From c2f6c213f6d09a57b6eec0dae9492b1376a7dd01 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 4 Mar 2019 20:45:10 +0500
Subject: [PATCH 01/10] Added Example
I have added an example for issue https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2708.
---
...gure-arcsight-windows-defender-advanced-threat-protection.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
index 852dfacc9f..8b068cbf17 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -107,7 +107,7 @@ The following steps assume that you have completed all the required steps in [Be
| Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded. |
| Refresh Token |
- You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool.
For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). **Get your refresh token using the restutil tool:** a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. b. Type: `arcsight restutil token -config` from the bin directory. A Web browser window will open. c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is shown in the command prompt. e. Copy and paste it into the **Refresh Token** field.
+ | You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool.
For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). **Get your refresh token using the restutil tool:** a. Open a command prompt. Navigate to C:\\*folder_location*\current\bin where *folder_location* represents the location where you installed the tool. b. Type: `arcsight restutil token -config` from the bin directory.For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080** A Web browser window will open. c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. d. A refresh token is shown in the command prompt. e. Copy and paste it into the **Refresh Token** field.
|
From 978dc38e13cb7e4c30da1ed82d3d2a6cdba7a9fc Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 5 Mar 2019 11:46:27 +0500
Subject: [PATCH 02/10] Update create-wip-policy-using-intune-azure.md, issue
#2724
source [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
---
.../create-wip-policy-using-intune-azure.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 042a8923f9..fd3ae5f165 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -524,7 +524,7 @@ WIP can integrate with Microsoft Azure Rights Management to enable secure sharin
To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703.
-Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
+Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that leaves the device (for example, as an email attachment, or by being copied to removable drive).
>[!IMPORTANT]
>Curly braces -- {} -- are required around the RMS Template ID.
From 03dad0883c811637c5b5d18556538a74de6ff005 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 5 Mar 2019 11:56:59 +0500
Subject: [PATCH 03/10] issue #2724
source [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
---
.../create-wip-policy-using-intune-azure.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index fd3ae5f165..b709ae0d53 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -524,7 +524,7 @@ WIP can integrate with Microsoft Azure Rights Management to enable secure sharin
To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703.
-Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that leaves the device (for example, as an email attachment, or by being copied to removable drive).
+Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that leaves the device (for example, by being copied to removable drive or sent as an email attachment).
>[!IMPORTANT]
>Curly braces -- {} -- are required around the RMS Template ID.
From 13fa94dc711349ea25cf55da716eadc5998f101a Mon Sep 17 00:00:00 2001
From: Oliver Kieselbach
Date: Tue, 5 Mar 2019 17:28:20 +0100
Subject: [PATCH 04/10] fixed MDM OMA-URI for CommercialID
fixed MDM OMA-URI for CommercialID
from Provider/ProviderID/CommercialID to the correct one Provider/MS DM Server/CommercialID
---
windows/deployment/update/windows-analytics-get-started.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index 849127c525..7f168d2c01 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -167,7 +167,7 @@ These policies are under Microsoft\Windows\DataCollection:
| CommercialDataOptIn (in Windows 7 and Windows 8) | 1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
-You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/ProviderID/CommercialID). For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
+You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/MS DM Server/CommercialID). For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
The corresponding preference registry values are available in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** and can be configured by the deployment script. If a given setting is configured by both preference registry settings and policy, the policy values will override. However, the **IEDataOptIn** setting is different--you can only set this with the preference registry keys:
From 016b03bedc4dc02c6294a822e223a8fdd1dc65f9 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 10 Mar 2019 13:30:04 +0500
Subject: [PATCH 05/10] update create-wip-policy-using-intune-azure.md
---
.../create-wip-policy-using-intune-azure.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index b709ae0d53..6400e2fcba 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -524,7 +524,7 @@ WIP can integrate with Microsoft Azure Rights Management to enable secure sharin
To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703.
-Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that leaves the device (for example, by being copied to removable drive or sent as an email attachment).
+Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. This template will be applied to the protected data that is copied to a removable drive.
>[!IMPORTANT]
>Curly braces -- {} -- are required around the RMS Template ID.
From 34855522a5cc2e7d6f4cebb65a285417d5c30d28 Mon Sep 17 00:00:00 2001
From: andreiztm
Date: Mon, 11 Mar 2019 17:02:58 +0200
Subject: [PATCH 06/10] Correcting typo
---
windows/deployment/update/windows-update-troubleshooting.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md
index d9a9463b44..585edba421 100644
--- a/windows/deployment/update/windows-update-troubleshooting.md
+++ b/windows/deployment/update/windows-update-troubleshooting.md
@@ -102,7 +102,8 @@ netsh winhttp set proxy ProxyServerName:PortNumber
If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_MISMATCH error, or if you notice high CPU usage while updates are downloading, check the proxy configuration to permit HTTP RANGE requests to run.
