From e8b352ef686b7df8c6af773b737a1d71d691df9f Mon Sep 17 00:00:00 2001 From: kevincol Date: Fri, 4 Oct 2019 17:57:38 -0700 Subject: [PATCH 001/167] Update hololens-calibration.md --- devices/hololens/hololens-calibration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md index 1296d0f4bd..a593ff68d5 100644 --- a/devices/hololens/hololens-calibration.md +++ b/devices/hololens/hololens-calibration.md @@ -97,7 +97,7 @@ You can also disable the calibration prompt by following these steps: 1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**. > [!IMPORTANT] -> Please understand that this setting may adversely affect hologram rendering quality and comfort. +> Please understand that this setting may adversely affect hologram rendering quality and comfort. If there is an immersive application that is using eye tracking, for instance text scrolling, then that feature will no longer work. ### HoloLens 2 eye-tracking technology From 8c3735fb936d3299c212fa5934f15e7a88bb830e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 15 Oct 2019 09:48:32 -0700 Subject: [PATCH 002/167] Update hololens-calibration.md minor edits and including Teresa's change --- devices/hololens/hololens-calibration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md index a593ff68d5..f867bf325c 100644 --- a/devices/hololens/hololens-calibration.md +++ b/devices/hololens/hololens-calibration.md @@ -97,7 +97,7 @@ You can also disable the calibration prompt by following these steps: 1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**. > [!IMPORTANT] -> Please understand that this setting may adversely affect hologram rendering quality and comfort. If there is an immersive application that is using eye tracking, for instance text scrolling, then that feature will no longer work. +> This setting may adversely affect hologram rendering quality and comfort. When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications. ### HoloLens 2 eye-tracking technology From 68ec900e076f8601cc17d6ee323bfefb68306471 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Mon, 11 Nov 2019 14:37:15 -0800 Subject: [PATCH 003/167] Update hololens2-language-support.md Removed es-MX from support list and corrected some formatting issues. --- devices/hololens/hololens2-language-support.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 760880135d..e38fbd5569 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -17,7 +17,7 @@ appliesto: # Supported languages for HoloLens 2 -HoloLens 2 supports the following languages. This support includes voice commands and dictation features. +HoloLens 2 supports the following languages, including voice commands and dictation features. - Chinese Simplified (China) - English (Australia) @@ -29,17 +29,17 @@ HoloLens 2 supports the following languages. This support includes voice command - German (Germany) - Italian (Italy) - Japanese (Japan) -- Spanish (Mexico) - Spanish (Spain) -Windows Mixed Reality is also available in the following languages. However, this support does not include speech commands or dictation features. +HoloLens 2 is also available in the following languages. However, this support does not include speech commands or dictation features. - Chinese Traditional (Taiwan and Hong Kong) - Dutch (Netherlands) - Korean (Korea) -- Changing language or keyboard > [!NOTE] > Your speech and dictation language depends on the Windows display language. > +# Changing language or keyboard + To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. From 835c65f895bbcdb08cb374e635f5e2647d9215f6 Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Tue, 12 Nov 2019 10:01:40 -0500 Subject: [PATCH 004/167] Clarify impacts of Intune auto-enrollment --- devices/surface-hub/surface-hub-2s-manage-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index e71d37def0..dc071e3753 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a ### Auto registration — Azure Active Directory Affiliated -When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). +During the initial setup process, when choosing to affiliate with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. ## Windows 10 Team Edition settings From e457ad0cfa1648e21b0ec57f196693c04ba8e1b3 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Tue, 12 Nov 2019 12:48:54 -0800 Subject: [PATCH 005/167] Update hololens2-language-support.md Added more verbose instructions for changing language settings and what is impacted by the language settings. --- .../hololens/hololens2-language-support.md | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index e38fbd5569..091c9dd907 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -17,7 +17,7 @@ appliesto: # Supported languages for HoloLens 2 -HoloLens 2 supports the following languages, including voice commands and dictation features. +HoloLens 2 supports the following languages, including voice commands and dictation features, keyboard layouts, and OCR recognition within apps. - Chinese Simplified (China) - English (Australia) @@ -42,4 +42,27 @@ HoloLens 2 is also available in the following languages. However, this support d > # Changing language or keyboard -To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. +HoloLens is configured for a language and region during set up. You can change the configuration under the “Time & language” section of Settings app. + +## To change the Windows display language + +1. Go to **Start** menu, and then select **Settings** > **Time and Language** > **Language**. +2. Choose a language from the **Windows display language** menu. + +If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. + +Changing Windows display language will: + +- Change the UI text language for Windows and apps (for apps that support localization). +- Change the supported speech language for speech features in Windows and apps. +- Add the default keyboard layout for the language. + +## To change the keyboard layout + +To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time & language** > **Keyboard**. + +When there is more than one keyboard layout added, you can switch between different keyboard layouts using the Layout key in the lower right corner of the on-screen keyboard. + +> [!NOTE] +> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the ~ key. +> From 42cf908bdd60cb05a92587fc38239adf285a8666 Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Wed, 13 Nov 2019 09:25:49 -0500 Subject: [PATCH 006/167] Made language closer to original --- devices/surface-hub/surface-hub-2s-manage-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index dc071e3753..d17fc2dfb1 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a ### Auto registration — Azure Active Directory Affiliated -During the initial setup process, when choosing to affiliate with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. +During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. ## Windows 10 Team Edition settings From f874619783a0bba271b202a3750ce387d2f2c4b5 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:42:49 -0800 Subject: [PATCH 007/167] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 091c9dd907..c58b778d48 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -46,7 +46,7 @@ HoloLens is configured for a language and region during set up. You can change t ## To change the Windows display language -1. Go to **Start** menu, and then select **Settings** > **Time and Language** > **Language**. +1. Go to the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. 2. Choose a language from the **Windows display language** menu. If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. From 2b0342a8dbcf19323c382a124d152dc41fb791ff Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:43:10 -0800 Subject: [PATCH 008/167] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index c58b778d48..9e916ea3a5 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -51,7 +51,7 @@ HoloLens is configured for a language and region during set up. You can change t If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. -Changing Windows display language will: +Changing the Windows display language will: - Change the UI text language for Windows and apps (for apps that support localization). - Change the supported speech language for speech features in Windows and apps. From 869852022d4750d3a9c7d328c231041f3d4af0f2 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:43:27 -0800 Subject: [PATCH 009/167] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 9e916ea3a5..2aad87d133 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -61,7 +61,7 @@ Changing the Windows display language will: To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time & language** > **Keyboard**. -When there is more than one keyboard layout added, you can switch between different keyboard layouts using the Layout key in the lower right corner of the on-screen keyboard. +When there is more than one keyboard layout added, you can switch between different keyboard layouts using the **Layout** key in the lower right corner of the on-screen keyboard. > [!NOTE] > While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the ~ key. From ff03f853808631fe17940678a2b436649e7fa6e2 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:43:42 -0800 Subject: [PATCH 010/167] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 2aad87d133..d2b5cacedc 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -64,5 +64,5 @@ To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time When there is more than one keyboard layout added, you can switch between different keyboard layouts using the **Layout** key in the lower right corner of the on-screen keyboard. > [!NOTE] -> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the ~ key. +> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the **~** key. > From b12840b303fd6b9e794dfeeda1f272df16f54527 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 23 Nov 2019 13:03:59 +0100 Subject: [PATCH 011/167] Advanced hunting: Kusto query operators versus MT Description: As discussed in issue ticket #5463 (KQL table command list translated to German), at least half of the operator names in the table list of common Kusto query language operators are being translated to German by Machine Translation, making them incorrect and unusable in localized pages. Also, as pointed out the MS Docs localization specialist team member Tina McNaboe, this is also happens in localization to other languages than German, so a generic solution to block these terms from translation would be quite productive to save time by avoiding more human translated pages for each affected localization language. Proposed change: - Add MD code tags (back ticks) around the operators in the table. issue ticket closure or reference: Ref. #5463 (it will take a week to confirm that the problem is solved) --- .../advanced-hunting-query-language.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index 405215c2aa..0fa6f9bfc2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -97,16 +97,16 @@ Now that you've run your first query and have a general idea of its components, | Operator | Description and usage | |--|--| -| **where** | Filter a table to the subset of rows that satisfy a predicate. | -| **summarize** | Produce a table that aggregates the content of the input table. | -| **join** | Merge the rows of two tables to form a new table by matching values of the specified column(s) from each table. | -| **count** | Return the number of records in the input record set. | -| **top** | Return the first N records sorted by the specified columns. | -| **limit** | Return up to the specified number of rows. | -| **project** | Select the columns to include, rename or drop, and insert new computed columns. | -| **extend** | Create calculated columns and append them to the result set. | -| **makeset** | Return a dynamic (JSON) array of the set of distinct values that Expr takes in the group. | -| **find** | Find rows that match a predicate across a set of tables. | +| **`where`** | Filter a table to the subset of rows that satisfy a predicate. | +| **`summarize`** | Produce a table that aggregates the content of the input table. | +| **`join`** | Merge the rows of two tables to form a new table by matching values of the specified column(s) from each table. | +| **`count`** | Return the number of records in the input record set. | +| **`top`** | Return the first N records sorted by the specified columns. | +| **`limit`** | Return up to the specified number of rows. | +| **`project`** | Select the columns to include, rename or drop, and insert new computed columns. | +| **`extend`** | Create calculated columns and append them to the result set. | +| **`makeset`** | Return a dynamic (JSON) array of the set of distinct values that Expr takes in the group. | +| **`find`** | Find rows that match a predicate across a set of tables. | To see a live example of these operators, run them from the **Get started** section of the Advanced hunting page. From 60933c03e48c458057e07f1a1544ba2d05568d1f Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Mon, 2 Dec 2019 13:55:41 -0800 Subject: [PATCH 012/167] Update devices/hololens/hololens2-language-support.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index d2b5cacedc..e3b6892dee 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -49,7 +49,7 @@ HoloLens is configured for a language and region during set up. You can change t 1. Go to the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. 2. Choose a language from the **Windows display language** menu. -If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. +If the supported language you’re looking for is not in the menu, use the **Add a language** button in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. Changing the Windows display language will: From b19905714ec134edbfa6e08c016702720bc4adea Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Mon, 2 Dec 2019 15:53:40 -0800 Subject: [PATCH 013/167] Update hololens2-language-support.md Responding to Teresa's feedback --- .../hololens/hololens2-language-support.md | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index e3b6892dee..d139119708 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -42,27 +42,32 @@ HoloLens 2 is also available in the following languages. However, this support d > # Changing language or keyboard -HoloLens is configured for a language and region during set up. You can change the configuration under the “Time & language” section of Settings app. +The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**. ## To change the Windows display language -1. Go to the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. -2. Choose a language from the **Windows display language** menu. +1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**. +2. Select **Windows display language**, and then select a language. -If the supported language you’re looking for is not in the menu, use the **Add a language** button in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. +If the supported language you’re looking for is not in the menu, follow these steps: -Changing the Windows display language will: +1. Under **Preferred languages** select **Add a language**. +2. Search for and add the language. +3. Select the **Windows display language** menu again and choose the language you added. -- Change the UI text language for Windows and apps (for apps that support localization). -- Change the supported speech language for speech features in Windows and apps. -- Add the default keyboard layout for the language. +The Windows display language affects the following settings for Windows and for apps that support localization: + +- The user interface text language. +- The speech language. +- The default layout of the on-screen keyboard. ## To change the keyboard layout -To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time & language** > **Keyboard**. +To add or remove a keyboard layout, open the **Start** menu and then select **Settings** > **Time & language** > **Keyboard**. -When there is more than one keyboard layout added, you can switch between different keyboard layouts using the **Layout** key in the lower right corner of the on-screen keyboard. +If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard. > [!NOTE] -> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the **~** key. -> +> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME. +> +> While you use IME with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press ~. From 26b785174460fe100b5a1d5a6c21585c4232ddc2 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 14:27:15 -0600 Subject: [PATCH 014/167] New Note added from #5469 --- .../threat-protection/microsoft-defender-atp/live-response.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 151cc9a4d1..1493afdbfe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,6 +50,10 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. + + > [!ÏMPORTNAT] + > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
From 42cc42f33a6ef5c5b13e5d1562b6ff8600f2a4f9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Dec 2019 12:54:03 -0800 Subject: [PATCH 015/167] Update live-response.md --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 1493afdbfe..afa98aa766 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -51,7 +51,7 @@ You'll need to enable the live response capability in the [Advanced features set >Allowing the use of unsigned scripts may increase your exposure to threats. - > [!ÏMPORTNAT] + > [!ÏMPORTANT] > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From a271cb85322b4eae59e96fd33cd68d5e3d8b3f82 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 15:30:16 -0600 Subject: [PATCH 016/167] Suggestion taken --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 1493afdbfe..3c64fbaaa4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -52,7 +52,7 @@ You'll need to enable the live response capability in the [Advanced features set > [!ÏMPORTNAT] - > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From b0566d36e499f118cd7a71e85598c26cea5b9fbe Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 15:33:11 -0600 Subject: [PATCH 017/167] Suggestion taken --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index afa98aa766..2c8fd39528 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -52,7 +52,7 @@ You'll need to enable the live response capability in the [Advanced features set > [!ÏMPORTANT] - > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From 28b3ebaddf6cdc56fa11c932a9233cac2e174d1a Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 5 Dec 2019 10:31:52 -0600 Subject: [PATCH 018/167] Update windows/security/threat-protection/microsoft-defender-atp/live-response.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/live-response.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 2c8fd39528..0b762a0b99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -51,7 +51,7 @@ You'll need to enable the live response capability in the [Advanced features set >Allowing the use of unsigned scripts may increase your exposure to threats. - > [!ÏMPORTANT] + > [!IMPORTANT] > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. @@ -254,4 +254,3 @@ Each command is tracked with full details such as: - From 4bad6d069f5f0bdcc27e54b5b11ddfbf53ff804a Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Tue, 10 Dec 2019 16:55:32 -0800 Subject: [PATCH 019/167] Update hololens-cortana.md Updated phrasing for follow and microphone button to resolve some localization issues with the voice commands. --- devices/hololens/hololens-cortana.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index 0729485e7d..d7ca664169 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -56,7 +56,7 @@ To use these commands, gaze at a 3D object, hologram, or app window. | "Face me" | Turn it to face you | | "Move this" | Move it (follow your gaze) | | "Close" | Close it | -| "Follow" / "Stop following" | Make it follow you as you move around | +| "Follow me" / "Stop following" | Make it follow you as you move around | ### See it, say it @@ -64,7 +64,7 @@ Many buttons and other elements on HoloLens also respond to your voice—for exa ### Dictation mode -Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone icon or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." +Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that." > [!NOTE] > To use dictation mode, you have to have an internet connection. From 1fd9c5a9cd785ff6314c71a848dcd1c11a37d1be Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Wed, 11 Dec 2019 11:25:46 +0800 Subject: [PATCH 020/167] finish --- devices/surface-hub/TOC.md | 2 ++ devices/surface-hub/index.md | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index c0de52de12..59d2d76a0d 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -7,6 +7,7 @@ ### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) ### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md) +### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) ## Plan ### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md) @@ -58,6 +59,7 @@ ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) ### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) ### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) +### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) ## Plan ### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index e4fa9986f3..f60588a000 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -30,7 +30,6 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor

Behind the design: Surface Hub 2S

What's new in Surface Hub 2S

Operating system essentials

-

Enable Microsoft Whiteboard on Surface Hub

From 217842d6912a4782bad64c8ea444e4f70c9a1370 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 11 Dec 2019 14:58:07 +0530 Subject: [PATCH 021/167] removed the word as meeting as per the user report #5646 . I removed the following word which written two times as meeting --- windows/security/threat-protection/fips-140-validation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 32bbf69dc2..c91f55f5cf 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -57,7 +57,7 @@ The cadence for starting module validation aligns with the feature updates of Wi ### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? -“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. +“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. ### I need to know if a Windows service or application is FIPS 140-2 validated. @@ -7191,4 +7191,4 @@ Version 6.3.9600

\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised) -\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths \ No newline at end of file +\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths From 0792939c1918f90a1305030c2ddc279dd3fb9f96 Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Wed, 11 Dec 2019 17:39:09 +0800 Subject: [PATCH 022/167] finish --- mdop/mbam-v25/deploy-mbam.md | 3 ++- mdop/mbam-v25/troubleshooting-mbam-installation.md | 3 ++- windows/client-management/introduction-page-file.md | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index eefee88047..a921105176 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -1,13 +1,14 @@ --- title: Deploying MBAM 2.5 in a stand-alone configuration description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration. -author: delhan +author: Deland-Han ms.reviewer: dcscontentpm manager: dansimp ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 +manager: dcscontentpm --- # Deploying MBAM 2.5 in a standalone configuration diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md index d58974a50e..b38d7b7818 100644 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md @@ -1,13 +1,14 @@ --- title: Troubleshooting MBAM 2.5 installation problems description: Introducing how to troubleshoot MBAM 2.5 installation problems. -author: delhan +author: Deland-Han ms.reviewer: dcscontentpm manager: dansimp ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 +manager: dcscontentpm --- # Troubleshooting MBAM 2.5 installation problems diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md index 662ae5f90e..cee81bcd72 100644 --- a/windows/client-management/introduction-page-file.md +++ b/windows/client-management/introduction-page-file.md @@ -8,7 +8,7 @@ author: Deland-Han ms.localizationpriority: medium ms.author: delhan ms.reviewer: greglin -manager: willchen +manager: dcscontentpm --- # Introduction to page files From 214d87b5d68c42773ad84014057f52fce49c8ccc Mon Sep 17 00:00:00 2001 From: Jean-Robert Jean-Simon Date: Wed, 11 Dec 2019 11:57:56 +0100 Subject: [PATCH 023/167] Add a note about OEM Authorization and Delegated Admin Permissions (DAP) It is just a clarification for several customers who are afraid about Delegated Admin Permissions (DAP) could be part of the OEM Authorization. --- windows/deployment/windows-autopilot/registration-auth.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md index 9ae9105cbd..3c6dfece7c 100644 --- a/windows/deployment/windows-autopilot/registration-auth.md +++ b/windows/deployment/windows-autopilot/registration-auth.md @@ -9,7 +9,8 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article @@ -75,6 +76,8 @@ Each OEM has a unique link to provide to their respective customers, which the O 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process. + NOTE: During the OEM authorization registration process, no delegated admin permissions are granted to the OEM. + ## Summary At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. From d5b401f302f2edbe9cb258153c542cb822ab0039 Mon Sep 17 00:00:00 2001 From: Jean-Robert Jean-Simon Date: Wed, 11 Dec 2019 12:28:22 +0100 Subject: [PATCH 024/167] Add a Q&A for Delegated Admin Permissions for OEM It is just a clarification for several customers who are afraid about Delegated Admin Permissions (DAP) could be part of the OEM Authorization. --- windows/deployment/windows-autopilot/autopilot-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index b527168e97..94f7002df9 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -38,6 +38,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e | How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.

Go [here](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions) for more information. | | Must I become a Cloud Solution Provider (CSP) to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. | | Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority an access:

1. Direct CSP: Gets direct authorization from the customer to register devices.

2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.

3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. | +| Does the OEM authorization grant Delegated Admin Permissions (DAP) on the customer tenant? | No. The OEM authorization gives only the capability to register devices. | ## Manufacturing From d7feac8adc09688f0f7b5108fc9b9999e1f5facc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 11 Dec 2019 20:24:12 +0530 Subject: [PATCH 025/167] Renamed Enteprise to Enterprise as per user report #5654. i renamed Enteprise to Enterprise --- windows/client-management/mdm/device-update-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 13a78b2032..414a9c8515 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -635,7 +635,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise > [!Important] -> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise. +> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Enterprise.

Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. From 98ee57c44dab201112e3a93f7e76c7b7e09b7491 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 11 Dec 2019 20:10:13 +0500 Subject: [PATCH 026/167] Content Update Added a source of information to point users to use custom settings for Windows 10 devices in Intune. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4482 --- ...dows-defender-application-control-policies-using-intune.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 8a2a80de85..8319156a40 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. @@ -41,3 +41,5 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. ![Configure WDAC](images/wdac-intune-wdac-settings.png) + +To add a custom profile with an OMA-URI see, [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/en-us/intune/configuration/custom-settings-windows-10). From c0f9b313e3c707e029293d33b65c786f17858d75 Mon Sep 17 00:00:00 2001 From: Brandon Bray <40039061+BrandonBray@users.noreply.github.com> Date: Wed, 11 Dec 2019 12:08:32 -0800 Subject: [PATCH 027/167] Add image color and brightness troubleshooting Adding specific recommendations for improving image quality with HoloLens 2. --- devices/hololens/hololens2-fit-comfort-faq.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index 397d61bb67..cbd71f9405 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -43,6 +43,15 @@ Try adjusting the position of your device visor so the holographic frame matches - **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. - **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. +## Hologram image color or brightness does not look right + +For HoloLens 2, take the following steps to improve the quality of holograms presented in displays: + +- **Increase brightness of the display.** Holograms look best when the display is at its brightest level. +- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes. +- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose. +- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse. + ## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit). From b9f6d287451fbceaca63bc997928e594773b2d74 Mon Sep 17 00:00:00 2001 From: Brandon Bray <40039061+BrandonBray@users.noreply.github.com> Date: Wed, 11 Dec 2019 13:02:31 -0800 Subject: [PATCH 028/167] Editing improvement --- devices/hololens/hololens2-fit-comfort-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index cbd71f9405..e97e03f502 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -45,7 +45,7 @@ Try adjusting the position of your device visor so the holographic frame matches ## Hologram image color or brightness does not look right -For HoloLens 2, take the following steps to improve the quality of holograms presented in displays: +For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays: - **Increase brightness of the display.** Holograms look best when the display is at its brightest level. - **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes. From 1a133a1a2437f0cafb7bbd2b4d45bc8a506b8242 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 12 Dec 2019 08:39:16 +0530 Subject: [PATCH 029/167] replaced Enteprise to Enterprise as per user report #5655. and the good intelligent report from @illfated. I replaced Enteprise to Enterprise. --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index d096ead06d..9d98a92f10 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -4248,7 +4248,7 @@ ADMX Info: > [!IMPORTANT] -> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. +> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. From 4bb96da1142b39e4ef862b749f824619862d0377 Mon Sep 17 00:00:00 2001 From: Raffael Date: Thu, 12 Dec 2019 23:36:10 +0100 Subject: [PATCH 030/167] Connect-MSGraph should be used The other command does not exist anymore in the current version of the module. Connect-MSGraph needs to be used instead. If you run the command mentioned afterwards "Get-AutopilotProfile" then you even get in the error message the sentence "please connect first with Connect-MSGraph". --- windows/deployment/windows-autopilot/existing-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index e762a53ed9..f0281e329a 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -74,7 +74,7 @@ See the following examples. - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. ```powershell - Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com + Connect-MSGraph ``` The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
See the following example: From 8af9106bc647342f2a7bed557830baa2e6edb434 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 12 Dec 2019 16:59:44 -0800 Subject: [PATCH 031/167] Minor build version for Nov Update Added the minor version number so that users can know what build they have. Without this they don't know if they are before or after the required build. As well as link to calibration. @scooley --- devices/hololens/hololens2-basic-usage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md index 1a9ec375af..fadbb7a4bc 100644 --- a/devices/hololens/hololens2-basic-usage.md +++ b/devices/hololens/hololens2-basic-usage.md @@ -105,8 +105,8 @@ To **close** the Start menu, do the Start gesture when the Start menu is open. > [!IMPORTANT] > For the one-handed Start gesture to work: > -> 1. You must update to the November 2019 update (build 18363) or later. -> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device. +> 1. You must update to the November 2019 update (build 18363.1039) or later. +> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/en-us/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together. From 1dc00ca8cbeeab7c1806db0d7c481c502b566b08 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 13 Dec 2019 09:43:40 +0500 Subject: [PATCH 032/167] Update policy-csp-appruntime.md --- windows/client-management/mdm/policy-csp-appruntime.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index fce0c40f17..7c7efc8c73 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -99,14 +99,5 @@ ADMX Info:

-Footnotes: - -- 1 - Added in Windows 10, version 1607. -- 2 - Added in Windows 10, version 1703. -- 3 - Added in Windows 10, version 1709. -- 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. -- 6 - Added in Windows 10, version 1903. - From d704472f3687bb81e742b07091b303d71423aea4 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 13 Dec 2019 12:26:17 +0500 Subject: [PATCH 033/167] Update windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 8319156a40..d5c25facfc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure the Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. From 23b8259680295f8a15a3e0ad112a057e65098aa8 Mon Sep 17 00:00:00 2001 From: Jean-Robert Jean-Simon Date: Fri, 13 Dec 2019 10:43:07 +0100 Subject: [PATCH 034/167] Update windows/deployment/windows-autopilot/autopilot-faq.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/windows-autopilot/autopilot-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 94f7002df9..756dbef593 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -38,7 +38,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e | How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.

