From b8dbc9f77aa1cc31d0c7eaa7506e244a58b2a12b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20B=C3=BClow=20Knudsen?= Date: Tue, 25 May 2021 10:33:09 -0700 Subject: [PATCH 1/8] Fix wrong RID of WinRMRemoteWMIUsers__ The RID of WinRMRemoteWMIUsers__ is not always 1000. I seen many domains where it is not. --- .../access-control/active-directory-security-groups.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index ec30cea998..9b9c40977d 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3716,7 +3716,7 @@ This security group was introduced in Windows ServerĀ 2012, and it has not chang

Well-Known SID/RID

-

S-1-5-21-<domain>-1000

+

S-1-5-21-<domain>-<variable RID>

Type

@@ -3760,4 +3760,4 @@ This security group was introduced in Windows ServerĀ 2012, and it has not chang - [Special Identities](special-identities.md) -- [Access Control Overview](access-control.md) \ No newline at end of file +- [Access Control Overview](access-control.md) From 2af58b3c0500007ee32bdae18efa70245ffc00c8 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Mon, 26 Jul 2021 10:58:58 -0500 Subject: [PATCH 2/8] Update security-compliance-toolkit-10.md Updating Edge baseline version we are posting now --- .../threat-protection/security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 2a578d07ab..2ec5067168 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -45,7 +45,7 @@ The Security Compliance Toolkit consists of: - Microsoft 365 Apps for enterprise, Version 2104 - Microsoft Edge security baseline - - Version 88 + - Version 92 - Windows Update security baseline - Windows 10 20H2 and below (October 2020 Update) From f87da7e4ea4093caa59f525b40bd61add5d3c362 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 28 Jul 2021 16:22:08 +0530 Subject: [PATCH 3/8] added windows 11 , added tpm link and added one column as per user feedback #9853, so i added windows 11 , added tpm link and added one column --- .../tpm/trusted-platform-module-overview.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 3261c5f549..e1638ef797 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -20,6 +20,7 @@ ms.date: 11/29/2018 # Trusted Platform Module Technology Overview **Applies to** +- Windows 11 - Windows 10 - Windows Server 2016 - Windows Server 2019 @@ -28,7 +29,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a ## Feature description -Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: +[Trusted Platform Module (TPM)](https://docs.microsoft.com/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: - Generate, store, and limit the use of cryptographic keys. @@ -54,7 +55,7 @@ Certificates can be installed or created on computers that are using the TPM. Af Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process. -Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. +Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 and later editions or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry. The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). @@ -75,14 +76,14 @@ Some things that you can check on the device are: - Is SecureBoot supported and enabled? > [!NOTE] -> Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. +> Windows 11, Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. ## Supported versions for device health attestation -| TPM version | Windows 10 | Windows Server 2016 | Windows Server 2019 | -|-------------|-------------|---------------------|---------------------| -| TPM 1.2 | >= ver 1607 | >= ver 1607 | Yes | -| TPM 2.0 | Yes | Yes | Yes | +| TPM version | Windows 11 | Windows 10 | Windows Server 2016 | Windows Server 2019 | +|-------------|-------------|-------------|---------------------|---------------------| +| TPM 1.2 | | >= ver 1607 | >= ver 1607 | Yes | +| TPM 2.0 | Yes | Yes | Yes | Yes | ## Related topics From 97eb61919de22d42922b189746c7b0b99ee536bc Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 28 Jul 2021 08:24:44 -0700 Subject: [PATCH 4/8] Update trusted-platform-module-overview.md --- .../tpm/trusted-platform-module-overview.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index e1638ef797..503d582aca 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/29/2018 --- # Trusted Platform Module Technology Overview From 27127d6e6bab4d75f43a80e10eb583ae4dd97615 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 29 Jul 2021 11:59:32 +0530 Subject: [PATCH 5/8] Update windows/security/information-protection/tpm/trusted-platform-module-overview.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../tpm/trusted-platform-module-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 503d582aca..dac70009f7 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -28,7 +28,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a ## Feature description -[Trusted Platform Module (TPM)](https://docs.microsoft.com/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: +[Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-top-node) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can: - Generate, store, and limit the use of cryptographic keys. From 22a104016f46f75ad9dfb1b94c7b2e0635181534 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 29 Jul 2021 12:00:07 +0530 Subject: [PATCH 6/8] Update windows/security/information-protection/tpm/trusted-platform-module-overview.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../tpm/trusted-platform-module-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index dac70009f7..248decde2f 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -75,7 +75,7 @@ Some things that you can check on the device are: - Is SecureBoot supported and enabled? > [!NOTE] -> Windows 11, Windows 10, Windows Server 2016 and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. +> Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. ## Supported versions for device health attestation From 2774b33b4171a2521b777459c6a6580d0d1e7df4 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 2 Aug 2021 16:45:58 +0300 Subject: [PATCH 7/8] Add info about 0x80090010 https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9551 --- .../hello-for-business/hello-errors-during-pin-creation.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 717d082664..476aed7683 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -82,6 +82,7 @@ For errors listed in this table, contact Microsoft Support for assistance. |-------------|---------| | 0X80072F0C | Unknown | | 0x80070057 | Invalid parameter or argument is passed. | +| 0x80090010 | NTE_PERM | | 0x80090020 | NTE\_FAIL | | 0x80090027 | Caller provided a wrong parameter. If third-party code receives this error, they must change their code. | | 0x8009002D | NTE\_INTERNAL\_ERROR | @@ -110,4 +111,4 @@ For errors listed in this table, contact Microsoft Support for assistance. - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) - [Windows Hello and password changes](hello-and-password-changes.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) From 9246431b81b6a7781d1ab57f52fc0eae8c0fc961 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 16 Aug 2021 15:20:09 -0700 Subject: [PATCH 8/8] Removed a period that followed a question mark --- .../tpm/trusted-platform-module-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 248decde2f..5bbb8174ec 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -60,7 +60,7 @@ The TPM has several Group Policy settings that might be useful in certain enterp ## New and changed functionality -For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module). +For more info on new and changed functionality for Trusted Platform Module in Windows 10, see [What's new in Trusted Platform Module?](/windows/whats-new/whats-new-windows-10-version-1507-and-1511#trusted-platform-module) ## Device health attestation