		OS Build 17763.502

      May 14, 2019
      KB4494441      		Acknowledged
      		May 14, 2019
      02:56 PM PT
      Devices with some Asian language packs installed may receive an error
      After installing the KB4493509 devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_F

      See details >      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Mitigated
      		May 03, 2019
      10:59 AM PT
      Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
      Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.

      See details >      		OS Build 17763.379

      March 12, 2019
      KB4489899      		Mitigated
      		May 02, 2019
      04:47 PM PT
      Issue using PXE to start a device from WDS
      Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.

      See details >      		OS Build 17763.379

      March 12, 2019
      KB4489899      		Mitigated
      		April 09, 2019
      10:00 AM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

      See details >      		OS Build 17763.253

      January 08, 2019
      KB4480116      		Mitigated
      		April 09, 2019
      10:00 AM PT
      Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
      Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.

      See details >      		OS Build 17763.134

      November 13, 2018
      KB4467708      		Mitigated
      		March 15, 2019
      12:00 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		May 14, 2019
      01:18 PM PT
      Latest cumulative update (KB 4495667) installs automatically
      Reports that the optional cumulative update (KB 4495667) installs automatically.

      See details >      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      		May 08, 2019
      03:37 PM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      After further investigation ArcaBit has confirmed this issue is not applicable to Windows 10, version 1809

      See details >      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Resolved
      		May 08, 2019
      03:30 PM PT
      Custom URI schemes may not start corresponding application
      Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.

      See details >      		OS Build 17763.379

      March 12, 2019
      KB4489899      		Resolved
      KB4495667      		May 03, 2019
      12:40 PM PT
      - + + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Windows 10, version 1809 Update Tuesday update may install twice
      We are presently investigating and will provide an update when available.

      Affected platforms:
      • Client: Windows 10, version 1809
      • Server: TBD


      Back to top      		OS Build 17763.502

      May 14, 2019
      KB4494441      		Acknowledged
      		Last updated:
      May 14, 2019
      02:56 PM PT

      Opened:
      May 14, 2019
      02:56 PM PT
      Devices with some Asian language packs installed may receive an error
      After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
      • Server: Windows Server, version 1809; Windows Server 2019
      Workaround:
      1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
      2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
      Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
      1. Go to Settings app -> Recovery.
      2. Click on Get Started under \"Reset this PC\" recovery option.
      3. Select \"Keep my Files\".
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.437

      April 09, 2019
      KB4493509      		Mitigated
      		Last updated:
      May 03, 2019
      10:59 AM PT

      Opened:
      May 02, 2019
      04:36 PM PT
      Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
      When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"
       
      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
      • Server: Windows Server, version 1809; Windows Server 2019
      Workaround: You can use another browser, such as Internet Explorer to print your documents.
       
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

      Back to top      		OS Build 17763.379

      March 12, 2019
      KB4489899      		Mitigated
      		Last updated:
      May 02, 2019
      04:47 PM PT

      Opened:
      May 02, 2019
      04:47 PM PT
      Zone transfers over TCP may fail
      Zone transfers between primary and secondary DNS servers over the Transmission Control Protocol (TCP) may fail after installing KB4495667
       
      Affected platforms:  
      • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016 
      • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016 
      Resolution: This issue was resolved in KB4494441.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      KB4494441      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Latest cumulative update (KB 4495667) installs automatically
      Due to a servicing side issue some users were offered KB4495667 (optional update) automatically and rebooted devices. This issue has been mitigated.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
      • Server: Windows Server, version 1809; Windows Server 2019
      Resolution:: This issue has been mitigated on the servicing side to prevent auto installing of this update. Customers do not need to take any action.

      Back to top      		OS Build 17763.475

      May 03, 2019
      KB4495667      		Resolved
      		Resolved:
      May 08, 2019
      03:37 PM PT

      Opened:
      May 05, 2019
      12:01 PM PT
      " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 0ce3cb79c0..6f79cac2fd 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,12 +60,12 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - - - - + + + + +
      SummaryOriginating updateStatusLast updated
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493453      		Mitigated
      		May 10, 2019
      10:35 AM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Mitigated
      		May 08, 2019
      03:29 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Mitigated
      		May 03, 2019
      08:50 AM PT
      Authentication may fail for services after the Kerberos ticket expires
      Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

      See details >      		March 12, 2019
      KB4489878      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System may be unresponsive after restart with certain McAfee antivirus products
      Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