Go [here](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions) for more information. | | Must I become a Cloud Solution Provider (CSP) to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. | | Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority an access:

1. Direct CSP: Gets direct authorization from the customer to register devices.

2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.

3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. | -| Does the OEM authorization grant Delegated Admin Permissions (DAP) on the customer tenant? | No. The OEM authorization gives only the capability to register devices. | +| Does the OEM authorization grant Delegated Admin Permissions (DAP) on the customer tenant? | No. The OEM authorization only gives the capability to register devices. | ## Manufacturing From 64b86852b525d2500a32c6495de329a9bdb7a901 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Fri, 13 Dec 2019 10:51:41 -0800 Subject: [PATCH 035/167] Release notes link changes to HoloLens section Link for HoloLens release notes was pointing to Mixed Reality docs instead of HoloLens. Redirected. @scooley --- devices/hololens/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 6725da5e81..98835e4ce5 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -55,4 +55,4 @@ appliesto: ## Related resources * [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) -* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes) +* [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes) From 9088f05210fe0f65fd2f196c28297dcbc0a2cf81 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 13 Dec 2019 14:45:57 -0800 Subject: [PATCH 036/167] Update surface-pro-arm-app-management.md --- .../surface/surface-pro-arm-app-management.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 3e867c8f49..5ccc5468b3 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -62,18 +62,19 @@ Some third-party antivirus software cannot be installed on a Windows 10 PC runni ## Servicing Surface Pro X -Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Refer to the following documentation, which will be updated later to include guidance for servicing Surface Pro X: +Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware. -- [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates. To verify: -> [!NOTE] -> Surface Pro X supports Windows 10, version 1903 and later. +1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.** +2. Under **Choose how updates are installed,** select **Automatic (recommended)**. -### Windows Server Update Services -Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. - -For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products). +### Recommendations for commercial customers +- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb). +- If your procedures require using a Windows Installer .msi file contact [Surface for Business support](https://support.microsoft.com/help/4037645). +- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. ## Running apps on Surface Pro X From fbbf64fb2409ace606116bfba1c147532ad9c6ab Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 14 Dec 2019 05:14:30 +0500 Subject: [PATCH 037/167] information update As a request, the required information has been updated in the doc. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5261 --- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index d17799b5a8..93525461af 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -36,8 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro > - Bulk-join is not supported in Azure Active Directory Join. > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. - - +> - To change bulk enrollment settings, login to **AAD** then **Devices** and then click **Device Settings**. Change the number under **Maximum number of devices per user**. ## What you need From fc38997abb47008adc8084687c6decfdba596d14 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 13 Dec 2019 21:19:07 -0600 Subject: [PATCH 038/167] Moved note --- .../microsoft-defender-atp/live-response.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 2c8fd39528..e55674234c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,10 +50,6 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. - - > [!ÏMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. - Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
@@ -61,6 +57,9 @@ You'll need to enable the live response capability in the [Advanced features set Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. + > [!IMPORTANT] + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + ## Live response dashboard overview When you initiate a live response session on a machine, a dashboard opens. The dashboard provides information about the session such as: From 98f5095e45b56eccc466f807ef1306aa1c175aa2 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 13 Dec 2019 21:44:41 -0600 Subject: [PATCH 039/167] Update --- .../microsoft-defender-atp/live-response.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 0b762a0b99..3003c707b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,15 +50,14 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. - - > [!IMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. - Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md). + > [!IMPORTANT] + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. ## Live response dashboard overview From a3dc2db13293718a05e0b838c928d2733d608c96 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 14 Dec 2019 20:28:51 +0100 Subject: [PATCH 040/167] Deploy WDAC/Intune: update intro description As discussed in issue ticket #4482 (Custom WDAC policy in Intune), it would be useful to add a detail on implementing a custom WDAC policy in Intune. Without this detail, the implication is that you can ONLY use the Endpoint Protection template to configure WDAC in Intune. Thank you to Air-Git for following up on this topic and the content. Proposed change: - add details missed in the previous PR #5659 (Content Update) issue ticket closure or reference: Ref. #4482 (already closed) --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index d5c25facfc..0b5a8c1c75 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure the Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. Using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. From fc4c9e8950221df28d98c157a289b5a8f5e24caa Mon Sep 17 00:00:00 2001 From: jcjveraa <3942301+jcjveraa@users.noreply.github.com> Date: Mon, 16 Dec 2019 09:11:50 +0100 Subject: [PATCH 041/167] Typo fix Cloud clipboard helps users copy content between devices. It also manages the clipboard histroy -> history so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: --- windows/whats-new/whats-new-windows-10-version-1809.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index d5b5e148ca..e5ab713e82 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -162,7 +162,7 @@ Onboard supported versions of Windows machines so that they can send sensor data ## Cloud Clipboard -Cloud clipboard helps users copy content between devices. It also manages the clipboard histroy so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: +Cloud clipboard helps users copy content between devices. It also manages the clipboard history so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: 1. Go to **Windows Settings** and select **Systems**. 2. On the left menu, click on **Clipboard**. From 813cb6a18290ecf4101211763d16fc5bbc810476 Mon Sep 17 00:00:00 2001 From: amorrowbellarmine <46689625+amorrowbellarmine@users.noreply.github.com> Date: Mon, 16 Dec 2019 11:27:10 -0500 Subject: [PATCH 042/167] Corrected AUMID for the Kiosk Browser The AUMID shown in this guide is incorrect. Per the instructions found at https://docs.microsoft.com/en-us/windows/configuration/find-the-application-user-model-id-of-an-installed-app, the AUMID should be the "packagefamilyname"+"!"+"package.applications.application.id". In the case of the Kiosk Bowser, the AUMID is "Microsoft.KioskBrowser_8wekyb3d8bbwe!App". Failure to include the "!App" will result in an error when the kiosk account tries to load the app. --- windows/configuration/setup-digital-signage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md index e902d0cfe2..7741d3ba98 100644 --- a/windows/configuration/setup-digital-signage.md +++ b/windows/configuration/setup-digital-signage.md @@ -58,7 +58,7 @@ This procedure explains how to configure digital signage using Kiosk Browser on - Enter a user name and password, and toggle **Auto sign-in** to **Yes**. - Under **Configure the kiosk mode app**, enter the user name for the account that you're creating. - For **App type**, select **Universal Windows App**. - - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe`. + - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`. 11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**. 12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu. - In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`. From 5e168b9e7f2ff9bd22d686fefc48b6a91def62f9 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 16 Dec 2019 23:52:09 +0500 Subject: [PATCH 043/167] Update windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 93525461af..c5b559cf50 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -36,7 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro > - Bulk-join is not supported in Azure Active Directory Join. > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. -> - To change bulk enrollment settings, login to **AAD** then **Devices** and then click **Device Settings**. Change the number under **Maximum number of devices per user**. +> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**. ## What you need @@ -168,4 +168,3 @@ Here are links to step-by-step provisioning topics in Technet. - From 38df0e98d07b9639fdddb02107c63cde187f790f Mon Sep 17 00:00:00 2001 From: Manuel Hauch Date: Mon, 16 Dec 2019 20:21:23 +0100 Subject: [PATCH 044/167] Misnamed automation level The protection level is called "No automated response" in the UI, not "Not protected". --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 28d3920de1..a4990b44f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -68,7 +68,7 @@ You can configure the following levels of automation: |Automation level | Description| |---|---| -|Not protected | Machines do not get any automated investigations run on them. | +|No automated response | Machines do not get any automated investigations run on them. | |Semi - require approval for any remediation | This is the default automation level.

An approval is needed for any remediation action. | |Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders.

Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.| |Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder.

