diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index ec30cea998..9b9c40977d 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3716,7 +3716,7 @@ This security group was introduced in Windows ServerĀ 2012, and it has not chang

Well-Known SID/RID

-

S-1-5-21-<domain>-1000

+

S-1-5-21-<domain>-<variable RID>

Type

@@ -3760,4 +3760,4 @@ This security group was introduced in Windows ServerĀ 2012, and it has not chang - [Special Identities](special-identities.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 717d082664..476aed7683 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -82,6 +82,7 @@ For errors listed in this table, contact Microsoft Support for assistance. |-------------|---------| | 0X80072F0C | Unknown | | 0x80070057 | Invalid parameter or argument is passed. | +| 0x80090010 | NTE_PERM | | 0x80090020 | NTE\_FAIL | | 0x80090027 | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. | | 0x8009002D | NTE\_INTERNAL\_ERROR | @@ -110,4 +111,4 @@ For errors listed in this table, contact Microsoft Support for assistance. - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) - [Windows Hello and password changes](hello-and-password-changes.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 3261c5f549..5bbb8174ec 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -14,12 +14,12 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/29/2018 --- # Trusted Platform Module Technology Overview **Applies to** +- Windows 11 - Windows 10 - Windows Server 2016 - Windows Server 2019 @@ -28,7 +28,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a ## Feature description -Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: +[Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: - Generate, store, and limit the use of cryptographic keys. @@ -54,13 +54,13 @@ Certificates can be installed or created on computers that are using the TPM. Af Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process. -Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. +Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and later editions or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). ## New and changed functionality -For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module). +For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module) ## Device health attestation @@ -75,14 +75,14 @@ Some things that you can check on the device are: - Is SecureBoot supported and enabled? > [!NOTE] -> Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. +> Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. ## Supported versions for device health attestation -| TPM version | Windows 10 | Windows Server 2016 | Windows Server 2019 | -|-------------|-------------|---------------------|---------------------| -| TPM 1.2 | >= ver 1607 | >= ver 1607 | Yes | -| TPM 2.0 | Yes | Yes | Yes | +| TPM version | Windows 11 | Windows 10 | Windows Server 2016 | Windows Server 2019 | +|-------------|-------------|-------------|---------------------|---------------------| +| TPM 1.2 | | >= ver 1607 | >= ver 1607 | Yes | +| TPM 2.0 | Yes | Yes | Yes | Yes | ## Related topics diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 2a578d07ab..2ec5067168 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -45,7 +45,7 @@ The Security Compliance Toolkit consists of: - Microsoft 365 Apps for enterprise, Version 2104 - Microsoft Edge security baseline - - Version 88 + - Version 92 - Windows Update security baseline - Windows 10 20H2 and below (October 2020 Update)