Merged PR 6437: 3/16 PM Publish

windows/client-management/mdm/TOC.md

@@ -217,6 +217,7 @@
 #### [InternetExplorer](policy-csp-internetexplorer.md)
 #### [Kerberos](policy-csp-kerberos.md)
 #### [KioskBrowser](policy-csp-kioskbrowser.md)
+#### [LanmanWorkstation](policy-csp-lanmanworkstation.md)
 #### [Licensing](policy-csp-licensing.md)
 #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
 #### [Location](policy-csp-location.md)

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -2535,7 +2535,6 @@ The following list shows the configuration service providers supported in Window
 | [DeveloperSetup CSP](developersetup-csp.md)   | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)2   (Provisioning only)|
 | [DeviceStatus CSP](devicestatus-csp.md)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)  |
 | [DevInfo CSP](devinfo-csp.md)  | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
-| [DiagnosticLog CSP](diagnosticlog-csp.md)  | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)    |
 | [DMAcc CSP](dmacc-csp.md)      | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
 | [DMClient CSP](dmclient-csp.md)    | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)       |
 | [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)       |

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -1170,6 +1170,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li>KioskBrowser/EnableHomeButton</li>
 <li>KioskBrowser/EnableNavigationButtons</li>
 <li>KioskBrowser/RestartOnIdleTime</li>
+<li>LanmanWorkstation/EnableInsecureGuestLogons</li>
 <li>LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon</li> 
 <li>LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia</li> 
 <li>LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters</li> 

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -1906,6 +1906,14 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### LanmanWorkstation  policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-lanmanworkstation.md#lanmanworkstation-enableinsecureguestlogons" id="lanmanworkstation-enableinsecureguestlogons">LanmanWorkstation/EnableInsecureGuestLogons</a>
+  </dd>
+</dl>
+
 ### Licensing policies
 
 <dl>

windows/client-management/mdm/policy-csp-lanmanworkstation.md

@@ -0,0 +1,106 @@
+---
+title: Policy CSP - LanmanWorkstation
+description: Policy CSP - LanmanWorkstation
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 03/16/2018
+---
+
+# Policy CSP - LanmanWorkstation
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## LanmanWorkstation policies  
+
+<dl>
+  <dd>
+    <a href="#lanmanworkstation-enableinsecureguestlogons">LanmanWorkstation/EnableInsecureGuestLogons</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="lanmanworkstation-enableinsecureguestlogons"></a>**LanmanWorkstation/EnableInsecureGuestLogons**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Added in Windows 10, version 1803. This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
+
+If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.
+
+If you disable this policy setting, the SMB client will reject insecure guest logons.
+
+Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Enable insecure guest logons*
+-   GP name: *Pol_EnableInsecureGuestLogons*
+-   GP ADMX file name: *LanmanWorkstation.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+-   4 - Added in Windows 10, version 1803.
+
+<!--/Policies-->
+

windows/deployment/windows-10-deployment-scenarios.md

@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.sitesec: library
-ms.date: 01/10/2018
+ms.date: 03/16/2018
 author: greg-lindsay
 ---
 
@@ -36,7 +36,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
       Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured.
     </td>
     <td align="center" style="width:16%; border:1;"> 
-<a href="https://docs.microsoft.com/en-us/windows/deployment/windows-10-autopilot">Overview of Windows AutoPilot</a>
+<a href="https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot">Overview of Windows AutoPilot</a>
     </td>
   </tr>
   <tr>

windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 10/23/2017
+ms.date: 03/16/2018
 ---
 # Create and build Power BI reports using Windows Defender ATP data
 
@@ -32,33 +32,94 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
 Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization. 
 
 You can easily get started by:
-- Creating a dashboard on the Power BI service 
+- Creating a dashboard on the Power BI service:
+  - From the Windows Defender ATP portal or 
+  - From the Power BI portal
 - Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization 
 
 You can access these options from the Windows Defender ATP portal. Both the Power BI service and Power BI Desktop are supported. 
 
