deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #901 from MicrosoftDocs/public

Browse Source 
Public to master
This commit is contained in:
Dani Halfin 2019-08-14 15:55:25 -07:00 committed by GitHub
commit a1030ae546
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
222 changed files with 3354 additions and 3411 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
View File

@ -6,7 +6,8 @@ author: dansimp
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.author: dansimp
title: Collect data using Enterprise Site Discovery
ms.sitesec: library

2
browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
View File

@ -6,7 +6,7 @@ author: lomayor
ms.prod: ie11
ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
ms.reviewer:
audience: itpro manager: dansimp
manager: dansimp
ms.author: lomayor
title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
View File

@ -6,7 +6,7 @@ author: lomayor
ms.prod: ie11
ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
ms.reviewer:
audience: itpro manager: dansimp
manager: dansimp
ms.author: lomayor
title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library

2
browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
View File

@ -6,7 +6,7 @@ author: lomayor
ms.prod: ie11
ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
ms.reviewer:
audience: itpro manager: dansimp
manager: dansimp
ms.author: lomayor
title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library

2
devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
View File

@ -2,8 +2,6 @@
title: General Data Privacy Regulation and Surface Hub
description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub.
ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186
ms.reviewer:
manager:
keywords: GDPR
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
View File

@ -2,8 +2,6 @@
title: What to do if the Connect app in Surface Hub exits unexpectedly
description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs.
ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec
ms.reviewer:
manager:
keywords: surface, hub, connect, input, displayport
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
View File

@ -2,8 +2,6 @@
title: Known issues and additional information about Microsoft Surface Hub
description: Outlines known issues with Microsoft Surface Hub.
ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7
ms.reviewer:
manager:
keywords: surface, hub, issues
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
View File

@ -2,8 +2,6 @@
title: Surface Hub may install updates and restart outside maintenance hours
description: troubleshooting information for Surface Hub regarding automatic updates
ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA
ms.reviewer:
manager:
keywords: surface hub, maintenance window, update
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/surface-hub-update-history.md
View File

@ -2,8 +2,6 @@
title: Surface Hub update history
description: Surface Hub update history
ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34
ms.reviewer:
manager:
keywords:
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
View File

@ -2,8 +2,6 @@
title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f
ms.reviewer:
manager:
keywords:
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
View File

@ -2,8 +2,6 @@
title: How to use cloud recovery for BitLocker on a Surface Hub
description: How to use cloud recovery for BitLocker on a Surface Hub
ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d
ms.reviewer:
manager:
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: surface-hub
ms.sitesec: library

2
devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
View File

@ -2,8 +2,6 @@
title: Using the Surface Hub Hardware Diagnostic Tool to test a device account
description: Using the Surface Hub Hardware Diagnostic Tool to test a device account
ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c
ms.reviewer:
manager:
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: surface-hub
ms.sitesec: library

38
devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
View File

@ -1,5 +1,5 @@
---
title: Download the latest firmware and drivers for Surface devices (Surface)
title: Deploy the latest firmware and drivers for Surface devices (Surface)
description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
ms.reviewer:
@ -11,27 +11,43 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: dansimp
ms.date: 11/15/2018
ms.date: 08/13/2018
ms.author: dansimp
ms.topic: article
---
# Deploying the latest firmware and drivers for Surface devices
# Deploy the latest firmware and drivers for Surface devices
Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment.
## Downloading MSI files
## Download MSI files
To download MSI files, refer to the following Microsoft Support page:
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)<br>
Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
## Deploying MSI files
Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
Driver and firmware updates for Surface devices consisting of all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
The MSI file names contain useful information including the minimum supported Windows build number required to install the drivers and firmware. For example, to install the drivers contained in SurfaceBook_Win10_17763_19.080.2031.0.msi requires Windows 10 Fall Creators Update version 1709 or later installed on your Surface Book.
To view build numbers for each version, refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information).
### Surface MSI naming convention
Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build number and version number, and ending with the revision of version number. SurfacePro6_Win10_16299_1900307_0.msi is classified as follows:
Beginning in August 2019, MSI files use the following naming formula:
- Product > Windows release > Windows build number > Version number > Revision of version number (typically zero).
**Example:**
SurfacePro6_Win10_18362_19.073.44195_0.msi :
| Product | Windows release | Build | Version | Revision of version |
| --- | --- | --- | --- | --- |
| SurfacePro6 | Win10 | 18362 | 19.073.44195 | 0 |
| | | | Indicates key date and sequence information. | Indicates release history of the update. |
| | | | **19:** Signifies the year (2019).<br>**073**: Signifies the month (July) and week of the release (3). <br>**44195**: Signifies the minute of the month that the MSI file was created. |**0:** Signifies it's the first release of version 1907344195 and has not been re-released for any reason. |
### Legacy Surface MSI naming convention
Legacy MSI files prior to August 2019 followed the same overall naming formula but used a different method to derive the version number.
**Example:**
SurfacePro6_Win10_16299_1900307_0.msi :
@ -39,8 +55,8 @@ SurfacePro6_Win10_16299_1900307_0.msi :
| Product | Windows release | Build | Version | Revision of version |
| --- | --- | --- | --- | --- |
| SurfacePro6 | Win10 | 16299 | 1900307 | 0 |
| | | | Indicates key date and sequence information | Indicates release history of the MSI file |
| | | | **19:** Signifies the year (2019)<br>**003**: Signifies that its the third release of 2019<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
| | | | Indicates key date and sequence information. | Indicates release history of the MSI file. |
| | | | **19:** Signifies the year (2019)<br>**003**: Signifies that its the third release of 2019.<br>**07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
Look to the **version** number to determine the latest files that contain the most recent security updates. For example, you might need to install the newest file from the following list:
@ -60,9 +76,9 @@ There are no downloadable firmware or driver updates available for Surface devic
For more information about deploying Surface drivers and firmware, refer to:
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates).
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business).
- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business)
 

12
mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
View File

@ -272,15 +272,17 @@ As an AGPM Administrator (Full Control), you designate the e-mail addresses of A
**To configure e-mail notification for AGPM**
1. In the details pane, click the **Domain Delegation** tab.
1. In **Group Policy Management Editor** , navigate to the **Change Control** folder
2. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
2. In the details pane, click the **Domain Delegation** tab.
3. In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role.
3. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent.
4. In the **SMTP server** field, type a valid SMTP mail server.
4. In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role.
5. In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**.
5. In the **SMTP server** field, type a valid SMTP mail server.
6. In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**.
### <a href="" id="bkmk-config5"></a>Step 5: Delegate access

4
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -222,7 +222,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file:
``` syntax
```xml
<Configuration>
<Add SourcePath= \\Server\Office2016” OfficeClientEdition="32" >
<Product ID="O365ProPlusRetail ">
@ -633,7 +633,7 @@ You may want to disable specific applications in your Office App-V package. For
5. Add the Office 2016 App-V Package with the new Deployment Configuration File.
``` syntax
```xml
<Application Id="[{AppVPackageRoot}]\office16\lync.exe" Enabled="true">
<VisualElements>
<Name>Lync 2016</Name>

4
mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md
View File

@ -43,9 +43,7 @@ You must configure the package converter to always save the package ingredients
Import-Module AppVPkgConverter
```
3.
The following cmdlets are available:
3. The following cmdlets are available:
- Test-AppvLegacyPackage This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.

1
mdop/docfx.json
View File

@ -27,6 +27,7 @@
"ms.technology": "windows",
"audience": "ITPro",
"manager": "dansimp",
"ms.prod": "w10",
"ms.author": "dansimp",
"author": "dansimp",
"ms.sitesec": "library",

2
mdop/medv-v1/configuring-med-v-for-remote-networks.md
View File

@ -53,7 +53,7 @@ When applying new settings, the service must be restarted.
- You can change the IIS authentication scheme to one of the following: BASIC, DIGEST, NTLM, or NEGOTIATE. The default is NEGOTIATE and uses the following entry:
``` syntax
```xml
<ImageDistribution>
<!-- The authentication used for image download. Basic and digest authentication should be used only under SSL.-->
<!-- The line below can be one of the following: -->

2
mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md
View File

@ -32,7 +32,7 @@ You can configure which folders are indexed on the host as part of the Trim Tran
When applying new settings, the service must be restarted.
``` syntax
```xml
<HostIndexingXP type="System.String[]">
- <ArrayOfString>
<string>%WINDIR%</string>

6
windows/client-management/mdm/applocker-csp.md
View File

@ -830,7 +830,7 @@ The following list shows the apps that may be included in the inbox.
The following example disables the calendar application.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
@ -854,7 +854,7 @@ The following example disables the calendar application.
The following example blocks the usage of the map application.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
@ -1394,7 +1394,7 @@ In this example, **MobileGroup0** is the node name. We recommend using a GUID fo
## Example for Windows 10 Holographic for Business
The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of [inbox apps](#inboxappsandcomponents) to enable to enable a working device, as well as Settings.
``` syntax
```xml
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
Name="Whitelist BackgroundTaskHost"

2
windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
View File

@ -653,7 +653,7 @@ An alert is send to the MDM server in DM package\#1.
Here's an example.
``` syntax
```xml
<SyncBody>
<Alert>
<CmdID>1</CmdID>

4
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -372,7 +372,7 @@ Data type is string.
Enroll a client certificate through SCEP.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Atomic>
@ -571,7 +571,7 @@ Enroll a client certificate through SCEP.
Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate fro "My" store.
``` syntax
```xml
<SyncML>
<SyncBody>
<Delete>

2
windows/client-management/mdm/cm-proxyentries-csp.md
View File

@ -90,7 +90,7 @@ Specifies the username used to connect to the proxy.
To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection.
``` syntax
```xml
<wap-provisioningdoc>
<characteristic type="CM_ProxyEntries">
<nocharacteristic type="GPRS_Proxy"/>

2
windows/client-management/mdm/defender-csp.md
View File

@ -215,7 +215,7 @@ Supported product status values:
Example:
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncBody>
<Get>

2
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -73,7 +73,7 @@ When the PC is already enrolled in MDM, you can remotely collect logs from the P
Example: Enable the Debug channel logging
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>

2
windows/client-management/mdm/dmacc-csp.md
View File

@ -262,7 +262,7 @@ Stores specifies which certificate stores the DM client will search to find the
Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
``` syntax
```xml
<parm name="SSLCLIENTCERTSEARCHCRITERIA"
value="Subject=CN%3DTester,O%3DMicrosoft&amp;Stores=My%5CUser" />
```

10
windows/client-management/mdm/eap-configuration.md
View File

@ -56,7 +56,7 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
9. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
``` syntax
```powershell
Get-VpnConnection -Name Test
```
@ -80,17 +80,17 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
IdleDisconnectSeconds : 0
```
``` syntax
```powershell
$a = Get-VpnConnection -Name Test
```
``` syntax
```powershell
$a.EapConfigXmlStream.InnerXml
```
Here is an example output
``` syntax
```xml
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.co
m/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorTy
pe xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisi
@ -158,7 +158,7 @@ The following XML sample explains the properties for the EAP TLS XML including c
 
``` syntax
```xml
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<EapMethod>
<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>

11
windows/client-management/mdm/healthattestation-csp.md
View File

@ -314,7 +314,7 @@ For DHA-OnPrem & DHA-EMC scenarios, send a SyncML command to the HASEndpoint nod
The following example shows a sample call that instructs a managed device to communicate with an enterprise managed DHA-Service.
``` syntax
```xml
<Replace>
<CmdID>1</CmdID>
<Item>
@ -334,7 +334,7 @@ Send a SyncML call to start collection of the DHA-Data.
The following example shows a sample call that triggers collection and verification of health attestation data from a managed device.
``` syntax
```xml
<Exec>
<CmdID>1</CmdID>
<Item>
@ -364,7 +364,7 @@ After the client receives the health attestation request, it sends a response. T
Here is a sample alert that is issued by DHA_CSP:
``` syntax
```xml
<Alert>
<CmdID>1</CmdID>
<Data>1226</Data>
@ -389,7 +389,7 @@ Create a call to the **Nonce**, **Certificate** and **CorrelationId** nodes, and
Here is an example:
``` syntax
```xml
<Replace>
<CmdID>1</CmdID>
<Item>
@ -417,7 +417,6 @@ Here is an example:
</Target>
</Item>
</Get>
```
## <a href="" id="forward-data-to-has"></a>**Step 6: Forward device health attestation data to DHA-service**
@ -1019,7 +1018,7 @@ Each of these are described in further detail in the following sections, along w
## DHA-Report V3 schema
``` syntax
```xml
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/validation/response/v3"

2
windows/client-management/mdm/policy-csp-update.md
View File

@ -3874,7 +3874,7 @@ The following list shows the supported values:
<!--Example-->
Example
``` syntax
```xml
<Replace>
<CmdID>$CmdID$</CmdID>
<Item>

4
windows/client-management/mdm/remotelock-csp.md
View File

@ -117,7 +117,7 @@ A Get operation on this node must follow an Exec operation on the /RemoteLock/Lo
Initiate a remote lock of the device.
``` syntax
```xml
<Exec>
<CmdID>1</CmdID>
<Item>
@ -130,7 +130,7 @@ Initiate a remote lock of the device.
Initiate a remote lock and PIN reset of the device. To successfully retrieve the new device-generated PIN, the commands must be executed together and in the proper sequence as shown below.
``` syntax
```xml
<Sequence>
<CmdID>1</CmdID>
<Exec>

2
windows/client-management/mdm/remotering-csp.md
View File

@ -31,7 +31,7 @@ The supported operation is Exec.
The following sample shows how to initiate a remote ring on the device.
``` syntax
```xml
<Exec>
<CmdID>5</CmdID>
<Item>

4
windows/client-management/mdm/reporting-csp.md
View File

@ -81,7 +81,7 @@ Supported operations are Get and Replace.
Retrieve all available Windows Information Protection (formerly known as Enterprise Data Protection) logs starting from the specified StartTime.
``` syntax
```xml
<SyncML>
<SyncBody>
<Replace>
@ -104,7 +104,7 @@ Retrieve all available Windows Information Protection (formerly known as Enterpr
Retrieve a specified number of security auditing logs starting from the specified StartTime.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>

8
windows/client-management/mdm/securitypolicy-csp.md
View File

@ -199,7 +199,7 @@ The following security roles are supported.
Setting a security policy:
``` syntax
```xml
<wap-provisioningdoc>
<characteristic type="SecurityPolicy">
<parm name="4141" value="0"/>
@ -209,7 +209,7 @@ Setting a security policy:
Querying a security policy:
``` syntax
```xml
<wap-provisioningdoc>
<characteristic type="SecurityPolicy">
<parm-query name="4141"/>
@ -222,7 +222,7 @@ Querying a security policy:
Setting a security policy:
``` syntax
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncHdr>
@ -245,7 +245,7 @@ Setting a security policy:
Querying a security policy:
``` syntax
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncHdr>

8
windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
View File

@ -53,7 +53,7 @@ The following table shows the OMA DM versions that are supported.
The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://go.microsoft.com/fwlink/p/?LinkId=526902) specification.
``` syntax
```xml
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncHdr>
<VerDTD>1.2</VerDTD>
@ -107,7 +107,7 @@ The following example shows the header component of a DM message. In this case,
 
``` syntax
```xml
<SyncHdr>
<VerDTD>1.2</VerDTD>
<VerProto>DM/1.2</VerProto>
@ -130,7 +130,7 @@ SyncBody contains one or more DM commands. The SyncBody can contain multiple DM
The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This is indicated by the &lt;Final /&gt; tag that occurs immediately after the terminating tag for the Get command.
``` syntax
```xml
<SyncBody>
<!-- query device OS software version -->
<Get>
@ -157,7 +157,7 @@ The Replace command is used to update a device setting.
The following example illustrates how to use the Replace command to update a device setting.
``` syntax
```xml
<SyncHdr>
<VerDTD>1.2</VerDTD>
<VerProto>DM/1.2</VerProto>

2
windows/client-management/mdm/supl-csp.md
View File

@ -481,7 +481,7 @@ Adding a SUPL and a V2 UPL account to the same device. Values in italic must be
Adding a SUPL account to a device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.1">
<SyncBody>
<Add>

2
windows/client-management/mdm/surfacehub-csp.md
View File

@ -39,7 +39,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<p style="margin-left: 20px">Here&#39;s a SyncML example.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>

2
windows/client-management/mdm/tpmpolicy-csp.md
View File

@ -37,7 +37,7 @@ The following diagram shows the TPMPolicy configuration service provider in tree
Here is an example:
``` syntax
```xml
<Replace>
<CmdID>101</CmdID>
<Item>

27
windows/client-management/mdm/vpnv2-csp.md
View File

@ -598,7 +598,7 @@ Value type is bool. Supported operations include Get, Add, Replace, and Delete.
Profile example
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2" xmlns:A="syncml:metinf">
<SyncBody>
<Atomic>
@ -657,7 +657,7 @@ Profile example
AppTriggerList
``` syntax
```xml
<!-- Internet Explorer -->
<Add>
<CmdID>10013</CmdID>
@ -691,8 +691,7 @@ AppTriggerList
RouteList and ExclusionRoute
``` syntax
```xml
<Add>
<CmdID>10008</CmdID>
<Item>
@ -726,13 +725,11 @@ RouteList and ExclusionRoute
<Data>true</Data>
</Item>
</Add>
```
DomainNameInformationList
``` syntax
```xml
<!-- Domain Name rule with Suffix Match with DNS Servers -->
<Add>
<CmdID>10013</CmdID>
@ -860,7 +857,7 @@ DomainNameInformationList
AutoTrigger
``` syntax
```xml
<Add>
<CmdID>10010</CmdID>
<Item>
@ -877,7 +874,7 @@ AutoTrigger
Persistent
``` syntax
```xml
<Add>
<CmdID>10010</CmdID>
<Item>
@ -894,7 +891,7 @@ Persistent
TrafficFilterLIst App
``` syntax
```xml
Desktop App
<Add>
<CmdID>10013</CmdID>
@ -929,7 +926,7 @@ TrafficFilterLIst App
Protocol, LocalPortRanges, RemotePortRanges, LocalAddressRanges, RemoteAddressRanges, RoutingPolicyType, EDPModeId, RememberCredentials, AlwaysOn, Lockdown, DnsSuffix, TrustedNetworkDetection
``` syntax
```xml
Protocol
<Add>
<CmdID>$CmdID$</CmdID>
@ -1077,7 +1074,7 @@ Protocol
Proxy - Manual or AutoConfigUrl
``` syntax
```xml
Manual
<Add>
<CmdID>$CmdID$</CmdID>
@ -1103,7 +1100,7 @@ Manual
Device Compliance - Sso
``` syntax
```xml
Enabled
<Add>
<CmdID>10011</CmdID>
@ -1143,7 +1140,7 @@ Device Compliance - Sso
PluginProfile
``` syntax
```xml
PluginPackageFamilyName
<!-- Configure VPN Server Name or Address (PhoneNumber=) [Comma Separated]-->
<Add>
@ -1181,7 +1178,7 @@ PluginPackageFamilyName
NativeProfile
``` syntax
```xml
Servers
<Add>
<CmdID>10001</CmdID>

