From 7e88988f3da604b275e8ef96f76350fa185a98f4 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 25 Mar 2019 12:06:27 +0200 Subject: [PATCH 01/78] defined credentials https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1240 --- .../security/identity-protection/remote-credential-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index d4040d63f5..b57634a153 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -89,7 +89,7 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r The Remote Desktop client device: -- Must be running at least Windows 10, version 1703 to be able to supply credentials. +- Must be running at least Windows 10, version 1703 to be able to supply credentials (hash and TGT). - Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host. - Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard. - Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk. @@ -176,4 +176,4 @@ mstsc.exe /remoteGuard - No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own. -- The server and client must authenticate using Kerberos. \ No newline at end of file +- The server and client must authenticate using Kerberos. From fcdabff1708268bad4e33084261fa3e5ddc5d68e Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Sun, 31 Mar 2019 11:40:59 +0300 Subject: [PATCH 02/78] updated supplied credentials as recommended by @SteveSyfuhs --- windows/security/identity-protection/remote-credential-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index b57634a153..ccafee06af 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -89,7 +89,7 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r The Remote Desktop client device: -- Must be running at least Windows 10, version 1703 to be able to supply credentials (hash and TGT). +- Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine. - Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host. - Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard. - Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk. From 4722f7345538d02695932fc8487c04bf6abbf75c Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Mon, 1 Apr 2019 21:27:51 +0200 Subject: [PATCH 03/78] Update hello-cert-trust-policy-settings.md lines 38-42 edited for clarity and brevity - closes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2064 --- .../hello-for-business/hello-cert-trust-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 1528aad8e3..1b65e636ae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -35,9 +35,9 @@ On-premises certificate-based deployments of Windows Hello for Business needs th ## Enable Windows Hello for Business Group Policy -The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled. +The Group Policy setting gives specified users the option of auto-enrollment in Windows Hello for Business. To configure user or computer-targeted Group Policy settings, the Windows Hello for Business Group Policy must be enabled. -You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence. +Deploying the Group Policy settimg to a computer allows ALL signed-in users to start the Windows Hello for Business enrollment process. Deployment to a user, or a group of users, allows only those users to proceed with the enrollment process. If both user and computer policy settings are deployed, the user policy setting takes precedence. ## Use certificate for on-premises authentication From c67ef6f002364c25a371c8ca7428e4411f2e7b44 Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Wed, 3 Apr 2019 15:12:53 +0530 Subject: [PATCH 04/78] windows server 2016 or later change Changed the all domain controllers to sipport windows server --- .../hello-for-business/hello-identity-verification.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 672ad0f33f..ae8da9280d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -50,7 +50,7 @@ The table shows the minimum requirements for each deployment. For key trust in a | Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**
*Minimum:* Windows 10, version 1703
*Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).
**Azure AD Joined:**
Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later | | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema | | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level | -| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | +| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | | N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),
and
Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service | | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | @@ -67,7 +67,7 @@ The table shows the minimum requirements for each deployment. | Windows 10, version 1703 or later | Windows 10, version 1703 or later | | Windows Server 2016 Schema | Windows Server 2016 Schema| | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | -| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | +| Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | | AD FS with Azure MFA Server, or
AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or
AD FS with 3rd Party MFA Adapter | From c771708c6de3cd1e47936cf565d389b7443dca34 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 3 Apr 2019 06:00:11 -0700 Subject: [PATCH 05/78] fix link --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 4a15ed3e75..dd8a314962 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -305,7 +305,7 @@ IT Pros can use Autopilot Reset to quickly remove personal files, apps, and sett ### Faster sign-in to a Windows 10 shared pc -If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](/windows/configuration/set-up-shared-or-guest-pc.md) in a flash! +If you have shared devices deployed in your work place, **Fast sign-in** enables users to sign in to a [shared Windows 10 PC](https://docs.microsoft.com/windows/configuration/set-up-shared-or-guest-pc) in a flash! **To enable fast sign-in:** 1. Set up a shared or guest device with Windows 10, version 1809 or Windows 10 Enterprise 2019 LTSC. From 36c19af9f157e7f844f85779590daebecf02d1b1 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Thu, 4 Apr 2019 13:36:03 +0200 Subject: [PATCH 06/78] Update hello-cert-trust-policy-settings.md Changes made as directed (added that the Group Policy must be enabled first, as that was the original thrust of this section). --- .../hello-for-business/hello-cert-trust-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 1b65e636ae..49e7d658b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -35,9 +35,9 @@ On-premises certificate-based deployments of Windows Hello for Business needs th ## Enable Windows Hello for Business Group Policy -The Group Policy setting gives specified users the option of auto-enrollment in Windows Hello for Business. To configure user or computer-targeted Group Policy settings, the Windows Hello for Business Group Policy must be enabled. +The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. You must first enable the Windows Hello for Business Group Policy, then you can configure it for computers or users. -Deploying the Group Policy settimg to a computer allows ALL signed-in users to start the Windows Hello for Business enrollment process. Deployment to a user, or a group of users, allows only those users to proceed with the enrollment process. If both user and computer policy settings are deployed, the user policy setting takes precedence. +If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. ## Use certificate for on-premises authentication From ed643a4b2f4f39b815f13b946d9f16521c52dd68 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 4 Apr 2019 05:41:37 -0700 Subject: [PATCH 07/78] remove broken link --- windows/configuration/kiosk-single-app.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 439acaa52b..6fb60b7a45 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -169,8 +169,6 @@ Set-AssignedAccess -AppName -UserSID [Learn how to get the AppName](https://msdn.microsoft.com/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**). -[Learn how to get the SID](https://go.microsoft.com/fwlink/p/?LinkId=615517). - To remove assigned access, using PowerShell, run the following cmdlet. ``` From 5737648219ae986c45576685038660520d814242 Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Thu, 4 Apr 2019 12:37:53 -0700 Subject: [PATCH 08/78] Removing leftover references to telemetry consent --- .../microsoft-defender-atp-mac.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 15865ca9fa..e4d8180854 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -56,14 +56,11 @@ SIP is a built-in macOS security feature that prevents low-level tampering with ## Installation and configuration overview There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. In general you'll need to take the following steps: - - [Register macOS devices](#register-macos-devices) with Windows Defender ATP - - Deploy Microsoft Defender ATP for Mac using any of the following deployment methods and tools: - - [Microsoft Intune based deployment](#microsoft-intune-based-deployment) - - [JAMF based deployment](#jamf-based-deployment) - - [Manual deployment](#manual-deployment) - -## Deploy Microsoft Defender ATP for Mac -Use any of the supported methods to deploy Microsoft Defender ATP for Mac + - Ensure you have a Windows Defender ATP subscription and have access to the ATP Portal + - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: + * [Microsoft Intune based deployment](#microsoft-intune-based-deployment) + * [JAMF based deployment](#jamf-based-deployment) + * [Manual deployment](#manual-deployment) ## Microsoft Intune based deployment @@ -293,7 +290,6 @@ After some time, the machine's User Approved MDM status will change to Yes. You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned. - ### Deployment Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected. From c449911aee2a184c14430e1b9797b7ba12383b57 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Thu, 4 Apr 2019 23:05:31 -0500 Subject: [PATCH 09/78] Changed the word Certificate for Key #2259 Following the recommendation on issue #2259 I have changed the word **Certificate** for **Key** --- .../hello-for-business/hello-how-it-works-technology.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 936c4a59e4..e795b09887 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -187,7 +187,7 @@ Joining a device is an extension to registering a device. This means, it provide [Return to Top](hello-how-it-works-technology.md) ## Key Trust -The key trust model uses the user's Windows Hello for Business identity to authenticate to on-premises Active Directory. The certificate trust model is supported in hybrid and on-premises deployments and requires Windows Server 2016 domain controllers. +The key trust model uses the user's Windows Hello for Business identity to authenticate to on-premises Active Directory. The key trust model is supported in hybrid and on-premises deployments and requires Windows Server 2016 domain controllers. ### Related topics [Certificate Trust](#certificate-trust), [Deployment Type](#deployment-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined), [Hybrid Deployment](#hybrid-deployment), [On-premises Deployment](#on-premises-deployment), [Trust Type](#trust-type) From 5f6f8128f353fb5a545b17e724f663153bada26c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 5 Apr 2019 17:20:57 +0500 Subject: [PATCH 10/78] Update use-windows-event-forwarding-to-assist-in-intrusion-detection.md, issue 1071 --- ...indows-event-forwarding-to-assist-in-intrusion-detection.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index ea2b3fa6af..12b4fe0205 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -13,9 +13,6 @@ ms.localizationpriority: medium # Use Windows Event Forwarding to help with intrusion detection -**Applies to** -- Windows 10 - Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server. From efd0509c6f874b2e33e625bdf728981f61115e99 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Fri, 5 Apr 2019 15:09:43 +0200 Subject: [PATCH 11/78] Update hello-cert-trust-policy-settings.md further changes as requested --- .../hello-for-business/hello-cert-trust-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 49e7d658b3..aade96adc6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -35,7 +35,7 @@ On-premises certificate-based deployments of Windows Hello for Business needs th ## Enable Windows Hello for Business Group Policy -The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. You must first enable the Windows Hello for Business Group Policy, then you can configure it for computers or users. +The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users. If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. From a7ae2930d64abc694691dfd07369d247ce79f985 Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Tue, 9 Apr 2019 08:51:27 +0530 Subject: [PATCH 12/78] text added mentioning detailed explanation urls --- windows/deployment/usmt/usmt-migrate-user-accounts.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index 9fb4c1f48f..b5da93fe54 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -25,7 +25,7 @@ By default, all users are migrated. The only way to specify which users to inclu - [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone) ## To migrate all user accounts and user settings - +Links to detailed explanations on commands are available in Related Topics section. 1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window: @@ -49,7 +49,7 @@ By default, all users are migrated. The only way to specify which users to inclu   ## To migrate two domain accounts (User1 and User2) - +Links to detailed explanations on commands are available in Related Topics section. 1. Log on to the source computer as an administrator, and specify: @@ -62,7 +62,7 @@ By default, all users are migrated. The only way to specify which users to inclu `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` ## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain - +Links to detailed explanations on commands are available in Related Topics section. 1. Log on to the source computer as an administrator, and type the following at the command-line prompt: From aa18a20dde43965cf96c7acd24b685cc315d1c89 Mon Sep 17 00:00:00 2001 From: Andrea Bichsel Date: Tue, 9 Apr 2019 09:10:44 -0700 Subject: [PATCH 13/78] Update evaluate-controlled-folder-access.md --- .../evaluate-controlled-folder-access.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index 667c554a43..958cc3e6d8 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -49,10 +49,11 @@ You can also use Group Policy, Intune, MDM, or System Center Configuration Manag The following controlled folder access events appear in Windows Event Viewer. -Event ID | Description -5007 | Event when settings are changed -1124 | Audited controlled folder access event -1123 | Blocked controlled folder access event +| Event ID | Description | +| --- | --- | +| 5007 | Event when settings are changed | +| 1124 | Audited controlled folder access event | +| 1123 | Blocked controlled folder access event | ## Customize protected folders and apps @@ -63,4 +64,4 @@ See [Protect important folders with controlled folder access](controlled-folders ## Related topics - [Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) - [Evaluate Windows Defender ATP](evaluate-windows-defender-exploit-guard.md) -- [Use audit mode](audit-windows-defender-exploit-guard.md) \ No newline at end of file +- [Use audit mode](audit-windows-defender-exploit-guard.md) From 8085a1c0144c256a18c922820747dda2a0f123c8 Mon Sep 17 00:00:00 2001 From: JC <47532346+Jcoetsee@users.noreply.github.com> Date: Tue, 9 Apr 2019 19:27:54 +0200 Subject: [PATCH 14/78] changes made to line 135 please see https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3059 --- windows/security/threat-protection/auditing/event-4716.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 1bd7c641e8..6187a558da 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -132,7 +132,7 @@ This event is generated only on domain controllers. | 0x8 | TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE | If this bit is set, the trust link is a [cross-forest trust](https://msdn.microsoft.com/library/cc223126.aspx#gt_86f3dbf2-338f-462e-8c5b-3c8e05798dbc) [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx) between the root domains of two [forests](https://msdn.microsoft.com/library/cc223126.aspx#gt_fd104241-4fb3-457c-b2c4-e0c18bb20b62), both of which are running in a [forest functional level](https://msdn.microsoft.com/library/cc223126.aspx#gt_b3240417-ca43-4901-90ec-fde55b32b3b8) of DS\_BEHAVIOR\_WIN2003 or greater.
Only evaluated on Windows Server 2003 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, Windows Server 2012 R2 operating system, and Windows Server 2016 operating system.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. | | 0x10 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/library/cc223991.aspx).
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. | | 0x20 | TRUST\_ATTRIBUTE\_WITHIN\_FOREST | If this bit is set, then the trusted domain is within the same forest.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. | -| 0x40 | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are [more stringently filtered](https://docs.microsoft.com/openspecs/windows_protocols/ms-adts/e9a2d23c-c31e-4a6f-88a0-6646fdb51a3c) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/library/cc237917.aspx) section 4.1.2.2.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Only evaluated if SID Filtering is used.
Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. | +| 0x40 | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are [more stringently filtered](https://docs.microsoft.com/openspecs/windows_protocols/ms-adts/e9a2d23c-c31e-4a6f-88a0-6646fdb51a3c) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Only evaluated if SID Filtering is used.
Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. | | 0x80 | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/library/cc223782.aspx).
Only evaluated on TRUST\_TYPE\_MIT | | 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/library/cc233855.aspx) section 3.3.5.7.5.
Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. | | 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/library/cc237917.aspx) section 4.1.2.2.
Evaluated only on Windows Server 2016
Evaluated only if SID Filtering is used.
Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. | From 3e7801984ae45b11467b403c39e4863e5ed3d5c0 Mon Sep 17 00:00:00 2001 From: Russ Rimmerman Date: Tue, 9 Apr 2019 13:50:08 -0500 Subject: [PATCH 15/78] Update windows-analytics-FAQ-troubleshooting.md Pointing to original source as blog consolidation has caused the link to no longer work. These instructions could also ultimately be included in the docs since the screenshots above already show the option to report on devices prior to them showing up. --- .../deployment/update/windows-analytics-FAQ-troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index 48fcd8eb4c..c1f447026d 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -53,7 +53,7 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use. -Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog. +Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices within a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/You-can-now-check-on-the-status-of-your-computers-within-hours/ba-p/187213) on the Tech Community Blog. >[!NOTE] > If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it. From 2c70332753ed7eba48f553fae64f2a69b956fa51 Mon Sep 17 00:00:00 2001 From: illfated Date: Tue, 9 Apr 2019 21:45:05 +0200 Subject: [PATCH 16/78] Minor typo correction in enable-attack-surface-reduction.md - `conjuction` => conjunction Ref. #3170 (previous attempt) --- .../enable-attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index c5d238cf59..73bc1915d3 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -17,7 +17,7 @@ ms.author: v-anbic [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) help prevent actions and apps that malware often uses to infect computers. You can set attack surface reduction rules for computers running Windows 10 or Windows Server 2019. -To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjuction with ASR rules. +To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. ## Exclude files and folders from ASR rules From e82cd401fb6b48a805c677677e9069c84b87263e Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Wed, 10 Apr 2019 01:57:58 +0530 Subject: [PATCH 17/78] Removed Windows 10 Roadmap link Removed as suggested in issue 1030 --- windows/whats-new/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md index a48b1bcd0e..1798631ea3 100644 --- a/windows/whats-new/index.md +++ b/windows/whats-new/index.md @@ -29,7 +29,6 @@ Windows 10 provides IT professionals with advanced protection against modern sec ## Learn more -- [Windows 10 roadmap](https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap) - [Windows 10 release information](https://technet.microsoft.com/windows/release-info) - [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) - [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210) From 526ab0a6b08ffb941cddde9ab852c80dbed6bb19 Mon Sep 17 00:00:00 2001 From: Malin De Silva Date: Wed, 10 Apr 2019 02:03:19 +0530 Subject: [PATCH 18/78] Fixed grammar issues Links to detailed explanations of commands are available in the Related Topics section. --- windows/deployment/usmt/usmt-migrate-user-accounts.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md index b5da93fe54..94224b2a0c 100644 --- a/windows/deployment/usmt/usmt-migrate-user-accounts.md +++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md @@ -25,7 +25,7 @@ By default, all users are migrated. The only way to specify which users to inclu - [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone) ## To migrate all user accounts and user settings -Links to detailed explanations on commands are available in Related Topics section. +Links to detailed explanations of commands are available in the Related Topics section. 1. Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window: @@ -49,7 +49,7 @@ Links to detailed explanations on commands are available in Related Topics secti   ## To migrate two domain accounts (User1 and User2) -Links to detailed explanations on commands are available in Related Topics section. +Links to detailed explanations of commands are available in the Related Topics section. 1. Log on to the source computer as an administrator, and specify: @@ -62,7 +62,7 @@ Links to detailed explanations on commands are available in Related Topics secti `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml` ## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain -Links to detailed explanations on commands are available in Related Topics section. +Links to detailed explanations of commands are available in the Related Topics section. 1. Log on to the source computer as an administrator, and type the following at the command-line prompt: From 6cc239581aab6ba3ee0c05d46762a90c7368ccb9 Mon Sep 17 00:00:00 2001 From: Jake Lynch Date: Tue, 9 Apr 2019 17:27:12 -0700 Subject: [PATCH 19/78] Update hololens-recovery.md --- devices/hololens/hololens-recovery.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index b619fc1428..d9f4871c84 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -49,7 +49,7 @@ To reset your HoloLens 2, go to **Settings > Update > Reset** and select **Reset If the device is still having a problem after reset, you can use Advanced Recovery Companion to flash the device with a new image. -1. On your computer, get [Advanced Recovery Companion](need store link) from Microsoft Store. +1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/en-us/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store. 2. Connect HoloLens 2 to your computer. 3. Start Advanced Recovery Companion. 4. On the **Welcome** page, select your device. @@ -57,4 +57,4 @@ If the device is still having a problem after reset, you can use Advanced Recove 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device. >[!NOTE] ->[Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats) \ No newline at end of file +>[Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats) From 3f27ada80848d5cc182d3c61468875dc076b2589 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 9 Apr 2019 17:32:34 -0700 Subject: [PATCH 20/78] removed en-us from url --- devices/hololens/hololens-recovery.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index d9f4871c84..e5d185bf40 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -49,7 +49,7 @@ To reset your HoloLens 2, go to **Settings > Update > Reset** and select **Reset If the device is still having a problem after reset, you can use Advanced Recovery Companion to flash the device with a new image. -1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/en-us/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store. +1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store. 2. Connect HoloLens 2 to your computer. 3. Start Advanced Recovery Companion. 4. On the **Welcome** page, select your device. From 62b2bea48110d68483ca1df7283df5a020459eff Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 10 Apr 2019 00:32:15 -0500 Subject: [PATCH 21/78] WorkAround #2179 --- .../customize-exploit-protection.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index c49eae7912..7401f885ed 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -100,6 +100,8 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi >The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. >CFG will be enabled for *miles.exe*. +>[!NOTE] If you found any issues on this article you can report it directly to a Windows Server/Windows Client partner or use our technical support numbers on your country. + ### Configure system-level mitigations with the Windows Security app 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. @@ -252,6 +254,8 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. + + ## Related topics - [Protect devices from exploits](exploit-protection-exploit-guard.md) From 4eceea80ea8949047f6561cc37665dbfe9903e85 Mon Sep 17 00:00:00 2001 From: Oddvar Moe Date: Wed, 10 Apr 2019 10:39:01 +0200 Subject: [PATCH 22/78] Missing sysWOW64 --- .../understanding-the-path-rule-condition-in-applocker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 154d463930..b1e10dc63f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -61,7 +61,7 @@ AppLocker uses path variables for well-known directories in Windows. Path variab | Windows directory or drive | AppLocker path variable | Windows environment variable | | - | - | - | | Windows | %WINDIR% | %SystemRoot% | -| System32 | %SYSTEM32%| %SystemDirectory%| +| System32 and sysWOW64 | %SYSTEM32%| %SystemDirectory%| | Windows installation directory | %OSDRIVE%|%SystemDrive%| | Program Files | %PROGRAMFILES%| %ProgramFiles% and %ProgramFiles(x86)%| | Removable media (for example, CD or DVD) | %REMOVABLE%| | From b2cfbfb1c46206390340bf4ac70cec555d92e173 Mon Sep 17 00:00:00 2001 From: Sergii Cherkashyn Date: Wed, 10 Apr 2019 11:32:19 -0400 Subject: [PATCH 23/78] Update hello-hybrid-cert-trust-prereqs.md To avoid customers and support engineers confusion I would recommend following change in the mentioned part of the documentation (replace first two sentences): To avoid customers and support engineers confusion I would recommend following change in the mentioned part of the documentation (replace first two sentences): --- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 6f443cff4f..5c60844b4e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -82,7 +82,7 @@ Organizations using older directory synchronization technology, such as DirSync
## Federation ## -Federating your on-premises Active Directory with Azure Active Directory ensures all identities have access to all resources regardless if they reside in cloud or on-premises. Windows Hello for Business hybrid certificate trust needs Windows Server 2016 Active Directory Federation Services. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices. +Windows Hello for Business hybrid certificate trust requires Active Directory being federated with Azure Active Directory and needs Windows Server 2016 Active Directory Federation Services or newer. Windows Hello for Business hybrid certificate trust doesn’t support Managed Azure Active Directory using Pass-through authentication or password hash sync. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices. The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) From 5fe1f843c441302251644112f66791a7a9907c41 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 10 Apr 2019 10:00:29 -0700 Subject: [PATCH 24/78] new qos topic --- devices/surface-hub/TOC.md | 1 + .../surface-hub/change-history-surface-hub.md | 1 + devices/surface-hub/images/qos-create.png | Bin 0 -> 9873 bytes devices/surface-hub/images/qos-setting.png | Bin 0 -> 34695 bytes devices/surface-hub/surface-hub-qos.md | 46 ++++++++++++++++++ 5 files changed, 48 insertions(+) create mode 100644 devices/surface-hub/images/qos-create.png create mode 100644 devices/surface-hub/images/qos-setting.png create mode 100644 devices/surface-hub/surface-hub-qos.md diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index a264981b50..058ddefab4 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -41,6 +41,7 @@ ### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) ### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) ### [Using a room control system](use-room-control-system-with-surface-hub.md) +### [Implement Quality of Service on Surface Hub](surface-hub-qos.md) ### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md) ### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md) ## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 10ae4ecd42..d105eef44f 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -22,6 +22,7 @@ New or changed topic | Description [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec) [Technical information for 84” Microsoft Surface Hub ](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec) [Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | New; previously available for download only +[Implement Quality of Service on Surface Hub](surface-hub-qos.md) | New ## July 2018 diff --git a/devices/surface-hub/images/qos-create.png b/devices/surface-hub/images/qos-create.png new file mode 100644 index 0000000000000000000000000000000000000000..d99a0c2b3b2fff63517d5bf7857f18c0c8beebeb GIT binary patch literal 9873 zcmdUVcT`hZyLSLl$L=Ut7{rlLlqw1;AYcPTq$ni81VT}P1Oie521r00EJR?yp@k;W z6G8wu0ewbGBuD7Q=u^5hel zU58=2ci*_Z>(09^6gsCb(%8I|&fj>zWFzptsYy*O4{F}IE-)N+HS4e|+M@d}d9|ng z64+)6x&jjJ0R7yk0{Znh6|^smA$eu{fBnRZlZ^tCc7?>61+x`muY{uxER2CK7xZ5= z5F>Hs0#MOUyS1tQ4U-~LjC!iR_wdIY^W^&a`h}_f*Uw~IT3adbvO?WGAZ^Va28m>% z&RqKnWm2SZtP5(WW4+Oc{JTvM@}8pou@5kW z5thfm`W{99Oa-Al``QsQ-6`zz8#D1^V5iiiq&v6cdP<)#B=f2>_~MbW!QyR_3YRrk z`O7M_f|ycDY6?48jx5c!8D*V%rS|Q7oC}5d?ZZx@7o3)mKC2|B_c)gV>L39B<>}3W z;bL&}>|mKubHjxJ&ty)?cFuhXvoshoIf8-u*^8K-zPR^*){IKN_w*$L1J702*G412 zm8KKsARHa>Htr<`_`Wd!r_yFN&E<{4GRKa4FNza6icJ+>|R7 zcgA^qR*MUnv7GXW~dJkfWCN@qJ_DW1}yf4o8< zj84+h`_=M$Z)`relDxHi{#(pnH!v<8&E?SC*EcEdXGdiYGoSIr9U0fjP%6Z)#qkI0)vgUSYiny{ z?S%jAK&p#sM--Bq1Xzw7A2i7BHtqf~)CuW~U|k(EW|;}5jVtx=YfH~$)%sop>g(&H zo2BI;XV_cdw2}anH{dv#WN$2(9XxgJA$j^S+(@&EY_ZTeRk)bMi-8{RF^rnV@#BKJ zK83lAv1Wea4uCkjCqNhDTy0v(@$7f6e5K))a2uMcNhSW)R_tt~+3gU^MD?fl7XflH>F5Rp9LXLN2|rUZVKhPRBw;x2v{B_T>!k zpjF~l7c9n4P_O(Zzl{xt=cZR&+O2k+n*I&l)ncc9U#I!Y0Xd!f4+x`3?QJ$sS-D#_ zPUww+;o7<7*Ur?7l(Eun&+u!OX1UzemG$0Uy)@m$uXD9XKMCymjhQ#$EeSTdGOZ^B zQm~>l7km!vUUgdV5!lS{P(7q~c>U~KWV}}@n=bj44OpvsBwrLUPI4ZJXV;4Ky7RgV z7|Qzgx{0+t7Z9mJWqSV6TO+>r+>%!jLe5y?#;|sOlqKTH6W;p#a&JfK^Hbec0=)l9 zQXI>hdJjvRx6RnWOp`4c5GmUSvL9NvIl#Q;MBkTQwbn0XpVcSL4HoX$Re(tdER6G; z6)bXxdaK#o7qT8%qt{YaoOqjLtqeEMoH_dQID9i%#OM2eB0Ch85c-+8 zpn(L2q^qLgecA^D(I+0gK#pq>{V>}bOY@VxW8Hc1c)A4vsa`OqN+r1)pf6OIP3ew- z{chKQx1E9bo*-laJC@HN+4oq(=}99aBg$H|SwVq?ssCiB{ zzjS(j(<(H+`>SL+|JouW!Vngf-|58?Etl2MMxaq zf|U;4H!1_V_8Szm{eR{J02ed;?_3M6Jw=MF{stqSL$A}uWg%oDfp4bbj9$nDZkT2nf{1AFHw?FWeW%i|?7yOP| zURPV#QakI(Nn^VSmzK(z${lnTFkZ^G7Zn2~xG+t7uC@I()~KO zPpU?u^n|asB~OSd@#`xm@(p5iT?`7Ac-e^#)w?LDu+}m`La-(%zL+yc`7DuS7F-e|MTB3mB%Q$0TP34(cA>slha0@x{ zB-N_)?%F85T3x-w3_DxKsQP|@uIs)Iw5N{6jk3Y6BgnW!;IoaE0cXb)~24mGBG z@=#ANs6DqdS!iggnvaD}CkDB)M?|?X!_L79oX8_Zk99wrh(kwR;%7k=d{NBwk!WG^qf7 z8pn_Xob-D)vP}i_5g-kJ&3#?~kYBioO+2K5V4#+6#lUPvsnd6M zFplZ^xrrxPDzXLkRsQ%dAuo7UXf8c_9iEeu)3p`k<^li^>(Sy24_VE-8PE`|Fxc@{ zTJ8=tH#Zl3Sl)k-{qB&o*{8hJdLp{Y zlzb4=2v&m4)V-^ncEydHDCG9{=X@5s$KlrljuCHPr>yo*xI!Qe)h=VS23IPi<(NpB zZmJtD_x>x2m!0N*k_TYVg>uZS_yS<4d=vyhNk)g5ePX|(RzY9S2BT%(`^2Uf!<^Ew zW1jHdNOW#PNml_QVx@24PJT@>8s0@OD^04$O72v>&n#N#Qlof!bo2d>CP2+xy>s(p z3oosEq3_-Hb(+Rsppxn~WcyC7?guqn-sxL=^X7H^7%ML;cSBV$5y1tUp*VEsaB40P zsKYD*XrTDl05DM~dV2~jucvBjQNcRpb&+bI$I-K!fnu+HrA7#eH->);xS)M+ov`|| zjMpmAw9ox3t1>3hX^gS>-}Zxm=gg)WV(03V+I7Zl_JOafsjh4Xm1?O{-zJ-9fBWof z$vQiTS0Da)A=w5llA0Jmbb;`xXr7Lg~kQ(QE--c^#0TCWN z#)2)Uqgdl$MSI<#?=X;j;hscfAc@53eb+*ct@PwoR#a4!?g0@{kFhvG2=xv)+Aesx zlNt=)xk7rV#-L3SwK6{lE3qPeDPEWr?|UGqo!qMGc?WY^-Y)khpm*|~B|v$3$GDGI zV+fEl`3qeo#+8?UrSMrwK;X%H=VTZJzU_;s`jurPQijp?3wOL}dq!kO58@k+Z4dtT zaVmM7+EZfOMfYF%L^ii*cWbEk(bd-3O>@I|dIHPCAbG8&QaPQ)nhG;Nx#2>aCH&gDJ+gGgA1zM+C&FF~RHrR=UH@8+n2XI;y5_4)Bf4x@-W1+)B%} zV%XMzXrcR0bJl9&(3fxu^SqA5UnuFGC={yp*=`{ITMFL4AedQC3j@D)WU$E4L+NN- zqBy2d)=B{*S6cmD%3PSw--Bhr6H`(OT+C*@jR*s8_*tDdM`a?r?i06KRWV?uguO+$ zAp*1SHjYEPJc(sVpMFzUB|CVo^@xSjAr&g|3{pCee5_k5RM+6Aym|{>sotf{q_Ql3 z(iI1i>rceB-mJ#>fgz%{yN~61jm5PXXix9`Xnp^o_fJZ@;&PBaunE$lmY5ucr428^ z@8E7J!PXkU2V@1Fop!0L!(--uA`Z4yQVQRlHj0?Tc9}N?AcpzVM15bbH7%@k?5IjFEz) zyW1Uw8dI%8FHeIooSUfEnPu>8Ly^M6)p>-qvY|Cid*Up!6u(|NT7XC+K5S0?s=9p1 z+2otVkMa$M>fijjF88Y|rdL0H%CYzQ*^+)>%$mz2I;7}!JFP#U@ZEcT=FkV>7x34- zk8rZeE&y7Sd_{@3lj{Y~rfP|^bFgBWZlw-`*Keg)uW+7QcU!a;7OX@U+g_c@^lUcL zi-^W)I}sht=h%)TuV24DaNq!)s{Y;q#Y{tdP1J#RE$9-;`oj&0@uG{}qh*<6!L4-D zDb>3C^EF->OTEaPz7iV^L~dhlZ_DtxPzzld|4{lZ2jrxgxoFZbV#Aswz3Or3&S`^6 z{GrzYsy{lejemZAraQ(rL->cbgA+}q*m@jiv=f_vI5epr*E zO>hynNvn_o%x110m9v;;(cd)z%?LbF7eMRV;de)E$`KvM?CMD%@>#=gqf>A_A|=Sq z-tgh>ylA&*tXN^9pwV3HJG1zS{YE;uUzeMo9z&ZXXZ-k`1y~ z3M?!vR@$?0S=zS07OZZAm!cZ->9tWwzW2w~l#>G3C9UacX=#axMaUJB06X+#n=s|t zVoBm;%J8izM&0VUI&N8#KA)u_CvUQug}O{hR}WE{Qr!qFCHPOxlRFmVl4V{$Id;$K zVG;dS4RX>RCql{h1W=YzxUS`=uXQF&x`N3%nnu#3Z9NYZB+XA(zS%F<+LVXvYz4$g zJvwZUcQ#4Zw|Z5w=W^%L1P^i@1z z--~oBk013?`B~!d}0?E<&wI|E&HCa@oJSaXB$eup0O2ds< zr}wf;4g7q4eFeP~IXSsxK!9FX6NyB?Ca*gV+U4>W%q9P6k}!9BPODTg9niuJ5Si}a z+rk}=`*&+lz1C;7Ns}=I4a1c*E9eLUfyoT?7@0Ovhh=AR%$ko*2=~#6>~}SPs0t@zpdftQg1 z#;Z|eCTe+omF~9OSIy|JA$>dS|&|53N+;kGiB7txh`>7rj{8b)(5+;RtBjZb(IlKl>T7! z>Y#RrMm~l45YO7HoY-y`s+oE4k3PB{KC*ntXh`=dKK{}*U>H%EBXuvjguer zoZ=l`@iEn;QX8&l9P zBUDjW$wvzcSCVvXlvgH%-i*n(B^8ZZ6h*%#GBfAA4v>p6YF4HiHNJ|@SpuFC-h~Tf zEUJI(B*|BNMHVYBT$pCCC?MmWl27E>`#C>s%vi!Hfh=%M5HQa9HG#nynws(`Hf>Oy zF{TylPqwyG3+<#82$f+h%WfS4MBTwu&0S*}ZcmfqH^DkGgmW0p=*z;J+|^GO?EL*a z$#KJ99H)wwWmy(P=(N?w4zX;H8+_~8Yw>VIU2NcF(nB-N3?M~Sr%O&#X+FQs;=~f=XrI$z?zkhG2jIlzD&77$G%rsuXrtxI=3THqzO0 zE2;fJqe{oVQOw-f^BQzID;E0ZpVuW`d>Ip)g7U~c-;+@ij`v2jDWEI*AOFs^{^9Qb zD}t8ai`D<00NyPJxddZ5a(01S(V<%6JSLV$M<)l8sL1uvCLoWLpP&D(i5zA8M&j}J zK(E~@nBi4HsR-QHj-TQ7s=)I?M(Z#1J(1ehbqh+&X+ma`zXP5w9~_YH&Mp)$QV8Kd zHd#PpBf2e10Z!C(WGDFtU?At@ZcJ|waRuDKnCt~(!4J9vjc7H>Ih8uv+7HPWzVy^` zWaX_ceyEhU5U4=~wC``Oj=@e&SKy!cN3$w^cc1d**8eV;ZT1VgZAfChw?bLe&&;EA?nf?b(b|<7= z9owp9GB|hHdZ$4`9qDK4`@F_*`SL%P1(+n_TK`EnD-n_&;c~QP#7G@ydfvRvw^7B) z7xEo*aoPDA+O1^iQn&PYB_$=_rTN`7J-g%raC2S`dXTx^vnTF2B#30c_QFM$JSvl? z6OI}B588vWsqL+aH~7+>bB^;StlVqR0CN`5hIG?4b)An!*U>o#DLnwqSM~b;33Lu4 z5Z#+IvY<&N4C)RLv=7e#QYZ8OWoq^YMWkzJXb9Bh=#GFQ1waeQ?eFyVE7cEL06fLk z1K>cM+^iMJ4gSTNiIY^>hc)*xzcM6WK)M-em%N?3fg0dNFAKr?*ONf5zYDuv=k9wJx)yBIZ*}8XI$%Zk8iZg?;kNlZF+3`03M*e;(HTrnu|z2XPlT0m0qnzar#tl(z0w!%P{x{!P` zr?H8^L*n|B3>YFIdKn#S%5 zJPe5DtK~t`p>+-Kpdj1ewI&JRyVi>gJo@I(v87-@M~`{r0|g1OmPz!n^$E+6z=`aH zsK`ipgW$(NLWe~HR|U*kBul*d{iFx^)fI$g%B8u{*Oquu@}P})J~eiydifAP*$clq zUDo}|NVu^&JLuD_29yTzOJAOsp}7l_WNIwb(N7Hx&z`~JfQ$DQ+{>Kp+I=@M%T&CayBAjm!xgi-Rgt+YL9@8WciOjBCHDgKLg` zCQD|{qy`LB0CG2hP67OC(sk1-ctp-&Lzu9++#ZsX;W#Su{shSj;p*zDQTg?4s$M{j zxXtf=RmkRsSit7i_Nx?@4>MP1x@(wS{N7DHcK}6!66SXs)M?-|kcaFZJ>gUX5i0o+ z05_}djr{;#MJX6E(cBAat3%&!ZUy>wCSRM0Vv(LJ;FsP%k>Wtlqr>EtsYK_q0d|MJ z0oR%HO<(=|rS>_xJ4Vq2xWTk`{K7lpn|ELBbTiSCXJIHJdvk5v&~UlQ(vvY)AF?iR zK;}ucey+rjeex~V=b}SwqP%L>7j|keItCYDh>K{>{8NRsD{yVsz(Cj!Rg)w#0y`#S z{&5d^Vn424`Wjz1nHZgA&4;2GsFN9i)pLTaxZE-a? ze+9Am?YW^{$hsKTamu`-T-`PSCuTtf@?#f$W~&z`Z+V!26ti-$tm<*|i@f<-g^h26 zn;QW~Cmm-8sw?Hxj?S}dHpC^(>Z|?jc$cT~(1&xKCJL?Xk60R!m*+dK)0LNV&Qa1Y z-y6lOE=*TuENm+tLbZXg>%C>n?|O*8Irn7dZpeJ5!o)EGWhS^A`t#+E2Z>fcyaXLlV4S zpQ=2u2~>*cN73M%ZHmpSl zWNj`p+JK~-Ut|*XlWC^fj$x_2mmN1-pVX|4X^`%64RyYe9o9b`qpROSVDeUHs%E>) zG+0N_1n= zIslc4nM}38%2+C1Ox`ivtWje(3a*1XO?&xIkmL6ryZpG`m1^v@&qB0{;hx{|LzP$ZP*Q)#SgIHvX3?D*tfWN5aufsrzAN Wg-z1x2;em`kg1Wyjlye=VgCk-HiNkU literal 0 HcmV?d00001 diff --git a/devices/surface-hub/images/qos-setting.png b/devices/surface-hub/images/qos-setting.png new file mode 100644 index 0000000000000000000000000000000000000000..d775d9a46fd8db125549fb874523b8b4c4beebe7 GIT binary patch literal 34695 zcmb4q^;=Zk_qHNPx4=+Cm*mhfbW02=NW+M9Idn?b5K1cD@JI?GAk8pCH;8nnG)Tic ze*S{*`@^};b!x}iYwva6_g*VjM_ZK;j|T6_lP84gYD#)fo;;mJAE7wU(RX@{^GngE zr!YNLg(uY`bi3#aOgnik`6o~6lJM`WvC!AJ?rLvfPo9u@{yUy7y<_lw@+6v0T}j@+ z*Ww_@F4@#(rAWv?JRay|lL(&KZxdLjHXFRnqZb`_oJ> zO~az1c;dOA(ND85s}X9}t`Bk>*+K$CUY|Fg-?ebS5=jYK% z!04~-1=xNIa~A*#2N|VWVEhcY%&m3Wu9i~>GB@7=`|zRL@D9u|jDB7LUYwg!jFs`? zrmYx=4WnvV>u+wU2E;K-`z?ZErBTT_`aguCs$F^E!^N#HP&$^DR3qNGgu}zb)=PI- zZCKvDaa290+pk%5T^t?p>_)QHQ5P2%x|Y+CAS6Iv;#0Zu=2zlz+&?l>49uU8r^}!N z$WP|mpK85@JtONu>t<6Tr~VP&erl7RS)RrT7JDNl>0|7JbooTdX+|i5+!u_ON#^Dt z(I6-)isA0zs8{fFC!b|I^WE0(&4T)RAzYrqSE6-^^=n7~R8zS;9xwXXi;c;Elape| z-!uNy-dGb%jzt!