deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 13:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6934 from paolomatarazzo/pm-security-metadata-update-20220811-2

Browse Source 
Updated metadata for security/identity topics
This commit is contained in:
Angela Fleischmann 2022-08-11 16:38:18 -06:00 committed by GitHub
commit 9d4a044ac0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
61 changed files with 476 additions and 441 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/identity-protection/access-control/access-control.md
View File

@ -2,23 +2,23 @@
title: Access Control Overview (Windows 10)
description: Access Control Overview
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/18/2017
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Access Control Overview
**Applies to**
- Windows 10
- Windows Server 2016
This topic for the IT professional describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing.
## <a href="" id="bkmk-over"></a>Feature description

19
windows/security/identity-protection/access-control/local-accounts.md
View File

@ -2,25 +2,26 @@
title: Local Accounts (Windows 10)
description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 06/17/2022
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Local Accounts
**Applies to**
- Windows 11
- Windows 10
- Windows Server 2019
- Windows Server 2016
This reference article for IT professionals describes the default local user accounts for servers, including how to manage these built-in accounts on a member or standalone server.
## <a href="" id="about-local-user-accounts-"></a>About local user accounts

10
windows/security/identity-protection/configure-s-mime.md
View File

@ -1,15 +1,17 @@
---
title: Configure S/MIME for Windows
description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
ms.reviewer:
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---

8
windows/security/identity-protection/credential-guard/additional-mitigations.md
View File

@ -3,13 +3,13 @@ title: Additional mitigations
description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
ms.reviewer:
---
# Additional mitigations

20
windows/security/identity-protection/credential-guard/credential-guard-considerations.md
View File

@ -3,23 +3,23 @@ title: Advice while using Windows Defender Credential Guard (Windows)
description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/31/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Considerations when using Windows Defender Credential Guard
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, aren't supported.

21
windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
View File

@ -3,24 +3,23 @@ title: How Windows Defender Credential Guard works
description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# How Windows Defender Credential Guard works
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment.

22
windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
View File

@ -3,24 +3,22 @@ title: Windows Defender Credential Guard - Known issues (Windows)
description: Windows Defender Credential Guard - Known issues in Windows Enterprise
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 01/26/2022
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Windows Defender Credential Guard: Known issues
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. So applications that require such capabilities won't function when it's enabled. For more information, see [Application requirements](credential-guard-requirements.md#application-requirements).
The following known issues have been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4):

22
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -3,9 +3,10 @@ title: Manage Windows Defender Credential Guard (Windows)
description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: v-tappelgate
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
@ -13,17 +14,14 @@ ms.topic: article
ms.custom:
- CI 120967
- CSSTroubleshooting
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Manage Windows Defender Credential Guard
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
## Enable Windows Defender Credential Guard
Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the [Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool](#enable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.

20
windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
View File

@ -3,23 +3,23 @@ title: Windows Defender Credential Guard protection limits & mitigations (Window
description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Windows Defender Credential Guard protection limits and mitigations
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
Prefer video? See [Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
in the Deep Dive into Windows Defender Credential Guard video series.

21
windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
View File

@ -3,23 +3,22 @@ title: Windows Defender Credential Guard protection limits (Windows)
description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Windows Defender Credential Guard protection limits
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
- Software that manages credentials outside of Windows feature protection

20
windows/security/identity-protection/credential-guard/credential-guard-requirements.md
View File

@ -3,25 +3,25 @@ title: Windows Defender Credential Guard Requirements (Windows)
description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 12/27/2021
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Windows Defender Credential Guard: Requirements
## Applies to
- Windows 11
- Windows 10
- Windows Server 2019
- Windows Server 2016
For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
## Hardware and software requirements

9
windows/security/identity-protection/credential-guard/credential-guard-scripts.md
View File

@ -3,18 +3,17 @@ title: Scripts for Certificate Issuance Policies in Windows Defender Credential
description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows.
ms.prod: m365-security
ms.localizationpriority: medium
author: dulcemontemayor
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
ms.reviewer:
---
# Windows Defender Credential Guard: Scripts for Certificate Authority Issuance Policies
Here is a list of scripts mentioned in this topic.
## <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority

22
windows/security/identity-protection/credential-guard/credential-guard.md
View File