2
windows/client-management/mdm/vpnv2-profile-xsd.md
View File

@ -344,7 +344,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
## Plug-in profile example
``` syntax
```xml
<VPNProfile>
<PluginProfile>
<ServerUrlList>testserver1.contoso.com;testserver2.contoso..com</ServerUrlList>

2
windows/client-management/mdm/w7-application-csp.md
View File

@ -160,7 +160,7 @@ Stores specifies which certificate stores the DM client will search to find the
Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
``` syntax
```xml
<parm name="SSLCLIENTCERTSEARCHCRITERIA"
value="Subject=CN%3DTester,O%3DMicrosoft&amp;Stores=My%5CUser" />
```

10
windows/client-management/mdm/wifi-csp.md
View File

@ -121,7 +121,7 @@ These XML examples show how to perform various tasks using OMA DM.
The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwork,' a proxy URL 'testproxy,' and port 80.
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Atomic>
@ -160,7 +160,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
The following example shows how to query Wi-Fi profiles installed on an MDM server.
``` syntax
```xml
<Get>
<CmdID>301</CmdID>
<Item>
@ -173,7 +173,7 @@ The following example shows how to query Wi-Fi profiles installed on an MDM serv
The following example shows the response.
``` syntax
```xml
<Results>
<CmdID>3</CmdID>
<MsgRef>1</MsgRef>
@ -190,7 +190,7 @@ The following example shows the response.
The following example shows how to remove a network with SSID MyNetwork and no proxy. Removing all network authentication types is done in this same manner.
``` syntax
```xml
<Atomic>
<CmdID>300</CmdID>
<Delete>
@ -208,7 +208,7 @@ The following example shows how to remove a network with SSID MyNetwork an
The following example shows how to add PEAP-MSCHAPv2 network with SSID MyNetwork and root CA validation for server certificate.
``` syntax
```xml
<Atomic>
<CmdID>300</CmdID>
<Add>

2
windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
View File

@ -120,7 +120,7 @@ The following list describes the characteristics and parameters.
## Examples
``` syntax
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>

4
windows/client-management/mdm/wmi-providers-supported-in-windows.md
View File

@ -27,7 +27,7 @@ The child node names of the result from a WMI query are separated by a forward s
Get the list of network adapters from the device.
``` syntax
```xml
<Get>
<Target>
<LocURI>./cimV2/Win32_NetworkAdapter</LocURI>
@ -37,7 +37,7 @@ Get the list of network adapters from the device.
Result
``` syntax
```xml
<Item>
<Source>
<LocURI>./cimV2/Win32_NetworkAdapter</LocURI>