#JbX;g_3Wi39qe_Cn}>yOjh#)~NHAt&LA6Y_^e^hDBs%Kg9|l&I zfvcOxcW3;pqh3?xy4Kwhxa!8EIa0q^zWpnnP5nz;6FVV~X9WoYBO(>1N1`wyvC_o- zP$uMGkOMj-?Qqq*UL$efebAU@=JJ|;W8~Xa%<|vGA_lF9*rJMyvol`KxPI_?KWg`~ zwX?l;t%S8!AmpLdeZT5QV{;-k%i8Z z@Le*Q-r~z*FNTaAp|H=5S)-TwIF&o#08u!dw50QF6O(49c!82tQB(VIx5lb7kLSVn zUr{KA5Mj-1aV}5qTn%DLTjc~0GBfVOF(Xd!X$gpgGf>S0T^MEx`;l#qer2EUS%}_bDs!qae*p|S z|0rPHjoA4<6K&lSWo}^QRYS>&jHvnPmX)Df8PKkoz}KN35RSDzmgy@@3*d(S(*IS- z;-RRhI3)E8R=|8JL2AFf(0t~AkTAhcD+^iyq+&1XYDz5=Ura~IaO>o>GeR!n-_zyQ zz#i%)Enja-@?qEpj2fX3m6;5(D-M?JwvSz1YPu(_zAtuz3gm5$ZO^AAQk|O0 z6@M#a#`)8wXz%<1(?aKtLU^8Off8*r$uJd&wgKKV)qUIp<#cBQ`{yz$G4X$u>jHb{ zKFo+SV7qHtE#gX!o}D-UXJ)Zw^TIa%)bBRVL5u-gk?n;S&NeDv&~7yMfJ;>hBobK| z%v4FHHo>XiB3hzT3Q*B)2ZSfa`)wbjERX5He*(fmrIcz*Z|{68MlZFC5*)xjqEmUh zI9j@Ivm~Vyps3xkz`vUIGCu6WWUBKZo^+>}&HW;P7-9@?rgvS=t#wjpR`6N$r(#NC zQJZ62flSmn!rfp&GCRs%jO4)HSV1vJGvRr8K^Ig?AyE3HKwu>jf@CYpr1I} z(m*u1V`txU9`dQ-47LIdg7(d!fAFb)DhT6Qcc0liI%>MOKmGs_r9%hQ7^g<9dVEQr zBN4`aYhUUk!o>IS`Ft9i);;L?$qTIzCc;Td%s{CT-X8}`i za$WXJZs!%I-wlCW5b0NNfoz|?pMpo1;nZq&u!ALRm02y1!M4wiP<%$*K56s|xILLL zaAXQQN}u6TN1`lAA!awFPUz4k=q5~5gy_b})fLah<$x;zc2jzI-3~AcvUfXD^Sd^o zhW?kfqb@oV-AIn=F1Qa+uu}~X|20n8GLlWCm7u#(m>*Stvh3f$(&v7cK|eArrfld8 z7iF9Klu7g0g?glF{DxXms{e!_qm6v)k^9P%+y!!0yJ~&6QDHq4aZ*<`tJ0wB@KZ9* z)5+8nAmnN`+u)~v!kca1>Az?BU*}d-x**-NZN~>2uYMLjaBQK>YG96nZ~S}Z96dz| zWBcm83|NFdY^+HqIG%>L-k&iz3lLa+on0Vqd(p>#4z-QU?! z+cbc9-GqC`y$|Gz9NVkck%dRc<8aErf<)W+tK+`)-ccKUv?v~bEk7PSuI&K{Z%t3% z5)MJi?GSG%-j+d7Uw?5fC7dwOLW}tPXkapw!??n)p_&(AmvaU_e9jhU%Elcx@ncK= z%>L;o3X=ZC!{fzF70%D{_T#+c>syc{Ro39d#+m{yVU_JNZvR@dn4c++b>H7l|*WKd=*o&gEy)#_Q|WNtp7CC=~{_}z(Nm*zc7|- zTF(Z=yM*XKR7kU;JCnU{JOdn`vBZ|KCs9JVM&fuytdsRzFjm@gO5~%QQ_* ztv8xO61w95Os6l91176y-tQ!;k|({(+CtI4OzPW*d2z z7Pvw3roDm9wf36pRtu-8p@9=S(a?e9(b>~$v|*70-#I$F;peqp_=|t@G0Kz-b_R$! z`T}16`V9Wv!s(rGvJ7i*)io>P6KRYPGH=CXo=ZZOUL7$=4UE_{bj{rGTSAx+S{Mc1Qd-%}BN+#kzjM{ae#>Pe|k> z2P7gLh1Wl^$g=4LyS&iD9!qaSw_Q8xA2==&(Z?ARqnW(?Q2eERk{1~;0RfrwVr8HWRs z3uhJ*q#kYGvl-)joHnwIMB$rdL?{Qyy`ED4IZE;IoZWip?V z;BsOXa97P|SXOIq``+aR{e5$_Q;U_I+0KAah;#q4AiY*z-bCYqicijZ;rdL8I+C=b;#)9MSB|JUYfIYP*uS` z{ZdVJc~k$F@nUe0YLnei=0_#KjU)Mu_f_mx#KZ+%oF#;|R)pwmc)@+$d&Fotr zZuVD8GAv#({B89+)5|gmXcbVpK^sv5@UguieF6W8QpDe-fTOmCrPh-8(Wucze*2_4 zT}t^v85asFJoA%!X}Tr9?HpgGTB#uRhO+_gnh1!@HS08Ygr5@`3~aoju$LgVq)A0| zwl$n^kN~+b)|gXGHmWkA7_5R^G&5QOE9v>A$G2YxQf|x2u4LDdUA69{jKYD8rQqgFCFXf1)mHgRVvC|Bc_GUJzj1ma+oGREV9ix%{#ezyw+Ab484~l3Z+g#b~ zQonu3UZE;j&;l-&6CXAZv{+BSySvdc>uuD)UAFh7yDo7=Kw_@7ZXFdR^rw?B{yoEi zylHDP>TqQPZpG0U(2DyIxME$;z{{6%g0s&C~JqD0gB>}J=r;7?t z)@4=^NTQcYKP4rPc-oUtOZohV&~(PEJ6x9)5~XuMdQJgsqyi0Lg4y@RU-NuIevl*W zL-o~DaCunKPucuoNz%(vAU+5e;cqRR850yUqg%){0C zhTonA4>a9gNVc_|zvE62_q^lA=<(&<;n9OY)H2~A#p=j7l+{Jd_Z0%Nqbi$5ql$WjMY0UOW z4sCAmO~r9Q$7PTEFLR%=i>{(g4C|A%-d$enA4~pDE#mpyxho07#eR&H&UHdZMZ>?kYRb%TQ} zLhio_1l=?k9~zio-)rr;C62z@R~Tv;=Wx>S!wA~5=?4g@DFuYiDi=}B6$Lp+c?d@A zL^dKqddLeYHQ|5l4H~$6=Cq?%PnslNEgt*IOM8ufsy(g_=sBjw?=BEZSoJ(B7jPJ# z5V*ae?Lk!N_v~;^;ru;@x#(7!>H{bhVcQjBv%e|Z)+P%;dp$8bbwu%ts`x`+2AwFuTuEk}1G%CJY}R86MrYaMXT# z=<3!nE7IB1b6o!%iiB&OEq}Ashzs>T21;x{63?TQXPZ0}&3@4D9)>)a!x;!Q>Jj_)r{CI5jSyA1c-7HmtXj6V0-*!IZsb1I^tQS>5#&{*R1 zrnlaX@+uJWtF}|rK&b36OEgL)A&D(N>0!Z-!>e2w}HUis}H zw52(p7vrwd5vL+ad#k&tbD82KJ^r{CP`80+Su>?mf%|veS7zsQAjHD50)UhNKG_|K zKaupD@jbwBV1@oY92G^{L!yVh9>albfXN zMpGp_n3`N6vRrMa8PzAsb++}uHQ%2qedI?){7Ax?^zk_&KAvPI2A>9#_-VGF?fcVH zW0nCHx)=%!1kERHG^qbk;*pZ{!RB0Dm62rFWxkQ4OFo&@VuCb&?cuF%sqc}eTi>&r zcXxQjlkJJ$p9iW`65F7?`k^pT$^5L0=jk{HaZK|EYgz!Q(#A~Xo0PfL`VyDMfoA@M zm~U8$K{J`R?dOqYnm^Bb79^hEU=E}p?I3=KN4YUZ?Sa(`BUk5>kja}`+QRtUHRe65 z8!)NyMOQCgh{j#eiCCv30Q&sn)u^P&f_v$irZ|1?h39<5mD^8|Y#A?b_Lg;-Z(wN= zZ$nPvqfC*J|M^v2?cey(?uVd&?$l;j&+w%zAbl~&%^oPq{KvRM;?GhYcXpz8W0AB! zf@8jWm%L0NfWR&>505^=bBSiIh~2vA;+RV*`n&j^j9QHi+#|Nr;w50A+nzZFhiE?1 z7keREiKh|y^%(*G<=nBHfb(FwITg@Mu_C7=o`>k2{|c zN6@YtKDQu_0$6`?xB5lWcYjM9C3aJT`tnjw{l&C zo~RfD7@{&xtpAWQ4cO$LydpI^{D_9GJT5RnKCpHpKPlGSJ59K*f&%c!D^~)hV*Kr` zN6QN5p%WDY!Nraxs*=Ut!fy0*8i=`mr)a4hY~)Dpfk?5T&6Z$pj1g3b9JA+%c|j!_ zLy*^hb+WD}i7||Y8$yUfnA-uCnIQxf@<))D_xSEo^|7qnPd?v`5iLYD@*EsD*Re@C zPW1^Vt{vq!>EufX@!bvAwvGH1*dN83`FYen4+}+1QPZxWmMNVE!OfgDm1dq}#Cg9j zep%+p6!pf}Xi@pszZ)hHTd3uUTMWm+>cvDRmmzR31A9Gn& zJ9B$hbqJz;7>HE88SqqXZt7T2iUFztQxmfxcRtH5GX6GdJ`fgL{7M3ckf(~hf4P7! zfYecxihV&tnK_NGKw+sY4C}H%H*i)UiwYdB;_HZp(WwGg0B-_z6=GehuP^voDxc*P)ic`iUxHw4VBZEM4UtLvP0SDtDj%<|IXzt=}#k*EYxtJ4g zYATeo8*@xUnMWOB_RS5(R^I|C1)l7=8A;XuMX&J~7$2}NM{`kLBqv*W5Qc@{P4BZnTK&`2!Nd)$j#+(m zJD2w$1GwCqcKQ@OBuSMAIgvJgcxt_L?=QpdtJ-2A#SQ82zfjex3VH=TfcIoU@V_q=7Wx?-9O~ z_mLV#z*S$tj@ln0R1r=R137&MsAs+7u73Q1K7MV1axaTk5!QMoOPC8StY2D$loITeBrH|2$F?r*4}~w9lBF&jKjU75t$zjC38KG^XBb$Eejp3%nZL zIxKqozuaP?{Jl;q1=f5SaGn(E0*v-3kzZh^;;0zwOnmDJA9<+uW%ooGTyTY{o{gsl z52{UbJyoQYR^~!bIagGr&?L^URM+IwuPE@VEZXC+2?VQGE;NzWu*Slwodf_BKhy{Ug!Ci+_sMZ3w26>6(J zRYJHqDdPmUi%I@Q|7t$)9S5Yb)Nfs$@69(>GuW_5KkZxW4>E7WFcWWjuV^N=wQggY zk(wQFG^xj0O*eJbrjml=%WuHS2y82`P59|k5}SrILDCCo;cyiV4b)-VxK6nyuCBoJ zh(zbH6gyi# z`AV?(%#w58f5A2yz5IX(bc(N^s z?8e#UTR1h?cVADDpr`OJK|B?LcU-iQfcEoYg(wki?pkT7weH4Vcb|Q98RQFz3Xu~5 zsxaer8v7_(#I23`b;pIuZ1c_F7>SqdTHmVm&~f=w-4I`q{aW7zFnDgBbexO!HysTw z%NGSBXajkxV;u<3S=eru$`=4>px6z`rc^J1kW%qK?c6CYiz)ipTN@Tp&i{#ngpir| znYAY+&x*|4#M_;dZ?k)8K7$g#LLco7N z5R*tNChA8G#!dM6ZZP$>1fbsvg11GeKxzkK^zu5}gyE7=FOt6c+S`YaVV{ypP<{k? z)TBJvCwb&bPNyScJv<;UK3W0EIkeSaw&s8uIH-GYmUNtyMWy8W8&N~FF}aZ4){_|E zeqSJozD;A#Zjy_^oN6Bz>gJpD=ocXfa!?|V!$RUfC+fguPtZsyYcyWe7#a~SF}S`V zWMv-vnK%#YteD5LZ50ELX|s!UMM!~!G-M`>*I}#IZUjuqh13q|C11FxbIHZn{y9rK zc_Vn}GVfhn<+c@viu8nhRwoC%Ik#!Tj>= zyq~Tq-)8BKa7@;zds~fqqq34i$tK zc-=O-JD(xl9glLyrfCjT&ULbE$S-u2o-xxvB(wGu>|jAVF@OJanaU(dFvNaLC|*q*CPUq7T;GH+*m!;_Bq2?YLPh z%?d?JXO2B4rqkW{C&m3)-B*Hq5!g%x^vIZ)THaVjE4AG$Pq^^KZbl#h=yLPwhWNm$ zwplF3o#hq4Zf`=S4mmP6!Pgxv7Ml-U;TnC-MZDymILbpt8}+tdf@t7Ak!Ye9p&KZ@}w zk)b;*duB>nIg-5JdjaK1SIl~3u5CaQBJey1$V>;I;3qJC&d22_4jF z;{eZ6aXvwS!~!S31%NZDb(0K_P4-Fgz^!h(o||vaPZ4hvXRsj|*JqalUp{G@c$|1K z1~oR|nputgkbyvlIzM6lbq<(q^Y*guRrw`SeAGhZ1h=qzF>@2ORi3Oh-s22kljQMK z2|bAMpQ1VNcWR(FFVl`DU2v3|1n!}=&m2|1wzd9qeNSC|=ydrPU7b-8)m!mOrfe4n z96J*l#akRqZ-a6MF(%C%DSmjYcWBLFt=14^I>$+t_Dd0=B+Y>|#{9nRBY*3$0v><} zj$}y!ewV-um?heOew_^F8msXeIyJUQx%-?S>iu#Wy*xcW9IWB zH7xEz2zn=be4)MZHxjOJs4E28vop!ya#l+YvoV|ENNBDV(e}ewL)?^Wfz1=2dRS-W z+!pzcRLa){_xe-uXLBA(3y$cYB*n^*yf`II3Dov4q&&(2a6+;go()Apk?O$pUonqOI?@C0W7+7y4m z3EYWoLo~*LZ&oqFJ(WJn*!E4Ap&gav_0)8vipNJic+THg!;IieseAosFNF`r9GKB3 z4nYRMQ;F>Z(n+e_7I8g^syCofjOikVFoc$^#Jj_D`2fGi)C@Vjng+te_-`hcXV7A4 ztPv5S9DP|?4uMj$h~^JW3Cq#8;3;duHyt)XahBXR3wP#Z^&@7&wOU%#jcr^#K30Ac zUupstgKu5xTu(^S&}*i{pSaw$&y%Z@RJr)HvKG`>Ke&ZeP4z?mY64~qsZ0t9yA+Ni z-0Xx2o!4_$6Eqedm9h#G^{_oQEnFJ}KuYs~o@Ul+9H)j$U8_-*TVK)Ky!ew{lD0`0 zul2-&QxCnaRoPH3Z5z~C)f1!W+EI3#5}8O%(de>7hg1&b4Tv{>UdjKdZvSO&-w+lS zR7IKq;9`@>IVfR!{F1dgwHH9;wK;xVIpeqfAIK_(i@)#L#h^r#Au>%kpU74&s)K(j zPf0}{YSq#(Y=*CBaR&#gq({3w8U0jOU(&B%dYbN_?-GvqAUqrkj^I4f-&eOHLYO%1 z)i=sL_DYUp7aGOzu9xr*IMRy{&An9GY`v`ZOxw&nb#K>RC4I$6{p>zjTX$fme&SA; zA(o3uu|eL7?hf;9iz)EkYvOak zKU2UxjIECxzBg*D`_10ITS}X9`GpXz1&tv>++uc5ilTeQXHp7yAAY*UJ9zQ3DBkaY zRyEIR-COFo8kFa!fc&54vkJ+{ABTNbu9W0AP`{+0;^c$Hos{pPupN8H#EUOQWv}dU z%d(<+Ta^7(*K6HN9em3fKzpJ}Oz{BDHLieyBt`+#Wxe zwJ@i2>8cH|Qt3Z_JQfP+8v9XBZpB#A;e_Ty+bOjo{#Yef*4?DjSK$j!_RUn%PXYdk zxQ=;pQi$Ts+!O*guGDALPH9ph77fvyn^5MQmSPssjaA+K?l9QRrZJTH!<YEE?0`v`}yj1Zd_WbFTvO)jozMO9Lm20)PAs!^RBcl-P z0vnNb2HLN+*Ydq>5*rM%_G>s-_d`1h@<);A(w6#yi{pn{pY25VKgX+M-gj^96T4?; zDGr`4yCpnE`RT;|5U<O zHwoCz{1Na#!gYQvkd3HplMy#o3rR|HXh(vIR3odhL@oPy*Jk~k>7bEJh_O{^3M3he zA;7t{Vq;b5M;n)gNS^@S$Y$F>lSfTDTjvg`zRL5=&LE*yve>5wpofK7T_QY|0cnvv z&|&HVcH|S!32nL#C3&dfvhw3DGzOmmi!m|ddYs;?kAFsip2DWatB_CD3&ElO=7yCW zf_hcvmdKW#Eu?z0nkkI=>=+Su!GH5~F=S(jlRnp)ug-FlYW?L+noix;_N~;>uwE4S zCWA@~2y@$cxLfPf_y6zyA0-=`{C^@GeBFoPOjXzj@T7&+=$_<4O$2fI_ahAiKF2D zS7^cF_Kq6=8m~gAm_7krd<&p{CSB6g%~)E!?kAaeu~*dP2)}o? zXi%i>RjM!nG`S`Trg0I_Y+f1qr-ym#`D9N9nx%FhQ?7;T2#X?>6TISXes{J&s{_Ti zZnYf#fU1OO-VShpI>Qt0UzEGvxxqQ}5UhHsoP0DR%Ikxz#u>tH)BDva$kFUIY_;?) zm5@~RZu&>mLO(PJ??hf4FH~ba&gDh-3w}MD7T^Nc-m%2qgF85B*C7}*BOYfxF52Jg zOZ{_8dnFT$M`Z(hpnRgBXu4a-TzVoqlXAh=689MEaNfK8d=ns60grt>Y4%9~`3aQw z07!|T)HC79MpE&!1F-k=FA8`ub+#SoK(ZG=RIhQlB5?ODW3?Hh4*UH*I#MhbzpBt} zhM>lnN@%w}(V^nt5LAZL8-8!Y`GW_PYMKrh;ME}5OlOOFKS-w7Y#Up!@C~8k`sV-g z7!i^&4$MAS3zM;!&66fagQx#`wv_6VD{&u@(3r>npq;@athFaL62g%q)xI9uyY?w0 zJH^JJM6I$G<$G5(xX4LZ3T~YC+-G~L5oKDBYQDMOu#52`v?nhs>`VlZin`4LkdV)E zwA-euVk&td57%!$u+}<9S}!nBuLLs^7o`%s6IAJyKyq!BigJY)*gUk%LAE_sDhY@6 z`KS@Ti6rIboO3TR*`~Ytz9}ub=xpD4#y!}is@Z-Ew(Y##y2FwKv5(+`6!Y;;5~0P9 zndRSbaG%rHykO!;fQ8M4*#!4q>8*sEr`+%&sp=oYVf%1zQvFe zgxsB++h9jrbbp1Rqh66X-akI%wQKTM^<$;;+F+(DIFrhrAjs9NNR1lj(a!;sVtrgh zT+1oj*CiIN72xU9#xQiiA|NHaZ@}$U3W22^6K8nRUy(c&$hO<1Ol&)J)P0rpQ155OD11(G&MCH^#*NU&(!^|W&<;;6Jto8 zOiu9Ahm4Lp+na*9nVFef%d@&p8g#6%@(sl-H?Ol_03G?<{CrPWICf8?%Y66Ons%Dt zyLE2TtaNb_oETU+*EoE&`QBf_G%^k_~G^_8XXi=+PaQP zicaG;Ds?~K8BbM_#+sH6ymFsy^@CmQeXZ$k@!Ib`T>P1$_DPj`V4|$M4vNwXNi7&g z%P0}gu!$n{%e2{a+1${Zo)sadXDuaA#^loEvh52Tcw|#U?x{o+n3w-6bVB6v0llBG zojNU9PK>sta1<7hCv4!aGdhTLbad*Yce6tL$5BN-cHhb@QI}WDx4l%B5%f~t=jS!w z$jC6a#tIZy(VJy>gBkq9qcXS7SJO4Y6ifd5Rkd!*?X2l!8D?)uR(~u9Oa1v>&r#ws zTg%jXy_IGCtJ=IGXySvPo(x0YsmOB-d%o=L3q!G*vTr44{gY?k{Am5&e6NsP`0*}2 zr@<`HP~`$`I|O`$vT>da(FwF->@~G@bs)_wQQm*MrEqE?cIv%B(l^uC-xcj09B_+N z5?i0~SQ*V^S0;+4kDA1OFc>ajiHi!ocTLS1x#uiK{l?KZ~t#N|5Su?YUfCbB#>IaYehRI zzkfU3r@%5u-cr3bocQRfc{^9*05&AP1G~FA*|ou_d;C*Bswa!Hjff@JzuwLZk%{GS z5uzNJU{Dwapd*!X_E!8tPWw3==*veJejf&-#Uht|R3#F04M>q;T)4W=`Y^Q3!KX8loJKJI_D1<0!*}$*fC;p1N zVs`I%xTu+Yrsw;$At}G@aw$OFJrkcfQZ>dX+CF68boo^w9ETUJ--FS!$@=#878s<5rkFacF@@=xxCaC5od@-#=xj!PNwbkk_-&q>@M^%R6&aB7N3g z3KEMjSKNj1$`^J1!+yNb0I1u3|94*hXP}jD6@S~g-WM^yDa8*bfn4F`Wc4$ZyrEt~ z=ymSuTu+NYSRo>L^+HWpU?KxrKCKeWpA18gfv&5TZ>k#D!05~Y_s9Fo=;iC2W!$sv z(IZk^T$uxbYNzUE_O$CCkAIg-Z(^oKLmtjHD8BW^i8IyWP%89;NmyHTTFo)hve1J) zJ|weQW9Vtkc@(WHj?a>x9U1JVj2H8CE6Yv$UHl7Tf z%$~qclt?v!GZQys!1?u|*qh2OmmiDi6K|fi>bE+eF-hp>l;4uRz-pBFEtv*bS!AMgj%KE77E>_?Ybiwm zR=X7MR*6G0F<*?5Kiyb5x$JnnKc)&fp<0DJoSK%fap02Iv4{vQxU_67v%N! z6jL4)sqNQT+;118W&~VcRfvS%u+S3&j>tnFdt~o=SeMS_fiCVtc8ukN=unok61x5O zM{So;A(uxF=2xSS*Ro~a$Elm4u*c7JIvM#M)KECJnLjR%O0J74m^DJN@Fg^;Ld}x| zKhaD3HbT#uBS{d4PkxuI>ATaf(tz}it6u(z@K?SOI3nGV+tFpQMuTl5hF@Q^t+M5{ zfYmjF8hsp+cwZk%v9!ljY*omdka3{^4q2j2*n{_ahgI*1Dsv(L)+Jz6@i-q$RjwH_ zlrD4$Ayph;Osou_d$OfPKSAn*K}B3iK0gf>84h}PNQ#a(`n!C$CFU>^7}d~|-H`at zU1s0|-*?-y)H=t%CnifGV<80GX@vS?A~Xsspe5V3I5=jxqoBfGiS91S{b+{ZOvEQ} zWBP9kWlT~Q1o6k-!M9)2T#O>3v6D!+8ZCY+loDM0CS%XJK@4RHH=2?fW73RfLV<;a zZiuv7RI!uk>#%;1=~yL;L(HF{&q9-Q#&(BWoT zr;r@PH4yoQ2&@6#5#ZJ5EEMW+&iZNzEt8>+FJvFD+Jn6Wu?*a-=eWWKQ+D93n7 zIbgCjjjdeWUg#cYDLoo#WrmhPh$#i8aIle<8&U0KYIJ}sCAC5(UDE7rhwG*a4kl)` zD|=NGnE-C~z?$wF{eOgEjF#oC$V%uO`2bp{+fqVrY`wbO&Xjv&F1(=wxi1fz9z{8# zU61=t$rmyzYESw>xj}bg_VXNkI0jnl$aXGEk0bLUWu5+rlU8{1pHbZ2WNu@ogsS_A z%yji0w~oa+M>%g|tb?k1wRd@u@bokw7HfA;u^cQy$dGQZuxsGIP=!RExz z&rqpFiTUukrx($k3KlZ}X!Y~j=vf`c84r>1eIU=#^5$(0>xt(datQe2VOJPINQspu z4`*T5?nLa&=m=QiF|NbU)5jY&(C?~Z0^d!9eLPg!B~5TNr#4%6`ikbRtSihbRPpV z3~O*xKcGP`wTacO-#&u^dqQ7M>?=pbVVug=*B7IMSAL@cmok3W7?<+g&B_0M3B%H6 zbxr!7DD8W8ltuyBR5rH8O6DcWnN)de%re@H$0B|q)~rtA%xvU1@+VAt?}N3<=8_-I ztcc_Lx*bThE_$}NS5{U8NS>1DC2mG=Rne4FhqArAq8fM;g|oYjK^#|SWMCJ!!3oL?(XhQpF$Uh7GTps zMk5q2wccP1=5t3<5|X^8B;-f`@}V&-`tq47Yu)tD*Eg^7O{hlEh}*XBM>MRMYC4}< zq)s`zC+u78zXtH_d{AmMu>ac2^wmFfx_i@zmC_jff9BMzzJC7V--mnCV)Bm;G$dc* ziCa#W6N>y$CiwRTC|MRKUeqAP$W$NWEBA|kq=CTYW&$I}C|(841JYWpD+6kHjM-4u zXbRxp_ai3KLRgnKRpgUnGmQYcV#mlYt=MRKfHaW$UvVN3k;8_W%1+nicIn=0p8{X6 z*8u?m{;F)U1f8INhppPSV&5QFPD5j3qx;@eg{RqE)D08lx_IB%Wjr`n^}eNO2?(} zv^tItz!(Ki@hzXXX{Fy5Fn8fSE2$okeEITaqItqFH*@)i zA<#==#t(=IeM`{L&wovx!mexJH}@pxYwiS>Db17^%CV>+rxiXx4b>E33^3H1QfB!L zWwQ)C>8%aCKJ{$%Jy|FJ4 zSvRg?!Op>uf(cyJZ$UCM4WgKZpQjn+Atc!$UThmJz8@wUHRkmsxBciR&{gLrOYh6VA~ zh6*)G!#F%WMV4y|U-i&rG_xSOLH?)nL=3n}Zz{F(<%~xO(gt0}ao@%+M)A|s{)>E? z26+rqAxOEq@~41me>v2@iJ_F3q4fGjuKc;9g4LNaD`PeIg_0RBz5^VzHNZUnhnv%K zB%|+p;lva|QJX*)AJ?SSc?WH-)q;Gb5+z>@{=-fi;~qbfp8bcT315T;p@DPHzvyy{ z-M25Xpe#EMpj_bBsDEgt`P z(My+CSWt&?-!6C6#Cb*jDH*!^0GPu$nem~|&8``Go^74(veh>Iawe_6cvZ=3BW?dL z3p4X{hpo0%JU7pIog%`&4s0;r-uRCtAD}-BK1%VqJ7o@1q70o*fX1UICO}`N4KuxJ z^zp>&(CwTsiEkNUdta--W<){XPqgL?-z-A6 zn`%VR(-mfmt}o{0+5qIy{gL7sLE5<$wc^7JyN!z_w_JtqhVAbg_SYuBsrEgtb~^j; z#V0q03^bD^g>`9-sOGI1hW|9OYp}ieU!&Kdp^`}rE4Jb^vPnHw#%8(GV~S8H*1!kg zh@K>;Wmuu$hn=y;2%Y8ow(M*D4DadX%|?#%X0^B9ftVLwAWp><=D2J9+!iAnXY{D> z6=!t5rUir`o+Qy&r&2wq!$&YvWtwruRzRetKFam?7~H0Af{)hq^7(>JX(OF~ge%>> zpTk1-Nq#^MT;W=Bqz+x4?@mgeP0qa!Y+e^cca+JHw^pH$(^`iyhq1P2 z)n1Uiu)%y*CvSW_K!P`72;?klA)8*9)R)YqM>S~4jHS=rmX67|jEjask=&r78V%(G z0Z|)dwTDHe`6(yL__Ud8<_p?eHNQ7#>wHDRnizwp5Z-j^#oYe7A>{GF{m*QjMK{wp zBeG}nwoNsWPTip)QXoa;O@#Y$d(c19zPiz$qMpoW=*jwSVV_k1iN?o~|KM{lAH|$4 z(Anph=ti&R793RNrs{InTsLGekOPXqwtRx8jgg7{0cXQv zlYti(+!GCK7O$3`r{*eJI-o~27|xn1BZv+ zq#AR%+}~WRR{dDQ!zQ9ri?Uz_qqC(2Jk}5!1*;!{GJ)bHDUW~W-8e{HU0sR(W$6@N zq6M1L8aA!Zf^2Xak^i>ad2Hg3_44F`q|G7(RzZ_LTHl=lGL)k0K1F8=5k=(O=7}u_ z!W`pUFy|%~073^7478$*|3r!x76#k z@+Ved_T&62^d#kI$%eL{^vWaEoL|Z+7r}hKr$2w z+d`Qcnh8LbbNv>HK_(w*#^Zni0r*^tUz}>PK|LLbKuo#wDmug z3$it^{LJZJ{!Pin7qq{tX{Ln^>8N6urtj0Bop9Le+B_&6o`!mRyA{10GDB#tzS{H?k$o?9sG}c?8)g-~f05arWC=yG*00tg+v4;7YJYFR|W+I*v!vXwcB+ulGDS3>O z_ZB@+^wvwQe*fYV)m?ZjTE%fiUB)>u#L(ku@b|M_u6o!=kTwQ}FS@~zWqHApJmxLJ zvBb2`7rCvtoFl8eCUu9n%6;%}OD=-L14WJA;q=e*12sm_y zf`Ec_h_tja^pJyqfPf&4(v1Rw(p?JDq9UE5bjRDryY9Vj-SysD@9`hZ%;C&A`|SOF zzuGKr88ZGpb^B9}3Ei^K{`}C-Y735b1vLL!GOH#&G`AbwpwX#%#u**~*0T|QXe2BPU z_glXGYqkC_&b5!`aT<-Kyd7K(78@W@!2gDGHdi(nJ#{M2R{OXp;t;OZowk(8GuMtf zO3c&lipb_LYCieYoYujxrCJHsTH1V{b;j?k9TJ-2Mk7LmzSq@bc)e6kW_1@YI>slx zzkNAHD(;tTUU~3L%C-}p2*u|#DWmrd4Pg1)(XVO2?_#oSiQ^z6Cj6dT(Xg%I4GbN_ zwb${xp7LgLS%qC<%S30lKjl>j5oUk+BP&-1Uqd=H+5;^zl{}+Xw_^Mz%x+lF_!F#Y zDcDZ;Rc+9=cVBfk-M0Xn5?Yj%lL?*9D>tfLIa+NoN5159I=)Kh&u3qkGkpb}e-6vq zrJK0gmBOa1@0bM~Es6>?ST^X^cGV;Ly>ay1i}fF(4Tr_GA9{3pz-^D~q=w$lFqnSdNd(e~li@g>d zL|YcV$pVHjM0_q1$sMfd4|^>|%*Wm)HG|Q8C4=E1!P@Y>E;F2ZyQmBSSNl>vTDFlny=+W{%o^HPLk>#N;%O4;3w!>eZG7c;LTS=$tltJ_^*4Xtt3 zl!9xXs!crQ#@F;EhV3mB*=H83`g%W4oW+N^B={!&Xl{VuR02wLoRaEZk*cis_tCF) zL4JMq{l?#i5(|Weiz+<(mNu?T<)YuHnog-6QrW}ePu}7rS7Dzsq!>tD%TZJ-ieB5> z3vLvNITWi*df-%x@tkP%hXrS^&bI7QPbQoB@Jb7Zdb2SR^P9o-9V+Rbwxrl9GV7%9 zDX0cA%@cBPcF0~F4JP2&`XEjJ$K+J=P_@I$j2*E+@wNEb`;~z4t3MeIpWWTWyHZN9 zO-^M_W_hBdf;TGZ97*_%gKSF75Eqf+~4PT-Gni#9d2N*gwrKd2{UAg9&I>bu5-Ab4CQ2#qZX_Z`dCQ9>>w(_ZvuaRx;RK zzs!fta|!P|KpmOgs8ARc-$+6x%W&3|5T$MYP9nlI`{$91uiZ9Blx0ajv>q6P-HvR? z3Yr*O6YvOisO#HU4(8rfFchTy5kxd;Ui02fUn>Vjo;^Lu(qH(94`V1ng2aKWNF9!R(8;2E7GjWi>=E6l%xFawsH+1%m#*X z^@)DBn&G)a)SZZEZ%wv7Ww9~~XaO}5&j}apQF9IrR$x*W+1z}`R-G+`Eu-zDp47NP z@9&5wsbaXtSojYoNZstWq&Do?%QmXc;m4MZmk@yJCEuv1-WNg_v;_Vyq+&iG6=~LU z_+|#|5=Fqn8In5rd^}rGW2g`wo5xlt7v1p-yapf*k)z|Kjlq9pZ^NQRs8z6 zM3+lGCif7(1Z#jVa1$@b7WEL_==A2LHH7C2FNil+#N7@UD<-_(tUSO@?b*p*k@V|= z!!GAP4pSafmb@WEZihwRPYToBD&xE_RGAmmB^l+jH1PVWq1`a_&zQ`{uAr&3>vEc-^+N`3gHICg|y!?s`m3O|_*kcXwRQHu0 zL_Gsw2vmYYyrXA&^Y3q9WQ<`&3uJ%N%Le$RNc%noc_V8WE}|jQHGTKAy2r3rv-Y^% zK{uHf8qvK_x0291La0XSN%@Mkk+t#V6f3suI3nGUQy}w2jdzlX9Jr$dnorg>L#pL| zaoxk@84!R=_V4am{U0gg7KrxkBD>TGtKE&alPF1zLNFpl5fA?Lq&uHM zOX(Mg`+IfOrkC~scztQO<>J@{Q;EBxrh2h=Syn?LOXs^9aQ1I&%xIq!EIhmeRgz zT2SemWopY=Y}A8Ggi2Ns!j4H#prOw!rHw2r-t`$;)gUSTvw8y;l{b5bMq_0AU9hOL z{c@ohQe$LiXL$caV{ra_*ehKxwcL7&hxr3oQm2;jDQV*c&cuS7VDo9LZoK3;Dgu3 zh`H~k69d;f`Niqr1=IOR;IZ~BqWMsn+N8FKid9J!yIn2jG+D`6h>@~V!E8@XKR_;$ zP~TG$bcuSp+i1Sc%bml?4A&gyoC_BHl9raHHy}AgG0%bm6WAEbDr_oG;Dx%a=}Ih= zGF47-`E!V}4reMgI`pa=Fxjd~0EYVpfjP)SGJOB|PG2&PEuFe#e}DffoO`jqWYNTo zf00Urq!N9H>(>pi zhUD+li(-=wS#RJFbG0Bj0fNjn`_0d9My>(gye*uZ@n7=^6;Dv80@5-+6Lu9907$y_ zok3X^Gf>KH9ZN47*7OfS zS2S`+cWYzG=5;~`UCvT^?KQRjFf;ZFzp1Yu?FPVicgPB7QT`YU1svN59nf(V z2rmC9Iopa2WRf}C9f6p4(I)_`G;8<_L7PB_aCL-h7O=Raz&vT0BH?C5C+48LVp{w*J1E~&zXOPa2W=iKH zG`L~5f*V>C;VtZ`Ra6TAO{Aq&hQNkuL%NBSzA8D9G zVtpJ4uu8B3t=H5@ptJFOQFo8_tHKbx8)5E;lFs87dRbaFC3EUA7)9cw0`_B6V&|LUZZ{PmgAcE=fPRaF< zrTwb7Y0t7%VBT;DK^#OZe!{2Uvd$hpw@0`sw@|GEUwQ%N(jwGRN}QeqUi?i^=9U3v&M?P1I4Vqz-VA6!&zpQ4v{@_6Bm*383&Zpk-AirT9qv72eOvoE^Qd}L8 z%~tL7>)p@(GrccV2LLYTcGJJ;kjomC_1U%CR{Az>qnYZPk2VZr<#^eF<3$P|V7>|F zX8@oj7d2B)y+V|uJit5n>gM+@r-zOK{~l#|nn@ELtOq6xXNe>TR>O>4kJD~3=FISY z9e8mNnDxhHj!Ncu<*oYRX22FJmEa#2_EPV6PVyWta8qDZ#W$!o-1+l$Zp*zi;^Qc{ zJx~@|Z!2KvFVFF7r^#%!*fR<-fKG2sJ77Cu^UtTh`R9}8%DY=W^#&&+S?8jrWUd#< zQs^IHb?m!G$6(Paa$b9L?{C!_@fajD&FS9p`AnT;b#sWhO5nF$4`Wjiy}^ zSB{=^gG{Xr6_-^XM;A^IZ&so5FqQ0RRNi6>$s57_9RBWlw9dBhwZ&fR69itDwN1n5 z^?c?AD_HzfI)Yz~dDGGdKN4Wfv4^&@Cl7Dz3@K7x&*|37W9gt7d**E-ZDx1ke&zOne z=y}p(Fg(QR^|6FXVL?GXjD$6OY<+|(-}8yzu4&MX-4(p+jay(V1qRFQyhXJFXJ#6X zawZx(#vHDpXJ#sA^SmYeIn^?F@FzM9@-}uvbmrzew;&Z={n@LH#S|U;%cd3;SBc+- zQd$CpS46ZG)ygZMHAESLbRPMQeW^ICh219&6fWUNyGy@5 z4z-u8U~41!%1FiDgDUhUl9n91=qT>D81^^sr3ygQMXG1;bf*2zCJA4TE`{M|l2V|tOIBPF z&@fUP(%0xN_Ox1D1a0eC4Pe|JTl8$W7Tx(n89+$R9d&ElUQ+^LhRaNptpUU#2pY$-lK&%w-M zPab+f8h$^3g%Q;ma(#)Ax})Zg+}J7Y*2KnFM(~;${QlVhkL>lnik#W6FCVP$H|7Hd zby)+DJX#yrUW?#n=kHsP9s=vX zy2-_H#f8)p&=3gXBvwmq8?@i1 z0GDQ?lfhccIXL15cFdRD+xxyyX5pT#lY{Rrl?)m5z(#c3pAlYV?x6l@l)nTMH+Oxp z=O6&RK*;{QkhXGQH4tR7I$Vb)(g#S}}eGYl9R(n7$G;ssvi zERO%nOMH9cCr{Q-NS*ll*T-Hwu5l7DsA+N7B4&DT2NNjmtE?QmDk?(+ej+L;-z`4Z zj6JzBOkj^+`(dguih%DiH3pz+ZD3*>wn*lGNS*1o-7D-e-H>R&t9>sj-x4SyZ$VN+ ze>M#0Vx(994R)vsfR-&oP?N-VYt9(v=$4w)-_%MKEjlKoO*S`Ui+Tq7ok{?^dZHah zd1Rrht{4ZDd!dmu++1aIAFS~*6!?gl-qL^p52K}vtu>EjlB9n6dy?t}luzW@2@!=W zK^s}OpFQ#64MQg4uPR@!$pM{F6@2qiBs~$fvt)EE65Q^-HcGr~!eeEzRRVpDicr|U zz_{v4`;q)gxA`tlttC(c0s-Wr2Du@A$t9?bp`Ti@wb6!$;-s(*a><4cv0?iEEKCxl%r5kl{m#`%YU!5@wK6=a4VRru7?GdJsemacW| z*>fLBWZlT_&q)n@C>K8fQ~DyDRgwY6dd?pABS^1r#|DuP>Q>7#FCtr|H_p1Z9Cpu zZwExsh~B^rf*S^@mye#-)_%ZN|DZ8=J?weUXBy$3)H{OP+1h<(CRL7>m5o4aFLdW^ zB-Q>zoGlg!)Wj!D@RntOKcz9&jq7G$!DBEU>VD+r(b z5wtk#p527DBICt->kV|73pIZxt2iJrGRO(!Nk?ODI!!l7`t6MwtkMx^NMpuE`(se6 z>DIZJ?bqDdVrJWq(t8sm;u>Y~X~GY&=2Nh>8{>7OT#Jw}dP;`{BwbcACz*nNKD2k=?1J%NlRVBa^!B_{fNltDU)1bYPhK zXb4t!2}@<%PYhJ>sBNQ9=Vx#bmEt#N>!?D|YB}58{tF`<=EFdcH zUe^90!&O&)dEdn(gO^0IfD)`;ipGj>|K%8|uu^EEtyaeJ zqHiL_UfUTif^3zz|6*_ph>h=TY#p>8-$Zs5i_J}(tHv-SEfs zzv}XFHJ`H(k^vw7YbZ}Q+o4rP7-&{SW#~O$P+i{Uz3slxBMh;2KOhu(VK$|s^aiOran^&MUUKlL9 zn=BXefn zJg|7jxw4@ckl`h*lIdl2cQ?Wtm|8bx2LZ0qKB6s~(ZPbP+Z#95!z`Tv*-q}Ifvg~& zhOI6}^+dP<+HlH>GzkR5iO4L)B6?~ijdO`9S&)uE<2>X7+TEC{yu9ms5yWoyf{t=n*+3c zo|rY+!u+@Q=hbh263mD!ya`2Ze?t*<$=%*nmRzf95(bo=C#pS#r~UM>6zED)G;S8+ zN3{-opg|o{n|6ToxoM5IgAkTe)<}+UM3uZ9s<>E_dCIB;{?-SoKp-tMy=fo22A#CEQuaWJeebf-O_|gbiTv8<;&s21iBNi%rUlI6;|da965n z2jb_m&UXvc`RiG&OibWa;?+B#yyFsL##$o>WiR}w)dkae2A4a3QD>3*S0X{+Ucg#f z0B<)THGBWZcQkU0(IGX9bK%FOKr;G^!f^n7$V4xTFfk#6TrWwv=2+!TVI6Nq16_;7 z82m1s?gckla%}7ST=VS}#=kT?+C!+zM#hbat&{AJ=#0pIgIJ)KD>2Ns#ed4$yaNs! zT^WT|KPr1AJghdA_$lHPV3W8_Xx10Id?!s3jdvJ?x z#MVt(w4_peRlGK`Ek@^GjR`TY!-TL*hAaYW#gxf+UB-%{km&^U)Cue5p9E`KAKcz) z2BR=xWk$dwr(jTTE=0DR`gv+*09ZNp-!yaFL$VzzVL z)*uKoQ$L@xgK@q4JvvsraPSZ+&pfv}j9#kx!|q#K4g6+jO)bSkD8Twe%*V0rIMG0& z-OjKpfyqqo#Z4MkT>9y(Z(w2j_?n?^Z5CAKyo%S~MigGUe9ijBq^a*lO|LM-vG>kQ zKmG1J8+*PI`*OAbX`O>ac@fjyC*yzf{6k0~d<2OUS`KpSK6%63AkC%qYqXP8R#;ukNg)Qc;SJ!s`m+jyNdZFqwM%q?D!`^pDYC9{}H^Dj@J?6lPJPk7dH^OjuyQ z6q|}-w=$6vrtK4^=wQY!v4=i2)Si+br5ExDguD=`y0NHu%4n?E#1D1bpLLaQn9TUs z2mRpcGdoIt^eon@7WT>Fh3!)!v`el2exVP~AjzLAmPqqb^o?nnHxc(ZOem=aWCPr9ZpOJP83!<~or(&vQL-qW#1L%@Tn^9+SvSV*W1`Shq!EZ#PyBIAWpCo$1 zHb5{DDHN1eHyh6Q@~dhoob~vv^V(by`{k)=&hz~b%^6ee1PPUENX~BW7Gi=OHkMiW z6)F}%(G`{o`YQIAD)#-|uorvJ38GDdNoI zi(g&DfDhXM)6O?=Sf3FYo0Qwu%dnkn&>xpwHm2O>p2PI^y z3ergk+Zn|=b4T3*)siIs07ouN@nWRqEpEnUuBIvjR}gY(tCA`>>JlrzQ$Kqsohg~L zf(9eq{NI3sPqUDt=1o`}`xRo&y&x}E))rh2GSMnVc;6}Mos4%Qh?ytN$#n@$K(U*6 z_e9eRMQuliJ*6@hw5t=Ab2ao>!cDqnB?V>M8K=I(3E+n=_cct?+LCYnsmr$bp6=;< zhX#HJc4d|TtuKhb>GPUq-tvbNuZYmG{K9K)59_i*MaiySRIrL{^j^lZX>|{-jJf7AJ{RSJ4PBfhS}f>OS;u)(Ig8!J3FRz(Az zpoy;ZtDDGgMtO}9NFScD0?MVZXWa2`0y|Q-)CTDJ6nYz0vW|qgy2=HfG~7Q{+J$SE zT}RO1kQ>_(L5OGrttL=tzU)p#87QUhbrC!