@ -1,28 +1,28 @@
---
title: Protect derived domain credentials with Windows Defender Credential Guard (Windows)
description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
ms.reviewer:
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 03/10/2022
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Protect derived domain credentials with Windows Defender Credential Guard
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
Introduced in Windows 10 Enterprise and Windows Server 2016, Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
By enabling Windows Defender Credential Guard, the following features and solutions are provided:

21
windows/security/identity-protection/credential-guard/dg-readiness-tool.md
View File

@ -3,23 +3,22 @@ title: Windows Defender Device Guard and Windows Defender Credential Guard hardw
description: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool script
ms.prod: m365-security
ms.localizationpriority: medium
author: SteveSyfuhs
ms.author: stsyfuhs
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: erikdau
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
**Applies to:**
- Windows 10
- Windows 11
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
```powershell
# Script to find out if a machine is Device Guard compliant.
# The script requires a driver verifier present on the system.

13
windows/security/identity-protection/enterprise-certificate-pinning.md
View File

@ -1,23 +1,22 @@
---
title: Enterprise Certificate Pinning
description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name.
author: dulcemontemayor
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.prod: m365-security
ms.technology: windows-sec
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# Enterprise Certificate Pinning
**Applies to**
- Windows 10
Enterprise certificate pinning is a Windows feature for remembering, or pinning a root issuing certificate authority or end entity certificate to a given domain name.
Enterprise certificate pinning helps reduce man-in-the-middle attacks by enabling you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates.

6
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
View File

@ -2,9 +2,9 @@
title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process.
ms.prod: m365-security
author: mapalko
ms.author: prsriva
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium

7
windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
View File

@ -2,12 +2,11 @@
title: How Windows Hello for Business works (Windows)
description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business.
ms.prod: m365-security
author: mapalko
ms.localizationpriority: high
ms.author: mapalko
author: paolomatarazzo
ms.author: paoloma
ms.date: 10/16/2017
ms.reviewer:
manager: dansimp
manager: aaroncz
ms.topic: article
appliesto:
- ✅ <b>Windows 10</b>

11
windows/security/identity-protection/index.md
View File

@ -2,18 +2,21 @@
title: Identity and access management (Windows 10)
description: Learn more about identity and access protection technologies in Windows.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 02/05/2018
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# Identity and access management
Learn more about identity and access management technologies in Windows 10.
Learn more about identity and access management technologies in Windows 10 and Windows 11.
| Section | Description |
|-|-|

7
windows/security/identity-protection/password-support-policy.md
View File

@ -1,16 +1,15 @@
---
title: Technical support policy for lost or forgotten passwords
description: Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so.
ms.reviewer: kaushika
manager: kaushika
ms.custom:
- CI ID 110060
- CSSTroubleshoot
ms.author: v-tappelgate
ms.prod: m365-security
author: Teresa-Motiv
ms.topic: article
ms.localizationpriority: medium
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.date: 11/20/2019
---

13
windows/security/identity-protection/remote-credential-guard.md
View File

@ -2,22 +2,21 @@
title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10)
description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 01/12/2018
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
**Applies to**
- Windows 10
- Windows Server 2016
Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.
Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device.

17
windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
View File

@ -2,20 +2,23 @@
title: Smart Card and Remote Desktop Services (Windows)
description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card and Remote Desktop Services
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
The content in this topic applies to the versions of Windows that are designated in the **Applies To** list at the beginning of this topic. In these versions, smart card redirection logic and **WinSCard** API are combined to support multiple redirected sessions into a single process.

16
windows/security/identity-protection/smart-cards/smart-card-architecture.md
View File

@ -2,20 +2,24 @@
title: Smart Card Architecture (Windows)
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Architecture
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system, including credential provider architecture and the smart card subsystem architecture.
Authentication is a process for verifying the identity of an object or person. When you authenticate an object, such as a smart card, the goal is to verify that the object is genuine. When you authenticate a person, the goal is to verify that you are not dealing with an imposter.

16
windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
View File

@ -2,20 +2,24 @@
title: Certificate Propagation Service (Windows)
description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 08/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Certificate Propagation Service
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
