From 7f10f5382eca117862e4bc9a05b675c200196d34 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 2 Aug 2016 10:49:17 -0700 Subject: [PATCH 1/4] fixed rendering issues and TOC entries --- windows/keep-secure/TOC.md | 14 ++++++++++---- windows/keep-secure/credential-guard.md | 5 +++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 5cd8b3ab93..58e3985526 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -1,8 +1,5 @@ # [Keep Windows 10 secure](index.md) ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) -## [Device Guard certification and compliance](device-guard-certification-and-compliance.md) -### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md) -### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md) ## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md) ### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) ### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md) @@ -14,6 +11,16 @@ ### [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md) ## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) +## [Device Guard deployment guide](device-guard-deployment-guide.md) +### [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md) +### [Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) +### [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md) +### [Deploy Device Guard: deploy code integrity policies](deploy-device-guard-deploy-code-integrity-policies.md) +#### [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md) +#### [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md) +#### [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md) +#### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md) +### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md) ## [Protect derived domain credentials with Credential Guard](credential-guard.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) ## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) @@ -832,7 +839,6 @@ ###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md) ## [Enterprise security guides](windows-10-enterprise-security-guides.md) ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) -### [Device Guard deployment guide](device-guard-deployment-guide.md) ### [Microsoft Passport guide](microsoft-passport-guide.md) ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) ### [Windows 10 security overview](windows-10-security-guide.md) diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index b0c15689da..988deb9e06 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -158,6 +158,7 @@ First, you must add the virtualization-based security features. You can do this ``` syntax dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all ``` + > [!NOTE] > You can also add these features to an online image by using either DISM or Configuration Manager. @@ -183,6 +184,7 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. 4. Close Registry Editor. + > [!NOTE] > You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. @@ -348,6 +350,7 @@ On devices that are running Credential Guard, enroll the devices using the machi ``` syntax CertReq -EnrollCredGuardCert MachineAuthentication ``` + > [!NOTE] > You must restart the device after enrolling the machine authentication certificate.   @@ -364,6 +367,7 @@ By using an authentication policy, you can ensure that users only sign into devi ``` syntax .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:”” –groupOU:”” –groupName:”” ``` + ### Deploy the authentication policy Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. @@ -388,6 +392,7 @@ Now you can set up an authentication policy to use Credential Guard. 14. Click **OK** to create the authentication policy. 15. Close Active Directory Administrative Center. + > [!NOTE] > When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.   From 1fd5fe6d9c16424262605fbdbd41106b801f8fff Mon Sep 17 00:00:00 2001 From: Maggie Evans Date: Tue, 2 Aug 2016 10:56:38 -0700 Subject: [PATCH 2/4] Updated manage change history for uev and appv, added Windows 10 in titles of appv and uev overview topics --- windows/manage/appv-for-windows.md | 2 +- .../manage/change-history-for-manage-and-update-windows-10.md | 2 ++ windows/manage/uev-for-windows.md | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/manage/appv-for-windows.md b/windows/manage/appv-for-windows.md index 446d111723..d127094cb6 100644 --- a/windows/manage/appv-for-windows.md +++ b/windows/manage/appv-for-windows.md @@ -9,7 +9,7 @@ ms.prod: w10 --- -# Application Virtualization (App-V) overview +# Application Virtualization (App-V) for Windows 10 overview The topics in this section provides information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index f1ea30ec04..60d0c5fc89 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -21,6 +21,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) - [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) - [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) +- [Application Virtualization (App-V) for Windows 10](appv-for-windows.md) +- [User Experience Virtualization (UE-V) for Windows 10](uev-for-windows.md) ## July 2016 diff --git a/windows/manage/uev-for-windows.md b/windows/manage/uev-for-windows.md index ff241fa090..5963b1ee49 100644 --- a/windows/manage/uev-for-windows.md +++ b/windows/manage/uev-for-windows.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.prod: w10 --- -# User Experience Virtualization overview +# User Experience Virtualization (UE-V) for Windows 10 overview Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. From fb1e2ee2c998173838d490908b23bee2ab3c9536 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 2 Aug 2016 11:02:23 -0700 Subject: [PATCH 3/4] redirecting to reference content --- windows/whats-new/applocker.md | 2 +- windows/whats-new/bitlocker.md | 2 +- windows/whats-new/security-auditing.md | 2 +- windows/whats-new/trusted-platform-module.md | 2 +- windows/whats-new/user-account-control.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/whats-new/applocker.md b/windows/whats-new/applocker.md index 2e082cd98c..3cfd7a6582 100644 --- a/windows/whats-new/applocker.md +++ b/windows/whats-new/applocker.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library author: brianlic-msft -redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview --- # What's new in AppLocker? diff --git a/windows/whats-new/bitlocker.md b/windows/whats-new/bitlocker.md index 9f0df242bf..6db25cd066 100644 --- a/windows/whats-new/bitlocker.md +++ b/windows/whats-new/bitlocker.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security, mobile author: brianlic-msft -redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview --- # What's new in BitLocker? diff --git a/windows/whats-new/security-auditing.md b/windows/whats-new/security-auditing.md index 8b3428b2bd..8890adb735 100644 --- a/windows/whats-new/security-auditing.md +++ b/windows/whats-new/security-auditing.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library author: brianlic-msft ms.pagetype: security, mobile -redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/security-auditing-overview --- # What's new in security auditing? diff --git a/windows/whats-new/trusted-platform-module.md b/windows/whats-new/trusted-platform-module.md index bbd23d1f72..e4a2614653 100644 --- a/windows/whats-new/trusted-platform-module.md +++ b/windows/whats-new/trusted-platform-module.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security, mobile author: brianlic-msft -redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview --- # What's new in Trusted Platform Module? diff --git a/windows/whats-new/user-account-control.md b/windows/whats-new/user-account-control.md index 4a670324d3..3d41d3ca1d 100644 --- a/windows/whats-new/user-account-control.md +++ b/windows/whats-new/user-account-control.md @@ -7,7 +7,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: brianlic-msft -redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview --- # What's new in User Account Control? From 007f5122a9a8c95672b211f3e2d7ae1017833553 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 2 Aug 2016 12:04:15 -0700 Subject: [PATCH 4/4] pro policy + redirects --- .../group-policies-for-enterprise-and-education-editions.md | 3 ++- windows/whats-new/device-management.md | 2 +- windows/whats-new/microsoft-passport.md | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md index 90eaa4a016..37005acc03 100644 --- a/windows/manage/group-policies-for-enterprise-and-education-editions.md +++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md @@ -26,7 +26,8 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md | | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) | | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md) | -| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). | +| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). | +| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app

User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) | | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) | diff --git a/windows/whats-new/device-management.md b/windows/whats-new/device-management.md index fc3c962c90..79260f0f69 100644 --- a/windows/whats-new/device-management.md +++ b/windows/whats-new/device-management.md @@ -7,7 +7,7 @@ ms.pagetype: devices, mobile ms.mktglfcycl: explore ms.sitesec: library author: jdeckerMS -redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511 +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices --- # Enterprise management for Windows 10 devices diff --git a/windows/whats-new/microsoft-passport.md b/windows/whats-new/microsoft-passport.md index ed98b87019..e8b4935152 100644 --- a/windows/whats-new/microsoft-passport.md +++ b/windows/whats-new/microsoft-passport.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: mobile, security author: jdeckerMS -redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/whats-new-windows-10-version-1607 +redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport --- # Windows Hello overview