-## Create a Windows Defender ATP dashboard on Power BI service
+## Create a Power BI dashboard from the Windows Defender ATP portal
 Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
 
 1. In the navigation pane, select **Preferences setup** > **Power BI reports**.
-
-2.	Click **Create dashboard**. This opens up a new tab in your browser and loads the Power BI service with data from your organization.
-
+    
     ![Preferences setup with create dashboard button](images/atp-create-dashboard.png)
 
+2.	Click **Create dashboard**. You'll see a notification that things are being loaded. 
+
+    ![Image of loading](images/atp-loading.png)
+
+
+3. Specify the following details:
+    - **extensionDataSourceKind**: WDATPConnector
+    - **extensionDataSourcePath**: WDATPConnector
+    - **Authentication method**: OAuth2
+
+    ![Image of Power BI authentication method](images/atp-powerbi-extension.png)
+
+4. Click **Sign in**. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+
+      ![Consent image](images/atp-powerbi-accept.png)
+
+5.	Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
+
+    ![Image of importing data](images/atp-powerbi-importing.png)
+    
     >[!NOTE]
-    >Loading your data in the Power BI service can take a few minutes.
+    >Depending on the number of onboarded machines, loading your data in the Power BI service can take several minutes. A larger number of machines might take longer to load. 
 
-3. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+    When importing data is completed and the dataset is ready, you’ll the following notification:
 
-      ![Consent image](images/atp-powerbi-consent.png)
+    ![Image of dataset is ready](images/atp-data-ready.png)
 
-4.	Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. 
+6. Click **View dataset** to explore your data.
 
-When the dashboard is ready, you’ll get a notification within the Power BI website. Use the link in the portal to the Power BI console after creating the dashboard.
 
 For more information, see [Create a Power BI dashboard from a report](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-create-a-dashboard/).
 
+
+## Create a Power BI dashboard from the Power BI portal
+
+1. Login to [Power BI](https://powerbi.microsoft.com/).
+
+2. Click **Get Data**.
+
+3. Select **Microsoft AppSource** > **My Organization** > **Get**.
+
+    ![Image of Microsoft AppSource to get data](images/atp-get-data.png)
+
+4. In the AppSource window, select **Apps** and search for Windows Defender Advanced Threat Protection.
+
+    ![Image of AppSource to get Windows Defender ATP](images/atp-appsource.png)
+
+5. Click **Get it now**.
+
+6. Specify the following details:
+    - **extensionDataSourceKind**: WDATPConnector
+    - **extensionDataSourcePath**: WDATPConnector
+    - **Authentication method**: OAuth2
+
+    ![Image of Power BI authentication method](images/atp-powerbi-extension.png)
+
+7. Click **Sign in**. If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
+
+      ![Consent image](images/atp-powerbi-accept.png)
+
+8.	Click **Accept**. Power BI service will start downloading your Windows Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
+
+    ![Image of importing data](images/atp-powerbi-importing.png)
+    
+    >[!NOTE]
+    >Depending on the number of onboarded machines, loading your data in the Power BI service can take several minutes. A larger number of machines might take longer to load. 
+
+    When importing data is completed and the dataset is ready, you’ll the following notification:
+
+    ![Image of dataset is ready](images/atp-data-ready.png)
+
+9. Click **View dataset** to explore your data.
+
+
 ## Build a custom Windows Defender ATP dashboard in Power BI Desktop
 You can create a custom dashboard in Power BI Desktop to create visualizations that cater to the specific views that your organization requires.  
 
@@ -93,9 +154,9 @@ After completing the steps in the Before you begin section, you can proceed with
 
 1.	Open WDATPPowerBI.pbit from the zip with Power BI Desktop.
 
-2.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+2.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
 
-    ![Consent image](images/atp-powerbi-consent.png)
+    ![Consent image](images/atp-powerbi-accept.png)
 
 3.	Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
 
@@ -112,9 +173,9 @@ You can use Power BI Desktop to analyse data from Windows Defender ATP and mash
 
     ![Power BI preview connector](images/atp-powerbi-preview.png) 
 
-4.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, and access your data.
+4.	If this is the first time you’re using Power BI with Windows Defender ATP, you’ll need to sign in and give consent to Windows Defender ATP Power BI app. By providing consent, you’re allowing Windows Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
 
-    ![Consent image](images/atp-powerbi-consent.png)
+    ![Consent image](images/atp-powerbi-accept.png)
 
 5.	Click **Accept**. Power BI Desktop will start downloading your Windows Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.