The certificate propagation service activates when a signed-in user inserts a smart card in a reader that is attached to the computer. This action causes the certificate to be read from the smart card. The certificates are then added to the user's Personal store. Certificate propagation service actions are controlled by using Group Policy. For more information, see [Smart Card Group Policy and Registry Settings](smart-card-group-policy-and-registry-settings.md).

16
windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
View File

@ -2,20 +2,24 @@
title: Certificate Requirements and Enumeration (Windows)
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Certificate Requirements and Enumeration
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
When a smart card is inserted, the following steps are performed.

15
windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
View File

@ -2,21 +2,26 @@
title: Smart Card Troubleshooting (Windows)
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Troubleshooting
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This article explains tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
Debugging and tracing smart card issues requires a variety of tools and approaches. The following sections provide guidance about tools and approaches you can use.

60
windows/security/identity-protection/smart-cards/smart-card-events.md
View File

@ -2,51 +2,47 @@
title: Smart Card Events (Windows)
description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Events
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
A number of events can be used to monitor smart card activities on a computer, including installation, use, and errors. The following sections describe the events and information that can be used to manage smart cards in an organization.
- [Smart card reader name](#smart-card-reader-name)
- [Smart card warning events](#smart-card-warning-events)
- [Smart card error events](#smart-card-error-events)
- [Smart card Plug and Play events](#smart-card-plug-and-play-events)
- [Smart card reader name](#smart-card-reader-name)
- [Smart card warning events](#smart-card-warning-events)
- [Smart card error events](#smart-card-error-events)
- [Smart card Plug and Play events](#smart-card-plug-and-play-events)
## Smart card reader name
The Smart Card resource manager does not use the device name from Device Manager to describe a smart card reader. Instead, the name is constructed from three device attributes that are queried directly from the smart card reader driver.
The Smart Card resource manager doesn't use the device name from Device Manager to describe a smart card reader. Instead, the name is constructed from three device attributes that are queried directly from the smart card reader driver.
The following three attributes are used to construct the smart card reader name:
- Vendor name
- Interface device type
- Device unit
- Vendor name
- Interface device type
- Device unit
The smart card reader device name is constructed in the form &lt;*VendorName*&gt; &lt;*Type*&gt; &lt;*DeviceUnit*&gt;. For example 'Contoso Smart Card Reader 0' is constructed from the following information:
- Vendor name: Contoso
- Interface device type: Smart Card Reader
- Device unit: 0
- Vendor name: Contoso
- Interface device type: Smart Card Reader
- Device unit: 0
## Smart card warning events
@ -54,8 +50,8 @@ The smart card reader device name is constructed in the form &lt;*VendorName*&gt
| **Event ID** | **Warning Message** | **Description** |
|--------------|---------|--------------------------------------------------------------------------------------------|
| 620 | Smart Card Resource Manager was unable to cancel IOCTL %3 for reader '%2': %1. The reader may no longer be responding. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs if the resource manager attempts to cancel a command to the smart card reader when the smart card service is shutting down or after a smart card is removed from the smart card reader and the command could not to be canceled. This can leave the smart card reader in an unusable state until it is removed from the computer or the computer is restarted.<br><br>%1 = Windows error code<br>%2 = Smart card reader name<br>%3 = IOCTL being canceled<br>%4 = First 4 bytes of the command that was sent to the smart card |
| 619 | Smart Card Reader '%2' has not responded to IOCTL %3 in %1 seconds. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs when a reader has not responded to an IOCTL after an unusually long period of time. Currently, this error is sent after a reader does not respond for 150 seconds. This can leave the smart card reader in an unusable state until it is removed from the computer or the computer is restarted.<br><br>%1 = Number of seconds the IOCTL has been waiting<br>%2 = Smart card reader name<br>%3 = IOCTL sent<br>%4 = First 4 bytes of the command that was sent to the smart card |
| 620 | Smart Card Resource Manager was unable to cancel IOCTL %3 for reader '%2': %1. The reader may no longer be responding. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs if the resource manager attempts to cancel a command to the smart card reader when the smart card service is shutting down or after a smart card is removed from the smart card reader and the command could not to be canceled. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.<br><br>%1 = Windows error code<br>%2 = Smart card reader name<br>%3 = IOCTL being canceled<br>%4 = First 4 bytes of the command that was sent to the smart card |
| 619 | Smart Card Reader '%2' hasn't responded to IOCTL %3 in %1 seconds. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs when a reader hasn't responded to an IOCTL after an unusually long period of time. Currently, this error is sent after a reader doesn't respond for 150 seconds. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.<br><br>%1 = Number of seconds the IOCTL has been waiting<br>%2 = Smart card reader name<br>%3 = IOCTL sent<br>%4 = First 4 bytes of the command that was sent to the smart card |
## Smart card error events
@ -67,7 +63,7 @@ The smart card reader device name is constructed in the form &lt;*VendorName*&gt
| 205 | Reader object has duplicate name: %1 | There are two smart card readers that have the same name. Remove the smart card reader that is causing this error message.<br>%1 = Name of the smart card reader that is duplicated |
| 206 | Failed to create global reader change event. | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 401 | Reader shutdown exception from eject smart card command | A smart card reader could not eject a smart card while the smart card reader was shutting down. |
| 406 | Reader object cannot Identify Device | A smart card reader did not properly respond to a request for information about the device, which is required for constructing the smart card reader name. The smart card reader will not be recognized by the service until it is removed from the computer and reinserted or until the computer is restarted. |
| 406 | Reader object cannot Identify Device | A smart card reader did not properly respond to a request for information about the device, which is required for constructing the smart card reader name. The smart card reader will not be recognized by the service until it's removed from the computer and reinserted or until the computer is restarted. |
| 502 | Initialization of Service Status Critical Section failed | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 504 | Resource Manager cannot create shutdown event flag:  %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
| 506 | Smart Card Resource Manager failed to register service:  %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
@ -95,10 +91,10 @@ The smart card reader device name is constructed in the form &lt;*VendorName*&gt
| 609 | Reader monitor failed to create overlapped event:  %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |
| 610 | Smart Card Reader '%2' rejected IOCTL %3: %1  If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card <br> These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios. You might also see this error if your eSIM is recognized as a smartcard controller.|
| 611 | Smart Card Reader initialization failed | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve this issue. |
| 612 | Reader insertion monitor error retry threshold reached:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code |
| 615 | Reader removal monitor error retry threshold reached:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code |
| 616 | Reader monitor '%2' received uncaught error code:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code<br>%2 = Reader name |
| 617 | Reader monitor '%1' exception -- exiting thread | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.<br>%1 = Smart card reader name |
| 612 | Reader insertion monitor error retry threshold reached:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code |
| 615 | Reader removal monitor error retry threshold reached:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code |
| 616 | Reader monitor '%2' received uncaught error code:  %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code<br>%2 = Reader name |
| 617 | Reader monitor '%1' exception -- exiting thread | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Smart card reader name |
| 618 | Smart Card Resource Manager encountered an unrecoverable internal error. | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 621 | Server Control failed to access start event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code <br>These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios. |
| 622 | Server Control failed to access stop event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code |

16
windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
View File

@ -2,20 +2,24 @@
title: Smart Card Group Policy and Registry Settings (Windows)
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/02/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Group Policy and Registry Settings
Applies to: Windows 10, Windows 11, Windows Server 2016 and above
This article for IT professionals and smart card developers describes the Group Policy settings, registry key settings, local security policy settings, and credential delegation policy settings that are available for configuring smart cards.
The following sections and tables list the smart card-related Group Policy settings and registry keys that can be set on a per-computer basis. If you use domain Group Policy Objects (GPOs), you can edit and apply Group Policy settings to local or domain computers.

15
windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
View File

@ -2,21 +2,26 @@
title: How Smart Card Sign-in Works in Windows
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# How Smart Card Sign-in Works in Windows
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system. It includes the following resources about the architecture, certificate management, and services that are related to smart card use:
- [Smart Card Architecture](smart-card-architecture.md): Learn about enabling communications with smart cards and smart card readers, which can be different according to the vendor that supplies them.

16
windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
View File

@ -2,20 +2,24 @@
title: Smart Card Removal Policy Service (Windows)
description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Removal Policy Service
Applies To: Windows 10, Windows 11, Windows Server 2016
This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
The smart card removal policy service is applicable when a user has signed in with a smart card and then removes that smart card from the reader. The action that is performed when the smart card is removed is controlled by Group Policy settings. For more information, see [Smart Card Group Policy and Registry Settings](smart-card-group-policy-and-registry-settings.md).

16
windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
View File

@ -2,20 +2,24 @@
title: Smart Cards for Windows Service (Windows)
description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Cards for Windows Service
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions.
The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications website](https://pcscworkgroup.com/).

16
windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
View File

@ -2,20 +2,24 @@
title: Smart Card Tools and Settings (Windows)
description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Tools and Settings
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
This section of the Smart Card Technical Reference contains information about the following:

16
windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
View File

@ -2,20 +2,24 @@
title: Smart Card Technical Reference (Windows)
description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: ardenw
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# Smart Card Technical Reference
Applies To: Windows 10, Windows 11, Windows Server 2016 and above
The Smart Card Technical Reference describes the Windows smart card infrastructure for physical smart cards and how smart card-related components work in Windows. This document also contains information about tools that information technology (IT) developers and administrators can use to troubleshoot, debug, and deploy smart card-based strong authentication in the enterprise.
## Audience

19
windows/security/identity-protection/user-account-control/how-user-account-control-works.md
View File

@ -1,26 +1,27 @@
---
title: How User Account Control works (Windows)
description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
ms.reviewer:
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/23/2021
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# How User Account Control works
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016 and above
User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
## UAC process and interactions

20
windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
View File

@ -2,25 +2,25 @@
title: User Account Control Group Policy and registry key settings (Windows)
description: Here's a list of UAC Group Policy and registry key settings that your organization can use to manage UAC.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# User Account Control Group Policy and registry key settings
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016 and above
## Group Policy settings
There are 10 Group Policy settings that can be configured for User Account Control (UAC). The table lists the default for each of the policy settings, and the following sections explain the different UAC policy settings and provide recommendations. These policy settings are located in **Security Settings\\Local Policies\\Security Options** in the Local Security Policy snap-in. For more information about each of the Group Policy settings, see the Group Policy description. For information about the registry key settings, see [Registry key settings](#registry-key-settings).

19
windows/security/identity-protection/user-account-control/user-account-control-overview.md
View File

@ -1,26 +1,27 @@
---
title: User Account Control (Windows)
description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
ms.reviewer:
ms.prod: m365-security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 09/24/2011
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# User Account Control
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016 and above
User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.

20
windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
View File

@ -1,27 +1,27 @@
---
title: User Account Control security policy settings (Windows)
description: You can use security policies to configure how User Account Control works in your organization.
ms.reviewer:
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: sulahiri
manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows Server 2016</b>
- ✅ <b>Windows Server 2019</b>
- ✅ <b>Windows Server 2022</b>
---
# User Account Control security policy settings
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016 and above
You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
## User Account Control: Admin Approval Mode for the Built-in Administrator account

10
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
View File

@ -2,14 +2,16 @@
title: Deploy Virtual Smart Cards (Windows 10)
description: This topic for the IT professional discusses the factors to consider when you deploy a virtual smart card authentication solution.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Deploy Virtual Smart Cards

12
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
View File

@ -2,20 +2,20 @@
title: Evaluate Virtual Smart Card Security (Windows 10)
description: This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Evaluate Virtual Smart Card Security
Applies To: Windows 10, Windows Server 2016
This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards.
## Virtual smart card non-exportability details

12
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
View File

@ -2,20 +2,20 @@
title: Get Started with Virtual Smart Cards - Walkthrough Guide (Windows 10)
description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Get Started with Virtual Smart Cards: Walkthrough Guide
Applies To: Windows 10, Windows Server 2016
This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
Virtual smart cards are a technology from Microsoft, which offer comparable security benefits in two-factor authentication to physical smart cards. They also offer more convenience for users and lower cost for organizations to deploy. By utilizing Trusted Platform Module (TPM) devices that provide the same cryptographic capabilities as physical smart cards, virtual smart cards accomplish the three key properties that are desired by smart cards: non-exportability, isolated cryptography, and anti-hammering.

12
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
View File

@ -2,20 +2,20 @@
title: Virtual Smart Card Overview (Windows 10)
description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/13/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Virtual Smart Card Overview
Applies To: Windows 10, Windows Server 2016
This topic for IT professional provides an overview of the virtual smart card technology that was developed by Microsoft and includes [links to additional topics](#see-also) to help you evaluate, plan, provision, and administer virtual smart cards.
**Did you mean…**

12
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
View File

@ -2,20 +2,20 @@
title: Tpmvscmgr (Windows 10)
description: This topic for the IT professional describes the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Tpmvscmgr
Applies To: Windows 10, Windows Server 2016
The Tpmvscmgr command-line tool allows users with Administrative credentials to create and delete TPM virtual smart cards on a computer. For examples of how this command can be used, see [Examples](#examples).
## Syntax

12
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
View File

@ -2,20 +2,20 @@
title: Understanding and Evaluating Virtual Smart Cards (Windows 10)
description: Learn how smart card technology can fit into your authentication design. Find links to additional topics about virtual smart cards.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Understanding and Evaluating Virtual Smart Cards
Applies To: Windows 10, Windows Server 2016
This topic for the IT professional describes the virtual smart card technology that was developed by Microsoft; suggests how it can fit into your authentication design; and provides links to additional resources that you can use to design, deploy, and troubleshoot virtual smart cards.
Virtual smart card technology uses cryptographic keys that are stored on computers that have the Trusted Platform Module (TPM) installed. Virtual smart cards offer comparable security benefits to conventional smart cards by using two-factor authentication. The technology also offers more convenience for users and has a lower cost to deploy. By utilizing TPM devices that provide the same cryptographic capabilities as conventional smart cards, virtual smart cards accomplish the three key properties that are desired for smart cards: non-exportability, isolated cryptography, and anti-hammering.

12
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
View File

@ -2,20 +2,20 @@
title: Use Virtual Smart Cards (Windows 10)
description: This topic for the IT professional describes requirements for virtual smart cards and provides information about how to use and manage them.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/13/2017
ms.reviewer:
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows Server 2016</b>
---
# Use Virtual Smart Cards
Applies To: Windows 10, Windows Server 2016
This topic for the IT professional describes requirements for virtual smart cards, how to use virtual smart cards, and tools that are available to help you create and manage them.
## Requirements, restrictions, and limitations

11
windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
View File

@ -2,12 +2,15 @@
title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11)
description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.reviewer:
manager: dansimp
manager: aaroncz
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# How to configure Diffie Hellman protocol over IKEv2 VPN connections

11
windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
View File

@ -2,11 +2,14 @@
title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11)
description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.date: 03/22/2022
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# How to use Single Sign-On (SSO) over VPN and Wi-Fi connections

15
windows/security/identity-protection/vpn/vpn-authentication.md
View File

@ -2,20 +2,19 @@
title: VPN authentication options (Windows 10 and Windows 11)
description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN authentication options
**Applies to**
- Windows 10
- Windows 11
In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
Windows supports a number of EAP authentication methods.

15
windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
View File

@ -2,20 +2,19 @@
title: VPN auto-triggered profile options (Windows 10 and Windows 11)
description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN auto-triggered profile options
**Applies to**
- Windows 10
- Windows 11
In Windows 10 and Windows 11, a number of features have been added to auto-trigger VPN so users wont have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules:
- App trigger

15
windows/security/identity-protection/vpn/vpn-conditional-access.md
View File

@ -2,22 +2,23 @@
title: VPN and conditional access (Windows 10 and Windows 11)
description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
ms.reviewer:
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: pesmith
manager: aaroncz
ms.localizationpriority: medium
ms.date: 09/23/2021
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN and conditional access
>Applies to: Windows 10 and Windows 11
The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
>[!NOTE]
>Conditional Access is an Azure AD Premium feature.
>Conditional Access is an Azure AD Premium feature.
Conditional Access Platform components used for Device Compliance include the following cloud-based services:

15
windows/security/identity-protection/vpn/vpn-connection-type.md
View File

@ -2,20 +2,19 @@
title: VPN connection types (Windows 10 and Windows 11)
description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 08/23/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN connection types
**Applies to**
- Windows 10
- Windows 11
Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organizations private network.
There are many options for VPN clients. In Windows 10 and Windows 11, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured.

17
windows/security/identity-protection/vpn/vpn-guide.md
View File

@ -2,22 +2,19 @@
title: Windows VPN technical guide (Windows 10 and Windows 11)
description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 02/21/2022
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# Windows VPN technical guide
**Applies to**
- Windows 10
- Windows 11
This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).

15
windows/security/identity-protection/vpn/vpn-name-resolution.md
View File

@ -2,20 +2,19 @@
title: VPN name resolution (Windows 10 and Windows 11)
description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN name resolution
**Applies to**
- Windows 10
- Windows 11
When the VPN client connects to the VPN server, the VPN client receives the client IP address. The client may also receive the IP address of the Domain Name System (DNS) server and the IP address of the Windows Internet Name Service (WINS) server.
The name resolution setting in the VPN profile configures how name resolution should work on the system when VPN is connected. The networking stack first looks at the Name Resolution Policy table (NRPT) for any matches and tries a resolution in the case of a match. If no match is found, the DNS suffix on the most preferred interface based on the interface metric is appended to the name (in the case of a short name) and a DNS query is sent out on the preferred interface. If the query times out, the DNS suffix search list is used in order and DNS queries are sent on all interfaces.

12
windows/security/identity-protection/vpn/vpn-office-365-optimization.md
View File

@ -3,14 +3,16 @@ title: Optimizing Office 365 traffic for remote workers with the native Windows
description: tbd
ms.prod: m365-security
ms.topic: article
author: kelleyvice-msft
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.reviewer:
manager: dansimp
ms.author: jajo
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 and Windows 11 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling.

16
windows/security/identity-protection/vpn/vpn-profile-options.md
View File

@ -1,22 +1,20 @@
---
title: VPN profile options (Windows 10 and Windows 11)
description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
ms.reviewer:
manager: dansimp
manager: aaroncz
ms.prod: m365-security
author: dansimp
ms.author: dansimp
author: paolomatarazzo
ms.author: paoloma
ms.reviewer: pesmith
ms.localizationpriority: medium
ms.date: 05/17/2018
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN profile options
**Applies to**
- Windows 10
- Windows 11
Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
>[!NOTE]

16
windows/security/identity-protection/vpn/vpn-routing.md
View File

@ -2,20 +2,18 @@
title: VPN routing decisions (Windows 10 and Windows 10)
description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN routing decisions
**Applies to**
- Windows 10
- Windows 11
Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). This decision impacts the configuration and the capacity planning, as well as security expectations from the connection.
## Split tunnel configuration

16
windows/security/identity-protection/vpn/vpn-security-features.md
View File

@ -2,21 +2,19 @@
title: VPN security features
description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
ms.prod: m365-security
author: dansimp
author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 07/21/2022
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: paoloma
ms.reviewer: pesmith
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# VPN security features
**Applies to**
- Windows 10
- Windows 11
## Hyper-V based containers and VPN
Windows supports different kinds of Hyper-V based containers. This support includes, but isn't limited to, Microsoft Defender Application Guard and Windows Sandbox. When you use 3rd party VPN solutions, these Hyper-V based containers may not be able to seamlessly connect to the internet. Additional configurational changes might be needed to resolve connectivity issues.

13
windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
View File

@ -1,22 +1,21 @@
---
title: Windows Credential Theft Mitigation Guide Abstract
description: Provides a summary of the Windows credential theft mitigation guide.
ms.reviewer:
ms.prod: m365-security
author: dansimp
ms.author: dansimp
manager: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
---
# Windows Credential Theft Mitigation Guide Abstract
**Applies to**
- Windows 10
This topic provides a summary of the Windows credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:

6
windows/security/includes/improve-request-performance.md
View File

@ -3,12 +3,12 @@ title: Improve request performance
description: Improve request performance
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
---
>[!TIP]

6
windows/security/includes/machineactionsnote.md
View File

@ -3,9 +3,9 @@ title: Perform a Machine Action via the Microsoft Defender for Endpoint API
description: This page focuses on performing a machine action via the Microsoft Defender for Endpoint API.
ms.date: 08/28/2017
ms.reviewer:
manager: dansimp
ms.author: macapara
author: mjcaparas
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.prod: m365-security
---

6
windows/security/includes/microsoft-defender-api-usgov.md
View File

@ -3,10 +3,10 @@ title: Microsoft Defender for Endpoint API URIs for US Government
description: Microsoft Defender for Endpoint API URIs for US Government
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
ms.author: macapara
author: mjcaparas
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.localizationpriority: medium
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
---

5
windows/security/includes/microsoft-defender.md
View File

@ -4,8 +4,9 @@ description: A note in regard to important Microsoft 365 Defender guidance.
ms.date:
ms.reviewer:
manager: dansimp
ms.author: dansimp
author: dansimp
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.prod: m365-security
ms.topic: include
---

6
windows/security/includes/prerelease.md
View File

@ -3,9 +3,9 @@ title: Microsoft Defender for Endpoint Pre-release Disclaimer
description: Disclaimer for pre-release version of Microsoft Defender for Endpoint.
ms.date: 08/28/2017
ms.reviewer:
manager: dansimp
ms.author: macapara
author: mjcaparas
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.prod: m365-security
---