      See details >      		April 09, 2019
      KB4493472      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		May 14, 2019
      01:23 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		May 14, 2019
      01:22 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		May 14, 2019
      01:21 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493453      		Resolved
      KB4499164      		May 14, 2019
      01:18 PM PT
      Authentication may fail for services after the Kerberos ticket expires
      Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

      See details >      		March 12, 2019
      KB4489878      		Resolved
      KB4499164      		May 14, 2019
      01:17 PM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

      See details >      		April 09, 2019
      KB4493472      		Resolved
      		April 25, 2019
      02:00 PM PT
      " @@ -82,7 +82,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		April 25, 2019
      KB4493453      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493453      		Resolved
      KB4499164      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " @@ -91,10 +91,10 @@ sections: - type: markdown text: " - - - + + +
      DetailsOriginating updateStatusHistory
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

      Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

      Affected platforms:
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

      Back to top      		April 09, 2019
      KB4493472      		Mitigated
      		Last updated:
      May 08, 2019
      03:29 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

      Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493472      		Mitigated
      		Last updated:
      May 03, 2019
      08:50 AM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

      Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493472      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart with certain McAfee antivirus products
      Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

      Affected platforms:
      • Client:  Windows 8.1; Windows 7 SP1
      • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Workaround: Guidance for McAfee customers can be found in the following McAfee support articles: 
      Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information.

      Back to top      		April 09, 2019
      KB4493472      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

      Affected platforms:
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      May 14, 2019
      01:23 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493472.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      May 14, 2019
      01:22 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493472.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493472 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
      Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

      Back to top      		April 09, 2019
      KB4493472      		Resolved
      		Resolved:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      " @@ -104,6 +104,6 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Authentication may fail for services after the Kerberos ticket expires
      After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Workaround: To mitigate this issue, use one of the following options:
      • Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.
      • Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.
      • Option 3: Use constrained delegation.
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

      Back to top      		March 12, 2019
      KB4489878      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      Authentication may fail for services after the Kerberos ticket expires
      After installing KB4489878, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue was resolved in KB4499164.

      Back to top      		March 12, 2019
      KB4489878      		Resolved
      KB4499164      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index a16b0e0d20..95db74d05b 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -60,13 +60,13 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - - - + + + +
      SummaryOriginating updateStatusLast updated
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493443      		Mitigated
      		May 10, 2019
      10:35 AM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Mitigated
      		May 08, 2019
      03:29 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Mitigated
      		May 03, 2019
      08:50 AM PT
      Issue using PXE to start a device from WDS
      There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

      See details >      		March 12, 2019
      KB4489881      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

      See details >      		January 08, 2019
      KB4480963      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System may be unresponsive after restart with certain McAfee antivirus products
      Devices with McAfee Endpoint Security Threat Prevention 10.x, Host Intrusion Prevention 8.0, or VirusScan Enterprise 8.8 may be slow or unresponsive at startup.

      See details >      		April 09, 2019
      KB4493446      		Mitigated
      		April 18, 2019
      05:00 PM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Devices with ArcaBit antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		May 14, 2019
      01:22 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		May 14, 2019
      01:22 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		May 14, 2019
      01:21 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493443      		Resolved
      KB4499151      		May 14, 2019
      01:18 PM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software may become unresponsive after restart.

      See details >      		April 09, 2019
      KB4493446      		Resolved
      		April 25, 2019
      02:00 PM PT
      " @@ -83,7 +83,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		April 25, 2019
      KB4493443      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493443      		Resolved
      KB4499151      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " @@ -92,10 +92,10 @@ sections: - type: markdown text: " - - - + + +
      DetailsOriginating updateStatusHistory
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

      Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.

      Affected platforms:
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Workaround: ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

      Back to top      		April 09, 2019
      KB4493446      		Mitigated
      		Last updated:
      May 08, 2019
      03:29 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

      Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493446      		Mitigated
      		Last updated:
      May 03, 2019
      08:50 AM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

      Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493446      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart with certain McAfee antivirus products
      Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. 

      Affected platforms:
      • Client:  Windows 8.1; Windows 7 SP1
      • Server:  Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Workaround: Guidance for McAfee customers can be found in the following McAfee support articles:  
      Next steps: We are presently investigating this issue with McAfee. We will provide an update once we have more information. 

      Back to top      		April 09, 2019
      KB4493446      		Mitigated
      		Last updated:
      April 18, 2019
      05:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if ArcaBit antivirus software installed
      Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

      Affected platforms:
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. ArcaBit has released an update to address this issue. For more information, see the Arcabit support article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      May 14, 2019
      01:22 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493446.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      May 14, 2019
      01:22 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493446.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      Devices may not respond at login or Welcome screen if running certain Avast software
      Microsoft and Avast have identified an issue on devices running Avast for Business, Avast CloudCare, and AVG Business Edition antivirus software after you install KB4493446 and restart. Devices may become unresponsive at the login or Welcome screen. Additionally, you may be unable to log in or log in after an extended period of time.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2008 R2 SP1 
      Resolution: Avast has released emergency updates to address this issue. For more information and AV update schedule, see the Avast support KB article.