-You may choose to apply a rule to permit HTTP RANGE requests for the following URLs:
+You may choose to apply a rule to permit HTTP RANGE requests for the following URLs:
+
*.download.windowsupdate.com
*.dl.delivery.mp.microsoft.com
*.emdl.ws.microsoft.com
From fc9d489863a5bce66af5c432b9f60f2732366276 Mon Sep 17 00:00:00 2001
From: Peter Bright
Date: Mon, 11 Mar 2019 16:57:02 -0400
Subject: [PATCH 07/10] Fix the table
Markdown tables seem very fragile. Something was upsetting this one.
---
.../bitlocker/bcd-settings-and-bitlocker.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index 85e8c40982..fb5a32c9ae 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -105,12 +105,12 @@ The following table contains the default BCD validation profile used by BitLocke
This following is a full list of BCD settings with friendly names which are ignored by default. These settings are not part of the default BitLocker validation profile, but can be added if you see a need to validate any of these settings before allowing a BitLocker–protected operating system drive to be unlocked.
> **Note:** Additional BCD settings exist that have hex values but do not have friendly names. These settings are not included in this list.
-
+
| Hex Value | Prefix | Friendly Name |
| - | - | - |
-| 0x12000004 | all| description|
-| 0x12000005| all| locale|
-| 0x12000016| all| targetname|
+| 0x12000004 | all | description |
+| 0x12000005 | all | locale |
+| 0x12000016 | all | targetname |
| 0x12000019| all| busparams|
| 0x1200001d| all| key|
| 0x1200004a| all| fontpath|
@@ -182,7 +182,7 @@ This following is a full list of BCD settings with friendly names which are igno
| 0x25000061 | winload| numproc|
| 0x25000063 | winload| configflags|
| 0x25000066| winload| groupsize|
-| 0x25000071 | winload| msi|
+| 0x25000071 | winload| msi|
| 0x25000072 | winload| pciexpress|
| 0x25000080 | winload| safeboot|
| 0x250000a6 | winload| tscsyncpolicy|
From 3b6bde3e318ae47680d1ec56bd3ebea743528ad1 Mon Sep 17 00:00:00 2001
From: Jim Fox
Date: Mon, 11 Mar 2019 14:02:26 -0700
Subject: [PATCH 08/10] Fix typ in how-wip-works-with-labels.md
"Regardless"
---
.../windows-information-protection/how-wip-works-with-labels.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
index 3b2125c461..bcad37a020 100644
--- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@@ -63,7 +63,7 @@ This section covers how WIP works with sensitivity labels in specific use cases.
### User downloads from or creates a document on a work site
-If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regradless of whether the document has a sensitivity label.
+If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regardless of whether the document has a sensitivity label.
If the document also has a sensitivity label, which can be Office or PDF files, WIP protection is applied according to the label.
From 1cc4a540a503203e542a85190e4bf2ba5b1bb3e7 Mon Sep 17 00:00:00 2001
From: JasonJiachengZhao <48364192+JasonJiachengZhao@users.noreply.github.com>
Date: Mon, 11 Mar 2019 16:28:09 -0700
Subject: [PATCH 09/10] Fixing XML format & example
Fixing XML format and replacing string examples with SID examples.
---
windows/client-management/mdm/policy-csp-restrictedgroups.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index b3f6a039a4..d744ed476c 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -113,8 +113,7 @@ Here is an example:
```
-
-
+
From 97e4432e199e1c0a2e030164729f9792dc211337 Mon Sep 17 00:00:00 2001
From: Jeanie Decker
Date: Tue, 12 Mar 2019 07:14:48 -0700
Subject: [PATCH 10/10] fix provider ID
---
windows/deployment/update/windows-analytics-get-started.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md
index 7f168d2c01..60ddd8b732 100644
--- a/windows/deployment/update/windows-analytics-get-started.md
+++ b/windows/deployment/update/windows-analytics-get-started.md
@@ -167,7 +167,7 @@ These policies are under Microsoft\Windows\DataCollection:
| CommercialDataOptIn (in Windows 7 and Windows 8) | 1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
-You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/MS DM Server/CommercialID). For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
+You can set these values by using Group Policy (in Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds) or by using Mobile Device Management (in Provider/*Provider ID*/CommercialID). (If you are using Microsoft Intune, use `MS DM Server` as the provider ID.) For more information about deployment using MDM, see the [DMClient CSP](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp) topic in MDM documentation.
The corresponding preference registry values are available in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** and can be configured by the deployment script. If a given setting is configured by both preference registry settings and policy, the policy values will override. However, the **IEDataOptIn** setting is different--you can only set this with the preference registry keys: