Merge pull request #5520 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
2025-05-12 13:27:23 +00:00 · 2021-08-16 15:45:48 -07:00 · 2021-08-16 15:45:48 -07:00 · 9e29f0f1fe
commit 9e29f0f1fe
parent 44309e43d9 9246431b81
4 changed files with 14 additions and 13 deletions
--- a/windows/security/identity-protection/access-control/active-directory-security-groups.md
+++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md
@ -3716,7 +3716,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
 <tbody>
 <tr class="odd">
 <td><p>Well-Known SID/RID</p></td>
-<td><p>S-1-5-21-&lt;domain&gt;-1000</p></td>
+<td><p>S-1-5-21-&lt;domain&gt;-&lt;variable RID&gt;</p></td>
 </tr>
 <tr class="even">
 <td><p>Type</p></td>
@ -3760,4 +3760,4 @@ This security group was introduced in Windows Server 2012, and it has not chang

 - [Special Identities](special-identities.md)

- [Access Control Overview](access-control.md)
+- [Access Control Overview](access-control.md)
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@ -82,6 +82,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
 |-------------|---------|
 | 0X80072F0C  | Unknown |
 | 0x80070057  | Invalid parameter or argument is passed. |
+| 0x80090010  | NTE_PERM |
 | 0x80090020  | NTE\_FAIL |
 | 0x80090027  | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. |
 | 0x8009002D  | NTE\_INTERNAL\_ERROR |
@ -110,4 +111,4 @@ For errors listed in this table, contact Microsoft Support for assistance.
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
 - [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
+- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@ -14,12 +14,12 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/29/2018
 ---

 # Trusted Platform Module Technology Overview

 **Applies to**
+- Windows 11
 - Windows 10
 - Windows Server 2016
 - Windows Server 2019
@ -28,7 +28,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a

 ## Feature description

-Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:
+[Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:

 - Generate, store, and limit the use of cryptographic keys.

@ -54,13 +54,13 @@ Certificates can be installed or created on computers that are using the TPM. Af

 Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process.

-Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.
+Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and later editions or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.

 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).

 ## New and changed functionality

-For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module).
+For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module)

 ## Device health attestation

@ -75,14 +75,14 @@ Some things that you can check on the device are:
 -   Is SecureBoot supported and enabled?

 > [!NOTE]
->  Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.
+>  Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.

 ## Supported versions for device health attestation

-| TPM version | Windows 10  | Windows Server 2016 | Windows Server 2019 |
-|-------------|-------------|---------------------|---------------------|
-| TPM 1.2     | >= ver 1607 |    >= ver 1607      |       Yes           |
-| TPM 2.0     |    Yes      |        Yes          |       Yes           |
+| TPM version | Windows 11  | Windows 10  | Windows Server 2016 | Windows Server 2019 |
+|-------------|-------------|-------------|---------------------|---------------------|
+| TPM 1.2     |             | >= ver 1607 |    >= ver 1607      |       Yes           |
+| TPM 2.0     |    Yes      |     Yes     |       Yes           |       Yes           |


 ## Related topics
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@ -45,7 +45,7 @@ The Security Compliance Toolkit consists of:
    - Microsoft 365 Apps for enterprise, Version 2104

 - Microsoft Edge security baseline
-    - Version 88
+    - Version 92
    
 - Windows Update security baseline
    - Windows 10 20H2 and below (October 2020 Update)