Merge remote-tracking branch 'refs/remotes/origin/master' into live

2025-05-16 15:27:22 +00:00 · 2016-08-02 12:18:51 -07:00 · 2016-08-02 12:18:51 -07:00 · 9a2e0757a6
commit 9a2e0757a6
parent ac72787183 63b6e6866b
13 changed files with 28 additions and 14 deletions
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@ -1,8 +1,5 @@
 # [Keep Windows 10 secure](index.md)
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-## [Device Guard certification and compliance](device-guard-certification-and-compliance.md)
-### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md)
-### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md)
 ## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 ### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 ### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
@ -14,6 +11,16 @@
 ### [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)
 ## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
 ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
+## [Device Guard deployment guide](device-guard-deployment-guide.md)
+### [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md)
+### [Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md)
+### [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md)
+### [Deploy Device Guard: deploy code integrity policies](deploy-device-guard-deploy-code-integrity-policies.md)
+#### [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md)
+#### [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md)
+#### [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
+#### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md)
+### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md)
 ## [Protect derived domain credentials with Credential Guard](credential-guard.md)
 ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
 ## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md)
@ -832,7 +839,6 @@
 ###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
 ## [Enterprise security guides](windows-10-enterprise-security-guides.md)
 ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-### [Device Guard deployment guide](device-guard-deployment-guide.md)
 ### [Microsoft Passport guide](microsoft-passport-guide.md)
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 ### [Windows 10 security overview](windows-10-security-guide.md)
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@ -158,6 +158,7 @@ First, you must add the virtualization-based security features. You can do this
    ``` syntax
    dism /image:<WIM file name> /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all
    ```
+
 > [!NOTE]  
 > You can also add these features to an online image by using either DISM or Configuration Manager.

@ -183,6 +184,7 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi
    -   Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it.
 4.  Close Registry Editor.

+
 > [!NOTE]  
 > You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting.

@ -348,6 +350,7 @@ On devices that are running Credential Guard, enroll the devices using the machi
 ``` syntax
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
+
 > [!NOTE]  
 > You must restart the device after enrolling the machine authentication certificate.
  
@ -364,6 +367,7 @@ By using an authentication policy, you can ensure that users only sign into devi
    ``` syntax
    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:”<name of issuance policy>” –groupOU:”<Name of OU to create>” –groupName:”<name of Universal security group to create>”
    ```
+
 ### Deploy the authentication policy

 Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
@ -388,6 +392,7 @@ Now you can set up an authentication policy to use Credential Guard.
 14. Click **OK** to create the authentication policy.
 15. Close Active Directory Administrative Center.

+
 > [!NOTE]  
 > When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.
  
--- a/windows/manage/appv-for-windows.md
+++ b/windows/manage/appv-for-windows.md
@ -9,7 +9,7 @@ ms.prod: w10
 ---


-# Application Virtualization (App-V) overview
+# Application Virtualization (App-V) for Windows 10 overview


 The topics in this section provides information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@ -21,6 +21,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
 - [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
 - [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
+- [Application Virtualization (App-V) for Windows 10](appv-for-windows.md)
+- [User Experience Virtualization (UE-V) for Windows 10](uev-for-windows.md)

 ## July 2016

--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@ -26,7 +26,8 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows
 | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md |
 | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
 | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md)  |
-| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) |
 | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |


--- a/windows/manage/uev-for-windows.md
+++ b/windows/manage/uev-for-windows.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.prod: w10
 ---

-# User Experience Virtualization overview
+# User Experience Virtualization (UE-V) for Windows 10 overview

 Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 

--- a/windows/whats-new/applocker.md
+++ b/windows/whats-new/applocker.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview
 ---

 # What's new in AppLocker?
--- a/windows/whats-new/bitlocker.md
+++ b/windows/whats-new/bitlocker.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview
 ---

 # What's new in BitLocker?
--- a/windows/whats-new/device-management.md
+++ b/windows/whats-new/device-management.md
@ -7,7 +7,7 @@ ms.pagetype: devices, mobile
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
-redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices
 ---

 # Enterprise management for Windows 10 devices
--- a/windows/whats-new/microsoft-passport.md
+++ b/windows/whats-new/microsoft-passport.md
@ -8,7 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile, security
 author: jdeckerMS
-redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/whats-new-windows-10-version-1607
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport
 ---

 # Windows Hello overview
--- a/windows/whats-new/security-auditing.md
+++ b/windows/whats-new/security-auditing.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
 ms.pagetype: security, mobile
-redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/security-auditing-overview
 ---

 # What's new in security auditing?
--- a/windows/whats-new/trusted-platform-module.md
+++ b/windows/whats-new/trusted-platform-module.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview
 ---

 # What's new in Trusted Platform Module?
--- a/windows/whats-new/user-account-control.md
+++ b/windows/whats-new/user-account-control.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview
 ---

 # What's new in User Account Control?