Files or executables in all other folders will automatically be remediated if needed.| From 639c6ef6c50741f429470e1e6cdbc5bc27a627da Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 16 Dec 2019 17:52:16 -0500 Subject: [PATCH 045/167] first 14 items --- .../microsoft-defender-atp/supported-response-apis.md | 6 +----- .../audit-windows-defender-application-control-policies.md | 2 +- ...signing-cert-for-windows-defender-application-control.md | 2 +- .../create-initial-default-policy.md | 2 +- ...files-to-support-windows-defender-application-control.md | 4 ++-- ...ender-application-control-policies-using-group-policy.md | 2 +- ...ws-defender-application-control-policies-using-intune.md | 4 ++-- ...enforce-windows-defender-application-control-policies.md | 2 +- ...ckaged-apps-with-windows-defender-application-control.md | 2 +- .../merge-windows-defender-application-control-policies.md | 2 +- ...-application-control-for-classic-windows-applications.md | 2 +- ...-guard-signing-portal-in-microsoft-store-for-business.md | 2 +- ...licy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- 13 files changed, 15 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md index a5ad0b88e2..c90568da66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md +++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md @@ -22,8 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) Learn about the supported response related API calls you can run and details such as the required request headers, and expected response from the calls. @@ -46,6 +45,3 @@ Get MachineActions collection | Run this to get MachineAction collection. Get FileActions collection | Run this to get FileActions collection. Get FileMachineAction object | Run this to get FileMachineAction object. Get FileMachineActions collection | Run this to get FileMachineAction collection. - - - diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index b86dfe2687..133cd1426f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Audit Windows Defender Application Control policies (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Audits allow admins to discover apps that were missed during an initial policy scan and to identify new apps that were installed since the policy was created. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index 9d7b5e5f7c..d37c151e21 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -1,6 +1,6 @@ --- title: Create a code signing cert for Windows Defender Application Control (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: Learn how to set up a publicly-issued code signing certificate, so you can sign catalog files or WDAC policies internally. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md index bf0bb97074..f707f7a7bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md @@ -1,6 +1,6 @@ --- title: Create a WDAC policy for fixed-workload devices using a reference computer (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: To create a Windows Defender Application Control (WDAC) policy for fixed-workload devices within your organization, follow this guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 586cf70292..8910412085 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -1,6 +1,6 @@ --- title: Deploy catalog files to support Windows Defender Application Control (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -17,7 +17,7 @@ manager: dansimp ms.date: 02/28/2018 --- -# Deploy catalog files to support Windows Defender Application Control +# Deploy catalog files to support Windows Defender Application Control **Applies to:** diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md index 781b9fd9be..5c089e58ac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md @@ -1,6 +1,6 @@ --- title: Deploy WDAC policies via Group Policy (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 8a2a80de85..cca13f89b5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -1,6 +1,6 @@ --- title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md index 7d5a20d2d6..ea8808ca7f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Enforce Windows Defender Application Control (WDAC) policies (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: Learn how to test a Windows Defender Application Control (WDAC) policy in enforced mode by following these steps in an elevated Windows PowerShell session. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index 022007f730..e702402c80 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -1,6 +1,6 @@ --- title: Manage packaged apps with WDAC (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md index ef1a7fdc46..ef6e327975 100644 --- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Merge Windows Defender Application Control policies (Windows 10) -description: Windows Defender Application Control (WDAC) restricts which applications users are allowed to run and the code that runs in the system core. +description: Because each computer running Windows 10 can have only one WDAC policy, you will occasionally need to merge two or more policies. Learn how with this guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md index e35f247793..76cec7912f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md @@ -1,6 +1,6 @@ --- title: Use code signing to simplify application control for classic Windows applications (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: With embedded signing, your WDAC policies typically do not have to be updated when an app is updated. To set this up, you can choose from a variety of methods. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index bb2b9834f3..5e852821b5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -1,6 +1,6 @@ --- title: Use the Device Guard Signing Portal in the Microsoft Store for Business (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 2151bc0de5..b31d5e9a0f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -1,6 +1,6 @@ --- title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: From a79f1eba424566d14791299610472c7733b01967 Mon Sep 17 00:00:00 2001 From: coffeemade <39417823+coffeemade@users.noreply.github.com> Date: Tue, 17 Dec 2019 10:21:18 -0500 Subject: [PATCH 046/167] Update on-premises-deployment-surface-hub-device-accounts.md [!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods. [PS] C:\windows\system32>Get-ActiveSyncVirtualDirectory | fl name,BasicAuthEnabled Name : Microsoft-Server-ActiveSync (Default Web Site) BasicAuthEnabled : True --- .../on-premises-deployment-surface-hub-device-accounts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index d3fdb628ab..7f3793ed3f 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -49,6 +49,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 ```PowerShell New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) ``` +[!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods. 3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. From 36f298a71e28bd2ed70639af8aeb387e481f82d2 Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 17 Dec 2019 13:10:07 -0500 Subject: [PATCH 047/167] next 6 --- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/upgrade/quick-fixes.md | 479 +++++++++--------- .../upgrade/resolution-procedures.md | 2 +- .../upgrade/troubleshoot-upgrade-errors.md | 2 +- .../deployment/upgrade/upgrade-error-codes.md | 2 +- .../upgrade/windows-error-reporting.md | 2 +- 6 files changed, 245 insertions(+), 244 deletions(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index ddb3d63a10..19e5e7f6af 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -3,7 +3,7 @@ title: Log files - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Learn how to interpret the log files generated during the Windows 10 upgrade process. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 01850db7f6..ee167800e5 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -1,239 +1,240 @@ ---- -title: Quick fixes - Windows IT Pro -ms.reviewer: -manager: laurawi -ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. -keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.topic: article ---- - -# Quick fixes - -**Applies to** -- Windows 10 - ->[!NOTE] ->This is a 100 level topic (basic).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. - -The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10). - -The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. **To talk to a person about your issue**, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times. - ->You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis. - -## List of fixes - -
    -
  1. Remove nonessential external hardware, such as docks and USB devices. More information.
    2. -
  2. Check the system drive for errors and attempt repairs. More information.
    3. -
  3. Run the Windows Update troubleshooter. More information.
    4. -
  4. Attempt to restore and repair system files. More information.
    5. -
  5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
    6. -
  6. Temporarily uninstall non-Microsoft antivirus software. - More information.
    7. - -
  7. Uninstall all nonessential software. More information.
    8. -
  8. Update firmware and drivers. More information
    9. -
  9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
    10. -
  10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
    11. -
- -## Step by step instructions - -### Remove external hardware - -If the computer is portable and it is currently in a docking station, [undock the computer](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)). - -Unplug nonessential external hardware devices from the computer, such as: -- Headphones -- Joysticks -- Printers -- Plotters -- Projectors -- Scanners -- Speakers -- USB flash drives -- Portable hard drives -- Portable CD/DVD/Blu-ray drives -- Microphones -- Media card readers -- Cameras/Webcams -- Smart phones -- Secondary monitors, keyboards, mice - -For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/help/4051300/windows-10-safely-remove-hardware) - -### Repair the system drive - -The system drive is the drive that contains the [system partition](https://docs.microsoft.com/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive. - -To check and repair errors on the system drive: - -1. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. Type **chkdsk /F** and press ENTER. -6. When you are prompted to schedule a check the next time the system restarts, type **Y**. -7. See the following example - - ``` - C:\WINDOWS\system32>chkdsk /F - The type of the file system is NTFS. - Cannot lock current drive. - - Chkdsk cannot run because the volume is in use by another - process. Would you like to schedule this volume to be - checked the next time the system restarts? (Y/N) Y - - This volume will be checked the next time the system restarts. - ``` - -8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive. - -### Windows Update Troubleshooter - -The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating. - -For Windows 7 and 8.1, the tool is [here](https://aka.ms/diag_wu). - -For Windows 10, the tool is [here](https://aka.ms/wudiag). - -To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems. - -You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?" - -If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links. - -### Repair system files - -This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93). - -To check and repair system files: - -1. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. Type **sfc /scannow** and press ENTER. See the following example: - - ``` - C:\>sfc /scannow - - Beginning system scan. This process will take some time. - - Beginning verification phase of system scan. - Verification 100% complete. - - Windows Resource Protection did not find any integrity violations. - ``` -6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: - - ``` - C:\>DISM.exe /Online /Cleanup-image /Restorehealth - - Deployment Image Servicing and Management tool - Version: 10.0.16299.15 - - Image Version: 10.0.16299.309 - - [==========================100.0%==========================] The restore operation completed successfully. - The operation completed successfully. - - ``` - >It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). - - -### Update Windows - -You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer. - -The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated. - -Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows." - -Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above. - -Click **Start**, click power options, and then restart the computer. - -### Uninstall non-Microsoft antivirus software - -Use Windows Defender for protection during the upgrade. - -Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program. - -To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal. - -For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10). - -### Uninstall non-essential software - -Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help. - -If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it. - -To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software. - -### Update firmware and drivers - -Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task. Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed. - -Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). - -To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions. - -### Ensure that "Download and install updates" is selected - -When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example: - -![Get important updates](../images/update.jpg) - -### Verify disk space - -You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. - -To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer. - -In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon. - -The amount of space available on the system drive will be displayed under the drive. See the following example: - -![System drive](../images/drive.png) - -In the previous example, there is 703 GB of available free space on the system drive (C:). - -To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: - -![Disk cleanup](../images/cleanup.png) - -For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). - -When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version. - -### Open an elevated command prompt - ->It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. - -To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). - -Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). - -If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. - -If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem. - -## Related topics - -[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) -
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) -
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +--- +title: Quick fixes - Windows IT Pro +ms.reviewer: +manager: laurawi +ms.author: greglin +description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.topic: article +--- + +# Quick fixes + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 100 level topic (basic).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + +The following list of fixes can resolve many Windows upgrade problems. You should try these steps before contacting Microsoft support, or attempting a more advanced analysis of a Windows upgrade failure. Also review information at [Windows 10 help](https://support.microsoft.com/products/windows?os=windows-10). + +The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. **To talk to a person about your issue**, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times. + +>You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis. + +## List of fixes + +
    +
  1. Remove nonessential external hardware, such as docks and USB devices. More information.
    2. +
  2. Check the system drive for errors and attempt repairs. More information.
    3. +
  3. Run the Windows Update troubleshooter. More information.
    4. +
  4. Attempt to restore and repair system files. More information.
    5. +
  5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
    6. +
  6. Temporarily uninstall non-Microsoft antivirus software. + More information.
    7. + +
  7. Uninstall all nonessential software. More information.
    8. +
  8. Update firmware and drivers. More information
    9. +
  9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
    10. +
  10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
    11. +
+ +## Step by step instructions + +### Remove external hardware + +If the computer is portable and it is currently in a docking station, [undock the computer](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754084(v=ws.11)). + +Unplug nonessential external hardware devices from the computer, such as: +- Headphones +- Joysticks +- Printers +- Plotters +- Projectors +- Scanners +- Speakers +- USB flash drives +- Portable hard drives +- Portable CD/DVD/Blu-ray drives +- Microphones +- Media card readers +- Cameras/Webcams +- Smart phones +- Secondary monitors, keyboards, mice + +For more information about disconnecting external devices, see [Safely remove hardware in Windows 10](https://support.microsoft.com/help/4051300/windows-10-safely-remove-hardware) + +### Repair the system drive + +The system drive is the drive that contains the [system partition](https://docs.microsoft.com/windows-hardware/manufacture/desktop/hard-drives-and-partitions#span-idpartitionsspanspan-idpartitionsspanspan-idpartitionsspanpartitions). This is usually the **C:** drive. + +To check and repair errors on the system drive: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **chkdsk /F** and press ENTER. +6. When you are prompted to schedule a check the next time the system restarts, type **Y**. +7. See the following example + + ``` + C:\WINDOWS\system32>chkdsk /F + The type of the file system is NTFS. + Cannot lock current drive. + + Chkdsk cannot run because the volume is in use by another + process. Would you like to schedule this volume to be + checked the next time the system restarts? (Y/N) Y + + This volume will be checked the next time the system restarts. + ``` + +8. Restart the computer. The computer will pause before loading Windows and perform a repair of your hard drive. + +### Windows Update Troubleshooter + +The Windows Update troubleshooter tool will automatically analyze and fix problems with Windows Update, such as a corrupted download. It will also tell you if there is a pending reboot that is preventing Windows from updating. + +For Windows 7 and 8.1, the tool is [here](https://aka.ms/diag_wu). + +For Windows 10, the tool is [here](https://aka.ms/wudiag). + +To run the tool, click the appropriate link above. Your web browser will prompt you to save or open the file. Select **open** and the tool will automatically start. The tool will walk you through analyzing and fixing some common problems. + +You can also download the Windows Update Troubleshooter by starting the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/), typing **update Windows**, selecting the version of Windows you are running, and then answering **Yes** when asked "Do you need help troubleshooting Windows Update?" + +If any errors are displayed in the Windows Update Troubleshooter, use the Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) to ask about these errors. The Virtual Agent will perform a search and provide a list of helpful links. + +### Repair system files + +This fix is also described in detail at [answers.microsoft.com](https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93). + +To check and repair system files: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **sfc /scannow** and press ENTER. See the following example: + + ``` + C:\>sfc /scannow + + Beginning system scan. This process will take some time. + + Beginning verification phase of system scan. + Verification 100% complete. + + Windows Resource Protection did not find any integrity violations. + ``` +6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: + + ``` + C:\>DISM.exe /Online /Cleanup-image /Restorehealth + + Deployment Image Servicing and Management tool + Version: 10.0.16299.15 + + Image Version: 10.0.16299.309 + + [==========================100.0%==========================] The restore operation completed successfully. + The operation completed successfully. + + ``` + >It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). + + +### Update Windows + +You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer. + +The Microsoft [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) can walk you through the process of making sure that Windows is updated. + +Start the [Virtual Agent](https://support.microsoft.com/contact/virtual-agent/) and then type "update windows." + +Answer questions that the agent asks, and follow instructions to ensure that Windows is up to date. You can also run the [Windows Update Troubleshooter](#windows-update-troubleshooter) described above. + +Click **Start**, click power options, and then restart the computer. + +### Uninstall non-Microsoft antivirus software + +Use Windows Defender for protection during the upgrade. + +Verify compatibility information, and if desired re-install antivirus applications after the upgrade. If you plan to re-install the application after upgrading, be sure that you have the installation media and all required activation information before removing the program. + +To remove the application, go to **Control Panel\Programs\Programs and Features** and click the antivirus application, then click Uninstall. Choose **Yes** when you are asked to confirm program removal. + +For more information, see [Windows 7 - How to properly uninstall programs](https://support.microsoft.com/help/2601726) or [Repair or remove programs in Windows 10](https://support.microsoft.com/help/4028054/windows-repair-or-remove-programs-in-windows-10). + +### Uninstall non-essential software + +Outdated applications can cause problems with a Windows upgrade. Removing old or non-essential applications from the computer can therefore help. + +If you plan to reinstall the application later, be sure that you have the installation media and all required activation information before removing it. + +To remove programs, use the same steps as are provided [above](#uninstall-non-microsoft-antivirus-software) for uninstalling non-Microsoft antivirus software, but instead of removing the antivirus application repeat the steps for all your non-essential, unused, or out-of-date software. + +### Update firmware and drivers + +Updating firmware (such as the BIOS) and installing hardware drivers is a somewhat advanced task. Do not attempt to update BIOS if you aren't familiar with BIOS settings or are not sure how to restore the previous BIOS version if there are problems. Most BIOS updates are provided as a "flash" update. Your manufacturer might provide a tool to perform the update, or you might be required to enter the BIOS and update it manually. Be sure to save your working BIOS settings, since some updates can reset your configuration and make the computer fail to boot if (for example) a RAID configuration is changed. + +Most BIOS and other hardware updates can be obtained from a website maintained by your computer manufacturer. For example, Microsoft Surface device drivers can be obtained at: [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). + +To obtain the proper firmware drivers, search for the most updated driver version provided by your computer manufacturer. Install these updates and reboot the computer after installation. Request assistance from the manufacturer if you have any questions. + +### Ensure that "Download and install updates" is selected + +When you begin a Windows Update, the setup process will ask you to **Get important updates**. Answer **Yes** if the computer you are updating is connected to the Internet. See the following example: + +![Get important updates](../images/update.jpg) + +### Verify disk space + +You can see a list of requirements for Windows 10 at [Windows 10 Specifications & System Requirements](https://www.microsoft.com/windows/windows-10-specifications). One of the requirements is that enough hard drive space be available for the installation to take place. At least 16 GB of free space must be available on the system drive to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. + +To view how much hard drive space is available on your computer, open [File Explorer](https://support.microsoft.com/help/4026617/windows-windows-explorer-has-a-new-name). In Windows 7, this was called Windows Explorer. + +In File Explorer, click on **Computer** or **This PC** on the left, then look under **Hard Disk Drives** or under **Devices and drives**. If there are multiple drives listed, the system drive is the drive that includes a Microsoft Windows logo above the drive icon. + +The amount of space available on the system drive will be displayed under the drive. See the following example: + +![System drive](../images/drive.png) + +In the previous example, there is 703 GB of available free space on the system drive (C:). + +To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: + +![Disk cleanup](../images/cleanup.png) + +For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). + +When you run Disk Cleanup and enable the option to Clean up system files, you can remove previous Windows installations which can free a large amount of space. You should only do this if you do not plan to restore the old OS version. + +### Open an elevated command prompt + +>It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. + +To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). + +Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). + +If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. + +If you downloaded the SetupDiag.exe program to your computer, then copied it to the folder C:\new, and you opened an elevated command prompt then typed cd c:\new to change to this directory, you can just type setupdiag and press ENTER to run the program. This program will analyze the files on your computer to see why a Windows Upgrade failed and if the reason was a common one, it will report this reason. It will not fix the problem for you but knowing why the upgrade failed enables you to take steps to fix the problem. + +## Related topics + +[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) +
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 81c8751a84..7b336767e8 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -3,7 +3,7 @@ title: Resolution procedures - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Discover general troubleshooting procedures for dealing with 0xC1900101, the generic rollback code thrown when something goes wrong during a Windows 10 upgrade. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index e06f80e04b..c429b8496c 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -3,7 +3,7 @@ title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Understanding the Windows 10 upgrade process can help you troubleshoot errors when something goes wrong. Find out more with this guide. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 7f4624ce3a..460fc831ee 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -3,7 +3,7 @@ title: Upgrade error codes - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Understand the error codes that may come up if something goes wrong during the Windows 10 upgrade process. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 499fef06bd..562773ef21 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -3,7 +3,7 @@ title: Windows error reporting - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy From 8927c577d8bab2feb334785805d67792a78e220c Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 17 Dec 2019 14:20:50 -0500 Subject: [PATCH 048/167] another 9 --- .../information-protection/bitlocker/bitlocker-and-adds-faq.md | 2 +- .../bitlocker/bitlocker-deployment-and-administration-faq.md | 2 +- .../bitlocker/bitlocker-frequently-asked-questions.md | 2 +- .../bitlocker/bitlocker-network-unlock-faq.md | 2 +- .../information-protection/bitlocker/bitlocker-security-faq.md | 2 +- .../information-protection/bitlocker/bitlocker-to-go-faq.md | 2 +- .../information-protection/bitlocker/bitlocker-upgrading-faq.md | 2 +- .../bitlocker/bitlocker-using-with-other-programs-faq.md | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md index 71cc07649a..65e915649a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index 9096194a09..edfe93e307 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker deployment and administration FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Browse frequently asked questions about Bitlocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md index 2a5c698b91..10ffe830e4 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md @@ -1,6 +1,6 @@ --- title: BitLocker FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of Bitlocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index b137b40f9c..b916ca07af 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Network Unlock FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Familiarize yourself with Bitlocker Network Unlock. Learn how it can make desktop and server management easier within domain environments. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index 211775fd9d..9a485d0ddd 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Security FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about how Bitlocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md index 6cc8628157..93d51d4e66 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker To Go FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about Bitlocker To Go — Bitlocker drive encryption for removable drives. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.author: dansimp diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index ddefee9d0c..d56396599c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Upgrading FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn more about upgrading systems that have Bitlocker enabled. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md index 5d1da751a8..f7d194d6e2 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md @@ -1,6 +1,6 @@ --- title: Using BitLocker with other programs FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Learn how to integrate Bitlocker with other software on your device. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 From 5524e08ab9bae2e14002f60d73849be9408bcece Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 17 Dec 2019 15:39:58 -0500 Subject: [PATCH 049/167] updated 2 pages w incorrect note formatting --- windows/deployment/upgrade/quick-fixes.md | 11 +++++++---- .../microsoft-defender-atp/supported-response-apis.md | 1 + 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index ee167800e5..fa2817f19b 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -28,7 +28,8 @@ The following list of fixes can resolve many Windows upgrade problems. You shoul The Microsoft Virtual Agent provided by [Microsoft Support](https://support.microsoft.com/contactus/) can help you to analyze and correct some Windows upgrade errors. **To talk to a person about your issue**, start the Virtual Agent (click **Get started**) and enter "Talk to a person" two times. ->You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis. +> [!TIP] +> You might also wish to try a new tool available from Microsoft that helps to diagnose many Windows upgrade errors. For more information and to download this tool, see [SetupDiag](setupdiag.md). The topic is more advanced (300 level) because several advanced options are available for using the tool. However, you can now just download and then double-click the tool to run it. By default when you click Save, the tool is saved in your **Downloads** folder. Double-click the tool in the folder and wait until it finishes running (it might take a few minutes), then double-click the **SetupDiagResults.log** file and open it using Notepad to see the results of the analysis. ## List of fixes @@ -150,7 +151,8 @@ To check and repair system files: The operation completed successfully. ``` - >It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). + > [!NOTE] + > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). ### Update Windows @@ -221,11 +223,12 @@ When you run Disk Cleanup and enable the option to Clean up system files, you ca ### Open an elevated command prompt ->It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. +> [!TIP] +> It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). -Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). +Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). If this is too complicated for you, then use File Explorer to create a new folder under C: with a short name such as "new" then copy or move the programs you want to run (like SetupDiag) to this folder using File Explorer. When you open an elevated command prompt, change to this directory by typing "cd c:\new" and now you can run the programs in that folder. diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md index c90568da66..e473635682 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md +++ b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md @@ -22,6 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +> [!TIP] > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) Learn about the supported response related API calls you can run and details such as the required request headers, and expected response from the calls. From 956e32e84805f5a6c52ffa965fc595b1ebd910eb Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 17 Dec 2019 14:33:35 -0800 Subject: [PATCH 050/167] Updated content --- ...indows-defender-antivirus-in-windows-10.md | 36 ++++++++----------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index d1ec034818..702e942ea7 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -23,38 +23,31 @@ ms.custom: nextgen - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Next-generation protection includes services that use machine learning together with the cloud to protect devices in your enterprise organization. Next-generation protection services include: +Windows Defender Antivirus is the next-generation protection component of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Next-generation protection brings together machine learning, big-data analysis, in-depth threat resistance research, and cloud infrastructure to protect devices in your enterprise organization. Next-generation protection services include: -- [Always-on scanning](configure-real-time-protection-windows-defender-antivirus.md), also known as "real-time protection", for advanced file and process behavior monitoring -- [Cloud-based delivery](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for near-instant detection and blocking of new and emerging threats -- [Dedicated protection updates](manage-updates-baselines-windows-defender-antivirus.md) powered by machine-learning, big-data analysis, and in-depth threat resistance research +- [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-windows-defender-antivirus.md). This includes always-on scanning using file and process behavior monitoring and other heuristics (also known as "real-time protection"). It also includes detecting and blocking apps that are deemed unsafe, but may not be detected as malware. +- [Cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md). This includes near-instant detection and blocking of new and emerging threats. +- [Dedicated protection and product updates](manage-updates-baselines-windows-defender-antivirus.md). This includes updates related to keeping Windows Defender Antivirus up to date. >[!TIP] ->Visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how the following features work: ->- [Cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) ->- Fast learning (including [block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md)) ->- [Potentially unwanted application blocking](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -> -> For more information regarding what's new in each Windows version, please refer to [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp). +>Visit the [Microsoft Defender ATP demo website](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following protection features are working and explore them using demo scenarios: +> - Cloud-delivered protection +> - Block at first sight (BAFS) protection +> - Potentially unwanted applications (PUA) protection ## Minimum system requirements -Windows Defender Antivirus is your main vehicle for next-generation protection, and it has the same hardware requirements as Windows 10. For more information, see: +Windows Defender Antivirus is your main vehicle for next-generation protection, and it has the same hardware requirements as of Windows 10. For more information, see: - [Minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) - [Hardware component guidelines](https://docs.microsoft.com/windows-hardware/design/component-guidelines/components) -## Configuring next-generation services +## Configure next-generation protection services -You can use the following to configure and manage next-generation services in Windows 10 while running Windows Defender Antivirus: +For information on how to configure next-generation protection services, see [Configure Windows Defender Antivirus features](configure-windows-defender-antivirus-features.md). -- System Center Configuration Manager (as System Center Endpoint Protection, or SCEP) -- Microsoft Intune -- PowerShell -- Windows Management Instrumentation (WMI) -- Group Policy - -Configuration and management is largely the same in Windows Server 2016, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md). +> [!Note] +> Configuration and management is largely the same in Windows Server 2016, while running Windows Defender Antivirus; however, there are some differences. To learn more, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md). ## Related topics @@ -63,5 +56,6 @@ Configuration and management is largely the same in Windows Server 2016, while r - [Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) - [Enable cloud protection](enable-cloud-protection-windows-defender-antivirus.md) - [Configure real-time protection](configure-real-time-protection-windows-defender-antivirus.md) -- [Configure cloud block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) +- [Enable block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md) +- [Detect and block potentially unwanted applications](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) - [Create and deploy cloud-protected antimalware policies](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service.md) From 6a5db0865411b853133e7309c911a85837cbb345 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 17 Dec 2019 14:45:42 -0800 Subject: [PATCH 051/167] Changed "specifed" to "specified" --- ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index b31d5e9a0f..c5bb40be7e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -44,7 +44,7 @@ $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -A New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` -As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specifed application: +As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application: ``` $rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe' From bd054a1cb5afcb318c1ab0f986003fa33df785a6 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 17 Dec 2019 14:47:23 -0800 Subject: [PATCH 052/167] Changed "intergity" to "integrity" --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index cca13f89b5..13450b73a4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -37,7 +37,7 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( 4. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - - **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. + - **Application control code integrity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. ![Configure WDAC](images/wdac-intune-wdac-settings.png) From c0ce2916564d591e3d9536db7e75637f1fac7eca Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 17 Dec 2019 17:55:15 -0500 Subject: [PATCH 053/167] the next 13 reviewed --- windows/deployment/windows-10-deployment-tools.md | 2 +- .../hello-for-business/hello-cert-trust-adfs.md | 2 +- .../hello-for-business/hello-key-trust-adfs.md | 2 +- .../microsoft-defender-atp/api-hello-world.md | 4 ++-- .../exposed-apis-full-sample-powershell.md | 2 +- .../microsoft-defender-atp/run-advanced-query-api.md | 2 +- ...ication-control-events-centrally-using-advanced-hunting.md | 2 +- .../whats-new/whats-new-windows-10-version-1507-and-1511.md | 2 +- windows/whats-new/whats-new-windows-10-version-1607.md | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md index c9973b520d..2bf8998e1e 100644 --- a/windows/deployment/windows-10-deployment-tools.md +++ b/windows/deployment/windows-10-deployment-tools.md @@ -1,6 +1,6 @@ --- title: Windows 10 deployment tools -description: Learn about the tools available to deploy Windows 10. +description: Browse through documentation describing Windows 10 deployment tools. Learn how to use these these tools to successfully deploy Windows 10 to your organization. ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB ms.reviewer: manager: laurawi diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index a98db0c85a..f42095fd31 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -1,6 +1,6 @@ --- title: Prepare & Deploy Windows AD FS certificate trust (Windows Hello for Business) -description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business +description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index de439496b9..a908e96533 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -1,6 +1,6 @@ --- title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business) -description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business +description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 82dfc632fd..88fd42601a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -1,7 +1,7 @@ --- -title: Hello World +title: Hello World for Microsoft Defender Advanced Threat Protection API ms.reviewer: -description: Use this API to run advanced queries +description: Create a practice 'Hello world'-style API call to the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) API. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index e1397a16e7..b21fc040af 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting with Powershell API Guide ms.reviewer: -description: Use this API to run advanced queries +description: Walk through a practice scenario, complete with code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 8dc833cda8..540c957c3f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting API ms.reviewer: -description: Use this API to run advanced queries +description: Use the Advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index 22a50b0c24..74f69040e8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -1,6 +1,6 @@ --- title: Query Application Control events with Advanced Hunting (Windows 10) -description: Learn about Windows Defender Application Guard and how it helps to combat malicious content and malware out on the Internet. +description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index d4aae3c31c..ff4619d8e2 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -1,6 +1,6 @@ --- title: What's new in Windows 10, versions 1507 and 1511 (Windows 10) -description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile. +description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 (versions 1507 and 1511) and Windows 10 Mobile. ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6 ms.reviewer: ms.prod: w10 diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 4a42f3e98b..f27cc65739 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -1,6 +1,6 @@ --- title: What's new in Windows 10, version 1607 (Windows 10) -description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile. +description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 (version 1607) and Windows 10 Mobile. keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"] ms.prod: w10 ms.mktglfcycl: deploy From f0f713baaf96a5bafec66c9f14fc8172c7034ddb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 17 Dec 2019 14:56:10 -0800 Subject: [PATCH 054/167] Update windows-defender-antivirus-in-windows-10.md --- .../windows-defender-antivirus-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md index 702e942ea7..539f6e5844 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 10/14/2019 +ms.date: 12/17/2019 ms.reviewer: manager: dansimp ms.custom: nextgen From b6aceb7f4e44f96c9e28e0b00b1f1ab73ca1ee19 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Tue, 17 Dec 2019 18:10:31 -0800 Subject: [PATCH 055/167] added content --- .../volume-activation/vamt-known-issues.md | 95 ++++++++++++++----- 1 file changed, 70 insertions(+), 25 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 70933d12f6..3a4c34773b 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,25 +1,70 @@ ---- -title: VAMT Known Issues (Windows 10) -description: VAMT Known Issues -ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.date: 04/25/2017 -ms.topic: article ---- - -# VAMT Known Issues - -The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0. -- The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. -- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). -- When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. -- The remaining activation count can only be retrieved for MAKs. -  -  +--- +title: VAMT known issues (Windows 10) +description: VAMT known issues +ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.date: 12/17/2019 +ms.topic: article +ms.custom: +- CI 111496 +- CSSTroubleshooting +--- + +# VAMT known issues + +The following list (and the section that follows) contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0. + +- The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. +- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). +- When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. +- The remaining activation count can only be retrieved for MAKs. +  +## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 + +When you try to add a Windows 10 Key Management Service (KMS) Host key (CSVLK) or a Windows Server 2012 R2 for Windows 10 CSVLK into Volume Activation Management Tool (VAMT) 3.1 (version 10.0.10240.0), you receive the following error message: + +> The specified product key is invalid, or is unsupported by this version of VAMT. An update to support additional products may be available online. + +![](./111496-1.png) + +This issue occurs because VAMT 3.1 does not contain the correct pkconfig files to recognize this kind of key. + +### Workaround + +To work around this issue, use one of the following methods. + +**Method 1** + +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). + +**Method 2** + +On the KMS host computer, follow these steps: + +1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/). + +1. In Windows Explorer, right-click **485392_intl_x64_zip**, and then extract the hotfix to **C:\KB3058168**. + +1. Open a Command Prompt window, and extract the contents of the update by running the following command: + + ```cmd + expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ + ``` + +1. Extract the contents of Windows8.1-KB3058168-x64.cab by running the following command: + + ```cmd + expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 + ``` + +1. In the "C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716\" folder, copy the **pkeyconfig-csvlk.xrm-ms** file. Paste this file to the "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig" folder. + +1. Restart VAMT. From 3712d5eea92d37c03ac677bad59986b56d825aa4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 18 Dec 2019 15:42:20 +0500 Subject: [PATCH 056/167] Update recommended-network-definitions-for-wip.md --- .../recommended-network-definitions-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index b11eab1f7d..c3e7e88640 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -35,7 +35,7 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc |-----------------------------|---------------------------------------------------------------------| |Office 365 for Business |
  • contoso.sharepoint.com
  • contoso-my.sharepoint.com
  • contoso-files.sharepoint.com
  • tasks.office.com
  • protection.office.com
  • meet.lync.com
  • teams.microsoft.com
| |Yammer |
  • www.yammer.com
  • yammer.com
  • persona.yammer.com
| -|Outlook Web Access (OWA) |attachments.office.net | +|Outlook Web Access (OWA) |
  • outlook.office.com
  • outlook.office365.com
  • attachments.office.net
| |Microsoft Dynamics |contoso.crm.dynamics.com | |Visual Studio Online |contoso.visualstudio.com | |Power BI |contoso.powerbi.com | From afe5b13e0eec9466f8a57cf8af5b8ac726f78a9e Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 18 Dec 2019 08:36:03 -0500 Subject: [PATCH 057/167] Added Central Store Consideration for GPOs For anyone using Central Store, added information for where to deploy the GPO templates in this setup. --- .../microsoft-defender-atp/configure-endpoints-gp.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index a5cb971e01..367c0685a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -80,6 +80,13 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ + If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the + configuration package: + + a. Copy _AtpConfiguration.admx_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions_ + + b. Copy _AtpConfiguration.adml_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions\\en-US_ + 2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**. 3. In the **Group Policy Management Editor**, go to **Computer configuration**. From 12befda4f5b299867f5436921b2495aac103e633 Mon Sep 17 00:00:00 2001 From: cchapin2020 <49560354+cchapin2020@users.noreply.github.com> Date: Wed, 18 Dec 2019 10:57:02 -0500 Subject: [PATCH 058/167] Edit table of default values Edited table of default settings based on Windows Server 2016 domain defaults. The right on a domain controller is set in the local security policy and is not defined in the Default Domain Controller policy. --- .../allow-log-on-through-remote-desktop-services.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md index 4725c3e9ba..d1dd82ef56 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md @@ -52,7 +52,8 @@ The following table lists the actual and effective default policy values. Defaul | Server type or GPO | Default value | | - | - | | Default Domain Policy | Not Defined | -| Default Domain Controller Policy | Administrators | +| Default Domain Controller Policy | Not Defined | +| Domain Controller Local Security Policy | Administrators | | Stand-Alone Server Default Settings | Administrators
Remote Desktop Users | | Domain Controller Effective Default Settings | Administrators | | Member Server Effective Default Settings | Administrators
Remote Desktop Users | From f2175fe70799c12998f30dfaea350a66ec3b24c6 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:15:06 -0800 Subject: [PATCH 059/167] pencil edit line 146 --- windows/whats-new/whats-new-windows-10-version-1507-and-1511.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index ff4619d8e2..548cf3912f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -143,7 +143,7 @@ The logon event ID 4624 has been updated to include more verbose information to A list of all of the groups in the user's token. 6. **RestrictedAdminMode** String: yes or no If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes. - For more info on restricted admin mode, see [Restricted Admin mode for RDP](http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). + For more info on restricted admin mode, see [Restricted Admin mode for RDP](https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). ##### New fields in the process creation event From b8f84e3c91df5b46f1dfce45e205aa988a8eede4 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:24:38 -0800 Subject: [PATCH 060/167] pencil edit line 4 --- .../exposed-apis-full-sample-powershell.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index b21fc040af..84f32849b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting with Powershell API Guide ms.reviewer: -description: Walk through a practice scenario, complete with code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs +description: Walk through a practice scenario, complete with code samples, querying several Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 From f14fd0428cd7a856d7aeb7082a92d17ed76518fa Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:26:12 -0800 Subject: [PATCH 061/167] pencil edit line 3 --- .../bitlocker/bitlocker-deployment-and-administration-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index edfe93e307..f8fa65855e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker deployment and administration FAQ (Windows 10) -description: Browse frequently asked questions about Bitlocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?" +description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 From 7685a95e74123f6a3371534af26d4c7e0cd1610a Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:26:46 -0800 Subject: [PATCH 062/167] pencil edit line 3 --- .../bitlocker/bitlocker-frequently-asked-questions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md index 10ffe830e4..3c5449bfe9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md @@ -1,6 +1,6 @@ --- title: BitLocker FAQ (Windows 10) -description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of Bitlocker. +description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 From dc2055ad6c4829deaaa8f58ab74b7818e633fc25 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:27:51 -0800 Subject: [PATCH 063/167] pencil edit line 3 --- .../bitlocker/bitlocker-network-unlock-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index b916ca07af..153be07099 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Network Unlock FAQ (Windows 10) -description: Familiarize yourself with Bitlocker Network Unlock. Learn how it can make desktop and server management easier within domain environments. +description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library From 872b5807a1de20133c64c5035b861f35ac75f42b Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:28:41 -0800 Subject: [PATCH 064/167] pencil edit line 3 --- .../information-protection/bitlocker/bitlocker-security-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index 9a485d0ddd..2962d7533b 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Security FAQ (Windows 10) -description: Learn more about how Bitlocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?" +description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?" ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 From 902c2de1d2c6e342e45119f9c72163972a26efe1 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:29:47 -0800 Subject: [PATCH 065/167] pencil edit line 3 --- .../information-protection/bitlocker/bitlocker-to-go-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md index 93d51d4e66..e8bd11f12b 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker To Go FAQ (Windows 10) -description: Learn more about Bitlocker To Go — Bitlocker drive encryption for removable drives. +description: Learn more about BitLocker To Go — BitLocker drive encryption for removable drives. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.author: dansimp From 40e9c73b657919c42ab1a98d7a3be7b90e2d533f Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:30:30 -0800 Subject: [PATCH 066/167] pencil edit line 3 --- .../information-protection/bitlocker/bitlocker-upgrading-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index d56396599c..15cb20e4f6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Upgrading FAQ (Windows 10) -description: Learn more about upgrading systems that have Bitlocker enabled. +description: Learn more about upgrading systems that have BitLocker enabled. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library From aec7fd1c16010d83932710553b8d0f2a0ed30c82 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:31:00 -0800 Subject: [PATCH 067/167] pencil edit line 3 --- .../bitlocker/bitlocker-using-with-other-programs-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md index f7d194d6e2..0aebf543c2 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md @@ -1,6 +1,6 @@ --- title: Using BitLocker with other programs FAQ (Windows 10) -description: Learn how to integrate Bitlocker with other software on your device. +description: Learn how to integrate BitLocker with other software on your device. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 From d7d59f3773eb732c70a62bb299455e8c8e7ed3fe Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:34:59 -0800 Subject: [PATCH 068/167] pencil edits line 146 --- windows/whats-new/whats-new-windows-10-version-1507-and-1511.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 548cf3912f..b807af694d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -143,7 +143,7 @@ The logon event ID 4624 has been updated to include more verbose information to A list of all of the groups in the user's token. 6. **RestrictedAdminMode** String: yes or no If the user logs into the PC in restricted admin mode with Remote Desktop, this field will be yes. - For more info on restricted admin mode, see [Restricted Admin mode for RDP](https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). + For more information about restricted admin mode, see [Restricted Admin mode for RDP](https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx). ##### New fields in the process creation event From 84d03e1175a87c0fcf35a71eaf175d44370c222f Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:37:07 -0800 Subject: [PATCH 069/167] pencil edit line 33 --- .../exposed-apis-full-sample-powershell.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index 84f32849b6..bac9a5c37b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -30,7 +30,7 @@ In this section we share PowerShell samples to - Use token to retrieve the latest alerts in Microsoft Defender ATP - For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL. ->**Prerequisite**: You first need to [create an app](apis-intro.md). +**Prerequisite**: You first need to [create an app](apis-intro.md). ## Preparation Instructions From 75439f69012b15658a1ad659756d3a7cf894f31d Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:38:47 -0800 Subject: [PATCH 070/167] pencil edits fixed errant indents --- .../exposed-apis-full-sample-powershell.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md index bac9a5c37b..7f21e771f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md @@ -40,16 +40,16 @@ In this section we share PowerShell samples to Set-ExecutionPolicy -ExecutionPolicy Bypass ``` ->For more details, refer to [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy) +For more details, refer to [PowerShell documentation](https://docs.microsoft.com/powershell/module/microsoft.powershell.security/set-executionpolicy) ## Get token -- Run the below +Run the below: -> - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant) -> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP) -> - $appSecret: Secret of your AAD app -> - $suspiciousUrl: The URL +- $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant) +- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Microsoft Defender ATP) +- $appSecret: Secret of your AAD app +- $suspiciousUrl: The URL ``` From ad69779b9cd164f7d6cd45ba9386bd2fb95bd3d6 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:47:14 -0800 Subject: [PATCH 071/167] pencil edits corrected note format, lines 98, 99 --- ...de-signing-cert-for-windows-defender-application-control.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md index d37c151e21..9e6f941382 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md @@ -95,7 +95,8 @@ Now that the template is available to be issued, you must request one from the c 6. Enroll and finish. -> **Note**  If a certificate manager is required to approve any issued certificates and you selected to require management approval on the template, the request will need to be approved in the CA before it will be issued to the client. +>[!NOTE] +>If a certificate manager is required to approve any issued certificates and you selected to require management approval on the template, the request will need to be approved in the CA before it will be issued to the client. This certificate must be installed in the user’s personal store on the computer that will be signing the catalog files and code integrity policies. If the signing is going to be taking place on the computer on which you just requested the certificate, exporting the certificate to a .pfx file will not be required because it already exists in your personal store. If you are signing on another computer, you will need to export the .pfx certificate with the necessary keys and properties. To do so, complete the following steps: From 3f766c84f3bed9a112f7ca98264a834e46b223c3 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 08:57:25 -0800 Subject: [PATCH 072/167] pencil edits changed notes to alerts where needed --- ...rt-windows-defender-application-control.md | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 8910412085..765289825b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -80,7 +80,8 @@ To create a catalog file, you use a tool called **Package Inspector**. You must `PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName` -> **Note**  Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries’ hash values. +>[!NOTE] +>Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries’ hash values. When finished, the files will be saved to your desktop. You can double-click the \*.cat file to see its contents, and you can view the \*.cdf file with a text editor. @@ -129,9 +130,10 @@ To sign the existing catalog file, copy each of the following commands into an e ` sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName` - > **Note**  The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. + >[!NOTE] + >The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. > - > **Note**  For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](https://docs.microsoft.com/dotnet/framework/tools/signtool-exe). + >For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](https://docs.microsoft.com/dotnet/framework/tools/signtool-exe). 4. Verify the catalog file digital signature. Right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1. @@ -219,7 +221,8 @@ Before you begin testing the deployed catalog file, make sure that the catalog s As an alternative to Group Policy, you can use System Center Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files as well as provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, System Center Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files: -> **Note**  The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization. +>[!NOTE] +>The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization. 1. Open the Configuration Manager console, and select the Software Library workspace. @@ -293,7 +296,8 @@ Before you begin testing the deployed catalog file, make sure that the catalog s When catalog files have been deployed to the computers within your environment, whether by using Group Policy or System Center Configuration Manager, you can inventory them with the software inventory feature of System Center Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy. -> **Note**  A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names. +>[!NOTE] +>A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names. 1. Open the Configuration Manager console, and select the Administration workspace. @@ -315,7 +319,8 @@ When catalog files have been deployed to the computers within your environment, 6. In the **Name** box, type a name such as **\*Contoso.cat**, and then click **Set**. - > **Note**  When typing the name, follow your naming convention for catalog files. + >[!NOTE] + >When typing the name, follow your naming convention for catalog files. 7. In the **Path Properties** dialog box, select **Variable or path name**, and then type **C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}** in the box, as shown in Figure 10. @@ -337,7 +342,8 @@ At the time of the next software inventory cycle, when the targeted clients rece 4. In Resource Explorer, navigate to Software\\File Details to view the inventoried catalog files. -> **Note**  If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan. +>[!NOTE] +>If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan. ## Related topics From cbcb7f1878156ca45cf9eb332cfdb58483108a91 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 09:03:29 -0800 Subject: [PATCH 073/167] pencil edits formatted alerts where needed --- windows/deployment/upgrade/upgrade-error-codes.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 460fc831ee..5bb2a95e0c 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -30,7 +30,7 @@ If the upgrade process is not successful, Windows Setup will return two codes: 1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error. 2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred. ->For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**. +For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**. Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/kb/3159635) then only a result code might be returned. @@ -39,7 +39,7 @@ Note: If only a result code is returned, this can be because a tool is being use ## Result codes ->A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. +A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. The following set of result codes are associated with [Windows Setup](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options) compatibility warnings: @@ -77,7 +77,8 @@ Some result codes are self-explanatory, whereas others are more generic and requ ## Extend codes ->**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. +>[!IMPORTANT] +>Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation: From b3ee610583c34c8cdb19a161819404c0b39be50f Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 09:09:29 -0800 Subject: [PATCH 074/167] pencil edits note alerts --- .../whats-new-windows-10-version-1507-and-1511.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index b807af694d..7cfd7c2c0d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -216,7 +216,8 @@ Some things that you can check on the device are: - Is BitLocker Drive Encryption supported and enabled? - Is SecureBoot supported and enabled? -> **Note**  The device must be running Windows 10 and it must support at least TPM 2.0. +>[!NOTE] +>The device must be running Windows 10 and it must support at least TPM 2.0. [Learn how to deploy and manage TPM within your organization](/windows/device-security/tpm//trusted-platform-module-overview). @@ -279,8 +280,8 @@ Enterprises have the following identity and management choices. | Grouping | Domain join; Workgroup; Azure AD join | | Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) | - > **Note**   -With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). +>[!NOTE]   +>With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512). ### Device lockdown From 29b2e42231ffde65018354bd4c859aa4bae92843 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 18 Dec 2019 09:11:32 -0800 Subject: [PATCH 075/167] pencil edits note alert + indent --- windows/deployment/upgrade/log-files.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 19e5e7f6af..71ebf32bab 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -27,7 +27,8 @@ ms.topic: article Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. -Note: Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. +>[!NOTE] +>Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files. The following table describes some log files and how to use them for troubleshooting purposes:
@@ -79,7 +80,7 @@ See the following example: ## Analyze log files ->The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes). +The following instructions are meant for IT professionals. Also see the [Upgrade error codes](upgrade-error-codes.md) section in this guide to familiarize yourself with [result codes](upgrade-error-codes.md#result-codes) and [extend codes](upgrade-error-codes.md#extend-codes).
To analyze Windows Setup log files: @@ -110,7 +111,7 @@ See the following example: For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file: ->Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN." +Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
setuperr.log content: From d02139df5fce91e8ea531fb31c74876bbd3d417c Mon Sep 17 00:00:00 2001 From: tx5westmt <45113913+tx5westmt@users.noreply.github.com> Date: Wed, 18 Dec 2019 11:36:29 -0600 Subject: [PATCH 076/167] Grammar/Punctuation Corrections Minor grammar/punctuation updates. --- .../hello-for-business/feature-multifactor-unlock.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 3da855c332..4ddcb35964 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -31,7 +31,7 @@ ms.reviewer: Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system. -Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. +Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. Which organizations can take advantage of Multi-factor unlock? Those who: * Have expressed that PINs alone do not meet their security needs. @@ -101,7 +101,7 @@ Each rule element has a **signal** element. All signal elements have a **type** | type| "wifi" (Windows 10, version 1803) #### Bluetooth -You define the bluetooth signal with additional attribute in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>". +You define the bluetooth signal with additional attributes in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>". |Attribute|Value|Required| |---------|-----|--------| @@ -117,7 +117,7 @@ Example: ``` -The **classofDevice** attribute defaults Phones and uses the values from the following table +The **classofDevice** attribute defaults to Phone and uses the values from the following table: |Description|Value| |:-------------|:-------:| @@ -138,7 +138,7 @@ The **rssiMin** attribute value signal indicates the strength needed for the dev RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other. >[!IMPORTANT] ->Microsoft recommends using the default values for this policy settings. Measurements are relative, based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting. Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values. +>Microsoft recommends using the default values for this policy setting. Measurements are relative, based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting. Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values. #### IP Configuration You define IP configuration signals using one or more ipConfiguration elements. Each element has a string value. IpConfiguration elements do not have attributes or nested elements. @@ -198,7 +198,7 @@ The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IP 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2 ``` ##### dnsSuffix -The fully qualified domain name of your organizations internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix. The **signal** element may contain one or more **dnsSuffix** elements.
+The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix. The **signal** element may contain one or more **dnsSuffix** elements.
**Example** ``` corp.contoso.com From d2da2e934f152e35cf6159228b0924355224de6e Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 18 Dec 2019 12:24:49 -0800 Subject: [PATCH 077/167] Update surface-pro-arm-app-management.md --- devices/surface/surface-pro-arm-app-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 5ccc5468b3..fee3cc0671 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -72,7 +72,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep ### Recommendations for commercial customers - Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb). -- If your procedures require using a Windows Installer .msi file contact [Surface for Business support](https://support.microsoft.com/help/4037645). +- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). - For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. From 4b92cac45f24dfb6ec185af7bbe7c2a190b80cb1 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 18 Dec 2019 12:50:18 -0800 Subject: [PATCH 078/167] Update deploy.md Fixed type Destop --> Desktop --- windows/deployment/deploy.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index 90bcabb6d6..aea35fc121 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -4,13 +4,15 @@ description: Deploying Windows 10 for IT professionals. ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C ms.reviewer: manager: laurawi -ms.audience: itpro author: greg-lindsay +ms.audience: itpro +author: greg-lindsay ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium ms.date: 11/06/2018 -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.topic: article --- @@ -35,7 +37,7 @@ Windows 10 upgrade options are discussed and information is provided about plann ## Related topics -[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) +[Modern Destkop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)   From af561d634aa4ded6b97825885d8fc0a696efe3d5 Mon Sep 17 00:00:00 2001 From: martyav Date: Wed, 18 Dec 2019 15:56:48 -0500 Subject: [PATCH 079/167] first 24 items reviewed --- .../mdm/certificatestore-ddf-file.md | 2 +- windows/client-management/mdm/cleanpc-csp.md | 2 +- .../client-management/mdm/devicestatus-csp.md | 2 +- ...pplying-filters-to-data-in-the-sua-tool.md | 201 +++++++++--------- ...card-group-policy-and-registry-settings.md | 2 +- .../vpn/vpn-conditional-access.md | 2 +- .../bitlocker/bitlocker-network-unlock-faq.md | 2 +- ...-basic-audit-policy-on-a-file-or-folder.md | 2 +- .../audit-directory-service-replication.md | 2 +- .../audit-mpssvc-rule-level-policy-change.md | 2 +- .../auditing/audit-rpc-events.md | 2 +- .../auditing/audit-user-account-management.md | 2 +- .../auditing/audit-user-device-claims.md | 2 +- ...icies-associated-with-files-and-folders.md | 2 +- .../get-support-for-security-baselines.md | 2 +- .../microsoft-threat-experts.md | 2 +- ...iew-of-threat-mitigations-in-windows-10.md | 2 +- ...age-text-for-users-attempting-to-log-on.md | 2 +- ...pt-s4u2self-to-obtain-claim-information.md | 2 +- ...ne-permissions-apply-to-anonymous-users.md | 2 +- ...ntlm-ntlm-authentication-in-this-domain.md | 2 +- ...nt-digitally-sign-communications-always.md | 2 +- ...the-elevation-prompt-for-standard-users.md | 2 +- ...l-administrators-in-admin-approval-mode.md | 2 +- 24 files changed, 124 insertions(+), 123 deletions(-) diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index ae68a73283..9a2630fdb4 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -1,6 +1,6 @@ --- title: CertificateStore DDF file -description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML. +description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML. ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md index 5b7d432911..c70da05dae 100644 --- a/windows/client-management/mdm/cleanpc-csp.md +++ b/windows/client-management/mdm/cleanpc-csp.md @@ -1,6 +1,6 @@ --- title: CleanPC CSP -description: The CleanPC configuration service provider (CSP) allows removal of user-installed and pre-installed applications, with the option to persist user data. This CSP was added in Windows 10, version 1703. +description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 2191e66e9c..06e4d21323 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -1,6 +1,6 @@ --- title: DeviceStatus CSP -description: The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies. +description: The DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise. ms.assetid: 039B2010-9290-4A6E-B77B-B2469B482360 ms.reviewer: manager: dansimp diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md index 5222062842..5edd92497e 100644 --- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md +++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md @@ -1,100 +1,101 @@ ---- -title: Applying Filters to Data in the SUA Tool (Windows 10) -description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. -ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Applying Filters to Data in the SUA Tool - - -**Applies to** - -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 - -On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. - -**To apply filters to data in the SUA tool** - -1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md). - -2. After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues. - -3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Options menu commandDescription

Filter Noise

Filters noise from the issues.

-

This command is selected by default.

Load Noise Filter File

Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file.

Export Noise Filter File

Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file.

Only Display Records with Application Name in StackTrace

Filters out records that do not have the application name in the stack trace.

-

However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.

Show More Details in StackTrace

Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.

Warn Before Deleting AppVerifier Logs

Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.

-

This command is selected by default.

Logging

Provides the following logging-related options:

-
    -

  • Show or hide log errors.

    • -

  • Show or hide log warnings.

    • -

  • Show or hide log information.

    • -
-

To maintain a manageable file size, we recommend that you do not select the option to show informational messages.

- -   - -  - -  - - - - - +--- +title: Applying Filters to Data in the SUA Tool (Windows 10) +description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application. +ms.assetid: 48c39919-3501-405d-bcf5-d2784cbb011f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: appcompat +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Applying Filters to Data in the SUA Tool + + +**Applies to** + +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 + +On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you. + +**To apply filters to data in the SUA tool** + +1. Use the SUA tool to test an application. For more information, see [Using the SUA Tool](using-the-sua-tool.md). + +2. After you finish testing, in the SUA tool, click a tab that shows issues that the SUA tool has found. All tabs except the **App Info** tab can show issues. + +3. On the **Options** menu, click a command that corresponds to the filter that you want to apply. The following table describes the commands. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Options menu commandDescription

Filter Noise

Filters noise from the issues.

+

This command is selected by default.

Load Noise Filter File

Opens the Open Noise Filter File dialog box, in which you can load an existing noise filter (.xml) file.

Export Noise Filter File

Opens the Save Noise Filter File dialog box, in which you can save filter settings as a noise filter (.xml) file.

Only Display Records with Application Name in StackTrace

Filters out records that do not have the application name in the stack trace.

+

However, because the SUA tool captures only the first 32 stack frames, this command can also filter out real issues with the application where the call stack is deeper than 32 frames.

Show More Details in StackTrace

Shows additional stack frames that are related to the SUA tool, but not related to the diagnosed application.

Warn Before Deleting AppVerifier Logs

Displays a warning message before the SUA tool deletes all of the existing SUA-related log files on the computer.

+

This command is selected by default.

Logging

Provides the following logging-related options:

+
    +

  • Show or hide log errors.

    • +

  • Show or hide log warnings.

    • +

  • Show or hide log information.

    • +
+

To maintain a manageable file size, we recommend that you do not select the option to show informational messages.