23
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -172,18 +172,19 @@ Here are the predefined assigned access AppLocker rules for **desktop apps**:
The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
<span id="apps-sample" />
```xml
&lt;AllAppsList&gt;
&lt;AllowedApps&gt;
&lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
&lt;App AppUserModelId=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
&lt;App DesktopAppPath=&quot;%windir%\system32\mspaint.exe&quot; /&gt;
&lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; rs5:AutoLaunch=&quot;true&quot; rs5:AutoLaunchArguments=&quot;123.txt&quot;/&gt;
&lt;/AllowedApps&gt;
&lt;/AllAppsList&gt;</code>
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
<App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App DesktopAppPath="%windir%\system32\mspaint.exe" />
<App DesktopAppPath="C:\Windows\System32\notepad.exe" rs5:AutoLaunch="true" rs5:AutoLaunchArguments="123.txt">
</AllowedApps>
</AllAppsList>
```
##### FileExplorerNamespaceRestrictions

38
windows/deployment/upgrade/upgrade-readiness-additional-insights.md
View File

@ -5,7 +5,8 @@ manager: laurawi
ms.author: greglin
description: Explains additional features of Upgrade Readiness.
ms.prod: w10
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.topic: article
ms.collection: M365-analytics
---
@ -14,44 +15,9 @@ ms.collection: M365-analytics
This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
- [Spectre and Meltdown protections](#spectre-and-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities.
- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7, Windows 8.1, or Windows 10 using Internet Explorer.
- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
## Spectre and Meltdown protection status
Microsoft has published guidance for IT Pros that outlines the steps you can take to improve protection against the hardware vulnerabilities known as "Spectre" and "Meltdown." See [Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities](https://go.microsoft.com/fwlink/?linkid=867468) for details about the vulnerabilities and steps you can take.
Microsoft recommends three steps to help protect against the Spectre and Meltdown vulnerabilities:
- Verify that you are running a supported antivirus application.
- Apply all available Windows operating system updates, including the January 2018 and later Windows security updates.
- Apply any applicable processor firmware (microcode) updates provided by your device manufacturer(s).
Upgrade Readiness reports on status of your devices in these three areas.
![Spectre-Meltdown protection blades](../images/spectre-meltdown-prod-closeup.png)
>[!IMPORTANT]
>To provide these blades with data, ensure that your devices can reach the endpoint **http://adl.windows.com**. (See [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) for more about necessary endpoints and how to whitelist them.)
### Anti-virus status blade
This blade helps you determine if your devices' anti-virus solution is compatible with the latest Windows operating system updates. It shows the number of devices that have an anti-virus solution with no known issues, issues reported, or an unknown status for a particular Windows security update. In the following example, an anti-virus solution that has no known issues with the January 3, 2018 Windows update is installed on about 2,800 devices.
![Spectre-Meltdown antivirus blade](../images/AV-status-by-computer.png)
### Security update status blade
This blade indicates whether a Windows security update that includes Spectre- or Meltdown-related fixes (January 3, 2018 or later) has been installed, as well as whether specific fixes have been disabled. Though protections are enabled by default on devices running Windows (but not Windows Server) operating systems, some IT administrators might choose to disable specific protections. In the following example, about 4,300 devices have a Windows security update that includes Spectre or Meltdown protections installed, and those protections are enabled.
![Spectre-Meltdown antivirus blade](../images/win-security-update-status-by-computer.png)
>[!IMPORTANT]
>If you are seeing computers with statuses of either “Unknown action may be required” or “Installed, but mitigation status unknown,” it is likely that you need to whitelist the **http://adl.windows.com** endpoint.
### Firmware update status blade
This blade reports the number of devices that have installed a firmware update that includes Spectre or Meltdown protections. The blade might report a large number of blank, “unknown”, or “to be determined” statuses at first. As CPU information is provided by partners, the blade will automatically update with no further action required on your part.
## Site discovery
The IE site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.