+qkoG$v@#ipe_CgkZ7OKDS@)1;YAzk) zA+P8^rC>oX;@Hwj=8p;x#2Lzt2R%Jvf_rpDKl@BbieN28OpCHd551!WWfAX#a+BA; zAAkm?=nlTRlkE1)6_wJLiO=~gqDkodu-NWOD~sOw6u+gmdL8LJ;A)rm+7ukSd^yVl zfBxP>;Dc);^0rIl$l5A4p>WoT^@N3zGKRj22-<8Zdb?#0^c9Ma;5S1fMUSohS|pD~ z*%mMiAzfN5*|n0kCPprOMJ`jEc6SG~&n|iCgA{#zq#TMs{Km6u488+ItmrDRL%kwa3~TMCvzih1yZJH+|82j7@VlGY9esK-UE=i% zTj^CIh!#H7BhfM};6X(+Kbk}W}T(YWf6UJOli(#YKJmx+YZB@pBtv&q2 zcDY6!sY5%M=%yoEQBV&TLFj1RX5g-raaw<$1j4*OwRqbp0!?FzLw2%Qn?w@BjcBHv zmll3Dm0tYTgOiV1@a9Xm^eA`~O@}4F5T>xYv75@PWcp2Uv8*J>$;fX|>xHLyqP0jU zj$p@ZIx5x#wNL7^diQx3M~ODR-dd#p0DJy1Rgc2H<%gFRMh9cHcQ5sB>HaF?RzVp$ z%M+;fBMgrQjOWxP#}lM-?M+3AYT8pq5j#q9_6CbR)@i2NH}zuCdnHXg0303zU2Lc8 zETPq;MAr&lSCkGfT@=}^F8#Skd1W{!ZM4CgOQUR;_IkP}6SUKAcBSjR_;{rhZ_%a) zyA2!O8?BnkmRVji-zaSA%JrBUI!r;J{EI2^y?}<&UUN_VE&1Bl0$BL==)6hRb^G)Y zahv-u#H+c|N1A0kYI0;&^xhEPsA%df@K?IG0q0SrA5Ky^$&K$$A7$ASrDcs7eD2xj zcK1>r&roxpMo$b%k>I@1I(heRlW4gp0=>}j-81L|d@GLTzyf8J?JfLut~c(+E1jMm zh`%+;Cirn>gis1`qHwH3a_rYrBnwc^QeA~E_(O?c+Gy)8Yrvrbt^dCHN4X(E+dK$` zc<}w@T3X4qCWf{HVR|V8!6YLk(5olmeIGP9^Xw;auPVzG9F1;yXAyJ~JGsrQ)^vay zQV{n8?@@#~$x=#h|MZhIvJ0&)rvAqgd*In@c`L#zXcl}wLI4X_L-u9MMe-;02)<%@ z3qB8`L&l&MjYl;W^^ksz-e)C)d_|$0W=v^}v=nVCfUK&G0bM_t^bp=tQLkn(gkdMd zz8k9>+-{b#lqVUh4gyELjPMsSKhBOw&7~Q8LuEtabe%}^*P1NC7&&=%hjPNPmEQ5hmbDvU zXV3l}#4`w-rcM%9Y%N0}5H5X%bx*Sc{Y(xiLyQ09Dbfj?vchL)s`r)ulnEbuJOsR& zT9ChQ<$AUjZ~YTY%(Q5mua!sv-&k{Coe(56ph#`P7)96Z-Zuo_L93i5)WNN-PnX{} z8vI&J5?Vb~rD+Esz5K$YEM7=A5naSveJwr8378d(AcOSiRa{YUp-SxdKdW>8%<8Nz zWi3OI5B76~j%VlG-&RO!L1?+Lov=A6f?X~E~8lubDDER+A=SN*DZcNpJ3aa!9% zAk!IK)KxxwT1^A4)93jA^dFCa0&~^3;;m|I)65yMd)tjNV;uz1SCQusyTxzbgk}~3 zdO4OpYR(ur^DP__L?8|ViZ z^6zF$?a*@X1_9Vl;k^a006@Om8n#N<-e*^_R~j+@!~r3VgPg^PhTklBued6mOW%Qu z#`aGjAV=DH?xU)zI(VB0TnLj4)>rP8$5-0J$u<9SerX*0;ahgOcsgV;Tr5ic7eg`a zJ0se!Kx~l2olrm;cUBO+i?uji?W(0bb9m1u$-5-z~Mk)1D9>YEID-#+)CVyem0les75OHy|79n6X>qrxb}-(MQ5=_p@{o-+}smz1hT8w5Qfurt?QJL zRC*aShk3Ao;2!XAi^PiO*tlzhV_9U8`y1a8M#jbo%f(r_?;-OG@W$7*xc}M%GVR%# z2{Y1*oxtA!DC^Jg>(!7)LHxvYY?h&)$#Xf^%>mVtY5^{A4^3a!2mphW*9X$}WCip_7x9y3|LFoWXR&+gG$UEg| z!_~|in~#LM!LvgF?Kd#(q^YU-Pv6?Y=C?r3D9$gf&L2PTJ&=M@Ul^}2XMu>|sd+le zSG7IHKo$*2cJu}wK$h_3e`LURN>{9h@mz_wB5yrM zT=6ag5$aEeaWase zZ(7`LxS3kN+@H!18j&O@YT{S{|F)fR$B)6p${RCY)2{90vqZ9o^3G`a88 z&Pu7yHpq`{{Wjm}?&Ved%jHjxj^BqK^e7Y%&#o>*zrm< zZ{G5ys#I{)VevF@LnSOfm&4EGGXC(xMOhd#oZ?%V*nPi1@QfoDt<$Nf1=1R{k-~E? z;P0hl454;^c3JiUgJA_qQp@GDR@vo>`knWi#xlg)|;aOxB@+*?0lBIIbupXe9g?(6H7Tv#;3iI^3zV zBsQX0CN@Vd+$%2axHYJFbrCfmreQ*Lr?14ckB3EqTSo~ zN59w-tEzg z>?K;B!Nya|Ot7%NTSLnAORX^G$^tJmXROAiQX58cR=v2MN_;(zB7OcVb&zLd5$v@! zrV*DvHShtOq!P`ua}}k14X}?W#C&i>dL~E(;*=ZPjiWhx-2PkAATv&tZ#F4egC3UP zv9>VBtHzxry4I(eRL5T2;oXaYtk+3+#{AAa(&d~!J*)WG>#Tyr{1s#iCA>*YrQxbt z7Eaz7K6qev!jv4Mj~$;VIZJ))u1S>VLd0-i!YKRpnf^4(fN=^OqHYu^Gh^kmybti~ zY^jGxpR({NH{+kQkqYe+|JKu%zVC(|t1U0r@|K6q^(B!CwQjyDgKD_L*Sf!DWvAYJ z4|eY$ma2e>?MNHaszr6YaT7|sB_N;o0S`PR`j?S+Z4e?8xb%T%rF0BiAOm4WVG==#xDl}AN!$sUuu{8W5{Phq>~I5txtdxFyN0ac=@Lpe2u=~_hA&5 zQ1V9i1&)UbTKaBZ1=ik>$a1A>Lx%1N0kc)KM)$7?%%5vf!}I4~c098Mf_Vfc%zrj* z=QQsQqmq}FyMf+KEQk4v31xBbl4+&#fPqEbU~jgUmyWtScJX=GNjdDrPQ!4^q*vJ6 zo#E4AkEFpJjo6dhgCiu>NwHPcCV^fjea(hGt0|g0K!Ofv%985~Uz7xk7w(fbUcG85 z?Y^MqV;uhksd&ADxH=`csz+qhI2BsY1>8;NQgn(DN%_ew8g&bMay8@<5pEFWHl`*N z#sIWq|D;)9C#8xHR{AA9H&wt(`3&_fA)TMc{iS<;ZaOF;E`edFRRa`@7|r3?_K1iXvILSFC=7$=fXk8)|-M851__(vhM# zOU!^q(w!Qd!(C8Wmg%q820;(;2>v?a4pf;uDAj?Ul1n<^F9kTTSnKm4h@DmwK8{5< zX>=GyVzxp9n$#$j7rPhM4K`1T6DF=_u+XrA^hmB4v;uJFYQJt^sVNcNzORDy=u%)z z%wt;E8&jE1-j4Jt-S6e*$@0nd0Mx7jO^w9_NOmAlv9Q_P$ucfkAW+V;ws2zLV=qbB zS`&-Ck;RhG-OuYC;g*>%g)x1xlhw(Qku4fLrJFgmAmPF%J4mpHDT?SKz+lGM@|hNs zv`ej%a+qTx&^4`~Ml-pyAeGHp+_|(zZP>tKmcUbSB}J|#n{Xqx!g#bvCiHx5H>p50 z%w$EQcjUPLZ-w9j2Ej*kmh{Px8C(UMV)eA+x5+K<8H6w4&-FcUtN9sXgZ{y|e`X2Zx*{j$C@+L1?9e>0kPLT7h0Q~3?!XY&1b&#q zJpMmf?Z6^1O4j4Y9cTzUc{O6GJM4rIie;6ZX-%e=U(ZEh+ zNl22`IRFN#*gevZqhPEmv;SpV@`@zO^sRtZLTxMxIu*AH3=Y@g7SL`8T9as$xi&ce z(ECCsLX8K&J^LS))MKf;t1(uXceIdmH6Ok9CT^c+HA<+7?jN`GGoIjg?@p1mqTO-_rnlo#IomGu?a*cKnxZ37ub`)h9(*fUwO?%Ux1Rk zy~+Qi4e~@6=@s~FgU7_g)Z*Y|B%N0;KlHVTZ8%V*=4Tlx7aTt4UBtvHUSHL-fb!xv zD*@+E`4qHeynn4|nAPaa#5>H80t*;0D$0?-P5kcc=)EHB1>Y>$(k^c$--A+Oh$dl} zgf>Nm!Vzk5C6+DV&01n1>2DGM>ZDDTkQ0=Bg9q9h7v;|(#E^5xD$TbNV(_N8@>>8k z2yLcH`}lKe(v^1wW#)Xs(5GF7G}4D5<0sHY>^CY$#|eV^3k~FL()f;+|H`lkmzm9$ zF+lkVT{Ubn=rHi|WxDQHhDeM+Enie2N+Rs!=}pq1Ir`O-`}!2A;QbAA09II z3B(E!A0$niyPhB@pEO_0)HHazo+y$o1y+eQ8BXiGY4$3NGWteOAbTl!` zxHj`8=5plNsDIh{U!{EQWp(GHBFp-SS2-UU3kqF&zTGcuKipCM#^AD)PDJ*+`<#2< z0+f%*8t$UUzb!sPU~te3e=NhKN^{K6^<`{~{n#kiP*=5{~|H zdAtbPcIDX^zSU{*}-l~K)Bbm?ikU=<6KZEIJ(r3JFi;4v)lPAWb%h%fW z_Q-#(>t_-CLDWZk;AuW+29I*|E2|6P8_O= z8a#qNoa=(sm%R?GHc@SAEVO8XKG!PwfZ7+yt{n zgC#()m~yUP6o|F?($c6tjtv;QrB*G*z4{rNXzEE}jbx)TSnF{LJI(cPEEv;_Teog; zO9Mlija%OUn~muu8v%ep(6r`T;>&`VGfpJXH*Bakn_!iNg;%IGqS4{0DM3R(1-?Id zKNRN~L$akDY9I10S3UIR`?DAw^X&b@pMP)vspEKVzB6& zwVneYmx!3S-0X>xFAQu#!rSemvy`TA8?e za&dNZ8QX~hJ1?_uYES!WGwd{9wY)~mY$m?(Rs1ip3}*Y0HVcAgl282`et!^TyeaPz zhO^?fr{T&l0yj4Dx3M#>(JdB-R4iTW^RYwhUlQZh$VUxnzWF4E_hYw25K9!qEWxT4 ze_D=L-h}$C2_I-)d${H{%g$zS0qaQH(Y#)+mgSfmXH5w(l5*jjn;pa)Z?HkGFWgve zKXroCW3f1k6e`A0!m1p!LX;fqm1;JP81I^Pv}nL*miYO+!v?syqnwsSKJU4RFUzeGo-%Za0+my#AY;X~ZmKOw+ou*vLX5???x5k2 zMSSPe=uKUib+-_#ZuP5?E+M_Lq|g##o0)ohr$HA%UELm=B?O|)&O(_GsANTxc+zoh zO38h2xfL(buMg8nJP0~}(NFYNP)NNSw*tjtKst**K>L3cQbYGfwU-zJ5!@AGUbA&* z>lq+G$p{eF4^P|GJK2L$oH@JTQ;@n=~;jjK{-`t_d#B%pHv*XXiH0Lu5%&+zE-8ot6X$e7((~CR~ zJ^AxVXaH=dMjwD42TL)EWCQ5G5;k3B0!|P0q262rg)eW6rVBez{fTA!BKA2$Y{iU} zxxj;Pc>AWtU&gM1)B2VfUXyVPpoq7RN;!hKM=1HvIZecX^)Y!-|Br`!pvx8PNY`w^ zN-?d^sW@s&3O>TA>z&I%c(_U9!W^r7&-_)12dovhH`w27d0Di0vD`C$L%beJLIcTD zMht=vKa!f0Dwuq0Q&NLRL1=|b)I8)h2g?&jjXEPvQBc@`_H%}WaTezrqpUx>`ma1Y z&q9Q60-2xKjKVC?^Akf0807s0YAK;%6PHgLwYy0<5Oq$dM0c+N@U6PXK>WcB@#4q| z7S#3Fib2S|OhPGp>T0Cfaa`4nTvwmZI8L1SNJaUBVZRH&!1U}rg-dQlIiCkLclwB` zlyok!rHDHlZI6S<0yw~W5ERT(iJ{>L;~veoKSqo6M#g!AcfdZGpq6t$do%Y_2y>PfzTaM4B~*qz?akC{LF>7~wD zUzbhs*KX#Ftbu7BXoR%!n?Oj!!lHYQJ8*61?mZ@7rTMC?vl>OpGLEU_F}BD%23rnM z7#P#>04a5nFngg>jMX8PR#RGJ3p+)kq9J_lRECZ6LWc!A%a((^iW~O2SH}cY0sGRyzi~(MD=^OALui*{L2^ro9+qBf-b zr1K!E$yF?zk31OXTInAtr}hX=`;$h=2^0LP0f@8PN@gpaEIPq``OW`W}4DLA6zL6=cZNc#dcXNHfh`o|nd=I|zKPEOhBbf3u!fFdjsCb6laX-7*Hb2)qJo|NV zmUuC4>=FhZElxbVjuo%~_0D&`Z+Cnv9Z9BOqUpNTLWu7%*R&04;Sohmpoa{kKL-*T z;Uoy&8)1k$hXVdqd#%R9|8~#$Q**p1#d95?6lG0~l|A=9q`a7w<-E6OCWzp{9kQH# zWeE#B61uRN(ojjEx(|E!eIo>GzV8xU@3V@TyPtDwQdEnz?Ep&EV1p-fJgRT(m{)+? zQG$W`yr8%ugEiI3m>Q0U<`0EYv9eTt?@-2P z?`7(kh#{m*tm@x^Spo96XQGqXOm(8u*gE`fxz|m{ryu2{BWV=08LT=ECAb=8HM)zAb2Z~ewe2mwER;~- zrEnN8?rMJrtZ`hpn(ixW{KYX!n@uJ4`4rKP)WNuS)W&;+(IH|s{_;n8SQ$BMyr-;o zAIb&49GM&)w1U+?g^hGB$Wlc@xIBHGZvIYmP9p<8kW>(QJStD8;gHGQBii$F)A@Lp zI%oLYLCo&15%)J6Sbn)K&Y~Pggsm5mohApxB9o?tMh^daYlubZwF6H1Or+P= zAMhre#a+KYM%;g{?TE1=-5s1PGCqrtk(w_&`kE+j*_4)Y6B!1=eE~K;rQHq|zxtmv(Kv z*OvTYL85+JOY{YrU_>UXaVct_>ca<**-oj>sDv-)-+8Z1nk7F*2b&m7(3Q}}a;U1u zh}9MIDj>`p5K)YZ+lHU4eJi?BieZf5{x35=4n57`^I~HdJhsw|6Zy^Twf2^|w8904 zG7kGG-@OP`^z)!G02RGYpVi2glH02{F|pmB?|eorIV$1oeyu0Gu>SVt{nry`ySwaq z=7S^M%Ep~iUI#l~);uv#>+qikAd}vSaeVn@9{mkpd;RJ}_TQ+;Cd)k^Isf@iHKXcs z&ce>QEqR`+gzC$bA8rGd)ggcMu~)YQ_491*M&@YjDNWbbY)Ec8umSQC%%&U(XWxyPa}fW8=Y=_Q5SdCJ33XL8Bx6p@ZD3dKW&JuGcXF9h>*Cv z6guPZL|sRZe#t!4J?89ke%@h60^=A#u3 ZFKpUjbn>Y>%a_29y7FD6as`Xv{{>_hGkE|2 literal 0 HcmV?d00001 diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md new file mode 100644 index 0000000000..8b7aba1a62 --- /dev/null +++ b/devices/surface-hub/surface-hub-qos.md @@ -0,0 +1,46 @@ +--- +title: Implement Quality of Service on Surface Hub +description: Learn how to configure QoS on Surface Hub. +ms.prod: surface-hub +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.localizationpriority: medium +--- + +# Implement Quality of Service (QoS) on Surface Hub + +Quality of Service (QoS) is a combination of network technologies that allows the administrators to optimize the experience of real time audio/video and application sharing communications. + +Configuring [QoS for Skype for Business](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp) on the Surface Hub can be done using your [mobile device management (MDM) provider](manage-settings-with-mdm-for-surface-hub.md) or through a [provisioning package](provisioning-packages-for-surface-hub.md). + + +This procedure explains how to configure QoS for Surface Hub using Microsoft Intune. + +1. In Intune, [create a custom policy](https://docs.microsoft.com/intune/custom-settings-configure). + + ![Screenshot of custom policy creation dialog in Intune](images/qos-create.png) + +2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), OMA-URI, data type, and value. + + ![Screenshot of a blank OMA-URI setting dialog box](images/qos-setting.png) + +3. Add the following custom OMA-URI settings: + + Name | OMA-URI | Data type | Value + --- | --- | --- | --- + Audio Source Port | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | String | 50240-50279 + Audio DSCP | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 + Video Source Port | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | String | 58300-58339 + Video DSCP | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 10 + Audio Process Name | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe + Video Process Name | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe + + +4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm) + + +>[!WARNING] +>Currently, you cannot configure the setting **IPProtocolMatchCondition**. If this setting is configured, the policy will fail to apply. + From 19f954dddc6e28de632756e9eb15a5481cd226df Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 10 Apr 2019 10:17:23 -0700 Subject: [PATCH 25/78] fix spellcheck on screenshot --- devices/surface-hub/images/qos-create.png | Bin 9873 -> 14390 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/devices/surface-hub/images/qos-create.png b/devices/surface-hub/images/qos-create.png index d99a0c2b3b2fff63517d5bf7857f18c0c8beebeb..7cd4726ddb7f42d1092347ab6c4ad5f5fa9923a7 100644 GIT binary patch literal 14390 zcmeI3cQl-DyYC+oDI}3XL{C9v1kpv85Yg)pWQZuy`{*qaBm{}xjS*!=4+f(p5k#Uh zQAUXfiP57Q<=pdo_ulW??LGUPwbwfPkMoCzd8}ogd7k^euJ85ve!bMuQaMe_LJL9A zY1R8mdJshQ1%jwKPaFehRw6RS!8a-oJ(W99X*b&(cyaWJqNXAQRm9TmSK|Y$uPWp%aGh`o*dX>s3|JaUUseDCHrQP4aW6roX4@>{N}y8>yi`3WWcp^tv7zZ2)-%k zP($Ap|62~{Mo@cR%PKs-+FKU*A&5!M>e-)q{emveLx-Y98tD6-mk)I=!WFTI55^gl zPkPdrMQl>CWc|}JrM-`p(6Gz+^q%67sr}qe1-V{jN-!TAY|p6Ov{~C|mU%LSEJ9WX zi!ELu8tQ4wZX|Scbe#MKLA;HhX=Yk2RW8M+J2Z9pwUiQx4an-DosDa_60XwvB`N=U z&pADRI!M7-Nr2a(E6tfC5D0tlwE$UdJ~$hpsJ==XDs%DMT5=M1nQ*K(p@Mj$KGRq) zVFqTuO1F)Wk;ykjZ&W*sAghxNV>x6siVRCS(aKQ^!+F|1jsyHA^ztrUX=1p=7JB(A z%M54fXk?qb{6Sp|D<{9RG^8L3-t=%~&|_A6Bto;RGdpeh$(X%BM?GP8`IpQ&M_qRe z24nN{^BbGVroh>aA#-|@3*_(5=r!77*t>Q&<`>@u?6`X@3=6Gwiu4>c{Yh*JtPgZt z{n6@G|LWB#ktf}39$Vwy=|TIuzS%_z?D9bk9i5$3#1gZ{QCv^P?fCMeAul2y>U?99 z{urYIyFBy5?V6JXxal_*w5rv~ z@S#$KW~LNU!_d&MSFdVk?N>WqnMvTGEnf?`+@rB9#6)7DZtf#~d4}rc_4RcWcf~c8 zn3Pr zOO2R5nS`HVx0l;rA9%zEDGVA!p%{?f*fe!d=RCX>L9D3a8 z6bbYW6!c^||7bf|<2Z7@>XNj&p~yqNNVB^a0vP(Imdt71*>nicGeT&L2~A#=^SG23 zfkWkr*WvyaG3r8X#a+y2AvN7CEZ)07GyS4Jd!}ChJL|8*H%%ags<%I9Pc9vSLL>>L z=%Wxy^n@A&$^2IjSG`Zx*Ewa=FHu1{!#`zfj&F6-!zh2?seFufm3EG9~ z<-{i@THh_yFVIqSX!2if9O_IH`)XxlGa6Z0wYfCzFcG+g5DD7z(a*gXjUuF6jgGEL?5B=uy6xDaC9frDpqwinW&N^iRq5P!D zi^;Qf?Bkugf$}0n@|T#a%zRYOCDeN@zN?|lMi-u6=+9HnfpsH`!rSSm>y@e}FI?A3 zk(dk+vBj{hPN%Xs@Rw2x*uUzpj@T-2TAx@C+GuJS+k{+m8dl8YS(A3q9!SF56JNk) z9I>y^&Aq3n{&;R~PJHDdW5HScB95rh5`NlpI)YY@f9jSSA`jf5lJb{|v|9-Y2@evn zkp7UX&rSU@jL=YjObIFQ^rc(xW4_`8?V80LzKJ60y{gAQtHiLK#C02u$Wue_Rp38! zGA2jKr|l7zyVXJ66S1Lh(>nD{Na670;z?=)I*_i^)4NjeMVHY~2A)qFubD1R!@t8I z&MM*jiY6b6`+>hVQ`sX|d1VH#fSCEs!;Zl_j#k-yjI1rBE$1E8B3}11k1M1z>DdA6 zNaOHee^ClDV9@OL4OnATj=4=*-5>{X6f=W2GfKycrO`O_y=G7xDK@S=AExS~7lSuv z^s>%*|FGVxdMh{o&Blss#$dOBAe6#Tq|cLvM3 zE+$dKd+Dw28wSO>rfsn#qruu7El%CSx~0~^K?CW!>rMXf$oZyIMK1>Kd9o?fl*W{C zT}WhOkK#GG6D0a#A{}o&={L`BYB%ZrmH)#vNXLz35dUr6al@xPi7CdH(dr=O=k%<1 zc3FiJQa?Q{$VlbMAFYPB%(;W7bZNBEZg;zQ2|t+;741l0tY1IPQ3ll1fFeVce!fP< zhxxX%NE79~IVQi;(PCJvL6`}LAA92jDDSjv^=A6*Ou;!vI4M^$w;vvBOonfjdCVjl zjS_>|1WhxZV3Y zpe^rIqbhp)S6;H&yTnAIVNT8pUC$*(8f~BKB|Tq8q%vD$mNfgP#&DPwySa}{B^N^j ztulhAXHor1v8l?3!YxeCTdqVAC_yFQffQC8j=X2ARw_V$;fe=Q&V^^WPWC~Oq!hR1 z_R7>|6VK46>_}a9%#XqCpLgkH8Hye-=BK$Hg%TAn_=y_c7%G_5N15UzzZ}QBdbOgO z7WqyR`z|sKX~K?)GG^q9_kl9B)5<-Zau1&f!gSJJH@pU&27TF^n}cT+lAQD;WS(Q6 zr2U4DMHSl&j+5Ht#k{_9aX?IW60R?Qy2e|?tSP6rRe4}1aOXS}siK31c>X{NibuI2 zh~wWJ-ZTi)Ly+>+7a0gry8n|>`q9rL&qEM>=>LdAEKp|MnbMj)S+W-d{BGKx;gGRC zM$hpur`?d5d=yI1TJ4ZdLw7M{V}7XpVo6V`Nc$@e+0mare;ze83|#xwQ$q(` zPQz*pIjqfgb^U0K(tLL8bf;yktW9^8EUS#W#ayjn=|ejy&);XO63nd^E$NX`}gcRih*VL!BvP8Sc%B zoWnXu^oipMYw~+5ccp_0l`UVcPQP^KG}&U0=P)ugG)zKxP9pi3#O}>W%c=CRi`geM z!jnsh0wefhs_y|9cSYmed#8!}X_=YqRX=0b8aGEBYKZhDU+lkJE&r#D14S--)CKVSH8bPo`@w2SDQ#_v8&-~;D2fPA_n z&4Vn$%3izHB7i>xS}>)mN|fv)6E@qMb60bDqS2DS8LZOGBSVhGZX3)rVCV!u0Dixw@HD*;?#wF0vNS9G|Xrn||DGz#=6VmYKylQ4k|2 zA~Mhv9C*fJ^joxBzx8Rz+GysP9-_R&q*}PdwC0S-A2GZBPZ?6kFX3@Tcf=gT<#d#$ za?YMSZg-XRhadYRD%sY2$`W>(JsUeB?lgLo{}=Dg>3X!7gJh7Y_n2ohwZa_bGnAbn z(9{Q#y-bC|+L!V*(``7J;0E+^+o+OD1a3@wi>1GSOeCFRSjnBOfPqy^8V!^Y3>V-< zC>N@!^$!emA%_r8>UqY8GfjWApCgoDy(G+jw{0@K#(wOM=r_pg-jR_5n+*=*WsD=q z5uRUU5+`-vTpUhk6_g3ut7ShNXwuWuqwRXjAIoowJG#}aYif+un_Qg}(e-vlI~zj^ zJMdJLfe{9;DW-Z|CP&#ao+US6dn$tNRr3vn37_fH{^pB<4J)CIg0$^GaSj`olak

!xg_W{zQ!tnj(LEcIdf;!Iz4C9$+rN3K%9L>Y4BM@7JW>SQ`&ay+5D4GCefz^j z>l%9kmYPfucA04St_vv$t6@GoI& zG5f(2Cee0%=rGC#D?bMD##T-S*<}&?x{4>aL@IZmy-}PGOJ-2Stmxm@0y;I^=pTts zItYbs{8y?F2)GdE5nFJ!{7u^CiVFoAD@K`n0{eDeVUN|^U(33@CI6H_WDpUZY%dHhG#7y32#B* zE)vqX&d=Y~3B+QIs=Z@Bv!pAE{m`J-{_)wTC!yAXpBe2E=DI&qayiVKmw$l~Q@+lt z8e^JkTz>I1L7bP-9m@tJG)q-R?iT|_64=wBNdefK63%0n=sKy6980isr(A^dm@a(U z^f<=}lQj&2iUjLUPe1%9s$M@b5gP|IvrSjp2<^(}H`jn>o>IL{3W5(OhEaPgj#i6n zFx`A`b{dt<4!%<wXZe$QB+4MHprVbD&yeA^bK!srgZ(~vt7aa|`CjhY0b5w!?J6g<^N3G|I5iYB zB+g>7TW!WrJQI<}np_p{?MN^lDpk?#f2C`0hz%9&17dHh_Z1xIugoWyNFAoLIw9fO z$8~$Pz$08zlLQIw6GarxUp$wc*$1qmp&cRQyy+ z#Bm3jXl9Z8_os|>Z($M1`5vB(oL%lnFc6LUs3!~Xdoo^z6#7JSR4fzS19xR<@YYee z0k8j9DH(GibS`qUp}^E8-XlkLEXE&&GUSWoKWBdu+1%ZGDZ{O-a}34@Hg{i+{v9=G z0pFa^ccWP0<>5rKvL>DPtfJd3) z9EB*2|F2>LI11uz=)3Ot*p#UDm|Hv&Ljmy{;ZBt`zVr5FYx63OrpBi@<;Fn0XK`tEGz&_5%NRXSy=l&z;s49 zrRj7Nqx#Nl`N>o4QiB1za|JeFUfgu6#z=dweE-11$M@B7vS}O$#IpBm551jynpfjr zd_>?!3y3wp4b^?nug$c}Sesq8*dPU(j_8y!n?u;v0~0!bzTgKdto1>=2geuv+`0i? zlMdWnAG@CAbJey3RMUvUl^{)eUB&dGzbpmJ5Ae3H{xPG^m)npt@D;o z9yxyI=NT4J-l?GFx?fp$$ltt1BZw1??b6E)0|KMjwfo_K-RQ`@DdKgAVYg_%CfKou zK{We}-PadcZZZ|5gL}owZl>7vqMmlpWuU5Wb?Ge*Lr}-X6~Er5tyYSU0>bN=KaE`g{KMk!AW)Ju<9RegFG32| zFCOX`CTtJf<!9%?e{{mDMIZGPc`WS)c2VE;%0no#j_$O~}g==miQoHC5zE z60d>!M|dCI#CCi!* z@Ur9Aitk0Uc)E!$(Nr!y#nY#e@YyxgMY@dY;s>QmA=#$dlS8Qh%tlEm}p z{@$g$bT<+Y9i#UI+NPW|T1NVYBvTk`<_1gFNjm67K11fU^JB*$$n7sl^Y75we}voq z`P_>^?geqj;j?2$pvx6Y-UhkZzZN51yuvDkfJII%lnxM{5uz)0CDso zmk=xW>^O%H>htBkUxato>h-@X`!}K23)lc1ar?o~RW6eg4f~tKu%_=|q;q&zS=j~f zYG+6M^=ID#MmH%>-Q!m`4?jP@ZAsJm-CUzGv)Q7uCR!6(z5ArK(MJE8k>=p$)LRyz z%wqNi)hE;&z4;+*0gN*NsHa;9yl2JJ!bhjb6vo0tev%z%1LO{4)vUDp&lkRca%)!F zbS?NrUF7d|V_58PzS0AVeuW4W3(9chiUaHMCu)sKN zu*n*c3u)u7@|HFHQS;~$8ybG(`EbY{_y!B-55r2G;OFWD50xwvO22l=&bIwJA05%= zl3URSR;ZLu)n%jBI_{tb?J{QhxlfDo2h}a(p`&I!bj$U%Cj~&w5RH}FwJp|rRS<|Z zt+!|i55x7*Cn$}NTD*+8anLw-iI5L7w`_Bk-fH@Rk!_HN*IVZeomuAFt8oo3D98>P z6~J@KPp}{Ep%3Jo&6T5*kH9sj+oHP`Mk>3&RG`k5B*69e4cB(2I_4}O@ z5z61)muv$Hk8zDN!qGH(Yi`Fm`!5jr(T_d`_Go{XHnx>SXCx0*HIC+MXFE^E6U)qU zftK?k{&7bPS|lU9QV{_Z=qpd>ts!Lwuh5p;u_{+?GBOV&jCu6PZmxN?XC)@WFZ--> zFcwZ#=q)ZwH19+s1o;DlNOrE|ezbt~em}vI6mCRJ5wcuBlLec$A3JK827d+mY}m5b zQp%>WY`fgx_53pPVE_utdh3zG%NAidu8lG5)f=IDKU$Q>!*1NTG25>$SgqdZx3R!f zRlBMxTOf%wU{ny$Ay(O0*254RSV5OSV=PfvrU|2_X|m|>CiN8MeE}eC@LF&c}Dyh__stI`{#lb!(QTI8V>Xz&ZQ$$lX7%QZ#K;w$9JoX@Y;R zzwWJXr3hls4L)AaJz6`OX1o~Vgo)_4LYRj6=5BxNGWE?^rFOHpt);dVB}A-AWSZ#D z+^r(c>x>=IWWb(k6t?VCvHF1=Bmu+NXLQE=pwrRgBn!9@dkXMm-kb4PxVVAmV6NnR zF&{6nQ6%?p?swDZdJ4{sO5cpTq>!sm(p-0J6~@K*YRQKYMSCi+<2u%gkXR@fAd!Ss zE0tMKo1&G{ke4y&z@XKY+6#rG*`s2LWX9YK7#f+PW#=Q5joVId)Oc2gjnhLlzeRIh zhop26pCYVW+fy)^EZ))|bOWoc+Wl?};Zv4g z?L~`(MN*6r6*j~GAmv(gg(BSfC3R`l$MKIb{=qNtcLL7`3UKGS_D>4R99-WO(oO1+ zdHH+!LEMe`re8 z9;SR$XVlnZbQ+Y!EVf)PP z8&wjFadjMty()IhXM-V3<8HRNa;>j@es*)qs2-g|SzGhnE4P9V_U>3F2%xGnrRnvu zU$#9b%x0A-fAHPk7$Pn{C23Hlp1N}5Mja{Q)d{$Ef1|%QaFjzla)hs9DA*Oo@}GC- ze{SF^T!NAiq@Y{-9V7zIoySlHio*Z70|hJcI6a3bQ1#-n{+ptp1D-VL0hYTEFlx27 zFF}__uQDdkwxIzsm|y*oA?yFGGexK++|Wl?=SDd!?T-7Ggd0472^O0-PpmHzhmJkA zZsdTz??oEu1c_~2S!>k{?0o6qB5r>8)dQzlV`4-$8sK>6#Qo;Y8;fUO`GLtOMggOz zagkNt%VxmpVjpPmT|?!$*O5Gdx2OmJiLf$^cV1@aMV-&W2}^g6E(v3oVR8TTn$k_F z=Aciw#8%+$I-zb1!_u)|o@Dv9z0J#`;Rm`Arl;tuo6ebLQkkEQSI?$3`D2Gz^lK<) zFu}qqD=UFr2t_ghR$K>WE5YSUPnL%e?|R=3mRb)H%-(!Nq)@2zbP66hHa+Fmy<)|- zwf!-St_yTndtgShuqNM}yJYQi{`JM^68l%xyi#(FF=j55`Qx_zfPZh$c_iPwTa7t; z@)D=4U)6hmKGFl=rQcKE-an#%JXeR>YtipXmAB>;7ZVA#Z_0Kns^eNVoNvxvQz};; z;XSdrFk(s3(@6p9NjHTg#$2DVw`WMYp`G+scwd7Q13T;V!}3Q@fv<0TQv;rZ^#_i* z+bq!f5?_-A1>xRBW|m++s8CfXGAhF@0v2{t_$D#{xHefhkM`o#KBe(5wB23l5|l_m zDlnLc`L8piy-R(6zEOExMnowd@t6$UVg%ByXUNRItI2G8|3VUkO$Tm$SH-mjpSRR{ z0vrD5?A^d0ZpR+lE`wXzF@X;O z5Y^F9deL&Y+#<~E2o#6-87iEoz#)d4VLX^SW#238eoyLj zNfV2h{V?Y_=RLz^ZDO_a_-LuLW}0Y48HmpmYJtcKBlp4j*`X2^ZSw;QS}HgqQMD}R zmcfvN&#B&M`J}Lq+EX~|uNUi===Of_-l}n#bPj&>JXU)e4e5+?Iq4)NV#`LW)r}gH zlFaT>mAEy#rqpwf&6w(86Br#?BH(9>V2JW2%-XcSXJY|!|D zD`VRk(uuh@$I&ls<)vC%GU+kOjE}x1@zcSdT9if+G!5MgiX>Um;g`(ZS{cP9r!neq zk>K&|+%{##(y5nPcmjTOqgGmu<_QSLEQ&)qh`-Vk*G?9a(#0H-Ql*ggIgxsd@9@@) z-A%WSK^b?IQ>_euC3~J8LfIa*KCdgr9L&uD82#A#qSOJ-P)!_lrS7XSpf#5G23E!HyPidw_pE=&}BAF&74|ZLG>JUR7IL0+3P=zPQ2F z{)*WWpx5)P^AGW!m_QBqJed3b;_qN8>jWe7BEHCm5to{pienv?H6l2J0E**@@Ef*F z{3cdFH9FJ`IFRagV>=pgZ4W?UcN!9glv+cmj;OIEtzNu*|f~Om+ZR3jl1PyO@&TvRvF?`p7|-c7S_zjDMy8<_tn#IQ1Iv z@G2@=ey~Y-@&ZeRpn@*f2!EaM_JkTTHcQg&syL=yWjcknIZns>H^n}0KPkp>J79a| zPJGA@-ILUXr9b|r1F!OmT}%P3R{PuyI|;jhnSv!9WYophXrYTnLa^u4^+xQPQjyE{ zG$B^!&-|s&(uCByVDS5M^yhd6$KWxYxLE& z`=p|>7@CBlGlWEJyG#9|xQP4D`~Fy!;cKxn=ZO(*H^kON0|?omY!B1wlIgRrV~U`< z0mZR3F(TXu{XO&qggruI1$6b>pCq;yFF>7q*0?y)SPycC@9T7!--t4TO`iDle@}0( z#WAr#5Q_JqD+Gm{cxeC_jKbi5bz}d1i~nE#^d>I-dTsCrr{VG|6w~bSc)d6MQYPnL z#YqVZ0Q6=1|8v^(Uqw^*@qd*FAo3`(514E~{{bC%3RlQB+HCgZZ_4X3GZ$P3_LdU8 zYl~rb_*Q1lY3jHBo04V}aGicuR_FyOxT~e1Wc)XajT`-{J3fED#V+LutebJ)UzzzJ zNA|&FruV?8^r7+ZYAOhB+JAHgkiAY2gseR7l3OY4UnTnxlJeVpfx~jaxrl6IzYM;-Ub*o^d=xuqe5RORHn02!xWB<+H4{( zRgS-ppy!NfGz7qc0zBy8wM#po0^#NXy3X9`iw&|mSd%}jd{2HU@9ZSuG%6aOmc~*A zgndG&uyKZrudp|$s&xS0envFJQiW+!b`GPL~(*DW=rm39u;hDcS{u?iAIVcr??7p`zcYhN*DY zQ2!kUcO+@BV!Xor=jU^kE|YTP-PIrMrq!jTliMrDA%m>9r_@xQQW6WS0!yA};MM># zOYHA%@VS=ewe1KTW$Faxp>85(YZ^NPa=gQl43Lg*oD{EeVlGdE3E}O%;ckRLCd#sxVxL>1a#)0R7ndlZwjK$q_*ayKhBps^hCKMnB3O?yUhVV~pp%{e%HRTLIf3Kltzf z&T})K6ndoNUZp8v{|gNb#B~jUngKCH9FqkzfKa_GvILt~@33x`2_PDCor{Vq536T< zKH=O-+2L+k1>IRmXGbK6D}h0XD;s+@$+PjE!rq2ym_selq3E&G>LAX2^$ONPb%+nT zd>%dew-eVQ|8~NilI@fuFNjpSP2U>;`v|r15d}(%Qe+#9F^;9Eq4&xSV834$MoZ>I zfP$$+U1JU;c4B!qY9g_JZr7YJ0Sl}dC?KsjeAivue+X>>vU4Yz&^7Bm&nFl)s z?R+&K4ZgJdOa8D9km7`$N_lc6aP|v>uxj_!^vqnpPshrOQ#kzyfJ=3|q@u3V5@U}J zeh40Xl=IqNv51e4_b@yBFbzs)`nhZOQX)9~K3iE?9W8-$WZ`+BUDBzA{d|7%f(E4= z2nMavu_l0r{~?zt9B;VMW6h7i4|ZW2*l6d&9BD$9&ESEk48})E>0el1U|eFlofp7yVj?|IkG?J8{;4CnjZgK zs4>Z3lYO279P!@E&exf4Q$hmGyM(e%^TQ2uq7#x$ih~`bG9^?mBn0mcWOo7s%CZzs zf(?L>FSv5QiAY91$8F$vjO`7`@5lQBC(TJm;6eF&t-T#k$exw-=x$((#tx_GgKtq( zrTqS!c2`p%*>Td}%L_L?D|q-v(2295O&Q#>mis$tZw=0QvMV=&h9bT21f{%gw((5yLM(8GY~`aUd)s-TAj=PiV}}e_S#mXw z`F=>0e*EdhnB74B%q(0^(P0&s1&Kt^LdF_sVOvC(=F=u?PLoZt5@pygnPLux3l;I# zwP(RSy|on~zh~iWmX|~Z;f)cmky^K0Cv&`~U2mKV5Yu%=X1;lir~N^An6A1EQ7Gs140_*KYZTM3Svc;)wYs{=fHlpf zSIi>r6nAe7NMe|6S9N=Z`^=Xyhq6ZTEdX!nOsG(P_py%sG|OP|Xdpm)FShPNxM-Rb`s_BzuzeQV@c33q|L zFz9|`KGV_pz;L123+++ zTS~#aAqY`i1-vy;7uYY9xUQqM;dyS%9ab@Wt0NmAwsg|u&kZF$zk4My%JC6tqIT!2 z3^)P}SJ!uGEfI?MEio^XI1jhmKY&P^ETE^~3Uyn&{7F}jOfhH3O_C?J9KYLbk`DJL z4{1thD7rperIzpAyBjHjN0IaPas7-&4=n`yU)$;;PeKG$J!IpA-+T#9c&{dyTyq|t zNSZK^_!Yq!WUEbnQ4r|?27-KGvv_Hgy_*votj4;%S1NeCx8&ViSqX1xI^16-+M7(H zS1FFsTJs^f`Gd(S!|PG=Z3ZT&a0!ssbO{${?K~gQ#5<4B%jnor$Nb)F1?zHsYM39a{bfGU+En?TlJl#aUat8wzuz^X%ET^dDD z5L{L5$bGpg#8PvFnOb(Le;`8nZuT6&H%yMFA;Mj7fwrBxS1P;~P5jfI;rW91=gou^jk#v)4`&OJ$3h9#{(n2d!iV&Wl^=U|T6aU&5&0LtMoH!54zcWRBQlg)L zfe28#nE#dMXr6vht=o^)W33PyD$CkELqCGfCM0Mb(M68ec|57K>NroncBh8)?HkPn z(Tk@jOW^lwOy(uRU zW#@nk$+E_IxXPIiT;$C`M#R(;z%Vw=Azf}vFyZbZ6teaV_39ErPuu8y-yFx%*!`|h z;Ln%s)HjpspC^wVfebkQ%ICI$PWtcv9pk_E-2INO3uDdS|6`*WPD$N~{bTC!pW=}J i|BJt|B8HBXL;8+>Dql;pnX7>8L#oPJN~L!mh5j#6L%VAL literal 9873 zcmdUVcT`hZyLSLl$L=Ut7{rlLlqw1;AYcPTq$ni81VT}P1Oie521r00EJR?yp@k;W z6G8wu0ewbGBuD7Q=u^5hel zU58=2ci*_Z>(09^6gsCb(%8I|&fj>zWFzptsYy*O4{F}IE-)N+HS4e|+M@d}d9|ng z64+)6x&jjJ0R7yk0{Znh6|^smA$eu{fBnRZlZ^tCc7?>61+x`muY{uxER2CK7xZ5= z5F>Hs0#MOUyS1tQ4U-~LjC!iR_wdIY^W^&a`h}_f*Uw~IT3adbvO?WGAZ^Va28m>% z&RqKnWm2SZtP5(WW4+Oc{JTvM@}8pou@5kW z5thfm`W{99Oa-Al``QsQ-6`zz8#D1^V5iiiq&v6cdP<)#B=f2>_~MbW!QyR_3YRrk z`O7M_f|ycDY6?48jx5c!8D*V%rS|Q7oC}5d?ZZx@7o3)mKC2|B_c)gV>L39B<>}3W z;bL&}>|mKubHjxJ&ty)?cFuhXvoshoIf8-u*^8K-zPR^*){IKN_w*$L1J702*G412 zm8KKsARHa>Htr<`_`Wd!r_yFN&E<{4GRKa4FNza6icJ+>|R7 zcgA^qR*MUnv7GXW~dJkfWCN@qJ_DW1}yf4o8< zj84+h`_=M$Z)`relDxHi{#(pnH!v<8&E?SC*EcEdXGdiYGoSIr9U0fjP%6Z)#qkI0)vgUSYiny{ z?S%jAK&p#sM--Bq1Xzw7A2i7BHtqf~)CuW~U|k(EW|;}5jVtx=YfH~$)%sop>g(&H zo2BI;XV_cdw2}anH{dv#WN$2(9XxgJA$j^S+(@&EY_ZTeRk)bMi-8{RF^rnV@#BKJ zK83lAv1Wea4uCkjCqNhDTy0v(@$7f6e5K))a2uMcNhSW)R_tt~+3gU^MD?fl7XflH>F5Rp9LXLN2|rUZVKhPRBw;x2v{B_T>!k zpjF~l7c9n4P_O(Zzl{xt=cZR&+O2k+n*I&l)ncc9U#I!Y0Xd!f4+x`3?QJ$sS-D#_ zPUww+;o7<7*Ur?7l(Eun&+u!OX1UzemG$0Uy)@m$uXD9XKMCymjhQ#$EeSTdGOZ^B zQm~>l7km!vUUgdV5!lS{P(7q~c>U~KWV}}@n=bj44OpvsBwrLUPI4ZJXV;4Ky7RgV z7|Qzgx{0+t7Z9mJWqSV6TO+>r+>%!jLe5y?#;|sOlqKTH6W;p#a&JfK^Hbec0=)l9 zQXI>hdJjvRx6RnWOp`4c5GmUSvL9NvIl#Q;MBkTQwbn0XpVcSL4HoX$Re(tdER6G; z6)bXxdaK#o7qT8%qt{YaoOqjLtqeEMoH_dQID9i%#OM2eB0Ch85c-+8 zpn(L2q^qLgecA^D(I+0gK#pq>{V>}bOY@VxW8Hc1c)A4vsa`OqN+r1)pf6OIP3ew- z{chKQx1E9bo*-laJC@HN+4oq(=}99aBg$H|SwVq?ssCiB{ zzjS(j(<(H+`>SL+|JouW!Vngf-|58?Etl2MMxaq zf|U;4H!1_V_8Szm{eR{J02ed;?_3M6Jw=MF{stqSL$A}uWg%oDfp4bbj9$nDZkT2nf{1AFHw?FWeW%i|?7yOP| zURPV#QakI(Nn^VSmzK(z${lnTFkZ^G7Zn2~xG+t7uC@I()~KO zPpU?u^n|asB~OSd@#`xm@(p5iT?`7Ac-e^#)w?LDu+}m`La-(%zL+yc`7DuS7F-e|MTB3mB%Q$0TP34(cA>slha0@x{ zB-N_)?%F85T3x-w3_DxKsQP|@uIs)Iw5N{6jk3Y6BgnW!;IoaE0cXb)~24mGBG z@=#ANs6DqdS!iggnvaD}CkDB)M?|?X!_L79oX8_Zk99wrh(kwR;%7k=d{NBwk!WG^qf7 z8pn_Xob-D)vP}i_5g-kJ&3#?~kYBioO+2K5V4#+6#lUPvsnd6M zFplZ^xrrxPDzXLkRsQ%dAuo7UXf8c_9iEeu)3p`k<^li^>(Sy24_VE-8PE`|Fxc@{ zTJ8=tH#Zl3Sl)k-{qB&o*{8hJdLp{Y zlzb4=2v&m4)V-^ncEydHDCG9{=X@5s$KlrljuCHPr>yo*xI!Qe)h=VS23IPi<(NpB zZmJtD_x>x2m!0N*k_TYVg>uZS_yS<4d=vyhNk)g5ePX|(RzY9S2BT%(`^2Uf!<^Ew zW1jHdNOW#PNml_QVx@24PJT@>8s0@OD^04$O72v>&n#N#Qlof!bo2d>CP2+xy>s(p z3oosEq3_-Hb(+Rsppxn~WcyC7?guqn-sxL=^X7H^7%ML;cSBV$5y1tUp*VEsaB40P zsKYD*XrTDl05DM~dV2~jucvBjQNcRpb&+bI$I-K!fnu+HrA7#eH->);xS)M+ov`|| zjMpmAw9ox3t1>3hX^gS>-}Zxm=gg)WV(03V+I7Zl_JOafsjh4Xm1?O{-zJ-9fBWof z$vQiTS0Da)A=w5llA0Jmbb;`xXr7Lg~kQ(QE--c^#0TCWN z#)2)Uqgdl$MSI<#?=X;j;hscfAc@53eb+*ct@PwoR#a4!?g0@{kFhvG2=xv)+Aesx zlNt=)xk7rV#-L3SwK6{lE3qPeDPEWr?|UGqo!qMGc?WY^-Y)khpm*|~B|v$3$GDGI zV+fEl`3qeo#+8?UrSMrwK;X%H=VTZJzU_;s`jurPQijp?3wOL}dq!kO58@k+Z4dtT zaVmM7+EZfOMfYF%L^ii*cWbEk(bd-3O>@I|dIHPCAbG8&QaPQ)nhG;Nx#2>aCH&gDJ+gGgA1zM+C&FF~RHrR=UH@8+n2XI;y5_4)Bf4x@-W1+)B%} zV%XMzXrcR0bJl9&(3fxu^SqA5UnuFGC={yp*=`{ITMFL4AedQC3j@D)WU$E4L+NN- zqBy2d)=B{*S6cmD%3PSw--Bhr6H`(OT+C*@jR*s8_*tDdM`a?r?i06KRWV?uguO+$ zAp*1SHjYEPJc(sVpMFzUB|CVo^@xSjAr&g|3{pCee5_k5RM+6Aym|{>sotf{q_Ql3 z(iI1i>rceB-mJ#>fgz%{yN~61jm5PXXix9`Xnp^o_fJZ@;&PBaunE$lmY5ucr428^ z@8E7J!PXkU2V@1Fop!0L!(--uA`Z4yQVQRlHj0?Tc9}N?AcpzVM15bbH7%@k?5IjFEz) zyW1Uw8dI%8FHeIooSUfEnPu>8Ly^M6)p>-qvY|Cid*Up!6u(|NT7XC+K5S0?s=9p1 z+2otVkMa$M>fijjF88Y|rdL0H%CYzQ*^+)>%$mz2I;7}!JFP#U@ZEcT=FkV>7x34- zk8rZeE&y7Sd_{@3lj{Y~rfP|^bFgBWZlw-`*Keg)uW+7QcU!a;7OX@U+g_c@^lUcL zi-^W)I}sht=h%)TuV24DaNq!)s{Y;q#Y{tdP1J#RE$9-;`oj&0@uG{}qh*<6!L4-D zDb>3C^EF->OTEaPz7iV^L~dhlZ_DtxPzzld|4{lZ2jrxgxoFZbV#Aswz3Or3&S`^6 z{GrzYsy{lejemZAraQ(rL->cbgA+}q*m@jiv=f_vI5epr*E zO>hynNvn_o%x110m9v;;(cd)z%?LbF7eMRV;de)E$`KvM?CMD%@>#=gqf>A_A|=Sq z-tgh>ylA&*tXN^9pwV3HJG1zS{YE;uUzeMo9z&ZXXZ-k`1y~ z3M?!vR@$?0S=zS07OZZAm!cZ->9tWwzW2w~l#>G3C9UacX=#axMaUJB06X+#n=s|t zVoBm;%J8izM&0VUI&N8#KA)u_CvUQug}O{hR}WE{Qr!qFCHPOxlRFmVl4V{$Id;$K zVG;dS4RX>RCql{h1W=YzxUS`=uXQF&x`N3%nnu#3Z9NYZB+XA(zS%F<+LVXvYz4$g zJvwZUcQ#4Zw|Z5w=W^%L1P^i@1z z--~oBk013?`B~!d}0?E<&wI|E&HCa@oJSaXB$eup0O2ds< zr}wf;4g7q4eFeP~IXSsxK!9FX6NyB?Ca*gV+U4>W%q9P6k}!9BPODTg9niuJ5Si}a z+rk}=`*&+lz1C;7Ns}=I4a1c*E9eLUfyoT?7@0Ovhh=AR%$ko*2=~#6>~}SPs0t@zpdftQg1 z#;Z|eCTe+omF~9OSIy|JA$>dS|&|53N+;kGiB7txh`>7rj{8b)(5+;RtBjZb(IlKl>T7! z>Y#RrMm~l45YO7HoY-y`s+oE4k3PB{KC*ntXh`=dKK{}*U>H%EBXuvjguer zoZ=l`@iEn;QX8&l9P zBUDjW$wvzcSCVvXlvgH%-i*n(B^8ZZ6h*%#GBfAA4v>p6YF4HiHNJ|@SpuFC-h~Tf zEUJI(B*|BNMHVYBT$pCCC?MmWl27E>`#C>s%vi!Hfh=%M5HQa9HG#nynws(`Hf>Oy zF{TylPqwyG3+<#82$f+h%WfS4MBTwu&0S*}ZcmfqH^DkGgmW0p=*z;J+|^GO?EL*a z$#KJ99H)wwWmy(P=(N?w4zX;H8+_~8Yw>VIU2NcF(nB-N3?M~Sr%O&#X+FQs;=~f=XrI$z?zkhG2jIlzD&77$G%rsuXrtxI=3THqzO0 zE2;fJqe{oVQOw-f^BQzID;E0ZpVuW`d>Ip)g7U~c-;+@ij`v2jDWEI*AOFs^{^9Qb zD}t8ai`D<00NyPJxddZ5a(01S(V<%6JSLV$M<)l8sL1uvCLoWLpP&D(i5zA8M&j}J zK(E~@nBi4HsR-QHj-TQ7s=)I?M(Z#1J(1ehbqh+&X+ma`zXP5w9~_YH&Mp)$QV8Kd zHd#PpBf2e10Z!C(WGDFtU?At@ZcJ|waRuDKnCt~(!4J9vjc7H>Ih8uv+7HPWzVy^` zWaX_ceyEhU5U4=~wC``Oj=@e&SKy!cN3$w^cc1d**8eV;ZT1VgZAfChw?bLe&&;EA?nf?b(b|<7= z9owp9GB|hHdZ$4`9qDK4`@F_*`SL%P1(+n_TK`EnD-n_&;c~QP#7G@ydfvRvw^7B) z7xEo*aoPDA+O1^iQn&PYB_$=_rTN`7J-g%raC2S`dXTx^vnTF2B#30c_QFM$JSvl? z6OI}B588vWsqL+aH~7+>bB^;StlVqR0CN`5hIG?4b)An!*U>o#DLnwqSM~b;33Lu4 z5Z#+IvY<&N4C)RLv=7e#QYZ8OWoq^YMWkzJXb9Bh=#GFQ1waeQ?eFyVE7cEL06fLk z1K>cM+^iMJ4gSTNiIY^>hc)*xzcM6WK)M-em%N?3fg0dNFAKr?*ONf5zYDuv=k9wJx)yBIZ*}8XI$%Zk8iZg?;kNlZF+3`03M*e;(HTrnu|z2XPlT0m0qnzar#tl(z0w!%P{x{!P` zr?H8^L*n|B3>YFIdKn#S%5 zJPe5DtK~t`p>+-Kpdj1ewI&JRyVi>gJo@I(v87-@M~`{r0|g1OmPz!n^$E+6z=`aH zsK`ipgW$(NLWe~HR|U*kBul*d{iFx^)fI$g%B8u{*Oquu@}P})J~eiydifAP*$clq zUDo}|NVu^&JLuD_29yTzOJAOsp}7l_WNIwb(N7Hx&z`~JfQ$DQ+{>Kp+I=@M%T&CayBAjm!xgi-Rgt+YL9@8WciOjBCHDgKLg` zCQD|{qy`LB0CG2hP67OC(sk1-ctp-&Lzu9++#ZsX;W#Su{shSj;p*zDQTg?4s$M{j zxXtf=RmkRsSit7i_Nx?@4>MP1x@(wS{N7DHcK}6!66SXs)M?-|kcaFZJ>gUX5i0o+ z05_}djr{;#MJX6E(cBAat3%&!ZUy>wCSRM0Vv(LJ;FsP%k>Wtlqr>EtsYK_q0d|MJ z0oR%HO<(=|rS>_xJ4Vq2xWTk`{K7lpn|ELBbTiSCXJIHJdvk5v&~UlQ(vvY)AF?iR zK;}ucey+rjeex~V=b}SwqP%L>7j|keItCYDh>K{>{8NRsD{yVsz(Cj!Rg)w#0y`#S z{&5d^Vn424`Wjz1nHZgA&4;2GsFN9i)pLTaxZE-a? ze+9Am?YW^{$hsKTamu`-T-`PSCuTtf@?#f$W~&z`Z+V!26ti-$tm<*|i@f<-g^h26 zn;QW~Cmm-8sw?Hxj?S}dHpC^(>Z|?jc$cT~(1&xKCJL?Xk60R!m*+dK)0LNV&Qa1Y z-y6lOE=*TuENm+tLbZXg>%C>n?|O*8Irn7dZpeJ5!o)EGWhS^A`t#+E2Z>fcyaXLlV4S zpQ=2u2~>*cN73M%ZHmpSl zWNj`p+JK~-Ut|*XlWC^fj$x_2mmN1-pVX|4X^`%64RyYe9o9b`qpROSVDeUHs%E>) zG+0N_1n= zIslc4nM}38%2+C1Ox`ivtWje(3a*1XO?&xIkmL6ryZpG`m1^v@&qB0{;hx{|LzP$ZP*Q)#SgIHvX3?D*tfWN5aufsrzAN Wg-z1x2;em`kg1Wyjlye=VgCk-HiNkU From ed5f60a59541a6194b0004ace33b04cfda527d9f Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 10 Apr 2019 10:18:53 -0700 Subject: [PATCH 26/78] make order consistent --- devices/surface-hub/surface-hub-qos.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index 8b7aba1a62..49fc61e612 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -22,20 +22,20 @@ This procedure explains how to configure QoS for Surface Hub using Microsoft Int ![Screenshot of custom policy creation dialog in Intune](images/qos-create.png) -2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), OMA-URI, data type, and value. +2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), data type, OMA-URI, and value. ![Screenshot of a blank OMA-URI setting dialog box](images/qos-setting.png) 3. Add the following custom OMA-URI settings: - Name | OMA-URI | Data type | Value + Name | Data type | OMA-URI | Value --- | --- | --- | --- - Audio Source Port | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | String | 50240-50279 - Audio DSCP | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 - Video Source Port | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | String | 58300-58339 - Video DSCP | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 10 - Audio Process Name | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe - Video Process Name | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe + Audio Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | 50240-50279 + Audio DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | 46 + Video Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | 58300-58339 + Video DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | 10 + Audio Process Name | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe + Video Process Name | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe 4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm) From 59f7508324a36615ec7a411ef676fd1870c6700f Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 10 Apr 2019 11:11:09 -0700 Subject: [PATCH 27/78] Added text per Task 3267358 --- windows/client-management/mdm/policy-csp-userrights.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 09b30b65c0..443ccb4b18 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -66,6 +66,15 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s ``` ``` +If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. + +[!Note] +The entity encoding of 0xF000 is . + +For example, the following syntax grants user rights to Authenticated Users and Replicator user groups. + ``` + + ```

From caf9ad5b8c120ac5a69c9cbaa85cbff70c05003a Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 10 Apr 2019 11:12:37 -0700 Subject: [PATCH 28/78] add csp to warning --- devices/surface-hub/surface-hub-qos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index 49fc61e612..d8b5262549 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -42,5 +42,5 @@ This procedure explains how to configure QoS for Surface Hub using Microsoft Int >[!WARNING] ->Currently, you cannot configure the setting **IPProtocolMatchCondition**. If this setting is configured, the policy will fail to apply. +>Currently, you cannot configure the setting **IPProtocolMatchCondition** in the [NetworkQoSPolicy CSP](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). If this setting is configured, the policy will fail to apply. From d75cf6ed022f570a838a62a65586f30bfa637ee2 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 10 Apr 2019 11:30:14 -0700 Subject: [PATCH 29/78] Added text per Task 3267358 --- .../client-management/mdm/policy-csp-userrights.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 443ccb4b18..470618e2b6 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -66,15 +66,15 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s ``` ``` -If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. +If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (``) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. -[!Note] -The entity encoding of 0xF000 is . +> [!Note] +> `` is the entity encoding of 0xF000. For example, the following syntax grants user rights to Authenticated Users and Replicator user groups. - ``` - - ``` +``` + +```
From d49fabe38f4e94e96fb961d45fddced180b56537 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 10 Apr 2019 11:32:30 -0700 Subject: [PATCH 30/78] Added text per Task 3267358 --- windows/client-management/mdm/policy-csp-userrights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 470618e2b6..75e19260d4 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -71,7 +71,7 @@ If you use Intune custom profiles to assign UserRights policies, you must use th > [!Note] > `` is the entity encoding of 0xF000. -For example, the following syntax grants user rights to Authenticated Users and Replicator user groups. +For example, the following syntax grants user rights to Authenticated Users and Replicator user groups: ``` ``` From b3216ea93d8e65b00f590fd7a1321427b7c1e3be Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Wed, 10 Apr 2019 17:09:01 -0700 Subject: [PATCH 31/78] wdavconfig.py must be sudoed --- .../microsoft-defender-atp-mac.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index e4d8180854..84ebbf6049 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -325,7 +325,7 @@ Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. You can also check the onboarding status: ``` -mavel-mojave:~ testuser$ /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py +mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22 @@ -370,7 +370,7 @@ Configure the appropriate scope in the **Scope** tab to specify the machines tha You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded: ``` -/Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' +sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+' ``` This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered. @@ -431,7 +431,7 @@ The installation will proceed. The client machine is not associated with orgId. Note that the orgid is blank. ``` - mavel-mojave:wdavconfig testuser$ /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 orgid : ``` @@ -445,7 +445,7 @@ The installation will proceed. 3. Verify that the machine is now associated with orgId: ``` - mavel-mojave:wdavconfig testuser$ /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py + mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6 orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8 ``` From 818fd466a3c62eddd13a0cc14ff7146fcbf3bc24 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Thu, 11 Apr 2019 09:41:45 +0200 Subject: [PATCH 32/78] Update distribute-offline-apps.md Added instructions for downloading offline licensed app. --- store-for-business/distribute-offline-apps.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index eefb7fd379..ff1b7866b0 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -63,9 +63,12 @@ There are several items to download or create for offline-licensed apps. The app **To download an offline-licensed app** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then choose **Apps & software**. -3. Refine results by **License type** to show apps with offline licenses. -4. Find the app you want to download, click the ellipses under **Actions**, and then choose **Download for offline use**. +2. Click **Manage**, and then choose **Settings**. +3. Under **Shopping Experience** set **Show offline apps** to **On**. +4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline** and click **Get the app**, which will add the app to your inventory. +5. Click **Manage**. You now have access to download the appx bundle package metadata & license file. +6. Go to **Products & services**, **Apps & software** (the list may be empty until after some time it will auto-populate with a few office type apps) + - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required. - **To download an app license**: Choose either **Encoded**, or **Unencoded**, and then click **Generate license**. Save the downloaded license. This is required. From 9a2935e160c46847f8b23d22ad70e0c2d3f95ee5 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Thu, 11 Apr 2019 07:44:47 -0500 Subject: [PATCH 33/78] Update windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md Co-Authored-By: j0rt3g4 --- .../customize-exploit-protection.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index 7401f885ed..d2d4b0adf4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -100,7 +100,8 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi >The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. >CFG will be enabled for *miles.exe*. ->[!NOTE] If you found any issues on this article you can report it directly to a Windows Server/Windows Client partner or use our technical support numbers on your country. +>[!NOTE] +>If you have found any issues in this article, you can report it directly to a Windows Server/Windows Client partner or use the Microsoft technical support numbers for your country. ### Configure system-level mitigations with the Windows Security app From 3cc450ebeeac3e646edc0f793e09fb32152919b9 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Thu, 11 Apr 2019 16:00:20 +0200 Subject: [PATCH 34/78] Update credential-guard-manage.md Added steps for using Intune --- .../credential-guard/credential-guard-manage.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 0edce00395..e5fbcdb64b 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -43,6 +43,14 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will To enforce processing of the group policy, you can run ```gpupdate /force```. +### Enable Windows Defender Credential Guard by using Intune + +1. From **Home** choose **Microsoft Intune** +2. Click **Device configuration** +3. Choose **Profiles**, **Create Profile**, **Endpoint protection**, **Windows Defender Credential Guard** + +> [!NOTE] +> It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. ### Enable Windows Defender Credential Guard by using the registry From ea9109dc1c96dae618eab57ce1d50efc4f2f687b Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Thu, 11 Apr 2019 16:45:02 +0200 Subject: [PATCH 35/78] Update credential-guard-manage.md Removed commas and added >. Added extra note. Changed 'Choose' to 'Click'. --- .../credential-guard/credential-guard-manage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index e5fbcdb64b..626de0ca3e 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -45,12 +45,12 @@ To enforce processing of the group policy, you can run ```gpupdate /force```. ### Enable Windows Defender Credential Guard by using Intune -1. From **Home** choose **Microsoft Intune** +1. From **Home** click **Microsoft Intune** 2. Click **Device configuration** -3. Choose **Profiles**, **Create Profile**, **Endpoint protection**, **Windows Defender Credential Guard** +3. Click **Profiles** > **Create Profile** > **Endpoint protection** > **Windows Defender Credential Guard**. > [!NOTE] -> It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. +> It will enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock. ### Enable Windows Defender Credential Guard by using the registry From c82cb52ac46bb05489ca186a4bd0076a2e77f01d Mon Sep 17 00:00:00 2001 From: "Jan Ketil Skanke [MVP]" Date: Thu, 11 Apr 2019 18:45:37 +0200 Subject: [PATCH 36/78] Surface Hubs supports Automatic Enrollment to Intune Deleted the following wrong statement, and added in the correct statement with links. > [!IMPORTANT] > Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD. --- .../surface-hub/admin-group-management-for-surface-hub.