+ +   + +  + +  + + + + + diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index 992e66a6c7..f663299fb7 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -1,6 +1,6 @@ --- title: Smart Card Group Policy and Registry Settings (Windows 10) -description: This topic for the IT professional and smart card developer describes the Group Policy settings, registry key settings, local security policy settings, and credential delegation policy settings that are available for configuring smart cards. +description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 674df551a5..df414d1e79 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -1,6 +1,6 @@ --- title: VPN and conditional access (Windows 10) -description: The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application. +description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index b137b40f9c..8adacee70e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Network Unlock FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Browse frequently asked questions about the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index e559dc6001..f15fee7c4d 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -1,6 +1,6 @@ --- title: Apply a basic audit policy on a file or folder (Windows 10) -description: You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. +description: Apply audit policies to individual files and folders on your computer by setting the permission type to record access attempts in the security log. ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 06737f9521..dffea817d4 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -1,6 +1,6 @@ --- title: Audit Directory Service Replication (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends. +description: Audit Directory Service Replication is a policy setting that decides if audit events are created when replication between two domain controllers begins or ends. ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index 25e29659e8..d58bafa0de 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -1,6 +1,6 @@ --- title: Audit MPSSVC Rule-Level Policy Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe). +description: Audit MPSSVC Rule-Level Policy Change determines if audit events are generated when policy rules are altered for the Microsoft Protection Service (MPSSVC.exe). ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index f35fb87e98..b35eacaf51 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -1,6 +1,6 @@ --- title: Audit RPC Events (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made. +description: Audit RPC Events is an audit policy setting that determines if audit events are generated when inbound remote procedure call (RPC) connections are made. ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 25d5f2620c..5b2d45cc98 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -1,6 +1,6 @@ --- title: Audit User Account Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit User Account Management, which determines whether the operating system generates audit events when specific user account management tasks are performed. +description: Audit User Account Management is an audit policy setting that determines if the operating system generates audit events when certain tasks are performed. ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index 55da915b55..74c7755cb8 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -1,6 +1,6 @@ --- title: Audit User/Device Claims (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit User/Device Claims, which enables you to audit security events that are generated by user and device claims. +description: Audit User/Device Claims is an audit policy setting which enables you to audit security events that are generated by user and device claims. ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index fad5b7ff52..94499439b0 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -1,6 +1,6 @@ --- title: Monitor central access policies for files or folders (Windows 10) -description: This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects. +description: Monitor changes to central access policies associated with files and folders, when using advanced security auditing options for dynamic access control objects. ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index c3cdc07f58..d9eda2847f 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -1,6 +1,6 @@ --- title: Get support -description: This article, and the articles it links to, answers frequently asked question on how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization +description: Frequently asked question about how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index 358b596f33..c451cf8400 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -1,7 +1,7 @@ --- title: Microsoft Threat Experts ms.reviewer: -description: Microsoft Threat Experts is the new managed detection and response (MDR) service in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. +description: Microsoft Threat Experts provides an additional layer of expertise to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts search.product: Windows 10 search.appverid: met150 diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 355b58c60f..fe80c5c8a4 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -1,6 +1,6 @@ --- title: Mitigate threats by using Windows 10 security features (Windows 10) -description: This topic provides an overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. +description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md index c1da92162e..61a261c4bd 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md @@ -1,6 +1,6 @@ --- title: Interactive Logon Message text (Windows 10) -description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Message text for users attempting to log on security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Interactive logon Message text for users attempting to log on. ms.assetid: fcfe8a6d-ca65-4403-b9e6-2fa017a31c2e ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md index 51a7a62dde..473585fba5 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md @@ -1,6 +1,6 @@ --- title: Microsoft network server Attempt S4U2Self (Windows 10) -description: Describes the best practices, location, values, management, and security considerations for the Microsoft network server Attempt S4U2Self to obtain claim information security policy setting. +description: Learn about the security policy setting, Microsoft network server Attempt S4U2Self to obtain claim information. ms.assetid: e4508387-35ed-4a3f-a47c-27f8396adbba ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md index 0e3279dc6e..6ea98c4a06 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md @@ -1,6 +1,6 @@ --- title: Let Everyone permissions apply to anonymous users (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Let Everyone permissions apply to anonymous users security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Network access Let Everyone permissions apply to anonymous users. ms.assetid: cdbc5159-9173-497e-b46b-7325f4256353 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index c8d671e6b6..a88bb90887 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -1,6 +1,6 @@ --- title: Network security Restrict NTLM in this domain (Windows 10) -description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM NTLM authentication in this domain security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Network Security Restrict NTLM NTLM authentication in this domain. ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index f055b88d86..a8d2183e51 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -1,6 +1,6 @@ --- title: Always sign SMBv1 network client communications (Windows 10) -description: For SMBv1 only, describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Microsoft network client Digitally sign communications (always). ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index 92e19e7cda..659b235720 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -1,6 +1,6 @@ --- title: Behavior of the elevation prompt for standard users (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Behavior of the elevation prompt for standard users security policy setting. +description: Learn about best practices, security considerations, and more for the policy setting, User Account Control Behavior of the elevation prompt for standard users. ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md index 9c85a319b8..4a75974332 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md @@ -1,6 +1,6 @@ --- title: UAC Run all administrators in Admin Approval Mode (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Run all administrators in Admin Approval Mode security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, User Account Control Run all administrators in Admin Approval Mode. ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf ms.reviewer: ms.author: dansimp From 8fec7b6ff02ecbdf175516c768de116b9267bb4b Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Wed, 18 Dec 2019 14:04:34 -0800 Subject: [PATCH 080/167] Adding Flashing mode to Recovery docs Added flashing mode to recovery docs to provide quick instructions to people. Debate about adding Recovery mode has been raised, as such this is not being added to public docs at this time. @scooley --- devices/hololens/hololens-recovery.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index 42c5c64363..b2e0d48bc7 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -106,6 +106,14 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper 5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.) 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device. +>[!TIP] +>In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion: + +1. Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed. +1. Press and hold the **Volume Up and Power buttons** until the device reboots. Release the Power button, but continue to hold the Volume Up button until the third LED is lit. It will the the only lit LED. + 1. The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device: +1. Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2. + ### HoloLens (1st gen) If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool. From 599b8e27ae35e3d9869fe5a1d5bbb87576634bf4 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 18 Dec 2019 14:28:28 -0800 Subject: [PATCH 081/167] Update surface-pro-arm-app-management.md --- devices/surface/surface-pro-arm-app-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index fee3cc0671..26e145c547 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -71,7 +71,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep ### Recommendations for commercial customers -- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb). +- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). - If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). - For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. From 9a79b6f8aa688bc344eefa969a4301fb57b243f3 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 18 Dec 2019 15:29:37 -0800 Subject: [PATCH 082/167] Changed "Destkop" to "Desktop" --- windows/deployment/deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md index aea35fc121..e9b3ec607d 100644 --- a/windows/deployment/deploy.md +++ b/windows/deployment/deploy.md @@ -37,7 +37,7 @@ Windows 10 upgrade options are discussed and information is provided about plann ## Related topics -[Modern Destkop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) +[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)   From f9d5a2b2d59d2a28d4cdeaa66d7627179cf3523f Mon Sep 17 00:00:00 2001 From: martyav Date: Wed, 18 Dec 2019 18:45:57 -0500 Subject: [PATCH 083/167] next 21 reviewed --- .../autopilot-device-guidelines.md | 2 +- .../windows-autopilot/existing-devices.md | 2 +- windows/deployment/windows-autopilot/index.md | 2 +- .../windows-autopilot/known-issues.md | 2 +- .../deployment/windows-autopilot/profiles.md | 97 +++++------ .../windows-autopilot/registration-auth.md | 163 +++++++++--------- .../windows-autopilot/self-deploying.md | 2 +- .../windows-autopilot/troubleshooting.md | 2 +- .../windows-autopilot/user-driven.md | 2 +- .../windows-autopilot-requirements.md | 2 +- .../windows-autopilot-reset.md | 2 +- .../windows-autopilot-scenarios.md | 2 +- .../windows-autopilot-whats-new.md | 2 +- .../windows-autopilot/windows-autopilot.md | 2 +- .../hello-cert-trust-validate-deploy-mfa.md | 2 +- .../hello-how-it-works-authentication.md | 2 +- .../hello-how-it-works-provisioning.md | 2 +- .../hello-how-it-works-tech-deep-dive.md | 2 +- .../hello-how-it-works-technology.md | 2 +- .../hello-for-business/hello-how-it-works.md | 2 +- .../retired/hello-how-it-works.md | 2 +- 21 files changed, 150 insertions(+), 148 deletions(-) diff --git a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md index 563e086966..63f327622a 100644 --- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md +++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md @@ -2,7 +2,7 @@ title: Windows Autopilot device guidelines ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Learn all about hardware, firmware, and software best practices for Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index e762a53ed9..9f4cdcfc25 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot for existing devices -description: Windows Autopilot deployment +description: Modern desktop deployment with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/index.md b/windows/deployment/windows-autopilot/index.md index ae223e3032..93abebfa65 100644 --- a/windows/deployment/windows-autopilot/index.md +++ b/windows/deployment/windows-autopilot/index.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot deployment -description: Windows Autopilot deployment +description: Discover resources for Windows Autopilot deployment with this guide. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md index db8c0256dd..5be64cc194 100644 --- a/windows/deployment/windows-autopilot/known-issues.md +++ b/windows/deployment/windows-autopilot/known-issues.md @@ -2,7 +2,7 @@ title: Windows Autopilot known issues ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Inform yourself about known issues that may occur during Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md index 6e54f66318..5cb74ed199 100644 --- a/windows/deployment/windows-autopilot/profiles.md +++ b/windows/deployment/windows-autopilot/profiles.md @@ -1,48 +1,49 @@ ---- -title: Configure Autopilot profiles -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Configure Autopilot profiles - -**Applies to** - -- Windows 10 - -For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices). - -## Profile settings - -The following profile settings are available: - -- **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process. - -- **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process. - -- **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organization’s name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings. - -- **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool. - -- **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete. - -- **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users. - -- **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details. - -## Related topics - -[Profile download](troubleshooting.md#profile-download) -[Registering devices](add-devices.md) +--- +title: Configure Autopilot profiles +description: Learn how to configure device profiles while performing a Windows Autopilot deployment. +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Configure Autopilot profiles + +**Applies to** + +- Windows 10 + +For each device that has been defined to the Windows Autopilot deployment service, a profile of settings needs to be applied that specifies the exact behavior of that device when it is deployed. For detailed procedures on how to configure profile settings and register devices, see [Registering devices](add-devices.md#registering-devices). + +## Profile settings + +The following profile settings are available: + +- **Skip Cortana, OneDrive and OEM registration setup pages**. All devices registered with Autopilot will automatically skip these pages during the out-of-box experience (OOBE) process. + +- **Automatically setup for work or school**. All devices registered with Autopilot will automatically be considered work or school devices, so this question will not be asked during the OOBE process. + +- **Sign in experience with company branding**. Instead of presenting a generic Azure Active Directory sign-in page, all devices registered with Autopilot will automatically present a customized sign-in page with the organization’s name, logon, and additional help text, as configured in Azure Active Directory. See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory) to customize these settings. + +- **Skip privacy settings**. This optional Autopilot profile setting enables organizations to not ask about privacy settings during the OOBE process. This is typically desirable so that the organization can configure these settings via Intune or other management tool. + +- **Disable local admin account creation on the device**. Organizations can decide whether the user setting up the device should have administrator access once the process is complete. + +- **Skip End User License Agreement (EULA)**. Starting in Windows 10 version 1709, organizations can decide to skip the EULA page presented during the OOBE process. This means that organizations accept the EULA terms on behalf of their users. + +- **Disable Windows consumer features**. Starting in Windows 10 version 1803, organizations can disable Windows consumer features so that the device does not automatically install any additional Microsoft Store apps when the user first signs into the device. See the [MDM documentation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) for more details. + +## Related topics + +[Profile download](troubleshooting.md#profile-download) +[Registering devices](add-devices.md) diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md index 9ae9105cbd..76456c8e39 100644 --- a/windows/deployment/windows-autopilot/registration-auth.md +++ b/windows/deployment/windows-autopilot/registration-auth.md @@ -1,81 +1,82 @@ ---- -title: Windows Autopilot customer consent -description: Windows Autopilot deployment -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.reviewer: mniehaus -manager: laurawi -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: deploy -audience: itpro author: greg-lindsay -ms.author: greglin -ms.collection: M365-modern-desktop -ms.topic: article ---- - - -# Windows Autopilot customer consent - -**Applies to: Windows 10** - -This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf. - -## CSP authorization - -CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions: - - -
Direct CSPGets direct authorization from the customer to register devices. -
Indirect CSP ProviderGets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. -
Indirect CSP ResellerGets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. -
- -### Steps - -For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process: - -1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so: - - CSP logs into Microsoft Partner Center - - Click **Dashboard** on the top menu - - Click **Customer** on the side menu - - Click the **Request a reseller relationship** link: - ![Request a reseller relationship](images/csp1.png) - - Select the checkbox indicating whether or not you want delegated admin rights: - ![Delegated rights](images/csp2.png) - - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges - - Send the template above to the customer via email. -2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page: - - ![Global admin](images/csp3.png) - - NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: - - ![Not global admin](images/csp4.png) - -3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously. -4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example: - -![Customers](images/csp5.png) - -## OEM authorization - -Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com. - -1. OEM emails link to their customer. -2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page: - - ![Global admin](images/csp6.png) - - NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: - - ![Not global admin](images/csp7.png) -3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done. Authorization happens instantaneously. - -4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process. - -## Summary - -At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. - +--- +title: Windows Autopilot customer consent +description: Learn how a cloud service provider (CSP) partner or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf. +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.reviewer: mniehaus +manager: laurawi +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: deploy +audience: itpro +author: greg-lindsay +ms.author: greglin +ms.collection: M365-modern-desktop +ms.topic: article +--- + + +# Windows Autopilot customer consent + +**Applies to: Windows 10** + +This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf. + +## CSP authorization + +CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions: + + +
Direct CSPGets direct authorization from the customer to register devices. +
Indirect CSP ProviderGets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. +
Indirect CSP ResellerGets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. +
+ +### Steps + +For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process: + +1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so: + - CSP logs into Microsoft Partner Center + - Click **Dashboard** on the top menu + - Click **Customer** on the side menu + - Click the **Request a reseller relationship** link: + ![Request a reseller relationship](images/csp1.png) + - Select the checkbox indicating whether or not you want delegated admin rights: + ![Delegated rights](images/csp2.png) + - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent. You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal: https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges + - Send the template above to the customer via email. +2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page: + + ![Global admin](images/csp3.png) + + NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: + + ![Not global admin](images/csp4.png) + +3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously. +4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example: + +![Customers](images/csp5.png) + +## OEM authorization + +Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com. + +1. OEM emails link to their customer. +2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page: + + ![Global admin](images/csp6.png) + + NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: + + ![Not global admin](images/csp7.png) +3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done. Authorization happens instantaneously. + +4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process. + +## Summary + +At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. + diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md index ca49b045ee..4bdb15131d 100644 --- a/windows/deployment/windows-autopilot/self-deploying.md +++ b/windows/deployment/windows-autopilot/self-deploying.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot Self-Deploying mode -description: Windows Autopilot deployment +description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md index f2e35ade30..63437b2ab3 100644 --- a/windows/deployment/windows-autopilot/troubleshooting.md +++ b/windows/deployment/windows-autopilot/troubleshooting.md @@ -1,6 +1,6 @@ --- title: Troubleshooting Windows Autopilot -description: Windows Autopilot deployment +description: Learn how to handle issues as they arise during the Windows Autopilot deployment process. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index ae6ae398bc..e8fdb8a2c2 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot User-Driven Mode -description: Windows Autopilot deployment +description: Windows Autopilot user-driven mode allows devices to be deployed to a ready-to-use state without requiring help from IT personnel. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index e11c96bd77..1b234651ad 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -2,7 +2,7 @@ title: Windows Autopilot requirements ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Inform yourself about software, networking, licensing, and configuration requirements for Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md index 4aab58218f..e2679d47f7 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot Reset -description: Windows Autopilot deployment +description: Windows Autopilot Reset takes the device back to a business-ready state, allowing the next user to sign in and get productive quickly and easily. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md index e76aa507b3..ab95bacbee 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot scenarios and capabilities -description: Windows Autopilot deployment +description: Follow along with several typical Windows Autopilot deployment scenarios, such as re-deploying a device in a business-ready state. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md index 81dcb6e9c2..b10120467d 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md @@ -2,7 +2,7 @@ title: Windows Autopilot what's new ms.reviewer: manager: laurawi -description: Windows Autopilot deployment +description: Read news and resources about the latest updates and past versions of Windows Autopilot. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md index 04f3d13f0c..7079e66d14 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot.md +++ b/windows/deployment/windows-autopilot/windows-autopilot.md @@ -1,6 +1,6 @@ --- title: Overview of Windows Autopilot -description: Windows Autopilot deployment +description: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.reviewer: mniehaus manager: laurawi diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index a125f1f5ad..4681b5725d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -1,6 +1,6 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with certificate trust -description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business +description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with certificate trust keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index d30031df7d..c75524b41e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Authentication -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Learn about the authentication flow for Windows Hello for Business. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index c876fbd351..c13b7e7518 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Provisioning -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md index bb57bd6b57..0e03beb9e3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Technical Deep Dive -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Deeply explore how Windows Hello for Business works, and how it can help your users authenticate to services. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, works ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index f32db55329..012051d5e2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works - Technology and Terms -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index cec799fa3d..de0d46631b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index f3d95ae6ee..00b0bd2e95 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -1,6 +1,6 @@ --- title: How Windows Hello for Business works (Windows 10) -description: Explains registration, authentication, key material, and infrastructure for Windows Hello for Business. +description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library From b4e904550263dd35872eb7144fbb21c646c123fa Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 18 Dec 2019 16:55:52 -0800 Subject: [PATCH 084/167] From Acrolinx: Changed "ennvironment" to "environment" --- .../hello-for-business/hello-how-it-works-provisioning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index c13b7e7518..f220db21f6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -58,7 +58,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment -![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed ennvironment](images/howitworks/prov-haadj-keytrust-managed.png) +![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](images/howitworks/prov-haadj-keytrust-managed.png) | Phase | Description | From 1f81616e963183697e0303bafd0434dc88db75cd Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 18 Dec 2019 16:57:52 -0800 Subject: [PATCH 085/167] Acrolinx spelling: Changed "lockscreen" to "lock screen" --- windows/deployment/windows-autopilot/windows-autopilot-reset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md index e2679d47f7..e114e9f5ec 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md @@ -87,7 +87,7 @@ Performing a local Windows Autopilot Reset is a two-step process: trigger it and 1. From the Windows device lock screen, enter the keystroke: **CTRL + ![Windows key](images/windows_glyph.png) + R**. - ![Enter CTRL+Windows key+R on the Windows lockscreen](images/autopilot-reset-lockscreen.png) + ![Enter CTRL+Windows key+R on the Windows lock screen](images/autopilot-reset-lockscreen.png) This will open up a custom login screen for the local Autopilot Reset. The screen serves two purposes: 1. Confirm/verify that the end user has the right to trigger Local Autopilot Reset From 33635c9386aed5ee5b831be081e4650232473a8a Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 19 Dec 2019 17:37:56 +0200 Subject: [PATCH 086/167] Remove false information about winHTTP https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2230 --- windows/deployment/upgrade/upgrade-readiness-data-sharing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md index af934eec08..58e8a9e6c2 100644 --- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md +++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md @@ -33,7 +33,7 @@ In order to use the direct connection scenario, set the parameter **ClientProxy= ### Connection through the WinHTTP proxy -This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication. +This is the first and most simple proxy scenario. In order to set the WinHTTP proxy system-wide on your computers, you need to - Use the command netsh winhttp set proxy \:\ From dbc99ea38edc57df9629ae4ed8cc7734da41eabc Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 19 Dec 2019 23:34:12 +0500 Subject: [PATCH 087/167] Updated information for Office 2003 Added information for office 2003 and earlier file formats to be avoided to open when sent as an attachment. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4425 --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 3659eaeffb..884759126a 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -85,6 +85,8 @@ To further ensure that data is protected from malware as well as other threats: * Do not use untrusted devices to log on to email, social media, and corporate accounts. +* Do not downlaod or run old Binary / Office 2003 and ealier file formats like .doc, .ppt, .xls. These file formats allow macros to be included. This can be a security risk. + ## Software solutions Microsoft provides comprehensive security capabilities that help protect against threats. We recommend: From c44e9548febe4f4ba37fcad4ae08b9a0eb3d77fc Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 10:53:39 -0800 Subject: [PATCH 088/167] Added image, edits --- .../images/vamt-known-issue-message.png | Bin 0 -> 20311 bytes .../volume-activation/vamt-known-issues.md | 18 ++++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 windows/deployment/volume-activation/images/vamt-known-issue-message.png diff --git a/windows/deployment/volume-activation/images/vamt-known-issue-message.png b/windows/deployment/volume-activation/images/vamt-known-issue-message.png new file mode 100644 index 0000000000000000000000000000000000000000..5ce1a31e1f4b0792108b50765c0bae4001467549 GIT binary patch literal 20311 zcmeFZcT|(z_a};iAV^bQK|rL~rAZeMVnhLzq9VOSg$M!xDWL}h1XQX80ck;$4xvX{ z5b1;xr4t|^oe+?cKpM=0@B6(ozxjRd%$>FFoj+#Xwa9wHInU|)?6ddhe0E;lHPYkZ z65(QDVd1%@f8#z2%Rv#~bK)>NkRt7IQx_`nH^vPDlnr29^`Z;Nja`1IJ3I1HDX5pq$eecbYa=}Q_ zY)Rdf1@<(ZF!FO8E4%gE2Hxo=i5sr=x6+;qalVC~d9}uSc(l9TjT<*k)(Qe}-`)B# z7ir?ND&nJpa^jP)Wqr({s^Vm{Y^FjvV!xuVr0_`LWuc4%BCnf?%ud$m;Rm=LErI{oe82YI);mV>ud8!>WHQc|x^^NEm91`k*p z#gxlA8!`kWM8(K)S&oAhJjZAYn1%z+v=Wm7SKB+>0f=(1I$aj@HXW)Y~ z27$$JEf2vZJ4OE%;Iag&8Zi&keb;(CmIf05dhB`{eEP9}^k*MUc3`RT{{tz=58oH| zYg}E@`yG0j{lWS?@JKc|?*t^X#2gFT&ps25JODg8U$V!-Q>%diOYuVOar-ZvU=L%z z!l0lVO%`LQnFgVX#^(^nhU6&V`FF2 zKd@kmmT>wOW`Dh{nGaNy8!rwr8cF6q!7p(r&3qyZdEm%vaYgPIv7OHk9Jv1tsO+#v zDN;YdkFnk!eNl*0R7%F~zrM?Igq`)^=jWRR*8IvW51Srdd;ZrmJ9zXux5#;P!O~Lk zvV%fO&t2=>z=DNt*5@VtI|t6JZQ4;Vl(bRX_qm@a)Ppm+giYs`nfBEbnty>|aCscZ zY5&Z=b%c63GK)`<`*~zYTlfS|C+cC>j z4%4nKtbD(-%Mcf+tZS?CFP3j%ioZD$wB&!=^^LpE z$r>dR<&L;m)lsNGTD_bJ@&tT1RCdDO=DNt@R2it3BrrJLWlfQ17XtLWXuF0w)j_B;T!Tw{Uper3N22^y zac)v#AD4?L#WBh*qwh_LVu!!V*m|=xUvc4rDgMW_igDdEN$A~7_xR)jwL)ob{mnzC zxF}}GMQKPKaSuxhY9;WXWTJsI}^$vf*tA zp4iE-sM)l9;|`hkQpv_|iI3cm6(>vFw;t9WW^1q&xb__{?#mvSDfEJND~Guk)wRVX zJi7Jr6nhVWL5r2&YzVixe{yz0DSGDH0U37oU6yiCkgE6 z82B;#uAfpaa+<71ohq@Mv_l1nSvWd?PwSZH@!j^g%bJwF6@Dd1k;OX_sD6d-?YBU! zo#`1&FG#vOAVm>Wossc=Zj(lWQ)QOq!ZXaXMM2lW&DQ4bAsR=H4pEbm99qzz-Yu(OC4sMwa5hx1qA>sMgZE1%ySy)P+DF?G0=zjAf)4VxGe6p5;ydo(x zOAp!&i?lh_^OGkel*Ri<82jgkpBDx%&*(YXhPBlz_L(cQAYJ&C|FskU{q6#avB;d@ zKAdo{x6loYV|jik{QugiETs=GOI+i+f~q|PW@QnKK~K^@`yINh0VK3uKgAcu{_REc zbC!!!^~-{6JS-NM|ED|orik+7J?kVwet<~?me0IVdaotEfNBEzxrggnRq-uYBCXBN zv0J+JG?P;92SS-<7W zWdBdeg600!P^+Z5>Ff6MNm-w+v+vf&`GB((E_C>iO0(aPN&IKPXDh{?w;uUN(a4k| z-#|>CU5|`qdp-6%bDD!+>|nR|9`b0d)uYpM!H3`YE8!bhjvcGmnB0+@j`Pp}zZmX!Dgq z-a(i^)Cigr>ucC?0t5VVT zaeGY3IoeWv_ayoWZMtSi{eGo?o5#GF-KQ*yxlVood8d$zO$_>KMZC@0Pmn zNiT-_y2n&ts2Staa-Mw+^!BNsmPfPo%OAY7PGutnl?~?9+{S;o7IlJl*W=+3tY; zpfuzo^K;;4*A91_o;c#g%jgyegVy}7>43#YfhN&BCk@|&XWaKF?pUtRKdVGllSCDH zc78YWiG}RZ38#N02hNlD{+sG|cUC##?@l?1ssgoNdVBk<)6Rir_Yn^9pyw~`S4A6X zw*MMVaC@^j0nZ+12A)axo%9Hcd~hbQ#BvXQ-X^(?vFh6>jo4#u-ysC9Y27%f6S9l- z4gY5fBjcj9BJuWh;@XUF3Qi+9usyySrs0&FAend@clkgwuV7B-8irm1*a%Enskkx} z#$Wp%QHA!eU!JKEyS9RR^gWXEq~W8}H-wcjTVLc8C3P;@BKnJ=Ux5nPqBj@%T;>YP zK8**1Th_Pcl-Af5PV=4y42T#pKBc%+j|nzDfhz`!rL0k6s$({Tiw#T)emNs>^#{25 z1$X|l!CLF|=a0f7o~E(=WogbBLCV0ga=kcNT z38m9BY&-&rpTCdCn3%-5JDpPd8+0vm7Vfn!%zN)^0u30oV9qK#H|O$ktg(ggMltw1y8FQLY} zj=gC=FzaoiWBs|tz|v92*N6W#skHXy82o;pY}ra(7w_OA4TzZRC zP*O69?+qBs7ito?R+fFPFc9mye?XGZCI&lC?50FZK$_gRfLnoLZK_F17jwczU@^>iEuj~ zlGvbUZ?z&bAgCdLh#0;~knmtrXagkS1o!PZEKrPw!+~@IvCA<*$0RhQ4?8uDJEqOTP1|9_LF}q^j5GS4S3V zJhQ+Df#v&H;=Hr->EE`9p|J!##6@eakf2;0$a1E{&++s&AK2Dk*fDolE4{IRo5f zbEVnQ7@|20x9xlw@b*~Vy&AtyjkYr;R|@6FMopS6#E%!rVRmklTcdjzQ0Gn8qsm6E z_xc;2R*@a5H#&<)iACdVv4tp%6{IHtEA`f*WUq@o{o&trbyg+W=D6)ldytn4Q3XoI zlX-HrPT?9sJ5Q=A(GMnQkAqET2qnw;&{Rh_?n)Wdiu~kM=g`&sYNLhFY(eGO>Q`5{ z)k*I{y?*fI`FEjrGfU;~Go(DKbw1oyy?K;}m&o_s={tf;%Be zXv3U=+RO~oMvbpog38(%6Gh?&6Y=K;(MCRn!j^q}A{!EUjNmp9qhDj+_4vkiT6pUB zbo26;B)gw{FS_Jk-qua1=ciAXj15~G;=V2y6gq=v7C?LIfT6+i(BSK4uO@lTwk1K) zGDr69feioo6f0mb>OwM3Y1*YGq^r+rlV5vSiH+2li)ld&G+MeGg3WxNx-!8}ow21m z@Jw^P?dm0QK-8MvNURsvt?