2
windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
View File

@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article

4
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -1730,7 +1730,7 @@ If you're running Windows 10, version 1607 or later, you need to:
> The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**.
-AND-
\-AND-
- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows tips** to **Enabled**
@ -1740,7 +1740,7 @@ If you're running Windows 10, version 1607 or later, you need to:
- Create a new REG_DWORD registry setting named **DisableSoftLanding** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
-AND-
\-AND-
- Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences** to **Enabled**

4
windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
View File

@ -85,8 +85,8 @@ Sign-in to a certificate authority or management workstations with _Enterprise A
3. In the **Certificate Templates Console**, right-click the **Domain Controller Authentication (Kerberos)** (or the name of the certificate template you created in the previous section) template in the details pane and click **Properties**.
4. Click the **Superseded Templates** tab. Click **Add**.
5. From the **Add Superseded Template** dialog, select the **Domain Controller** certificate template and click **OK**. Click **Add**.
6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **Add**.
7. From the **Add Superseded Template** dialog, select the **Kerberos Authentication** certificate template and click **Add**.
6. From the **Add Superseded Template** dialog, select the **Domain Controller Authentication** certificate template and click **OK**. Click **Add**.
7. From the **Add Superseded Template** dialog, select the **Kerberos Authentication** certificate template and click **OK**. Click **Add**.
8. Add any other enterprise certificate templates that were previously configured for domain controllers to the **Superseded Templates** tab.
9. Click **OK** and close the **Certificate Templates** console.

6
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
View File

@ -535,7 +535,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
1. Sign-in to the [Azure Portal](https://portal.azure.com/).
2. Select **All Services**. Type **Intune** to filter the list of services. Click **Microsoft Intune**.
![Microsoft Intune Console](images/aadjcert/microsoftintuneconsole.png)
3. Select **Device Configuration**, and then select **Certificate Authority**.
3. Select **Device Configuration**, and then select **Certificate Connectors**.
![Intune Certificate Authority](images/aadjcert/intunedeviceconfigurationcertauthority.png)
4. Click **Add**, and then click **Download the certificate connector software** under the **Steps to install connector for SCEP** section.
![Intune Download Certificate connector](images/aadjcert/intunedownloadcertconnector.png)
@ -610,7 +610,7 @@ Sign-in the NDES server with access equivalent to _domain admin_.
1. Open a command prompt.
2. Type the following command to confirm the NDES Connector's last connection time is current.</br>
```reg query hklm\software\Micosoft\MicrosoftIntune\NDESConnector\ConnectionStatus```</br>
```reg query hklm\software\Microsoft\MicrosoftIntune\NDESConnector\ConnectionStatus```</br>
3. Close the command prompt.
4. Open **Internet Explorer**.
5. In the navigation bar, type</br>
@ -636,7 +636,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
8. Click **Members**. Use the **Select members** pane to add members to this group. When finished click **Select**.
9. Click **Create**.
### Create a SCEP Certificte Profile
### Create a SCEP Certificate Profile
Sign-in a workstation with access equivalent to a _domain user_.
1. Sign-in to the [Azure Portal](https://portal.azure.com/).

2
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
View File

@ -114,7 +114,7 @@ Sign-in a certificate authority or management workstations with *Domain Admin* e
1. Open the **Certificate Authority** management console.
2. Right-click **Certificate Templates** and click **Manage**.
3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent** template in the details pane and click **Duplicate Template**.
3. In the **Certificate Template** console, right-click the **Exchange Enrollment Agent (Offline request)** template in the details pane and click **Duplicate Template**.
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
6. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.

2
windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
View File

@ -59,7 +59,7 @@ Always On is a feature in Windows 10 which enables the active VPN profile to con
When the trigger occurs, VPN tries to connect. If an error occurs or any user input is needed, the user is shown a toast notification for additional interaction.
When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**.
When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile and therefore only one user will be able to use the Always On triggers.
Preserving user Always On preference

2
windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md
View File

@ -36,7 +36,7 @@ Selecting an alert in either of those places brings up the **Alert management pa
You can create a new incident from the alert or link to an existing incident.
## Assign alerts
If an alert is no yet assigned, you can select **Assign to me** to assign the alert to yourself.
If an alert is not yet assigned, you can select **Assign to me** to assign the alert to yourself.
## Suppress alerts

2
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md
View File

@ -151,7 +151,7 @@ realTimeProtectionEnabled : true
2. Install the configuration file on a client machine:
```bash
python WindowsDefenderATPOnboarding.py
/usr/bin/python WindowsDefenderATPOnboarding.py
Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
```

3
windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
View File

@ -29,6 +29,9 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y
3. Under **Quarantined threats**, click **See full history**.
4. Click an item you want to keep, then click **Restore**. (If you prefer to remove the item, you can click **Remove**.)
> [!NOTE]
> You can also use the dedicated command-line tool [mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) to restore quarantined files in Windows Defender AV.
## Related topics
- [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)

1
windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
View File

@ -47,7 +47,6 @@ You can configure and manage Windows Defender Antivirus with:
> [!NOTE]
> For more information regarding what's new in each Windows version, please refer to [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp).
=======
<a id="sysreq"></a>
## Minimum system requirements

2
windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
View File

@ -20,7 +20,7 @@ ms.date: 10/13/2017
# Understand AppLocker policy design decisions
**Applies to**
- Windows 10
- Windows 10
- Windows Server
This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.