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md index 5771b3f3c5..05e00d56fe 100644 --- a/devices/surface-hub/admin-group-management-for-surface-hub.md +++ b/devices/surface-hub/admin-group-management-for-surface-hub.md @@ -64,8 +64,11 @@ Surface Hubs use Azure AD join to: - Grant admin rights to the appropriate users in your Azure AD tenant. - Backup the device's BitLocker recovery key by storing it under the account that was used to Azure AD join the device. See [Save your BitLocker key](save-bitlocker-key-surface-hub.md) for details. -> [!IMPORTANT] -> Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD. +### Automatic enrollment via Azure Active Directory join + +Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory. + +For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment). ### Which should I choose? From a382aa03e426e22e73097ddf11a5549c74973fef Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 11 Apr 2019 21:58:17 +0500 Subject: [PATCH 37/78] Updated Location I have updated the location in the doc where the policy has a different location while creating a group policy on the server. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3180 --- .../interactive-logon-machine-inactivity-limit.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index 14740a3224..08badffc52 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -40,6 +40,8 @@ Set the time for elapsed user-input inactivity based on the device’s usage and Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options +Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options (While creating and linking group policy on server) + ### Default values The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. From a8b2c36761f3f04705ebcf260cb9db6a0888544c Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Thu, 11 Apr 2019 16:14:39 -0700 Subject: [PATCH 38/78] Fix for https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3183 --- .../microsoft-defender-atp-mac.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 84ebbf6049..3c3128dfb3 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -347,13 +347,13 @@ For example, this script removes Microsoft Defender ATP from the /Applications d ``` echo "Is WDAV installed?" -ls -ld '/Applications/Microsoft Defender.app' 2>/dev/null +ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null echo "Uninstalling WDAV..." -rm -rf '/Applications/Microsoft Defender.app' +rm -rf '/Applications/Microsoft Defender ATP.app' echo "Is WDAV still installed?" -ls -ld '/Applications/Microsoft Defender.app' 2>/dev/null +ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null echo "Done!" ``` From 1655376e83635677608b44dfc20294169441f88f Mon Sep 17 00:00:00 2001 From: Max Velitchko Date: Thu, 11 Apr 2019 17:26:24 -0700 Subject: [PATCH 39/78] PR feedback --- .../windows-defender-antivirus/microsoft-defender-atp-mac.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 3c3128dfb3..fbe8f28763 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -56,7 +56,7 @@ SIP is a built-in macOS security feature that prevents low-level tampering with ## Installation and configuration overview There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac. In general you'll need to take the following steps: - - Ensure you have a Windows Defender ATP subscription and have access to the ATP Portal + - Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal - Deploy Microsoft Defender ATP for Mac using one of the following deployment methods: * [Microsoft Intune based deployment](#microsoft-intune-based-deployment) * [JAMF based deployment](#jamf-based-deployment) From e7143d234d5bc936699087aa74ce5910809df6d3 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 12 Apr 2019 08:46:03 +0500 Subject: [PATCH 40/78] update use-windows-event-forwarding-to-assist-in-intrusion-detection.md --- ...ndows-event-forwarding-to-assist-in-intrusion-detection.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 12b4fe0205..3a5a569819 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -13,6 +13,10 @@ ms.localizationpriority: medium # Use Windows Event Forwarding to help with intrusion detection +**Applies to** +- Windows 10 +- Windows Server 2016 + Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. Windows Event Forwarding (WEF) reads any operational or administrative event log on a device in your organization and forwards the events you choose to a Windows Event Collector (WEC) server. From fd9f712ad5091fa0823da78efdee61fd04d5c41c Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Fri, 12 Apr 2019 10:14:23 +0200 Subject: [PATCH 41/78] Update distribute-offline-apps.md Added comma. --- store-for-business/distribute-offline-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index ff1b7866b0..e2c2bbca71 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -64,7 +64,7 @@ There are several items to download or create for offline-licensed apps. The app 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Settings**. -3. Under **Shopping Experience** set **Show offline apps** to **On**. +3. Under **Shopping Experience**, set **Show offline apps** to **On**. 4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline** and click **Get the app**, which will add the app to your inventory. 5. Click **Manage**. You now have access to download the appx bundle package metadata & license file. 6. Go to **Products & services**, **Apps & software** (the list may be empty until after some time it will auto-populate with a few office type apps) From e29fb46cac29b99d09d678152b359fab72f15e9b Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Fri, 12 Apr 2019 10:30:46 +0200 Subject: [PATCH 42/78] Update distribute-offline-apps.md Added comma --- store-for-business/distribute-offline-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index e2c2bbca71..540b0f5d24 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -65,7 +65,7 @@ There are several items to download or create for offline-licensed apps. The app 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com). 2. Click **Manage**, and then choose **Settings**. 3. Under **Shopping Experience**, set **Show offline apps** to **On**. -4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline** and click **Get the app**, which will add the app to your inventory. +4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click **Get the app**, which will add the app to your inventory. 5. Click **Manage**. You now have access to download the appx bundle package metadata & license file. 6. Go to **Products & services**, **Apps & software** (the list may be empty until after some time it will auto-populate with a few office type apps) From 1b90f8bcb5a110ef20cab3fe3c5a75c20fe44462 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Fri, 12 Apr 2019 10:46:01 +0200 Subject: [PATCH 43/78] Update distribute-offline-apps.md Added commas and wording. --- store-for-business/distribute-offline-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index 540b0f5d24..5b9af1645f 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -67,7 +67,7 @@ There are several items to download or create for offline-licensed apps. The app 3. Under **Shopping Experience**, set **Show offline apps** to **On**. 4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click **Get the app**, which will add the app to your inventory. 5. Click **Manage**. You now have access to download the appx bundle package metadata & license file. -6. Go to **Products & services**, **Apps & software** (the list may be empty until after some time it will auto-populate with a few office type apps) +6. Go to **Products & services**, and select **Apps & software** (the list may be empty, but it will auto-populate after some time with a few office type apps). - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required. From 53f105e2a7ce9c37e2b4656a6a92433d5975115f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 12 Apr 2019 10:50:45 -0700 Subject: [PATCH 44/78] removing 2016 We can just say Windows Server to apply to all versions --- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 3a5a569819..024554261c 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium **Applies to** - Windows 10 -- Windows Server 2016 +- Windows Server Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. From 7a16dede88fb56d9aaf15c63e267f67a792d11ba Mon Sep 17 00:00:00 2001 From: "H. Poulsen" Date: Fri, 12 Apr 2019 12:26:46 -0700 Subject: [PATCH 45/78] Updated latest news --- windows/deployment/update/windows-as-a-service.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md index 0b1327b761..c020f63f0f 100644 --- a/windows/deployment/update/windows-as-a-service.md +++ b/windows/deployment/update/windows-as-a-service.md @@ -18,14 +18,15 @@ Find the tools and resources you need to help deploy and support Windows as a se Find the latest and greatest news on Windows 10 deployment and servicing. -**Working to make Windows updates clear and transparent** -> [!VIDEO https://www.youtube-nocookie.com/embed/u5P20y39DrA] +**Discovering the Windows 10 Update history pages** +> [!VIDEO https://www.youtube-nocookie.com/embed/GADIXBf9R58] Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. The Windows update history page is for anyone looking to gain an immediate, precise understanding of particular Windows update issues. The latest news:
  • Improving the Windows 10 update experience with control, quality and transparency - April 4, 2019
    • +
  • Call to action: review your Windows Update for Business deferral values - April 3, 2019
  • Windows 10, version 1809 designated for broad deployment - March 28, 2019
  • Data, insights and listening to improve the customer experience - March 6, 2019
  • Getting to know the Windows update history pages - February 21, 2019
    • From 1e437804d34306ae973076fe5fa6f69c9049e6e1 Mon Sep 17 00:00:00 2001 From: illfated Date: Sun, 14 Apr 2019 17:30:00 +0200 Subject: [PATCH 46/78] Inactive machines: typo correction - support ticket ticket Proposed change: Simplify the link text "Open a support ticket ticket." by removing one occurrence of "ticket", making it read simply "Open a support ticket." Closes #3258 --- ...alhty-sensors-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index f6ed806476..e6933232eb 100644 --- a/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -49,7 +49,7 @@ If the machine was offboarded it will still appear in machines list. After 7 day If the machine is not sending any signals for more than 7 days to any of the Windows Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive. -Do you expect a machine to be in ‘Active’ status? [Open a support ticket ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561). +Do you expect a machine to be in ‘Active’ status? [Open a support ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561). ## Misconfigured machines Misconfigured machines can further be classified to: From 429d61aa0a7c2fe38046cce373a7a1e13df8ba0f Mon Sep 17 00:00:00 2001 From: manuelhauch Date: Mon, 15 Apr 2019 13:05:25 +0200 Subject: [PATCH 47/78] Update windows-analytics-azure-portal.md Abbreviation for Azure Active Directory is AAD --- windows/deployment/update/windows-analytics-azure-portal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-azure-portal.md b/windows/deployment/update/windows-analytics-azure-portal.md index 7e923f2c27..5d2c44a281 100644 --- a/windows/deployment/update/windows-analytics-azure-portal.md +++ b/windows/deployment/update/windows-analytics-azure-portal.md @@ -29,7 +29,7 @@ Go to the [Azure portal](https://portal.azure.com), select **All services**, and It's important to understand the difference between Azure Active Directory and an Azure subscription: -**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (AD) is a separate service which sits by itself and is used by all of Azure and also Office 365. +**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (AAD) is a separate service which sits by itself and is used by all of Azure and also Office 365. An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices. From 8f685ada44fec357ab744258e91190336976e149 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Mon, 15 Apr 2019 13:38:47 +0200 Subject: [PATCH 48/78] Update distribute-offline-apps.md Replaced & with 'and', and removed wording. --- store-for-business/distribute-offline-apps.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index 5b9af1645f..352c98fe25 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -63,10 +63,10 @@ There are several items to download or create for offline-licensed apps. The app **To download an offline-licensed app** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, and then choose **Settings**. +2. Click **Manage**. 3. Under **Shopping Experience**, set **Show offline apps** to **On**. 4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click **Get the app**, which will add the app to your inventory. -5. Click **Manage**. You now have access to download the appx bundle package metadata & license file. +5. Click **Manage**. You now have access to download the appx bundle package metadata and license file. 6. Go to **Products & services**, and select **Apps & software** (the list may be empty, but it will auto-populate after some time with a few office type apps). - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. From 420ad46005cf1d8544ada9bb614890a459720a9e Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 15 Apr 2019 05:42:03 -0700 Subject: [PATCH 49/78] Update windows-analytics-azure-portal.md --- windows/deployment/update/windows-analytics-azure-portal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-azure-portal.md b/windows/deployment/update/windows-analytics-azure-portal.md index 5d2c44a281..bbca1ea487 100644 --- a/windows/deployment/update/windows-analytics-azure-portal.md +++ b/windows/deployment/update/windows-analytics-azure-portal.md @@ -29,7 +29,7 @@ Go to the [Azure portal](https://portal.azure.com), select **All services**, and It's important to understand the difference between Azure Active Directory and an Azure subscription: -**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (AAD) is a separate service which sits by itself and is used by all of Azure and also Office 365. +**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365. An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices. From 24cf8df434cd15a60dac762f151a362052e4f256 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 15 Apr 2019 09:29:30 -0700 Subject: [PATCH 50/78] made edits per Trudy --- store-for-business/distribute-offline-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/distribute-offline-apps.md b/store-for-business/distribute-offline-apps.md index 352c98fe25..c9b1df28bd 100644 --- a/store-for-business/distribute-offline-apps.md +++ b/store-for-business/distribute-offline-apps.md @@ -67,7 +67,7 @@ There are several items to download or create for offline-licensed apps. The app 3. Under **Shopping Experience**, set **Show offline apps** to **On**. 4. Click **Shop for my group**. Search for the required inbox-app, select it, change the License type to **Offline**, and click **Get the app**, which will add the app to your inventory. 5. Click **Manage**. You now have access to download the appx bundle package metadata and license file. -6. Go to **Products & services**, and select **Apps & software** (the list may be empty, but it will auto-populate after some time with a few office type apps). +6. Go to **Products & services**, and select **Apps & software**. (The list may be empty, but it will auto-populate after some time.) - **To download app metadata**: Choose the language for the app metadata, and then click **Download**. Save the downloaded app metadata. This is optional. - **To download app package**: Click to expand the package details information, choose the Platform and Architecture combination that you need for your organization, and then click **Download**. Save the downloaded app package. This is required. From 52f0fb4721ca4557c8f0bdd2e9585b806d26f0c5 Mon Sep 17 00:00:00 2001 From: Albert Cabello Serrano Date: Mon, 15 Apr 2019 11:22:07 -0700 Subject: [PATCH 51/78] Update configure-windows-diagnostic-data-in-your-organization.md clarifying diagnostic data endpoints with and without 2018-09 cumulative update or later installed --- ...ure-windows-diagnostic-data-in-your-organization.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index da571eeaf2..5ee34276fb 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -155,14 +155,18 @@ The following table defines the endpoints for Connected User Experiences and Tel Windows release | Endpoint --- | --- -Windows 10, versions 1703 and 1709 | Diagnostics data: v10.vortex-win.data.microsoft.com/collect/v1

    Functional: v20.vortex-win.data.microsoft.com/collect/v1
    Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com/collect/v1
    settings-win.data.microsoft.com -Windows 10, version 1607 | v10.vortex-win.data.microsoft.com

    settings-win.data.microsoft.com +Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed| Diagnostics data: v10c.vortex-win.data.microsoft.com

    Functional: v20.vortex-win.data.microsoft.com
    Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com +Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | Diagnostics data: v10.events.data.microsoft.com

    Functional: v20.vortex-win.data.microsoft.com
    Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com +Windows 10, version 1709 or earlier | Diagnostics data: v10.vortex-win.data.microsoft.com

    Functional: v20.vortex-win.data.microsoft.com
    Windows Advanced Threat Protection is country specific and the prefix changes by country for example: **de**.vortex-win.data.microsoft.com
    settings-win.data.microsoft.com +Windows 7 and Windows 8.1 | vortex-win.data.microsoft.com The following table defines the endpoints for other diagnostic data services: | Service | Endpoint | | - | - | | [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | +| | umwatsonc.events.data.microsoft.com | +| | kmwatsonc.events.data.microsoft.com | | | ceuswatcab01.blob.core.windows.net | | | ceuswatcab02.blob.core.windows.net | | | eaus2watcab01.blob.core.windows.net | @@ -170,7 +174,7 @@ The following table defines the endpoints for other diagnostic data services: | | weus2watcab01.blob.core.windows.net | | | weus2watcab02.blob.core.windows.net | | [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com | -| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 | +| OneDrive app for Windows 10 | vortex.data.microsoft.com | ### Data use and access From 006a9dddcba07e3514175bf17a9a6874fe8617d9 Mon Sep 17 00:00:00 2001 From: wweibull <49656177+wweibull@users.noreply.github.com> Date: Mon, 15 Apr 2019 11:32:12 -0700 Subject: [PATCH 52/78] Update microsoft-recommended-block-rules.md Added two additional researcher to the acknowledgment section. Philip Tsukerman (@PhilipTsukerman) Jimmy Bayne (@bohops) --- .../microsoft-recommended-block-rules.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 8b6d1d2ef7..34fbe7530e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -60,6 +60,8 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you |Lee Christensen|@tifkin_| |Vladas Bulavas | Kaspersky Lab | |Lasse Trolle Borup | Langkjaer Cyber Defence | +|Jimmy Bayne | @bohops | +|Philip Tsukerman | @PhilipTsukerman |
    From f93d126cd940ba20719db93f4953b09cee6786e3 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 15 Apr 2019 12:29:31 -0700 Subject: [PATCH 53/78] fix values --- devices/surface-hub/surface-hub-qos.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index d8b5262549..ed7eea4ce2 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -30,10 +30,10 @@ This procedure explains how to configure QoS for Surface Hub using Microsoft Int Name | Data type | OMA-URI | Value --- | --- | --- | --- - Audio Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | 50240-50279 - Audio DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | 46 - Video Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | 58300-58339 - Video DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | 10 + Audio Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator + Audio DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Get the values from your Skype administrator + Video Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator + Video DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Get the values from your Skype administrator Audio Process Name | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe Video Process Name | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe From 046d1e965fb0589dc65d492248f600764ba1ba8b Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 15 Apr 2019 12:33:53 -0700 Subject: [PATCH 54/78] try to fix table --- devices/surface-hub/surface-hub-qos.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index ed7eea4ce2..5cf199afd0 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -28,14 +28,19 @@ This procedure explains how to configure QoS for Surface Hub using Microsoft Int 3. Add the following custom OMA-URI settings: - Name | Data type | OMA-URI | Value + Name | Data type | OMA-URI
    ./Device/Vendor/MSFT/NetworkQoSPolicy | Value --- | --- | --- | --- - Audio Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator - Audio DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Get the values from your Skype administrator - Video Source Port | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator - Video DSCP | Integer | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Get the values from your Skype administrator - Audio Process Name | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe - Video Process Name | String | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe + Audio Source Port | String | /HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator + Audio DSCP | Integer | /HubAudio/DSCPAction | Get the values from your Skype administrator + Video Source Port | String | /HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator + Video DSCP | Integer | /HubVideo/DSCPAction | Get the values from your Skype administrator + Audio Process Name | String | /HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe + Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe + + >[!IMPORTANT] + >Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be './Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition'. + + 4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm) From 62ef7da5d21cac0130fd5a156fcc1f2fdb714a35 Mon Sep 17 00:00:00 2001 From: DulceMV Date: Mon, 15 Apr 2019 15:30:52 -0700 Subject: [PATCH 55/78] Update portal-overview-windows-defender-advanced-threat-protection.md Added TVM icons --- ...l-overview-windows-defender-advanced-threat-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index 352394a662..9ace9bafb4 100644 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -108,10 +108,13 @@ Icon | Description ![Running icon](images\running.png) | Automated investigation - running ![Remediated icon](images\remediated.png) | Automated investigation - remediated ![Partially investigated icon](images\partially_remediated.png) | Automated investigation - partially remediated +![Threat insights icon](images\tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights +![Possible active alert icon](images\tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert +![Recommendation insights icon](images\tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights ## Related topics - [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) - [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) - [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) -- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) \ No newline at end of file +- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) From c6649f8b48a01128ae86b81c60840b14a9a4a4ff Mon Sep 17 00:00:00 2001 From: DulceMV Date: Mon, 15 Apr 2019 19:12:15 -0700 Subject: [PATCH 56/78] Update portal-overview-windows-defender-advanced-threat-protection.md --- ...ortal-overview-windows-defender-advanced-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index 9ace9bafb4..9128e2354d 100644 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -112,7 +112,6 @@ Icon | Description ![Possible active alert icon](images\tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert ![Recommendation insights icon](images\tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights - ## Related topics - [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) - [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) From 7fd578d8fb2c8178f853a6b0d65e9eb2bfac1c2b Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 16 Apr 2019 10:21:37 +0300 Subject: [PATCH 57/78] added clarification https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3011 --- ...ure-extension-file-exclusions-windows-defender-antivirus.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index 78351fac00..492af0b7b7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -24,6 +24,9 @@ You can exclude certain files from Windows Defender Antivirus scans by modifying Generally, you shouldn't need to apply exclusions. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. +> [!NOTE] +> Automatic exclusions apply only to Windows Server 2016 and above. + >[!TIP] >The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default. From 06749a763a4a67ba05dbacc1c4701382f737ca0b Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 16 Apr 2019 05:30:49 -0700 Subject: [PATCH 58/78] format --- devices/surface-hub/surface-hub-qos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index 5cf199afd0..3d3dfb7447 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -38,7 +38,7 @@ This procedure explains how to configure QoS for Surface Hub using Microsoft Int Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe >[!IMPORTANT] - >Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be './Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition'. + >Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be `./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition`. From b1319ba01ce4ae8b1e147017c924bf0da3e7d2b4 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 16 Apr 2019 18:38:27 +0500 Subject: [PATCH 59/78] Details about screen saver I have added details about screen saver as if the screen saver is not set up this policy doesn't work. So active screen saver on the destination machine is recommended. --- .../interactive-logon-machine-inactivity-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index 08badffc52..49a0c41314 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -24,7 +24,7 @@ Describes the best practices, location, values, management, and security conside ## Reference -Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver. This policy setting allows you to control the locking time by using Group Policy. +Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver(screen saver should be active on the destination machine). This policy setting allows you to control the locking time by using Group Policy. ### Possible values From f242b8fc84d604fba133e54143436cd39a19c8f5 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 16 Apr 2019 07:25:03 -0700 Subject: [PATCH 60/78] fix values --- devices/surface-hub/surface-hub-qos.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index 3d3dfb7447..39463f0d49 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -31,9 +31,9 @@ This procedure explains how to configure QoS for Surface Hub using Microsoft Int Name | Data type | OMA-URI
    ./Device/Vendor/MSFT/NetworkQoSPolicy | Value --- | --- | --- | --- Audio Source Port | String | /HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator - Audio DSCP | Integer | /HubAudio/DSCPAction | Get the values from your Skype administrator + Audio DSCP | Integer | /HubAudio/DSCPAction | 46 Video Source Port | String | /HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator - Video DSCP | Integer | /HubVideo/DSCPAction | Get the values from your Skype administrator + Video DSCP | Integer | /HubVideo/DSCPAction | 34 Audio Process Name | String | /HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe From 972819b2c65e9826ec2125ae782d52f8a06919c8 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 16 Apr 2019 08:02:17 -0700 Subject: [PATCH 61/78] Update interactive-logon-machine-inactivity-limit.md --- .../interactive-logon-machine-inactivity-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index 49a0c41314..2be015772f 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -24,7 +24,7 @@ Describes the best practices, location, values, management, and security conside ## Reference -Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver(screen saver should be active on the destination machine). This policy setting allows you to control the locking time by using Group Policy. +Beginning with Windows Server 2012 and Windows 8, Windows detects user-input inactivity of a sign-in (logon) session by using the security policy setting **Interactive logon: Machine inactivity limit**. If the amount of inactive time exceeds the inactivity limit set by this policy, then the user’s session locks by invoking the screen saver (screen saver should be active on the destination machine). This policy setting allows you to control the locking time by using Group Policy. ### Possible values From 0550e49c2d78bcc441d77369bac085c81e2f3d9d Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 16 Apr 2019 10:03:52 -0500 Subject: [PATCH 62/78] Fixed extra lines 258+259 --- .../customize-exploit-protection.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index d2d4b0adf4..bde9222c86 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -255,8 +255,6 @@ Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlu See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file. - - ## Related topics - [Protect devices from exploits](exploit-protection-exploit-guard.md) From c65767647c2058f94544e4c00ca0fb1ad1ff2179 Mon Sep 17 00:00:00 2001 From: illfated Date: Tue, 16 Apr 2019 22:28:12 +0200 Subject: [PATCH 63/78] DiagnosticLog CSP: ProvderGUID typo correction - providerguid is misspelled as provderguid (3 times) - ProviderGUID is misspelled as ProvderGUID (3 times) This commit corrects those typos described above. Closes #3277 --- windows/client-management/mdm/diagnosticlog-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 4b9157ad49..17d1ddd6e7 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -338,7 +338,7 @@ Delete a provider ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/TraceLevel** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel** Specifies the level of detail included in the trace log. The data type is an integer. @@ -407,7 +407,7 @@ Set provider **TraceLevel** ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/Keywords** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords** Specifies the provider keywords to be used as MatchAnyKeyword for this provider. the data type is a string. @@ -461,7 +461,7 @@ Set provider **Keywords** ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/State** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State** Specifies if this provider is enabled in the trace session. The data type is a boolean. From f13fcf32ca7edbb3bd19b22c2bedb4e5114b1730 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 16 Apr 2019 15:47:14 -0700 Subject: [PATCH 64/78] fixed path for disable dma --- .../bitlocker/bitlocker-group-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index f1d02e941e..eb5cdc5d4b 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/02/2019 +ms.date: 04/16/2019 --- # BitLocker Group Policy settings @@ -392,7 +392,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p | **Policy description** | This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys. | | **Introduced** | Windows 10, version 1703 | | **Drive type** | Operating system drives | -| **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives| +| **Policy path** | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption| | **Conflicts** | None | | **When enabled** | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs in again. | | **When disabled or not configured** | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.| From 14b954bcbe48e39f2767127340d45d235c736f6b Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Tue, 16 Apr 2019 21:13:36 -0700 Subject: [PATCH 65/78] Update index.md --- windows/release-information/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/release-information/index.md b/windows/release-information/index.md index cc36f41dd6..45697f0cda 100644 --- a/windows/release-information/index.md +++ b/windows/release-information/index.md @@ -1 +1,3 @@ -# Welcome to release-information! \ No newline at end of file +# Welcome to release-information! + +test From b6c243615eb49bb1c579bfe4db9105fb79f81b5a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 17 Apr 2019 07:43:58 -0700 Subject: [PATCH 66/78] fixed startup key text --- .../bitlocker/bitlocker-group-policy-settings.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index eb5cdc5d4b..0b3297ec31 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/16/2019 +ms.date: 04/17/2019 --- # BitLocker Group Policy settings @@ -238,11 +238,11 @@ This policy setting is used to control which unlock options are available for op   **Reference** -If you want to use BitLocker on a computer without a TPM, select the **Allow BitLocker without a compatible TPM** check box. In this mode, a USB drive is required for startup. Key information that is used to encrypt the drive is stored on the USB drive, which creates a USB key. When the USB key is inserted, access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable, you need to use one of the BitLocker recovery options to access the drive. +If you want to use BitLocker on a computer without a TPM, select **Allow BitLocker without a compatible TPM**. In this mode, a password or USB drive is required for startup. The USB drive stores the startup key that is used to encrypt the drive. When the USB drive is inserted, the startup key is authenticated and the operating system drive is accessible. If the USB drive is lost or unavailable, BitLocker recovery is required to access the drive. -On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use: +On a computer with a compatible TPM, additional authentication methods can be used at startup to improve protection for encrypted data. When the computer starts, it can use: -- only the TPM for authentication +- only the TPM - insertion of a USB flash drive containing the startup key - the entry of a 4-digit to 20-digit personal identification number (PIN) - a combination of the PIN and the USB flash drive From 7ed6b33fcd34fd1a55309c875a7564dc342a2640 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 17 Apr 2019 09:07:00 -0700 Subject: [PATCH 67/78] revised differences section --- .../create-wip-policy-using-intune-azure.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 884f52875c..38a86efebf 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,10 +11,10 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/12/2019 +ms.date: 04/17/2019 --- -# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune +# Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune **Applies to:** @@ -25,6 +25,8 @@ Microsoft Intune has an easy way to create and deploy a Windows Information Prot ## Differences between MDM and MAM for WIP +You can create an app protection policy in Intune either with device enrollment for MDM or without device enrollment for MAM. The process to create either policy is similar, but there are important differences: + - If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. - MAM supports only one user per device. - MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md). From 3b556ae012a3ec952df657f12e10082f3a1894f3 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 17 Apr 2019 10:16:00 -0700 Subject: [PATCH 68/78] revised GP location --- ...your-organization-for-bitlocker-planning-and-policies.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index e6b09cec2e..86ebe29111 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/28/2019 +ms.date: 04/17/2019 --- # Prepare your organization for BitLocker: Planning and policies @@ -163,9 +163,9 @@ Full drive encryption means that the entire drive will be encrypted, regardless ## Active Directory Domain Services considerations -BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following Group Policy setting to enable backup of BitLocker recovery information: +BitLocker integrates with Active Directory Domain Services (AD DS) to provide centralized key management. By default, no recovery information is backed up to Active Directory. Administrators can configure the following Group Policy setting for each drive type to enable backup of BitLocker recovery information: -Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Turn on BitLocker backup to Active Directory Domain Services +Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\*drive type*\\Choose how BitLocker protected drives can be recovered. By default, only Domain Admins have access to BitLocker recovery information, but [access can be delegated to others](https://blogs.technet.microsoft.com/craigf/2011/01/26/delegating-access-in-ad-to-bitlocker-recovery-information/). From 433deba19a73275feb20a23639f7dea566e57f2e Mon Sep 17 00:00:00 2001 From: mstojens <45110146+mstojens@users.noreply.github.com> Date: Wed, 17 Apr 2019 10:37:19 -0700 Subject: [PATCH 69/78] Corrected UseProxyForLocalAddresses error Switched definitions of 0 and 1 for UseProxyForLocalAddresses (should be 0 use proxy for local, 1 means don't). --- windows/client-management/mdm/networkproxy-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 563f13334a..6a783571df 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -76,8 +76,8 @@ The data type is string. Supported operations are Get and Replace. Starting in W Specifies whether the proxy server should be used for local (intranet) addresses.  Valid values:
      -
    • 0 (default) - Do not use proxy server for local addresses
      • -
    • 1 - Use proxy server for local addresses
      • +
    • 0 (default) - Use proxy server for local addresses
      • +
    • 1 - Do not use proxy server for local addresses
    The data type is int. Supported operations are Get and Replace. Starting in Window 10, version 1803, the Delete operation is also supported. From d9d2586af76420b8cc9b7d873d992f85310d7345 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 17 Apr 2019 11:47:00 -0700 Subject: [PATCH 70/78] add back in vanished page updates --- .../change-history-for-configure-windows-10.md | 1 + windows/configuration/kiosk-prepare.md | 11 ++++++----- windows/configuration/kiosk-single-app.md | 2 ++ .../lock-down-windows-10-to-specific-apps.md | 3 ++- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 954454df28..1bee65476e 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -21,6 +21,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md) New or changed topic | Description --- | --- [Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Added information for Shell Launcher v2, coming in the next feature update to Windows 10. +[Prepare a device for kiosk configuration](kiosk-prepare.md) | Added new recommendations for policies to manage updates. ## February 2019 diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index f484267983..436a96f0a8 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -8,7 +8,6 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.localizationpriority: medium -ms.date: 01/09/2019 ms.topic: article --- @@ -31,12 +30,14 @@ ms.topic: article ## Configuration recommendations -For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk: +For a more secure kiosk experience, we recommend that you make the following configuration changes to the device before you configure it as a kiosk: Recommendation | How to --- | --- -Hide update notifications
    (New in Windows 10, version 1809) | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**
    -or-
    Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)
    -or-
    Add the following registry keys as DWORD (32-bit) type:
    `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetUpdateNotificationLevel` with a value of `1`, and `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\UpdateNotificationLevel` with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings. -Replace "blue screen" with blank screen for OS errors | Add the following registry key as DWORD (32-bit) type with a value of `1`:

    `HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled` +Hide update notifications
    (New in Windows 10, version 1809) | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Display options for update notifications**
    -or-
    Use the MDM setting **Update/UpdateNotificationLevel** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel)
    -or-
    Add the following registry keys as type DWORD (32-bit) in the path of **HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate**:
    **\SetUpdateNotificationLevel** with a value of `1`, and **\UpdateNotificationLevel** with a value of `1` to hide all notifications except restart warnings, or value of `2` to hide all notifications, including restart warnings. +Enable and schedule automatic updates | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Configure Automatic Updates**, and select `option 4 (Auto download and schedule the install)`
    -or-
    Use the MDM setting **Update/AllowAutoUpdate** from the [**Policy/Update** configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate), and select `option 3 (Auto install and restart at a specified time)`

    **Note:** Installations can take from between 30 minutes and 2 hours, depending on the device, so you should schedule updates to occur when a block of 3-4 hours is available.

    To schedule the automatic update, configure **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. +Enable automatic restart at the scheduled time | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\Windows Components\\Windows Update\\Always automatically restart at the scheduled time** +Replace "blue screen" with blank screen for OS errors | Add the following registry key as DWORD (32-bit) type with a value of `1`:

    **HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\DisplayDisabled** Put device in **Tablet mode**. | If you want users to be able to use the touch (on screen) keyboard, go to **Settings** > **System** > **Tablet mode** and choose **On.** Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign. Hide **Ease of access** feature on the sign-in screen. | See [how to disable the Ease of Access button in the registry.](https://docs.microsoft.com/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen) Disable the hardware power button. | Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**. @@ -67,7 +68,7 @@ In addition to the settings in the table, you may want to set up **automatic log >[!NOTE]   >If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).   - + 2. Go to **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\WindowsNT\CurrentVersion\Winlogon** diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 6fb60b7a45..18eee13ef9 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -42,6 +42,8 @@ Method | Description >[!TIP] >You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile). +> +>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk. diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index f704538ec1..74acffcf3a 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -40,7 +40,8 @@ New features and improvements | In update You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision). - +>[!TIP] +>Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk. ## Configure a kiosk in Microsoft Intune From aa233efb5f840cb5708419e6fdb4e95a59e4fcd0 Mon Sep 17 00:00:00 2001 From: Beth Levin <40870842+levinec@users.noreply.github.com> Date: Wed, 17 Apr 2019 15:46:33 -0700 Subject: [PATCH 71/78] Update next-gen-threat-and-vuln-mgt.md --- .../windows-defender-atp/next-gen-threat-and-vuln-mgt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md index d83dc2575a..cefa8aada0 100644 --- a/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -2,7 +2,7 @@ title: Next-generation Threat & Vulnerability Management description: This new capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. keywords: threat and vulnerability management, MDATP-TVM, vulnerability management, threat and vulnerability scanning -search.product: Windows 10 +search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy From a434847bc660b00c02a91121ce8e58b7a99ca187 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 17 Apr 2019 15:54:49 -0700 Subject: [PATCH 72/78] Update tvm-dashboard-insights.md --- .../windows-defender-atp/tvm-dashboard-insights.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md index 9613ef139d..af2aff1186 100644 --- a/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md @@ -1,10 +1,10 @@ --- title: What's in the dashboard and what it means for my organization's security posture -description: -keywords: -search.product: Windows 10 +description: What's in the Threat & Vulnerability Management dashboard and how it can help SecOps and Security Administrators arrive at informed decisions in addressing cybersecurity threat vulnerabilities and building their organization's security resilience. +keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score +search.product: eADQiWindows 10XVcnh search.appverid: met150 -ms.prod: w10 +ms.prod: eADQiWindows 10XVcnh ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security From 91a645528d3aeb1553a343c4ad951375b2225864 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 17 Apr 2019 16:26:46 -0700 Subject: [PATCH 73/78] Update configuration-score.md --- .../windows-defender-atp/configuration-score.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configuration-score.md b/windows/security/threat-protection/windows-defender-atp/configuration-score.md index 746d31cc8f..bb6764a9a3 100644 --- a/windows/security/threat-protection/windows-defender-atp/configuration-score.md +++ b/windows/security/threat-protection/windows-defender-atp/configuration-score.md @@ -2,7 +2,7 @@ title: Overview of Configuration score in Microsoft Defender Security Center description: Expand your visibility into the overall security configuration posture of your organization keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline -search.product: Windows 10 +search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy From d9fb2eb5d3f3e2f65a87e2cf00944aea27f8c80c Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 17 Apr 2019 16:32:39 -0700 Subject: [PATCH 74/78] Update threat-and-vuln-mgt-scenarios.md --- .../windows-defender-atp/threat-and-vuln-mgt-scenarios.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md index a88e212a95..1e60255cf2 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -1,8 +1,8 @@ --- title: Threat & Vulnerability Management scenarios -description: -keywords: -search.product: Windows 10 +description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when collaborating with IT Administrators and SecOps while protecting their organization from cybersecurity threats. +keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls +search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy From 7711732617d0bd6755461a43358fb78e0d84d3d7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 18 Apr 2019 15:51:15 -0700 Subject: [PATCH 75/78] content for interoperability --- windows/security/threat-protection/TOC.md | 4 ++ .../windows-defender-atp/TOC.md | 4 ++ .../partner-applications.md | 64 +++++++++++++++++++ .../whats-new-in-windows-defender-atp.md | 4 +- 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/partner-applications.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 178b297aa0..0cf1107dd2 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -345,6 +345,10 @@ ###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md) ###### [Machine health and compliance reports](windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md) +##### Interoperability +###### [Partner applications](windows-defender-atp/partner-applications.md) + + ##### Role-based access control ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) ####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 3ac4481724..635860ba03 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -338,6 +338,10 @@ ##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md) ##### [Machine health and compliance reports](machine-reports-windows-defender-advanced-threat-protection.md) + +#### Interoperability +##### [Partner applications](partner-applications.md) + #### Role-based access control ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) ###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/partner-applications.md b/windows/security/threat-protection/windows-defender-atp/partner-applications.md new file mode 100644 index 0000000000..b622280ea5 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/partner-applications.md @@ -0,0 +1,64 @@ +--- +title: Partner applications in Microsoft Defender ATP +description: View supported partner connections so enhance the detection, investigation, and threat intelligence capabilities of the platform +keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Partner applications in Microsoft Defender ATP +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + + +Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. + + +The support for third-party solutions help to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender ATP; enabling security teams to effectively respond better to modern threats. + +Microsoft Defender ATP seamlessly integrates with existing security solutions - providing out of the box integration with SIEM, ticketing and IT service management solutions, managed security service providers (MSSP), IoC indicators ingestions and matching, automated device investigation and remediation based on external alerts, and integration with Security orchestration and automation response (SOAR) systems. + +## SIEM integration +Microsoft Defender ATP supports SIEM integration through a variety of methods specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md). + +## Ticketing and IT service management +Ticketing solution integration helps to implement manual and automatic response processes. Microsoft Defender ATP can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. + +## Security orchestration and automation response (SOAR) integration +Orchestration solutions can help build playbooks and integrate the rich data model and actions that Microsoft Defender ATP APIs expose to orchestrate responses, such as query for device data, trigger machine isolation, block/allow, resolve alert and others. + +## External alert correlation and Automated investigation and remediation +Microsoft Defender ATP offers unique automated investigation and remediation capabilities to drive incident response at scale. + +Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices. + +External alerts can be pushed into Microsoft Defender ATP and is presented side-by-side with additional device-based alerts from Microsoft Defender ATP. This view provides a full context of the alert - with the real process and the full story of attack. + +## Indicators matching +You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs). + +Microsoft Defender ATP allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when theres a match. + +Microsoft Defender ATP currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators. + +## Support for non-Windows platforms +Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. This experience leverages on a third-party security products sensor data giving you a unified experience. + + + + + + + diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 6d2c512257..f9ac32f49d 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -25,10 +25,12 @@ Here are the new features in the latest release of Windows Defender ATP as well ## April 2019 ### In preview -The following capability is included in the April 2019 preview release. +The following capabilities are included in the April 2019 preview release. - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt)
    A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. +- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/partner-applications)
    Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. + ## March 2019 ### In preview The following capability are included in the March 2019 preview release. From b40996040a1af9ebe7fdc35158bc47ac4b396cba Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 18 Apr 2019 15:54:03 -0700 Subject: [PATCH 76/78] Update partner-applications.md content for partner integration --- .../windows-defender-atp/partner-applications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/partner-applications.md b/windows/security/threat-protection/windows-defender-atp/partner-applications.md index b622280ea5..24ba042fc8 100644 --- a/windows/security/threat-protection/windows-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/windows-defender-atp/partner-applications.md @@ -1,6 +1,6 @@ --- title: Partner applications in Microsoft Defender ATP -description: View supported partner connections so enhance the detection, investigation, and threat intelligence capabilities of the platform +description: View supported partner applications to enhance the detection, investigation, and threat intelligence capabilities of the platform keywords: partners, applications, third-party, connections, sentinelone, lookout, bitdefender, corrata, morphisec, paloalto, ziften, better mobile search.product: eADQiWindows 10XVcnh search.appverid: met150 From cbfd8b30f63d341b922550e3bd77ec48d6adc539 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 18 Apr 2019 15:58:54 -0700 Subject: [PATCH 77/78] remove allowed blocked naming --- .openpublishing.redirection.json | 5 +++++ windows/security/threat-protection/TOC.md | 2 +- ...er-advanced-threat-protection.md => manage-indicators.md} | 0 3 files changed, 6 insertions(+), 1 deletion(-) rename windows/security/threat-protection/windows-defender-atp/{manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md => manage-indicators.md} (100%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ab677cc666..f6b41f4ac4 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -13944,5 +13944,10 @@ "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics", "redirect_document_id": true }, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", +"redirect_document_id": true +}, ] } diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 0cf1107dd2..32688a8c55 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -393,7 +393,7 @@ #####Rules ###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md) ###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) -###### [Manage allowed/blocked lists](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +###### [Manage indicators](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) ###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) ###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-indicators.md similarity index 100% rename from windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md rename to windows/security/threat-protection/windows-defender-atp/manage-indicators.md From ef439f7b5b0c17df6a43dbbdf6133d362d7250bd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 18 Apr 2019 16:01:13 -0700 Subject: [PATCH 78/78] update toc update toc --- windows/security/threat-protection/TOC.md | 2 +- windows/security/threat-protection/windows-defender-atp/TOC.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 32688a8c55..3feed9a1fa 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -393,7 +393,7 @@ #####Rules ###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md) ###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) -###### [Manage indicators](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +###### [Manage indicators](windows-defender-atp/manage-indicators.md) ###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) ###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index 635860ba03..3a56abbd31 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -378,7 +378,7 @@ ####Rules ##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md) ##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) -##### [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +##### [Manage indicators](manage-indicators.md) ##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) ##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)