      Back to top      		April 09, 2019
      KB4493446      		Resolved
      		Resolved:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      " diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml index 689abfde38..b87565393b 100644 --- a/windows/release-information/status-windows-server-2008-sp2.yml +++ b/windows/release-information/status-windows-server-2008-sp2.yml @@ -60,9 +60,10 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - - + + + +
      SummaryOriginating updateStatusLast updated
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Mitigated
      		May 03, 2019
      08:51 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Authentication may fail for services after the Kerberos ticket expires
      Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

      See details >      		March 12, 2019
      KB4489880      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Resolved
      		May 14, 2019
      01:21 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493471      		Resolved
      		May 14, 2019
      01:19 PM PT
      Authentication may fail for services after the Kerberos ticket expires
      Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.

      See details >      		March 12, 2019
      KB4489880      		Resolved
      KB4499149      		May 14, 2019
      01:18 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493460      		Resolved
      KB4499149      		May 14, 2019
      01:18 PM PT
      " @@ -73,13 +74,22 @@ sections:
      " +- title: May 2019 +- items: + - type: markdown + text: " + + +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493460      		Resolved
      KB4499149      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      + " + - title: April 2019 - items: - type: markdown text: " - - + +
      DetailsOriginating updateStatusHistory
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

      Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article

      Back to top      		April 09, 2019
      KB4493471      		Mitigated
      		Last updated:
      May 03, 2019
      08:51 AM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

      Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493471      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493471.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493471      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493471.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493471      		Resolved
      		Resolved:
      May 14, 2019
      01:19 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      " @@ -88,6 +98,6 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Authentication may fail for services after the Kerberos ticket expires
      After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Workaround: To mitigate this issue, use one of the following options:
      • Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.
      • Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.
      • Option 3: Use constrained delegation.
      Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

      Back to top      		March 12, 2019
      KB4489880      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      Authentication may fail for services after the Kerberos ticket expires
      After installing KB4489880, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

      Affected platforms: 
      • Client: Windows 7 SP1
      • Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue was resolved in KB4499149.

      Back to top      		March 12, 2019
      KB4489880      		Resolved
      KB4499149      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      March 12, 2019
      10:00 AM PT
      " diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index be5f206c02..3ad111d345 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -60,11 +60,11 @@ sections: - type: markdown text: "
      This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

      - - - + + +
      SummaryOriginating updateStatusLast updated
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493462      		Mitigated
      		May 10, 2019
      10:35 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493451      		Mitigated
      		May 03, 2019
      08:51 AM PT
      Issue using PXE to start a device from WDS
      There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.

      See details >      		March 12, 2019
      KB4489891      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493451      		Mitigated
      		April 25, 2019
      02:00 PM PT
      Certain operations performed on a Cluster Shared Volume may fail
      Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.

      See details >      		January 08, 2019
      KB4480975      		Mitigated
      		April 25, 2019
      02:00 PM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493451      		Resolved
      		May 14, 2019
      01:21 PM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Devices with Avira antivirus software installed may become unresponsive upon restart.

      See details >      		April 09, 2019
      KB4493451      		Resolved
      		May 14, 2019
      01:19 PM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.

      See details >      		April 25, 2019
      KB4493462      		Resolved
      KB4499171      		May 14, 2019
      01:18 PM PT
      " @@ -80,7 +80,7 @@ sections: - type: markdown text: " - +
      DetailsOriginating updateStatusHistory
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Workaround: Until a resolution is released, we recommend switching to a different Japanese font, such as Yu Gothic or MS Mincho. Alternatively, you can uninstall the optional update.

      Next steps: Microsoft is working on a resolution and estimates a solution will be available in mid-May.

      Back to top      		April 25, 2019
      KB4493462      		Mitigated
      		Last updated:
      May 10, 2019
      10:35 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      Layout and cell size of Excel sheets may change when using MS UI Gothic
      When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.

      Affected platforms:
      • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
      • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
      Resolution: This issue has been resolved.

