Merged PR 13672: 1/09 AM Publish

devices/surface/change-history-for-surface.md

@@ -7,13 +7,18 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 11/15/2018
 ---
 
 # Change history for Surface documentation
 
 This topic lists new and updated topics in the Surface documentation library.
 
+## January 2019
+
+New or changed topic | Description
+--- | ---
+|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2  |
+
 ## November 2018
 
 New or changed topic | Description

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -9,7 +9,6 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 11/15/2018
 ms.author: jdecker
 ms.topic: article
 ---
@@ -89,6 +88,12 @@ Download the following updates for [Surface Studio from the Microsoft Download C
 
 * SurfaceStudio_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
+## Surface Studio 2
+
+Download the following updates for [Surface Studio 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57593).
+
+* SurfaceStudio2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
+
 ## Surface Book
 
 

windows/configuration/kiosk-methods.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: jdeckerms
-ms.date: 07/30/2018
+ms.date: 01/09/2019
 ---
 
 # Configure kiosks and digital signs on Windows desktop editions
@@ -30,6 +30,9 @@ There are several kiosk configuration methods that you can choose from, dependin
 ![icon that represents Windows](images/windows.png) | **Which edition of Windows 10 will the kiosk run?** All of the configuration methods work for Windows 10 Enterprise and Education; some of the methods work for Windows 10 Pro. Kiosk mode is not available on Windows 10 Home. 
 ![icon that represents a user account](images/user.png) | **Which type of user account will be the kiosk account?** The kiosk account can be a local standard user account, a local administrator account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.     
 
+
+>[!IMPORTANT]
+>Single-app kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
  
 <span id="uwp" />
 ## Methods for a single-app kiosk running a UWP app

windows/configuration/kiosk-prepare.md

@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/02/2018
+ms.date: 01/09/2019
 ---
 
 # Prepare a device for kiosk configuration
@@ -23,6 +23,11 @@ ms.date: 10/02/2018
 >
 >Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
 
+>[!IMPORTANT]
+>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+>
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
 
 For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk:
 

windows/configuration/kiosk-single-app.md

@@ -8,7 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/09/2018
+ms.date: 01/09/2019
 ---
 
 # Set up a single-app kiosk
@@ -24,6 +24,11 @@ ms.date: 10/09/2018
 --- | ---
 A single-app kiosk uses the Assigned Access feature to run a single app above the lockscreen.<br><br> When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app. | ![Illustration of a single-app kiosk experience](images/kiosk-fullscreen-sm.png)
 
+>[!IMPORTANT]
+>[User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
+>
+>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
 You have several options for configuring your single-app kiosk. 
 
 Method | Description

windows/configuration/lock-down-windows-10-to-specific-apps.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 01/04/2019
+ms.date: 01/09/2019
 ms.author: jdecker
 ms.topic: article
 ---
@@ -39,6 +39,9 @@ New features and improvements | In update
 
 You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
 
+
+
+
 <span id="intune"/>
 ## Configure a kiosk in Microsoft Intune
 

windows/configuration/multi-app-kiosk-troubleshoot.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
-ms.date: 10/09/2018
 ms.author: jdecker
 ms.topic: article
 ---
@@ -21,6 +20,11 @@ ms.topic: article
 
 -   Windows 10
 
+## Sign-in issues
+
+1. Verify that User Account Control (UAC) is turned on. 
+2. Check the Event Viewer logs for sign-in issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.
+
 ## Unexpected results
 
 For example:

windows/whats-new/ltsc/whats-new-windows-10-2019.md

@@ -6,7 +6,6 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 01/08/2019
 ms.localizationpriority: low
 ---
 
@@ -144,8 +143,6 @@ We’re continuing to work on how other security apps you’ve installed show up
 
 This also means you’ll see more links to other security apps within **Windows Security**. For example, if you open the **Firewall & network protection** section, you’ll see the firewall apps that are running on your device under each firewall type, which includes domain, private, and public networks).
 
-<pre>HKLM\SOFTWARE\Microsoft\Security Center\Feature DisableAvCheck (DWORD) = 1 </pre>
-
 You can read more about ransomware mitigations and detection capability at:  
 - [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/)
 - [Ransomware Protection in Windows 10 Anniversary Update whitepaper (PDF)](http://wincom.blob.core.windows.net/documents/Ransomware_protection_in_Windows_10_Anniversary_Update.pdf)

windows/whats-new/whats-new-windows-10-version-1809.md

@@ -6,7 +6,6 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 01/08/2019
 ms.localizationpriority: high
 ---