diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index 8905e5b36c..6510d41971 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -25,7 +25,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow ```PowerShell Set-ExecutionPolicy Unrestricted $org='contoso.microsoft.com' - $cred=Get-Credential $admin@$org + $cred=Get-Credential admin@$org $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $sess ``` @@ -51,7 +51,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. ```PowerShell - $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false + $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True ``` Once you have a compatible policy, then you will need to apply the policy to the device account. @@ -112,6 +112,7 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow Get-CsOnlineUser -Identity ‘alice@contoso.com’| fl *registrarpool* ``` OR by setting a variable + ```PowerShell $strRegistrarPool = (Get-CsOnlineUser -Identity ‘alice@contoso.com’).RegistrarPool ``` @@ -120,7 +121,11 @@ If you have a pure, online (O365) deployment, then you can [use the provided Pow ```PowerShell Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress + ``` + OR using the $strRegistarPool variable from above + + ```PowerShell Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress ``` diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 5fdb54b819..dab9e6eabd 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -316,7 +316,7 @@ DG_Readiness_Tool_v3.0.ps1 -Ready - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. - Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. - Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN. - As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running. diff --git a/windows/keep-secure/hello-how-it-works.md b/windows/keep-secure/hello-how-it-works.md index 8a3c433fa4..af480096c6 100644 --- a/windows/keep-secure/hello-how-it-works.md +++ b/windows/keep-secure/hello-how-it-works.md @@ -14,7 +14,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -TWindows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process. +Windows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process. ## Register a new user or device @@ -118,4 +118,4 @@ Windows Hello depends on having compatible IDPs available to it. As of this writ - [Windows Hello and password changes](hello-and-password-changes.md) - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) diff --git a/windows/keep-secure/images/atp-machine-details-view.png.pdf b/windows/keep-secure/images/atp-machine-details-view.png.pdf deleted file mode 100644 index 6f018827bb..0000000000 Binary files a/windows/keep-secure/images/atp-machine-details-view.png.pdf and /dev/null differ