2
windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
View File

@ -20,7 +20,7 @@ ms.date: 09/21/2017
# Understanding the path rule condition in AppLocker
**Applies to**
- Windows 10
- Windows 10
- Windows Server
This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.

2
windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
View File

@ -20,7 +20,7 @@ ms.date: 09/21/2017
# What Is AppLocker?
**Applies to**
- Windows 10
- Windows 10
- Windows Server
This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.

25
windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/11/2019
---
# Create Windows Firewall rules in Intune
@ -35,29 +34,7 @@ Select Windows Defender Firewall.
## Firewall rule components
Following table has description for each field.
| Property | Type | Description |
|----------|------|-------------|
| DisplayName | String | The display name of the rule. Does not need to be unique. |
| Description | String | The description of the rule. |
| PackageFamilyName | String | The package family name of a Microsoft Store application that's affected by the firewall rule. |
| FilePath | String | The full file path of an app that's affected by the firewall rule. |
| FullyQualifiedBinaryName | String | The fully qualified binary name. |
| ServiceName | String | The name used in cases when a service, not an application, is sending or receiving traffic. |
| Protocol | Nullable Integer - default value is null which maps to All | 0-255 number representing the [IP protocol](https://www.wikipedia.org/wiki/List_of_IP_protocol_numbers) (TCP = 6, UDP = 17). If not specified, the default is All. |
| LocalPortRanges | String array | List of local port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All. |
| RemotePortRanges | String array | List of remote port ranges. For example, "100-120", "200", "300-320". If not specified, the default is All. |
| LocalAddressRanges | String array | List of local addresses covered by the rule. Valid tokens include:<br>- "\*" indicates any local address. If present, this must be the only token included.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address. |
| RemoteAddressRanges | String array | List of tokens specifying the remote addresses covered by the rule.Tokens are case insensitive. Valid tokens include:<br>- "\*" indicates any remote address. If present, this must be the only token included.<br>- "Defaultgateway"<br>- "DHCP"<br>- "DNS"<br>- "WINS"<br>- "Intranet"<br>- "RmtIntranet"<br>- "Internet"<br>- "Ply2Renders"<br>- "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive.<br>- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.<br>- A valid IPv6 address.<br>- An IPv4 address range in the format of "start address - end address" with no spaces included.<br>- An IPv6 address range in the format of "start address - end address" with no spaces included.<br>Default is any address. |
| ProfileTypes | WindowsFirewallNetworkProfileTypes | Specifies the profiles to which the rule belongs. If not specified, the default is All. |
| Action| StateManagementSetting | The action the rule enforces. If not specified, the default is Allowed. |
| TrafficDirection | WindowsFirewallRuleTrafficDirectionType | The traffic direction that the rule is enabled for. If not specified, the default is Out. |
| InterfaceTypes | WindowsFirewallRuleInterfaceTypes | The interface types of the rule. |
| EdgeTraversal | StateManagementSetting | Indicates whether edge traversal is enabled or disabled for this rule.<br>The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address.<br>New rules have the EdgeTraversal property disabled by default. |
| LocalUserAuthorizations | String | Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format. |
The firewall rule configurations in Intune use the Windows 10 CSP for Firewall. For more information, see [Firewall CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/firewall-csp).
## Application
Control connections for an app or program.

1
windows/security/threat-protection/windows-platform-common-criteria.md
View File

@ -174,4 +174,3 @@ An Evaluation Technical Report (ETR) is a report submitted to the Common Criteri
## Other Common Criteria Related Documents
- [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](https://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc)

2
windows/whats-new/ltsc/whats-new-windows-10-2019.md
View File

@ -8,7 +8,7 @@ keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 Enterprise 2019
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro author: greg-lindsay
author: greg-lindsay
ms.localizationpriority: low
ms.topic: article
---