      Back to top      		April 25, 2019
      KB4493462      		Resolved
      KB4499171      		Resolved:
      May 14, 2019
      10:00 AM PT

      Opened:
      May 10, 2019
      10:35 AM PT
      " @@ -89,8 +89,8 @@ sections: - type: markdown text: " - - + +
      DetailsOriginating updateStatusHistory
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

      Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Next steps: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493451      		Mitigated
      		Last updated:
      May 03, 2019
      08:51 AM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

      Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493451      		Mitigated
      		Last updated:
      April 25, 2019
      02:00 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System unresponsive after restart if Sophos Endpoint Protection installed
      Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing KB4493451.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Sophos has released an update to address this issue. Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the Sophos support article.

      Back to top      		April 09, 2019
      KB4493451      		Resolved
      		Resolved:
      May 14, 2019
      01:21 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      System may be unresponsive after restart if Avira antivirus software installed
      Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing KB4493451.

      Affected platforms: 
      • Client: Windows 8.1; Windows 7 SP1 
      • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
      Resolution: This issue has been resolved. Microsoft has removed the temporary block for all affected Windows updates. Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the Avira support article.

      Back to top      		April 09, 2019
      KB4493451      		Resolved
      		Resolved:
      May 14, 2019
      01:19 PM PT

      Opened:
      April 09, 2019
      10:00 AM PT
      " diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index bcea3b01d7..65b9ab4d01 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,13 +50,24 @@ sections: text: " + + + For more information about the Windows 10 update servicing cadence, please see the Window IT Pro blog. +
      MessageDate
      Reminder: Install the latest SSU for a smoother update experience
      We strongly recommend that you install the latest servicing stack update (SSU) before installing any Windows update; especially as an SSU may be a prerequisite for some updates. If you have difficulty installing Windows updates, verify that you have installed the latest SSU package for your version of Windows and then try installing the update again. Links to the latest SSU are always provided in the “How to get this update” section of each update KB article (e.g., KB4494441). For more information about SSUs, see our Servicing stack updates guidance.
      		May 14, 2019
      10:00 AM PT
      Take action: Update Remote Desktop Services on older versions of Windows
      Today, we released fixes for a critical wormable, remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services—formerly known as Terminal Services. This vulnerability affects Windows 7, Windows Server 2008 R2, and earlier versions of Windows nearing end of support. It does not affect Windows 8, Windows Server 2012, or newer operating systems. While we have not observed attacks exploiting this vulnerability, affected systems should be patched with priority. Here is what you need to know:

      +Call to action: +
        +
      • If you are running a supported version of Windows and have automatic updates enabled, you are automatically protected and do not need to take any action.
        • +
      • If you are managing updates on behalf of your organization, you should download the latest updates from the Microsoft Security Update Guide and apply them to your Windows 7, Windows Server 2008 R2, and Windows Server 2008 devices as soon as possible.
        • +
      +Given the potential impact to customers and their businesses, we have also released security updates for Windows XP and Windows Server 2003, even though these operating systems have reached end of support (except by custom support agreements). While we recommend that you upgrade to the current version of Windows to benefit from the latest security protections, these updates are available from the Microsoft Update Catalog only. For more information, see KB4500705. +
      +      		May 14, 2019
      10:00 AM PT
      Reminder: Windows 10 update servicing cadence
      This month we received questions about the cadence of updates we released in April and May 2019. Here's a quick recap of our releases and servicing cadence:
      • April 9, 2019 was the regular Update Tuesday release for all versions of Windows.
        • -
      • May 1, 2019 was an \"optional,\" out of band non-security update (OOB) for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.
        • +
      • May 1, 2019 was an \"optional,\" out of band non-security update (OOB) for Windows 10, version 1809. It was released to Microsoft Catalog and WSUS, providing a critical fix for our OEM partners.
      • May 3, 2019 was the \"optional\" Windows 10, version 1809 \"C\" release for April. This update contained important Japanese era packages for commercial customers to preview. It was released later than expected and mistakenly targeted as \"required\" (instead of \"optional\") for consumers, which pushed the update out to customers and required a reboot. Within 24 hours of receiving customer reports, we corrected the targeting logic and mitigated the issue.
      - For more information about the Windows 10 update servicing cadence, please see the Window IT Pro blog.
      		May 10, 2019
      10:00 AM PT
      May 10, 2019
      10:00 AM PT
      Take action: Install servicing stack update for Windows Server 2008 SP2 for SHA-2 code sign support
      A standalone update, KB4493730, that introduce SHA-2 code sign support for the servicing stack (SSU) was released today as a security update.      		April 19, 2019
      10:00 AM PT
      The benefits of Windows 10 Dynamic Update
      Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed.

After installing KB4489882, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.