@?2=9Hf}=X6plpz<_$hHey^^dlmQJJ@T^yW+XbDVym&_X2zV z$l}}y%;LkAL~cM(IaVGj3@1o>%Q$twLLYw{G*_)JD6&=Al6+FBf%e&5b;IQ&N0?hn@KLU|+6FBASuBbD5q+TH4C zPhcD@=N@*eI2@kf5>a&e5T1WrLz(*Am0gcH+@SQey~}kR43Rf?lSgIOzWz0o!nX*k zUT|wp@8zJ;5=BD9QiH6gA5Ik~9pbV@vmJ4HR5S7Ed;=8_Ekl`Fq$F##)?wm-dXb(6 z>61ee_y_ZMdBz5hvxKALcm;iGV)|R3Pkhx1!4G*Odrty&eOjq3BFbhHE4I%o8UHn^ z@kDdfrGMx#b>134URa_xhF)>UO(OGU*}HR^8a$@ZuX=>)%dcIqz#%1}o;SbSfvhtB zYR!aqqQ1Q-NdQW`5ND*hj4T@AE@YlAEz49(IDi&8x!Lsd)VMuVRhGj$*4oi5UnNfs z))%OIJ&F}w6nrxaQMXmy72JhCT7NyO`7Q&md7sZ*6%e!Bi@;*JdY^M@!BppSm?=3E z!J3Uf?*&d(z({oTfLz00Z^x)ADG>O0ia9C{Ju(<9@4>~+?pTtgA3sFCOd zne6F<@TrqBzYd6E`7Ls|?S$WnzjSZ=7jggzp%P9qW?RJqduD$D4Km7!aV~?I>U()s zg34QR6J88FIFg;1<&;V7uPK-ThWLdYdd{l})`JizNOJ@!uz zHKwC7&~0g_Aa4VhU9|yhcf04mQyc$O4k$n5E-iJa_}%2fK%5nBN599-E(c|2;I3|W zmHQIfD8TvL9TC9dXJI*9?lP=P9-e~<&>!7Za|*gzXDLgRHL;Gv6EsGPpL~S_JBUT$ z4C`;Q8Sq8_;QsDrc?-B1fJ8fVTjO?m+=IgbphDn3f?59#=kjkC3(4G5TF-1~<`Ur; z?736nFGMJa`-sd65guTKIqmk(e0*p92ah@7lf)JaqAQV?j3FpW3NmXi#ZS}eYEj9u ztVyb4w6w_i>i2s{kw5rZ_B?n-1I}~=6`QR|hqc8WcV6mBTz)K|+!b<8`x)^CG8E{Z zf+23itKD&MU>Tv|v|>?qV}jA>UJ@3$>-a0sd34?~j2*yIs?ppcfhFc9CWV8>A?spQ zk2~4nvo8U&`w`AkOm)LiIcIR_-5=;~#a>uBZuMSauADi6+Pm<;y_FY^5mYX6Prs^| z9nf!`*bB@q0RO~T9*WI&CM;isPe%w99M=pUJgKbhf1~I3@?~9Ch{5B6~ijWKj_tmkvYSsf9vJu$_l58_ynAEuP_cC`W~WuYKr4`P zVf2Ht{;qt#BBTo%m_-JVDUa!uAe=>&b7Jk>2Ww|hl@5lrdxNRGkX7TxfvWPLjx)Y< ztXXqyH%BwiI`>cC9W9NkUTseOkT==I5eDTeTFF0~%FBUmBUpfV@r^^YD7E~vr!~!H zyo@A&?TjoTCDAua>NmO`E8S)SX8nUq=87Y^Sb*ASAnH&vkH6qWMG`lnW=df$Rv|Cw zvaHi@4VRzg83bCutbPt^tM*ob9uvP@^=VEnuv36eyc~gQiYa3N>#uO4Zd3j%V^I%u z-^9d3#c(8HZZ;+Mu2#)|TcI~y)?A5ZSLXK+y7gL5EzKpQW$2FoN~D5m!{e^nqh(kh z4X2=arOY3FPKP}Yo&HPN0rPBiTpiwdHi?bcN!rY6yePWz+WHdp+l9?yYuP6f14#uv zjKt*wg>i|}Nfw*+H1WKlLiWjT0Y=P8l31Z@XO5wNLqN!D*n9fCG1io|&gdd4hZtVp z5M1W!y|-DL?sNMY&Rl^}csyA1HT6f~DIToQCc~b8b%7xmo1Z&I2okH?BVupTE{(AJ zVgh4a?P0LxJ1!ZPjaRiNiDNZ3MM5rKPm63#Eg3e&%Pz}An)>l8ZA}Q>7LTfauuj+u zuv^lOq|SS4nDTwQsO3&s?eW{2d~J}u0Q2=M^c^&PxNcS_;LF%q6nykp)w;01SaRb>Y5g7wegd3lAh zI$mQUrs1vMu=6W=c_80p82~qzi_w!m?KkObjVSG%DOU1yl(@zt`y!Ond-0erlN>qQ z(>sU!5sPBvUd@!K*>E+wL^bn!Nl~|TZ<$>+@rV{V!ZuXVc28)a#M9Qr@*-9{h%XUJ zsohmATDq1_CO1RxcwbY0(BnQHQW3iXA2kXLuELn)Qtqnmu#FwF!j$p2iJ5{NS7~8Y zah4?*qr$nzumtK4dk6f0*~KH|FU1YPD^+S@B(;hnbdUmyY7;v!jEgGsDhM```1SZ+ zSX)y#$KVn9dZeBI+;MW7sQVU=$b3Phf+a4&QEpbc=zDg&wg{k)wpRz|%57GJW1k^+ z;6FHd#CvJvo6gNyX!w*r9mfv8r+Rqh{cxP-#GDA0H=jocDn6;n3Jsava(H?!M2s7)K9G7GcG)(MX+sGk+&|B+KV={DQlMX8uD7+ z?(%-#ft9mroU|RjL@e%LzvyT?8kb)&77QcYCi!R;4>^Lr`2GkWSH3^A4T2aCFAS2m zXs*94_Pn)W=zHv!E7H1ARawd6R+#A%FX%NR94Qd)DJq7_6t^xR`6u+aYv_J4g!S-{ zpx@fMwIL@4^YH#<}0?zn`J#q_0Jh5AT{2yrsFZHzFTCq!Woa zbh^<~61&hOwRSka&y4a^c@m|aiTF0T^&rpH!+&ofaCvh(a5J;^BAv)MM}Du>w|)_B zqI!ad0E#Zm3`e|rc_ngpyOD8+ya#%AO-$YMhFHiJyNXJcl@@h2c2xY5P<|@kp6)^< z2Wllh+8qIgj9#IsP|weZn~8^9EmW1qvg-XrK6;Or+Tf17`uie5?#*8NZt=Uj9g9Mj z8F6p08rk>Qza6PKaQQ*?%kG1%5kgNwrS4J&4223N7uHZcLeOimi9GXC%L|bh;F?Ws zZv(Wq@C$Gm@kd)u_idr5XVg3y4(e29ofHEdA}S%-WQKaB9$CNK8|?io(d zTbuzqhB(kyzHZUxB#h2%@XyBtc&y9z9VgsSFTh}ma!UesnpgKR8wT=G6u0KX5px*; zYC%oB+;~uQfdpKOw$%8qH53l)*-olbD`~mny#*%msIIU!E4YMcG}LwI(ai62`z|_y zJnD-@H3a`|+8z|D^Cmjr5*{6l zwJ!>b~8 zGCEF3hm2z_WI}b?o(N}StuK!H$(gI2arM6Bv~@)IZJI;WXIsK91r3;F3Ry10C8mU( zHnjm5dLn1FmMB*R!>hsxi0!3v;M9ZcdFC+;YA)=_y}nS>WHXUa`r{Q+60ZzCO>vDx zsOa2(zj6k!(!Gy#^2{$s#*otaMCM1i0ShvtGr{`ozVZKjRk8*w$E81#P*z_7&R%kk zyc++|5@Aw*wid@0K7=d0WSq z&Lu(#M`j@MX1z$IjY_B-`0$a5jxx4PU#Kh?n| zRuY=+ik^*h%t8(1IKO@tZzb!rX z1TXz8JHYZxco-@9;^58K36lKE8Y;=~N56^JMY(M?08dwL=A<&4rp0G2;e+7j6!Us* zt8tBvaTnPj+BI!s>)lRBk(ZSlXou*B??+!S5aTGnFKRjT9{Q1%4!>?L(p#7v*g*9p zHjh&dyD7O3hq4An`{$&)iBe8!P1yL}Dht*Te}M0D8arR;>h5#jjOjR*m(=w;cQZI| z*?aqoh8=q#^RZ=xL2=(N1UJh&>{kw+CbpOdk~&|PhUx}BxHIc&Nf^Ds3C(Q*<+KBO zpu#DRgOa6jN~L&c*07@gH%$7dI_bE2oc5dv&O`R9$xTOj+CJT$#P4-z;pI54+C971#{As6W zH=9!yl7>0bH{@p*HOiBPUlb`Wpk}|1>CX**8TJS_3PP%3p{Q_kr4<+rR-LN@4XqVp zz{}OkO8YB~@6QjoqloU!A9)8-Ox(?H+EowpU5G^tp~P7pzCE#xd~`jMK?v4zJ_i6i z5Y*(i8SeYL-y94zv7_W2;z)>O`%wJ!;Bkxdl%z@qS)MhA8ls?7-V@0zO1!!3^LzN! zRwxc=L=^=-eMETF!}}nlQtsmNFdxh1TQOd^!-t|DJhJ}|-0;*pgnwklgl5Qbe2i=| zD0z}h-g@ZpL7H8r;;qu%QL;bw5GRblCCC$wl*0!~(C^^o;$cdaVs+_0mb#W`wZ;~_ zQ6=AtpwZvjHBd#Qxp`c@^-0?DTkD|^5UfB^oudH0smc~_LI`Gge(SMKxULCO|ETIY zIj3ZBe!a{o<`JvX++uQC(>chwkP!uWc@CXMZLK^(_{+htvl=@i&|VEgR+}H%jlEN< zsg!A2JqV;mVHMOPG_5f@4 z?!}9jsy;kVO-vFJ%I{SN9t>yiJ|z5bX2#`8nvCv8I)Dxb9TvffQ;!g8HfEG0!P)L0 zK-KVpSw$|RqiGQ@TTdyEQGo5d^EX%_{0D~6Xa5ht!v8#L!(I32A0&nI@A7S5GHV|I zSd5I*N{yW%Ip9y~39(EXgPq*1L@*x?q4hhHwM+K3)VIS_I^MUy5fhS5tF-Bvdc9Ar zhm86N`ao0{4F) zW=QPUe@*cZ(E9&wmdZZIp>iysJo)62&plcy6?lW*JUi8i)X4%P8kF@%1V(=%@;$ll z%UYDW9kX=1ir{mf5^dat$awHE4pLx`cTcs|Y&$Y?Zb2zv-K$^LH(!=O^M&IP@db6h ztC=s59`|ACy}YF-9SEKeGf;dZf6da>KB^fD(H@VeZdr$n$8Sq;m!sYd$lIQo^9L2! z6Nj7C`{U;O7AKV6C~}@R3zcy+Ug%Ib+=IqR>cyEfmOb+}*f}1H6SW^F$Yi^Q{7)*< zX3ies3KzI$O`D_5 z=2ZVjflqcJrcazEBaO;iYyI)v!5w>r6Z%NAL9{XfwpM*dW8N@_R~C)m*qZ^+RlC=C<2R4KyLN#74~o zU1sNQYJAVkhyrTsA-yC=46|1R720RGSJ;&FDR}ngvrN~1KIIZzdd#wIO~7}uv)Iz2 zL&R+t@&@ho;8R%W%&z$nS2s9YT{kPk_?~(IkE;HWQ4WH7wr zs@G#x*lDw&2O%aYhIy`XST$06DRF1+pGhxSYZw#fMGQ%6@5~yW+C!$@NnKG4QFqrE zU|*1zlr)3%`@F!_^OwQ#X?>9+iiSiQl;RE4goj@zV(Wt!NTqX>dYodUDiPoE0o}W& zo=!0A&w_E4Q4clwC>QtVVw_U16Fcii6u4yFPgIs%K6fp7Z=s_$xZ_we99x^SH@l}^ zMj^ZR+ekWXk)HWl9rJ;I8UNpoE(l@xLY)8XSy~_nGjUVV0b|M8{!&+{j4&y|TssvGaR-VYkf(X04Bx>=(eOAPM` zPQ>rj(hP-c^cMTs#n?B>Y5o0Kn9liS@aa@@%n#T&t*6|y(Tq%m!9iEAkHG8Trhj&L zL&&bTYVHs_n(r53Y@O)5=)3k4_Hsv|7+n)bC@CoM13_=}9STX6C9au68oe6UwPXi{ zpk?HS=;J z+}j!aukD>lbpyi7@`#gR?cd~-UQ`o&CdZS1Bg^<>R;OfTqM@MqxcViR%#i3et}Lr+ zCuH1c>BQ*GhRX^IYGNDF$m+pqZNTq%2}a%UWlU@p>vCj$Sr>5d9kpz zukRqo(zlv?-zFC!o2We5k$-a||NRmCL;c*gBz9G)Lnm}YgF^n6Q-1G9#AeyTzN}iC|$!|kNgPNay{s-3|sbOUog3~OXyQ$-Lse| zn2r!7izmAH?^0q(+L8S4#FV=-{YXEzTmKaLT>n(BA(OcrohW}J#CQ4xA3joUMMqT7 zT9Yn|=BI1QA-E;wm;<@5A-9;7Rt@go!y*~Vg^XWW)R3DV_lY4+cQkUB6w~+EOLK|j zfxSeW>qTY*d3>zT*%}lrv+T1d-k(2jYVNR-DOrtoIBGi#(_1|MN-WJM1tF3n&%RbT z)ko7HTDS2&%nOkfi8s`(zxwl3!+|=8C;O;;ZtM@rF#6t6XY1y&(y{)vlS_EM|xFcQY{PVAZ-Q{ zw=_XrIozf0!s}jnn2BBbkIJ~q7I+DskdQ!+oA!NVXJ=>fnL|A42ciXxA)~*I{fLH0 zLIOg2pevE77HVo7xjR7(?w_MsiaHkgsFQx9rCUdmX#BJhUnRsyltUAAsa`{ATy+2&G4C^koncCT z?O&}e3*k4;(OF239}b?7H?zi5vg)fT#uPP%$;u=}QG{Nw-k_dDsnp_I8D~zu ze`N`XwD!)h5q>Deyy21Ub?gyCa$B{6tN&tn2mi<68>yt8FXNDEL#;9pc`W=nf00M{-7Q5$eiJtVWvgk%CI(|u22Y?>~M82 zSlgE^MMyL1G5%G9;KwfZCEpWgMbD9id2S6+Am>-T`#XtB9k1j@&ey%Ciwmx5(Bz*h za=tFBg^t(OB>T+ry<240A#Kt7 zO9&H@#)T9=bG5N_4%l{G&+Z6{q_GkZr`5JxVB#Tx!#P-x+i*39SB6DGc_;-w+`H$nI0b zDGQV}%09tAi^(Y~YM&4gG2-(W6_KN8aX}mOhA(_*(jn}O&!+i(U>@J097`f+L(Yzz z4;ZQ$I{!Yc}J# zy+=78brbSJl=w48YqT=Rx}>O>?2q$lq?6)pb0I@9cB%oqHRRfUnB5Uz0bsiU32$F9 z0t(ZDC@_KW;EJVp<#-9*@q#`*w~?m_eHMf}J?eH?Szw!Y~ElKw~^miLX1#XVS+BUWcm4pHb(W3{SA zOzi7VMTD}$Mfjk&ttHfAjpPnd(94BsCMyuYx3EKU|LC^de6pdhX|w(Az_8zHEew?; zI{!1HdI5}QuA)IcTG#OiYzn?+avnI?cwv1I-uvI>!_P&$tN8?h;LJBU5L$;7FRRXT zvpBs#zWGZVCw*9CA{65mdzH;fTL%CRLjT)To#0oQ!3R$W{%`Wc{&#wP|9@LRw8OtY z(fG!k1E`SqIP|X5=Tl`I8?_fZP3`CNVgnJISYRjx1T_+1SV}CFdh_ z#>o{@63}3`H1P3!(FV!c-~D#6|91mW){p@dD@$;bePo(aV_Buray-=-VqpKTrF^|hqm)<^t)Tiav$Hb~1i0gLS!6v&n_ zDITt4#+G-N^fi3>Ri)%t*DC&y^wb?uOppr+F{&Y_SZhVloDBp=3TTR0#M4E!+>8KG zSLw9dmDp*r@=h%Qx)hi5rU=2E#Aq(l9M_!w)cCp|()k>9JFLaM$#C``DK=3-uha5B*9} z-avbq6M44OWIaw1OKV*b)JRT%ZFw&Hx4@D(UyPA78N)r!E!Vu)8Wzw#LIXjrzN;z=oY^JhF72_|vE zlpd&dXc)o(I)s;9c-!+nr&+$Z$go=he|jsb>~NW+hE(CvE^9hxX4XC2cR)EJHitB} zX&_cc8dV)sPofq3d!{zkB;xi>j|4+(M3;kIQ3J(0b(q=3?=ikF9F|A;sKswb&_-LV zSx0^sv4c;$VDrS;d)8V5AI&(dSf5|5q}x0%v^ERTZ4P1oR;69KL=(xpwW!8FpVf7> zds*9Fl2}LowPyWnY*MHYMy_S0KOQ_@t4Eq zKMRk%0P#p)D+TW__XbjO*-^z|N=AmGbiV0)CU5cidDbr%u^a}z2(P*>w|DQC-E4ewf6~k&>{?Ylo-oMRL5F(c|8Ce-qZ(kA zs{vavCX_9o8r5{oQwuJ$3_S(xNV+f#NTt|FhYj-8>xuu$Edn z-y)BG`1d+Oh4oS-&%aeJQjZn?(7uul{_wEQd4d0LI88~O`!D?Zg=33NvJ1F~z$HwT zx=m=1TjhiAkwz=@qN3upY5IGR94O}fozj6ulW9RoYl~bh9 ztoS~9+%uXs`_A~m;gk@7QocObZ5nHV^J8k$#XnPvtnTbbWv-+Fgi}o)g9gf&%Mx(C zBv`Z2B^|B*BSvQXT_)phNmeFu&=WYD4q=>u5##v)PUKi$nZ zrVP;S)tLs+pGXB271NfNyFokCQ8fGo3Tu`d4!9d;+$c`z%KWk8?t64U6tymoEp{O@ z#16Fln?^+WZoZBL9A7UH$KFNu%z&Uo+NO-FO_S1oL}GeB8;}3M^wv^8FcDY1Bq5Jr z;a9PbK-rRbwf*5F7mECRNG<5jR%6uEPQ9*bA_2FvzrJ4t&qN5>;o>zq(7Nvq@lc0e zF^t;8_jcN)j9$F)wCoKcw(yD23fg>!^WmVL#(CP93w?kmWYQ$bX0vC?=MOdQJyNpK zm)s?dTC6+zU+EN!+nOTfX|CpBk>aWw`19L^eTj`(Z>W2&{e4bOjsCHwl@wA|MlwwpaU(9Z@R3g@w;6Df@pt`PMZwLz7nzo1DrStVav#&n-zNYW)=KbyH1 z+kWa-MY)oWL&cJ8ykhH0OnsV;TUw{VIVR-mY+JSMJY#7&?{Cse@=#_;KM3Z5W6~}o zk!3@aoM36#$dhPFMEs*C-uU2jySlmLl;E2;PO=V{*cM{eW8L%cZgqwe09(%)2+vr? z&{zAR+k}ut+T=DS*JouUEAhGHZMOst@LXZ>#-h$oq$GKyk^7SQh1n$V+}=KC!n1s0 zzVr=2`^|##nX{cb=iVmI>VbnP6`A>&yIZ-mf({IVK42fOmBWnR+lfE)>>aIe^3d`g zGwJT=FVB7mc>n_AN{U6l^Wr{wGZ`fgeoL<2D8UpBW7m%ZT-+2oQVgOtl4yo zNZbDgXi8*18G`B?2wUQU(ixqOk#uFJ6FrS^DZZdC^qtu~3h=d>Q)E8t?yXz%E+wAg z`oSk|_-y3oX58oCJ&Dtl)27b8vl{JX_!rXT8$kDlR}Lr2O8MGk@6H;R+|#@cwO@O2 zQs+jCc9$(jjr00cIN$OSwqx4Cj2UsFf?1m_Rn2f#O=))8SU7&px5S_$A(~Y&vhNPg z$=(F_yD?OXFXHw{g0$!{)!DAdmCtOvw;q(w{L0da68z>~(74LXucc(|6DK6$q|7ea zqSpHOXyyrk>uKVas^5_S0CKt4zPAGmp5k^ZPC>=pt}8OW!e<_KG~PPrd+Lls$B67q zz(SaAYUv|Ps1)g4sifw4%}cj#%Z+x#MQ@<$_ho#Xu@JKBD5e;^l`X!c$>w>y8KWg- zU&@%4pDByMDr#dbWbM&03vZ=01e9Cu;+(idY2wz{x9?Uyf4(sKsOF2*Z4Q9a`D;8e zNTSc7Ln*;CLTB|LET)Q@Fke8HSPtg0T+KG`~c%o ztb#S_-WcpXe;BYy!vohEwwF0Tb5y;}wIm?)XQni!T~Q8uMb^GLX726TGY^A)H*qX) zH|`Ii|f&TDUUjQnXC&ipId_YC<&>)+!!l);6|H`aQ2*FC(s{r zcJ7+jkD_8gjA_1!BO;%~ly7Ldz5rrOuI{&|++}V(=c_n-;I97@9na93kB>5%FCWlx zd#B$4Jc6m#D-Jk*W~pS`!6=m2pB}p1#wDOCx^$59K#)d>gne<1>EkHwnzuj`MjSlZ z;;J#hi-(su`1hl)Q4FcPpf7`LJXEg28kiK?VAeTOOtE{An|fY12H*+kYC4>NE~LKy zEAr*b8T-X}U7IU&0Pko0L2%j~3`~l!@!tB9qFidBaBxRL;R%5Bd%dd{uLejun=(ghXv(Cb;WE1 z@|JTCC1N3d-BaD&{U`=^!M*T0Lf#eQXry>WYi zD@zgJr-&b-8t^3wbBcIyioAN?d;B`|<;yGDTpKB;E-4*T{&h_G*u`||7hQn$9`x6& zlGcMKXPjEjI-R+%VSYGKQtH>vg$~DnyzVPOI6nieN<`h58x>~{@Oq8Ibfvy{{fDk* zbBbsVWSoy)I=`JKh8MpdKlniu^q(7zyXrKM(+2ytj~)7&lDfl z>qjrFJb&BpA%w4`XnQu}SCzoy7`qE^;8+sRdGP5sKWnb%0XnT+53Jp<18sW)`BB=e zQ`+6|>#kjALb+Jrz`Fpu>R$UNRwa-Bg8yYMmnLzqyD-e?iEK=_;lJ&FD=C&y(8>bN z<_3Z!px-(^R2_V2saNt$A9;bb>#%#$$bX*hv|(wHfU!pS{RlQhbW0s{1E(`>EjdSe z|Ec%hgk0IbS&EOyM}%5{fTfk5-+a@_(&S0cX6~GDtfwvUQlyFFIkeGX;Pg$l`+H2& z;cdSXk#F>uY$PA-i)^+;=2Dg-@EZei|7rZXVY)W|c~t*HX*$I6yfqY%Q*C0bV)Enh zyO})F;O5(2fQ0QvY7;%C({}!F>6iBX!T;W5d-o@+^Z$8PrJeR5^^Dd2oqPe4we5Pfi;SGC$}G_FXg3#kC1 zYut{4Z5|}I@0vgx_{M|(cy$Qj8!ZY+e_oz<`JImSaR4q0p26&PcCP@w5Wvf~d4Ej# zq<#2nH3&iVa#B5Cej6@dB#~~jnpfPu!y6gQ5134-_`yoN* zbbv%}F(flnX*`xTOsez>89MJ`l;2!Miu_PEFDWH=j8g=NwwYPvRh_$*#gY2SfSp_E zFcg(kl)rnMXRmd6=q$E!%&0gHI6169^3oh=D@!NM;FLX$!oIQX-%1?JY9dGcJf)r9 zQ%}j=Y|;)oxdOiq4SxB1=*^5Qd2Hd@6JhNJ>X&i|@XH`JE&C&9jZ=Z}`K?M=@tzw( zu3w`h)$C$zjjGHF|*M7iLv@Z^TuYXX(ci5%+2x5n?8_7JE_xY>1OPBbG>~Ki#WZO;jh3gm&8XqWUu9dfe+K#v_i1SYGR(;5pfT)D{$) zXBApd2a|9fH*VOZ{oQvhkhou0=y%a)TT{O#6fOM&JuDk6a()&|i@z9ywHKdO1yu*z znN{bTJt2oOT1gC3H?;hghBBHUkNkQEH*by#J=u6jrJn zNtV_zFHi zKz|4FOG!#%^~&MS3&89i(H2i5S1S39A%1PAf=Io5?rNn*{kv-9RMR2sb-M;wPOme4 zRXY{hv+;!aNj`1LbP$RvBvug1@ebnhwj4lEix7&9Cr!`(fWx}w-vRW;87FS}{YWKi4giG;EI z5Q@EXk3f?mK7v!E6|>EiJCt`m4Ev>YX{5(+-z=y;BC?N3nP3Mu@`G7_{03*k_+J*_ z$CR&OA5Ml`O9$`*Qt$WH4bp183dQ?A=YAYg3magcdq!Mi582$qDb_R}ip`Ne3L_EP zx=C2Nn`3aeZt&S=PT@^Ca5x}E$=`Ot&9w*lYpw1w&dMdxa)*jMI0|#he?ES0{f=ih zOZuppSi_`em6q~_JI`=Lnz{4_w5Rx`XF4v}uh#{KqhFv4UXUI@ml%NFOLi{Ted^}1 zkBB<+t!Mf0@Up-&bb!eU07X|94m0bWol=3pA)sU8m#Q z0*&TiQ-^2FyKFg*oyxh(=%@cYW+6xH#1mH>kNsEk`Qz0p?D1vSzq+00@-LjwSr=iE zsGPn0-?h$KnUa7Fzi-@&ueP%H`?|0D>&p1+;8eEJ5V%P)Yt`X~&oK^lOBa7TkRBYF zS=(@#-_DA8_0CC?GPh+<+q}$GJs{$C`MN15YVvLG1Bclb?O&fNamv}*?mS<(uj65# z@UK%9)ov_j;RU9yB&OL-Zr9h!F>RgVxaDJ(>z`HaZ<|P~;5 z<>3KM>4iMaZ997nZk_(KkEQpaDropug01%_mehZmQ54uvJ~M5BAUIeK9u(Dfu1(W! z);tCr69Nty13LrQ&&7gDsb%c>a>@HJJ7~xEE-{n1`oE>1{P3tn3%oCR>jK5f#B;zs z`E|eFZog`Or$88#ZT6 zBb=c|2PP`J&sm@-nYdsEO{;r!cEj_dwe@X($^idV|m7mIq1%;oUc>cY!EQM{Sgrd0Glb=1nQzL-eqO_XZY;Gjx&HwXwRqrn$PH;#V zP38G;h+BUJXk(83cFmcN&rY{?-UyHW%?8}w4^sLHS*gN)u3w-5m*-}x#wU()oaB1; zvuB^9^FIFS^S0k#EKvL&edg`t`l#Z~>jKQ0I=Zhz4i^BO;b3{@Bd{am9H09&fA)+8 z4=+!is*+Lj(mVdrbVrq(6K{oq%elXG+At`6Pk%D~;FGxCn&savEOdVLa{2sg|K6nA zJ0CGDeZOxx?C6YReeIIR`Q>a@954O3v+!r5-cPU9cZ??9KR@B){eQgq6~FW2>RnEiADs8qDrLI8yLh5J^QlpniGx$SMtrT{(!>snxOdhCD$rvu zme$*x*^zs!F!0z{@%Wm+{*Oh8j_XoR?9f+qE^4T>J8Z*YwS0l%bVr{X5nJC)`($pq zq-dwPa=6)(?dMVtPbzrwT5pjFo8a-w%jeDIMLoeHcFM=tdB-hEUrpI}K;gd0#0iP} zaxcB#=4p`OG2zCx+}Xec;|DhN+9zp^pq(wel@=jp8vgT69aF97m{cZEXk%OSW-IK- zk&TZNj}=N@c9p#U^iWgJ*P_)fOl>x&Go9N0<^p%8tYGI|`j20{XdB;w3y~?n2}1@? LS3j3^P6 The specified product key is invalid, or is unsupported by this version of VAMT. An update to support additional products may be available online. -![](./111496-1.png) +![VAMT error message](./images/vamt-known-issue-message.png) -This issue occurs because VAMT 3.1 does not contain the correct pkconfig files to recognize this kind of key. +This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key. ### Workaround @@ -43,7 +45,7 @@ To work around this issue, use one of the following methods. **Method 1** -Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). **Method 2** From a1feac0703465ae76c411143e96b057612037207 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 11:19:51 -0800 Subject: [PATCH 089/167] Edits --- windows/deployment/volume-activation/vamt-known-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index d40f009f58..615ee4033e 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -22,10 +22,10 @@ ms.custom: The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT) 3.0. -- VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. -- Recovery of a non-genuine computer is a two-step process, as follows: +- VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. +- To recover a non-Genuine computer, follow these steps: 1. Use VAMT to install a new product key and activate the computer. - 1. To revalidate the computer's Genuine status, use the computer to access the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) website. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering non-genuine Windows-based computers, see [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). + 1. To revalidate the Genuine status of the computer, use the computer to access the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) website. This step restores the computer to full functionality. For more information about recovering non-genuine Windows-based computers, see [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). - When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs.   From 1949117becd368526c913098dc394a6710174852 Mon Sep 17 00:00:00 2001 From: Thomas Date: Thu, 19 Dec 2019 11:42:01 -0800 Subject: [PATCH 090/167] Create CODEOWNERS --- CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000000..7fc05fbd5b --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,5 @@ +docfx.json @microsoftdocs/officedocs-admin +.openpublishing.build.ps1 @microsoftdocs/officedocs-admin +.openpublishing.publish.config.json @microsoftdocs/officedocs-admin +CODEOWNERS @microsoftdocs/officedocs-admin +.acrolinx-config.edn @microsoftdocs/officedocs-admin From ca0ee5dafb83b94bd861d2e5222643bc924f131e Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 11:48:42 -0800 Subject: [PATCH 091/167] Removed deprecated instructions --- windows/deployment/volume-activation/vamt-known-issues.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 615ee4033e..545046e153 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -23,9 +23,6 @@ ms.custom: The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT) 3.0. - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. -- To recover a non-Genuine computer, follow these steps: - 1. Use VAMT to install a new product key and activate the computer. - 1. To revalidate the Genuine status of the computer, use the computer to access the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) website. This step restores the computer to full functionality. For more information about recovering non-genuine Windows-based computers, see [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). - When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs.   From f74d40a8948a5ae57e25d651bc5423edd0faf375 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 12:00:04 -0800 Subject: [PATCH 092/167] edits --- windows/deployment/volume-activation/vamt-known-issues.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 545046e153..5f2f126d54 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -25,7 +25,7 @@ The following list and the section that follows contain the current known issues - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. - When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs. -  + ## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 When you try to add a Windows 10 Key Management Service (KMS) Host key (CSVLK) or a Windows Server 2012 R2 for Windows 10 CSVLK into VAMT 3.1 (version 10.0.10240.0), you receive the following error message: @@ -42,7 +42,7 @@ To work around this issue, use one of the following methods. **Method 1** -Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). **Method 2** @@ -52,13 +52,13 @@ On the KMS host computer, follow these steps: 1. In Windows Explorer, right-click **485392_intl_x64_zip**, and then extract the hotfix to **C:\KB3058168**. -1. Open a Command Prompt window, and extract the contents of the update by running the following command: +1. To extract the contents of the update, open a Command Prompt window and run the following command: ```cmd expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ ``` -1. Extract the contents of Windows8.1-KB3058168-x64.cab by running the following command: +1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: ```cmd expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 From 474832eea32338b69d8339eb6ccde69305069a98 Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 19 Dec 2019 15:35:31 -0500 Subject: [PATCH 093/167] items 26 to 56 reviewed --- .../mdm/devicemanageability-csp.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 2 +- .../mdm/eap-configuration.md | 2 +- ...rver-side-mobile-application-management.md | 2 +- ...ence-with-configuration-manager-and-mdt.md | 2 +- .../use-orchestrator-runbooks-with-mdt.md | 355 +++++++++--------- ...stage-windows-10-deployment-information.md | 2 +- ...-message-in-compatibility-administrator.md | 2 +- ...with-system-center-configuraton-manager.md | 2 +- .../bitlocker/bitlocker-key-management-faq.md | 2 +- .../tpm/tpm-fundamentals.md | 2 +- .../auditing/audit-application-generated.md | 2 +- .../audit-central-access-policy-staging.md | 2 +- .../audit-kerberos-authentication-service.md | 2 +- .../auditing/audit-network-policy-server.md | 2 +- .../auditing/audit-process-termination.md | 2 +- .../audit-security-group-management.md | 2 +- .../auditing/audit-sensitive-privilege-use.md | 2 +- ...ss-policies-that-apply-on-a-file-server.md | 2 +- ...tion-based-protection-of-code-integrity.md | 2 +- ...-credential-manager-as-a-trusted-caller.md | 2 +- ...f-blank-passwords-to-console-logon-only.md | 2 +- ...ted-password-to-third-party-smb-servers.md | 2 +- ...-enumeration-of-sam-accounts-and-shares.md | 2 +- ...-pipes-that-can-be-accessed-anonymously.md | 2 +- .../network-list-manager-policies.md | 2 +- ...outgoing-ntlm-traffic-to-remote-servers.md | 2 +- ...-that-are-installed-in-secure-locations.md | 2 +- .../windows-10-mobile-security-guide.md | 2 +- .../document-your-applocker-rules.md | 2 +- 30 files changed, 207 insertions(+), 206 deletions(-) diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 724027f5f0..3bf0368ffd 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,6 +1,6 @@ --- title: DeviceManageability CSP -description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. +description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device. ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 7946edba39..4767766c8c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,6 +1,6 @@ --- title: DMClient CSP -description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment. +description: Understand how the DMClient configuration service provider works. It is used to specify enterprise-specific mobile device management configuration settings. ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 03e82dc9e8..f687502610 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -1,6 +1,6 @@ --- title: EAP configuration -description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10. +description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10. ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index bc80bbff44..481d57ea45 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -1,6 +1,6 @@ --- title: Provide server-side support for mobile app management on Windows -description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). +description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md index 692b7306a7..9076a17339 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -1,6 +1,6 @@ --- title: Create a task sequence with Configuration Manager (Windows 10) -description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. +description: Create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md index 234a716425..e7cabd8fec 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md @@ -1,177 +1,178 @@ ---- -title: Use Orchestrator runbooks with MDT (Windows 10) -description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: web services, database -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Use Orchestrator runbooks with MDT - -This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required. - -**Note**   -If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. - -## Orchestrator terminology - -Before diving into the core details, here is a quick course in Orchestrator terminology: -- **Orchestrator Server.** This is a server that executes runbooks. -- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database. -- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions. -- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook. -- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default. -- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default. -- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few. - -**Note**   -To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). - -## Create a sample runbook - -This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. - -1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). -2. In the **E:\\Logfile** folder, create the DeployLog.txt file. - **Note** - Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. - - ![figure 23](../images/mdt-09-fig23.png) - - Figure 23. The DeployLog.txt file. - -3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. - - ![figure 24](../images/mdt-09-fig24.png) - - Figure 24. Folder created in the Runbooks node. - -4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. -5. On the ribbon bar, click **Check Out**. -6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. -7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: - 1. Runbook Control / Initialize Data - 2. Text File Management / Append Line -8. Connect **Initialize Data** to **Append Line**. - - ![figure 25](../images/mdt-09-fig25.png) - - Figure 25. Activities added and connected. - -9. Right-click the **Initialize Data** activity, and select **Properties** -10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. - - ![figure 26](../images/mdt-09-fig26.png) - - Figure 26. The Initialize Data Properties window. - -11. Right-click the **Append Line** activity, and select **Properties**. -12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**. -13. In the **File** encoding drop-down list, select **ASCII**. -14. In the **Append** area, right-click inside the **Text** text box and select **Expand**. - - ![figure 27](../images/mdt-09-fig27.png) - - Figure 27. Expanding the Text area. - -15. In the blank text box, right-click and select **Subscribe / Published Data**. - - ![figure 28](../images/mdt-09-fig28.png) - - Figure 28. Subscribing to data. - -16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**. -17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**. -18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**. - - ![figure 29](../images/mdt-09-fig29.png) - - Figure 29. The expanded text box after all subscriptions have been added. - -19. On the **Append Line Properties** page, click **Finish**. - ## Test the demo MDT runbook - After the runbook is created, you are ready to test it. -20. On the ribbon bar, click **Runbook Tester**. -21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: - - OSDComputerName: PC0010 -22. Verify that all activities are green (for additional information, see each target). -23. Close the **Runbook Tester**. -24. On the ribbon bar, click **Check In**. - -![figure 30](../images/mdt-09-fig30.png) - -Figure 30. All tests completed. - -## Use the MDT demo runbook from MDT - -1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**. -2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - 1. Task sequence ID: OR001 - 2. Task sequence name: Orchestrator Sample - 3. Task sequence comments: <blank> - 4. Template: Custom Task Sequence -3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab. -4. Remove the default **Application Install** action. -5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option. -6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings: - 1. Name: Set Task Sequence Variable - 2. Task Sequence Variable: OSDComputerName - 3. Value: %hostname% -7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings: - 1. Orchestrator Server: OR01.contoso.com - 2. Use Browse to select **1.0 MDT / MDT Sample**. -8. Click **OK**. - -![figure 31](../images/mdt-09-fig31.png) - -Figure 31. The ready-made task sequence. - -## Run the orchestrator sample task sequence - -Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. -**Note**   -Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). - -1. On PC0001, log on as **CONTOSO\\MDT\_BA**. -2. Using an elevated command prompt (run as Administrator), type the following command: - - ``` syntax - cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs - ``` -3. Complete the Windows Deployment Wizard using the following information: - 1. Task Sequence: Orchestrator Sample - 2. Credentials: - 1. User Name: MDT\_BA - 2. Password: P@ssw0rd - 3. Domain: CONTOSO -4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated. - -![figure 32](../images/mdt-09-fig32.png) - -Figure 32. The ready-made task sequence. - -## Related topics - -[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) - -[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) - -[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) - -[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) - -[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) - -[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) - -[Use web services in MDT](use-web-services-in-mdt.md) +--- +title: Use Orchestrator runbooks with MDT (Windows 10) +description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. +ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: web services, database +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: mdt +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Use Orchestrator runbooks with MDT + +This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. +MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required. + +**Note**   +If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. + +## Orchestrator terminology + +Before diving into the core details, here is a quick course in Orchestrator terminology: +- **Orchestrator Server.** This is a server that executes runbooks. +- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database. +- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions. +- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook. +- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default. +- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default. +- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few. + +**Note**   +To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). + +## Create a sample runbook + +This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. + +1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). +2. In the **E:\\Logfile** folder, create the DeployLog.txt file. + **Note** + Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. + + ![figure 23](../images/mdt-09-fig23.png) + + Figure 23. The DeployLog.txt file. + +3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. + + ![figure 24](../images/mdt-09-fig24.png) + + Figure 24. Folder created in the Runbooks node. + +4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. +5. On the ribbon bar, click **Check Out**. +6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. +7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: + 1. Runbook Control / Initialize Data + 2. Text File Management / Append Line +8. Connect **Initialize Data** to **Append Line**. + + ![figure 25](../images/mdt-09-fig25.png) + + Figure 25. Activities added and connected. + +9. Right-click the **Initialize Data** activity, and select **Properties** +10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. + + ![figure 26](../images/mdt-09-fig26.png) + + Figure 26. The Initialize Data Properties window. + +11. Right-click the **Append Line** activity, and select **Properties**. +12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**. +13. In the **File** encoding drop-down list, select **ASCII**. +14. In the **Append** area, right-click inside the **Text** text box and select **Expand**. + + ![figure 27](../images/mdt-09-fig27.png) + + Figure 27. Expanding the Text area. + +15. In the blank text box, right-click and select **Subscribe / Published Data**. + + ![figure 28](../images/mdt-09-fig28.png) + + Figure 28. Subscribing to data. + +16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**. +17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**. +18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**. + + ![figure 29](../images/mdt-09-fig29.png) + + Figure 29. The expanded text box after all subscriptions have been added. + +19. On the **Append Line Properties** page, click **Finish**. + ## Test the demo MDT runbook + After the runbook is created, you are ready to test it. +20. On the ribbon bar, click **Runbook Tester**. +21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: + - OSDComputerName: PC0010 +22. Verify that all activities are green (for additional information, see each target). +23. Close the **Runbook Tester**. +24. On the ribbon bar, click **Check In**. + +![figure 30](../images/mdt-09-fig30.png) + +Figure 30. All tests completed. + +## Use the MDT demo runbook from MDT + +1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**. +2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: + 1. Task sequence ID: OR001 + 2. Task sequence name: Orchestrator Sample + 3. Task sequence comments: <blank> + 4. Template: Custom Task Sequence +3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab. +4. Remove the default **Application Install** action. +5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option. +6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings: + 1. Name: Set Task Sequence Variable + 2. Task Sequence Variable: OSDComputerName + 3. Value: %hostname% +7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings: + 1. Orchestrator Server: OR01.contoso.com + 2. Use Browse to select **1.0 MDT / MDT Sample**. +8. Click **OK**. + +![figure 31](../images/mdt-09-fig31.png) + +Figure 31. The ready-made task sequence. + +## Run the orchestrator sample task sequence + +Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. +**Note**   +Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). + +1. On PC0001, log on as **CONTOSO\\MDT\_BA**. +2. Using an elevated command prompt (run as Administrator), type the following command: + + ``` syntax + cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs + ``` +3. Complete the Windows Deployment Wizard using the following information: + 1. Task Sequence: Orchestrator Sample + 2. Credentials: + 1. User Name: MDT\_BA + 2. Password: P@ssw0rd + 3. Domain: CONTOSO +4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated. + +![figure 32](../images/mdt-09-fig32.png) + +Figure 32. The ready-made task sequence. + +## Related topics + +[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) + +[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) + +[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) + +[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) + +[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) + +[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) + +[Use web services in MDT](use-web-services-in-mdt.md) diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md index 79b6610104..1ca54bbdb6 100644 --- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -1,6 +1,6 @@ --- title: Use MDT database to stage Windows 10 deployment info (Windows 10) -description: This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). +description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database. ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46 ms.reviewer: manager: laurawi diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md index 8d8da0f126..c35e379797 100644 --- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md @@ -1,6 +1,6 @@ --- title: Create AppHelp Message in Compatibility Administrator (Windows 10) -description: The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system. +description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system. ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848 ms.reviewer: manager: laurawi diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 513ae0cfd8..c6118f8f14 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -1,6 +1,6 @@ --- title: Perform in-place upgrade to Windows 10 via Configuration Manager -description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process. +description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a SCCM task sequence. ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 ms.reviewer: manager: laurawi diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md index 5ab13673ea..226acb2e7c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Key Management FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 8f99d1e45e..e2ae8c85e5 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -1,6 +1,6 @@ --- title: TPM fundamentals (Windows 10) -description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks. +description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks. ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000 ms.reviewer: ms.prod: w10 diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index 72a5aecec7..b594ba40ca 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -1,6 +1,6 @@ --- title: Audit Application Generated (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs). +description: The policy setting, Audit Application Generated, determines if audit events are generated when applications attempt to use the Windows Auditing APIs. ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index 061105bbac..f655b5d8c6 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -1,6 +1,6 @@ --- title: Audit Central Access Policy Staging (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy. +description: The Advanced Security Audit policy setting, Audit Central Access Policy Staging, determines permissions on a Central Access Policy. ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index d28314643d..529003459d 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -1,6 +1,6 @@ --- title: Audit Kerberos Authentication Service (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests. +description: The policy setting Audit Kerberos Authentication Service decides if audit events are generated for Kerberos authentication ticket-granting ticket (TGT) requests ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 6d7eaac005..697ae99b16 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -1,6 +1,6 @@ --- title: Audit Network Policy Server (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock). +description: The policy setting, Audit Network Policy Server, determines if audit events are generated for RADIUS (IAS) and NAP activity on user access requests. ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 3943542ccf..7ba49fbd59 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -1,6 +1,6 @@ --- title: Audit Process Termination (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process. +description: The Advanced Security Audit policy setting, Audit Process Termination, determines if audit events are generated when an attempt is made to end a process. ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 710f45b4ae..d75b85e522 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -1,6 +1,6 @@ --- title: Audit Security Group Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed. +description: The policy setting, Audit Security Group Management, determines if audit events are generated when specific security group management tasks are performed. ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index ac5edaec4a..3bdb900b00 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -1,6 +1,6 @@ --- title: Audit Sensitive Privilege Use (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used. +description: The policy setting, Audit Sensitive Privilege Use, determines if the operating system generates audit events when sensitive privileges (user rights) are used. ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 4a9c0d7f29..7be96ce69b 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -1,6 +1,6 @@ --- title: Monitor central access policies on a file server (Windows 10) -description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. +description: Learn how to monitor changes to the central access policies that apply to a file server, when using advanced security auditing options. ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 92fb064c14..e88b1b13e8 100644 --- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -1,6 +1,6 @@ --- title: Deployment guidelines for Windows Defender Device Guard (Windows 10) -description: To help you plan a deployment of Microsoft Windows Defender Device Guard, this article describes hardware requirements for Windows Defender Device Guard, outlines deployment approaches, and describes methods for code signing and code integrity policies. +description: Plan your deployment of Windows Defender Device Guard. Learn about hardware requirements, deployment approaches, code signing and code integrity policies. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index 49f815ce3f..60fe8eaa5f 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -1,6 +1,6 @@ --- title: Access Credential Manager as a trusted caller (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Access Credential Manager as a trusted caller security policy setting. +description: Describes best practices, security considerations and more for the security policy setting, Access Credential Manager as a trusted caller. ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md index f6beb6795e..429a6e932a 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md @@ -1,6 +1,6 @@ --- title: Accounts Limit local account use of blank passwords (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Accounts Limit local account use of blank passwords to console logon only security policy setting. +description: Learn best practices, security considerations, and more for the policy setting, Accounts Limit local account use of blank passwords to console logon only. ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index 2f0c68363e..0eb20f0245 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -1,6 +1,6 @@ --- title: Microsoft network client Send unencrypted password (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Send unencrypted password to third-party SMB servers security policy setting. +description: Learn about best practices and more for the security policy setting, Microsoft network client Send unencrypted password to third-party SMB servers. ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md index 56ba9ce742..b679530985 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md @@ -1,6 +1,6 @@ --- title: Network access Do not allow anonymous enumeration (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts and shares security policy setting. +description: Learn about best practices and more for the security policy setting, Network access Do not allow anonymous enumeration of SAM accounts and shares. ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index cfb1f5e23c..ca8b104079 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -1,6 +1,6 @@ --- title: Network access Named Pipes that can be accessed anonymously (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Named Pipes that can be accessed anonymously security policy setting. +description: Describes best practices, security considerations and more for the security policy setting, Network access Named Pipes that can be accessed anonymously. ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md index b052ac4ccf..4ac7af5f3c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md +++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md @@ -1,6 +1,6 @@ --- title: Network List Manager policies (Windows 10) -description: Network List Manager policies are security settings that you can use to configure different aspects of how networks are listed and displayed on one device or on many devices. +description: Network List Manager policies are security settings that configure different aspects of how networks are listed and displayed on one device or on many devices. ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 0e229ebce6..582a95f107 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -1,6 +1,6 @@ --- title: Network security Restrict NTLM Outgoing traffic (Windows 10) -description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Outgoing NTLM traffic to remote servers security policy setting. +description: Learn about best practices, security considerations and more for the policy setting, Network Security Restrict NTLM Outgoing NTLM traffic to remote servers. ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index 47e4c3b995..77c4b06163 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -1,6 +1,6 @@ --- title: Only elevate UIAccess app installed in secure location (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate UIAccess applications that are installed in secure locations security policy setting. +description: Learn about best practices and more for the policy setting, User Account Control Only elevate UIAccess applications that are installed in secure locations. ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 6e9ba266d1..5ce47adcb7 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -1,6 +1,6 @@ --- title: Windows 10 Mobile security guide (Windows 10) -description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security. +description: The most important security features in the Windows 10 Mobile — identity access & control, data protection, malware resistance, and app platform security. ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index 2147e2fe3f..acfdd8e57d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -1,6 +1,6 @@ --- title: Document your AppLocker rules (Windows 10) -description: This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded. +description: Learn how to document your Applocker rules with this planning guide. Associate rule conditions with files, permissions, rule source, and implementation. ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd ms.reviewer: ms.author: dansimp From d1b0a533e870b51f1328b0611c9b0c4e1a9ad451 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 12:41:39 -0800 Subject: [PATCH 094/167] Edits --- windows/deployment/volume-activation/vamt-known-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 5f2f126d54..8022121cb3 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,6 +1,6 @@ --- title: VAMT known issues (Windows 10) -description: VAMT known issues +description: Volume Activation Management Tool (VAMT) known issues ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f ms.reviewer: manager: laurawi @@ -20,10 +20,10 @@ ms.custom: # VAMT known issues -The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT) 3.0. +The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. -- When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. +- When opening a Computer Information List (CIL file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs. ## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 From ce2db075fdfe0d8117f77eccf432d694c7706ece Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 19 Dec 2019 13:33:25 -0800 Subject: [PATCH 095/167] Update prevent-malware-infection.md Edits --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 884759126a..7bce69882c 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -85,7 +85,7 @@ To further ensure that data is protected from malware as well as other threats: * Do not use untrusted devices to log on to email, social media, and corporate accounts. -* Do not downlaod or run old Binary / Office 2003 and ealier file formats like .doc, .ppt, .xls. These file formats allow macros to be included. This can be a security risk. +* Avoid downloading or running older apps. Some of these apps might have vulnerabilities. Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. This could be a security risk. ## Software solutions From d7d1744e1f695c1be186739cdc6b9bc88de1adeb Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Thu, 19 Dec 2019 16:00:59 -0800 Subject: [PATCH 096/167] Make link locale agnostic --- devices/hololens/hololens2-basic-usage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md index fadbb7a4bc..59426de18e 100644 --- a/devices/hololens/hololens2-basic-usage.md +++ b/devices/hololens/hololens2-basic-usage.md @@ -106,7 +106,7 @@ To **close** the Start menu, do the Start gesture when the Start menu is open. > For the one-handed Start gesture to work: > > 1. You must update to the November 2019 update (build 18363.1039) or later. -> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/en-us/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. +> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together. From d08a491ad820de3c6ee83f3edd6d5bf1fe32b478 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 20 Dec 2019 13:06:00 -0500 Subject: [PATCH 097/167] reviewed through item 90 --- windows/client-management/mdm/accounts-ddf-file.md | 2 +- windows/client-management/mdm/multisim-ddf.md | 2 +- windows/client-management/mdm/tenantlockdown-ddf.md | 2 +- .../client-management/mdm/win32compatibilityappraiser-ddf.md | 2 +- windows/privacy/manage-windows-1709-endpoints.md | 2 +- windows/privacy/manage-windows-1803-endpoints.md | 2 +- windows/privacy/manage-windows-1809-endpoints.md | 2 +- windows/privacy/manage-windows-1903-endpoints.md | 2 +- .../credential-guard/additional-mitigations.md | 2 +- .../credential-guard/credential-guard-scripts.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-settings.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings.md | 2 +- .../threat-protection/microsoft-defender-atp/alerts.md | 2 +- .../microsoft-defender-atp/emet-exploit-protection.md | 2 +- .../microsoft-defender-atp/enable-exploit-protection.md | 2 +- .../microsoft-defender-atp/exploit-protection.md | 2 +- .../threat-protection/microsoft-defender-atp/files.md | 2 +- .../threat-protection/microsoft-defender-atp/get-alerts.md | 2 +- .../microsoft-defender-atp/troubleshoot-asr.md | 4 ++-- .../microsoft-defender-atp/troubleshoot-np.md | 4 ++-- .../security/threat-protection/microsoft-defender-atp/user.md | 2 +- 24 files changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index 0815b489ba..c4a1538d53 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -1,6 +1,6 @@ --- title: Accounts DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the Accounts configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index 24cf91748a..2e34159750 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -1,6 +1,6 @@ --- title: MultiSIM DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the MultiSIM configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index 041b690a01..ad901702a5 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -1,6 +1,6 @@ --- title: TenantLockdown DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the TenantLockdown configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index e86a9edcc0..ce4b0b3bf3 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -1,6 +1,6 @@ --- title: Win32CompatibilityAppraiser DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 28c2ac9038..32fc4b968a 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 1709 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1709. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index cb80bc42cd..f62497b8ad 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10, version 1803 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1803. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 83bf617928..0504d6eceb 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10, version 1809 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 2151461b3a..786649ef6a 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 1903 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index d42dc24268..68410a7305 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -1,6 +1,6 @@ --- title: Additional mitigations -description: Scripts listed in this topic for obtaining the available issuance policies on the certificate authority for Windows Defender Credential Guard on Windows 10. +description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index ae294baabb..b62a1d9818 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -1,6 +1,6 @@ --- title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows 10) -description: Scripts listed in this topic for obtaining the available issuance policies on the certificate authority for Windows Defender Credential Guard on Windows 10. +description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows 10. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 060bf7e60a..9874fcd53a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -1,6 +1,6 @@ --- title: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business -description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on +description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 1bb87570ff..54f37c9b50 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,6 +1,6 @@ --- title: Using Certificates for AADJ On-premises Single-sign On single sign-on -description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on +description: If you want to use certificates for on-premises single-sign on for Azure Active Directory joined devices, then follow these additional steps. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 27c18d43e7..4eed2e7435 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -1,6 +1,6 @@ --- title: Azure AD Join Single Sign-on Deployment -description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on +description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory joined devices, using Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index eb54aba4fd..fba1fd76f8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -1,6 +1,6 @@ --- title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business) -description: Configuring Windows Hello for Business Settings in Hybrid deployment +description: Configuring Windows Hello for Business settings in hybrid certificate trust deployment. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 5202ec8d19..d8eb2ac3ed 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -1,6 +1,6 @@ --- title: Configure Hybrid Windows Hello for Business key trust Settings -description: Configuring Windows Hello for Business Settings in Hybrid deployment +description: Configuring Windows Hello for Business settings in hybrid key trust deployment. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index 7a3ea94c49..3bf7ffba39 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -1,6 +1,6 @@ --- title: Get alerts API -description: Retrieves top recent alerts. +description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md index 73df2fb5a4..040f644860 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md @@ -1,7 +1,7 @@ --- title: Compare the features in Exploit protection with EMET keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert -description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. +description: Exploit protection in Microsoft Defender ATP is our successor to Enhanced Mitigation Experience Toolkit (EMET) and provides stronger protection, more customization, an easier user interface, and better configuration and management options. search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 76bada624f..0f325b3497 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -1,7 +1,7 @@ --- title: Turn on exploit protection to help mitigate against attacks keywords: exploit, mitigation, attacks, vulnerability -description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. +description: Learn how to enable exploit protection in Windows 10. Exploit protection helps protect your device against malware. search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md index e47d2c93c1..3d1b7367e0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md @@ -1,7 +1,7 @@ --- title: Apply mitigations to help prevent attacks through vulnerabilities keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet -description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. +description: Protect devices against exploits with Windows 10. Windows 10 has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET). search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index 2bb588f0ce..d4cc5e85cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -1,6 +1,6 @@ --- title: File resource type -description: Retrieves information associated with files alerts. +description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to files. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index 21b0d34987..b6056a66b3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -1,6 +1,6 @@ --- title: List alerts API -description: Retrieves top recent alerts. +description: Retrieve a collection of recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index 963402fe1d..ed130a1720 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -1,7 +1,7 @@ --- title: Troubleshoot problems with attack surface reduction rules -description: Check prerequisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues -keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking +description: Resources and sample code to troubleshoot issues with attack surface reduction rules in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). +keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 8589345cbe..9c2e5cfdff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -1,7 +1,7 @@ --- title: Troubleshoot problems with Network protection -description: Check prerequisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues -keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking +description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). +keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md index 2729130721..9700fea0cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user.md @@ -1,6 +1,6 @@ --- title: User resource type -description: Retrieves top recent alerts. +description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to users. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 From ff4e468313552dd8bd6c8d6d11d61d5b42937376 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 20 Dec 2019 12:52:04 -0800 Subject: [PATCH 098/167] update powerbi topics --- windows/security/threat-protection/TOC.md | 3 ++- .../microsoft-defender-atp/api-power-bi.md | 6 ++++++ .../microsoft-defender-atp/powerbi-reports.md | 6 +++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1df34b54fd..a483760fe8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -459,7 +459,8 @@ ##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) #### [Reporting]() -##### [Create and build Power BI reports using Microsoft Defender ATP data (deprecated)](microsoft-defender-atp/powerbi-reports.md) +##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md) +##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md) ##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) ##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 2eaa43daee..bf6f5843b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -121,6 +121,12 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a - You also can use OData queries for queries filters, see [Using OData Queries](exposed-apis-odata-samples.md) + +## Power BI dashboard samples in GitHub +For more information see the [Power BI report templates](https://github.com/microsoft/MDATP-PowerBI-Templates). + + + ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) - [Advanced Hunting API](run-advanced-query-api.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md index 2af159a95b..2119a0e8da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md @@ -1,7 +1,7 @@ --- -title: Create and build Power BI reports using Microsoft Defender ATP data +title: Create and build Power BI reports using Microsoft Defender ATP data connectors description: Get security insights by creating and building Power BI dashboards using data from Microsoft Defender ATP and other data sources. -keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup +keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors, security insights, mashup search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -18,7 +18,7 @@ ms.topic: article --- -# Create and build Power BI reports using Microsoft Defender ATP data (Deprecated) +# Create and build Power BI reports using Microsoft Defender ATP data connectors (Deprecated) **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From c83e650685c4d63065f446aeced9ce43ff566e09 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 20 Dec 2019 16:29:18 -0500 Subject: [PATCH 099/167] items 57 to 87 reviewed --- ...-windows-pe-using-configuration-manager.md | 221 +++++++++--------- ...0-deployment-with-configuration-manager.md | 2 +- ...0-deployment-with-configuration-manager.md | 2 +- .../deployment/planning/using-the-sua-tool.md | 185 +++++++-------- .../planning/windows-to-go-overview.md | 2 +- .../microsoft-compatible-security-key.md | 2 +- ...ccount-control-security-policy-settings.md | 2 +- .../overview-create-wip-policy.md | 2 +- .../protect-enterprise-data-using-wip.md | 2 +- .../auditing/advanced-security-auditing.md | 2 +- .../auditing/audit-audit-policy-change.md | 2 +- .../audit-distribution-group-management.md | 2 +- .../audit-filtering-platform-policy-change.md | 2 +- .../auditing/audit-ipsec-main-mode.md | 2 +- .../auditing/audit-registry.md | 2 +- .../threat-protection/auditing/audit-sam.md | 2 +- .../audit-security-system-extension.md | 2 +- .../intelligence/understanding-malware.md | 2 +- .../intelligence/virus-initiative-criteria.md | 2 +- .../configure-email-notifications.md | 2 +- ...iately-if-unable-to-log-security-audits.md | 2 +- ...criptor-definition-language-sddl-syntax.md | 2 +- ...ccess-to-this-computer-from-the-network.md | 2 +- ...r-accounts-to-be-trusted-for-delegation.md | 2 +- ...-credentials-for-network-authentication.md | 2 +- ...shares-that-can-be-accessed-anonymously.md | 2 +- ...o-be-shut-down-without-having-to-log-on.md | 2 +- ...nsensitivity-for-non-windows-subsystems.md | 2 +- ...-installations-and-prompt-for-elevation.md | 2 +- .../manage-packaged-apps-with-applocker.md | 2 +- 30 files changed, 232 insertions(+), 230 deletions(-) diff --git a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index ddc3a8a1da..19e35e39b3 100644 --- a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -1,110 +1,111 @@ ---- -title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10) -description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. -ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: deploy, task sequence -ms.prod: w10 -ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 07/27/2017 -ms.topic: article ---- - -# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager - - -**Applies to** - -- Windows 10 versions 1507, 1511 - ->[!IMPORTANT] ->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). ->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). - -In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system. - -For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). - -## Add drivers for Windows PE - - -This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01. - -1. On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**. - -2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**. - -3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**. - -4. On the **Select the packages to add the imported driver** page, click **Next**. - -5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice. - -![Add drivers to Windows PE](../images/fig21-add-drivers.png "Add drivers to Windows PE") - -*Figure 21. Add drivers to Windows PE* - ->[!NOTE] ->The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two. - - -## Add drivers for Windows 10 - - -This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01. - -1. On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**. - -2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**. - -3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**. - - ![Create driver categories](../images/fig22-createcategories.png "Create driver categories") - - *Figure 22. Create driver categories* - -4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**: - - * Name: Windows 10 x64 - HP EliteBook 8560w - - * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w - - >[!NOTE] - >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder. - - -5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**. - - >[!NOTE] - >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. - - ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created") - - *Figure 23. Drivers imported and a new driver package created* - -## Related topics - - -[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) - - -[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) - -[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) - -[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) - -[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) - -[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) - -[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) - -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) +--- +title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10) +description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers. +ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: deploy, task sequence +ms.prod: w10 +ms.localizationpriority: medium +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 07/27/2017 +ms.topic: article +--- + +# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager + + +**Applies to** + +- Windows 10 versions 1507, 1511 + +>[!IMPORTANT] +>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). +>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). + +In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system. + +For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). + +## Add drivers for Windows PE + + +This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01. + +1. On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**. + +2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**. + +3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**. + +4. On the **Select the packages to add the imported driver** page, click **Next**. + +5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice. + +![Add drivers to Windows PE](../images/fig21-add-drivers.png "Add drivers to Windows PE") + +*Figure 21. Add drivers to Windows PE* + +>[!NOTE] +>The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two. + + +## Add drivers for Windows 10 + + +This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01. + +1. On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**. + +2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**. + +3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**. + + ![Create driver categories](../images/fig22-createcategories.png "Create driver categories") + + *Figure 22. Create driver categories* + +4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**: + + * Name: Windows 10 x64 - HP EliteBook 8560w + + * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w + + >[!NOTE] + >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder. + + +5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**. + + >[!NOTE] + >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. + + ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created") + + *Figure 23. Drivers imported and a new driver package created* + +## Related topics + + +[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) + + +[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) + +[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) + +[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) + +[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) + +[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) + +[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) + +[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) + +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index b695cf75f7..bad7159496 100644 --- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -1,6 +1,6 @@ --- title: Finalize operating system configuration for Windows 10 deployment -description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence. +description: Follow this walk-through to finalize the configuration of your Windows 10 operating deployment. ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md index d5fce49214..e09b542e0e 100644 --- a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md @@ -1,6 +1,6 @@ --- title: Monitor the Windows 10 deployment with Configuration Manager -description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. +description: Learn how to monitor a Windows 10 deployment with Configuration Manager. Use the Deployment Workbench to access the computer remotely. ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce ms.reviewer: manager: laurawi diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md index 008d9e50a5..e1293703ac 100644 --- a/windows/deployment/planning/using-the-sua-tool.md +++ b/windows/deployment/planning/using-the-sua-tool.md @@ -1,92 +1,93 @@ ---- -title: Using the SUA Tool (Windows 10) -description: By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. -ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Using the SUA Tool - - -**Applies to** - -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 - -By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. - -The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md). - -In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®. - -In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues. - -## Testing an Application by Using the SUA Tool - - -Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later. - -The following flowchart shows the process of using the SUA tool. - -![act sua flowchart](images/dep-win8-l-act-suaflowchart.jpg) - -**To collect UAC-related issues by using the SUA tool** - -1. Close any open instance of the SUA tool or SUA Wizard on your computer. - - If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues. - -2. Run the Standard User Analyzer. - -3. In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it. - -4. Clear the **Elevate** check box, and then click **Launch**. - - If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning. - -5. Exercise the aspects of the application for which you want to gather information about UAC issues. - -6. Exit the application. - -7. Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md). - -**To review and apply the recommended mitigations** - -1. In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**. - -2. Review the recommended compatibility fixes. - -3. Click **Apply**. - - The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked. - -## Related topics -[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md) - -[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md) - -[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md) - -[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md) - -  - -  - - - - - +--- +title: Using the SUA Tool (Windows 10) +description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. +ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: appcompat +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Using the SUA Tool + + +**Applies to** + +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 + +By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. + +The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md). + +In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®. + +In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues. + +## Testing an Application by Using the SUA Tool + + +Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later. + +The following flowchart shows the process of using the SUA tool. + +![act sua flowchart](images/dep-win8-l-act-suaflowchart.jpg) + +**To collect UAC-related issues by using the SUA tool** + +1. Close any open instance of the SUA tool or SUA Wizard on your computer. + + If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues. + +2. Run the Standard User Analyzer. + +3. In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it. + +4. Clear the **Elevate** check box, and then click **Launch**. + + If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning. + +5. Exercise the aspects of the application for which you want to gather information about UAC issues. + +6. Exit the application. + +7. Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md). + +**To review and apply the recommended mitigations** + +1. In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**. + +2. Review the recommended compatibility fixes. + +3. Click **Apply**. + + The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked. + +## Related topics +[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md) + +[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md) + +[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md) + +[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md) + +  + +  + + + + + diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 57d74a1341..ba83d6224b 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -1,6 +1,6 @@ --- title: Windows To Go feature overview (Windows 10) -description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. +description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive. ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42 ms.reviewer: manager: laurawi diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 99d02689bd..d924d3f98c 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,6 +1,6 @@ --- title: Microsoft-compatible security key -description: Windows 10 enables users to sign in to their device using a security key. How is a Microsoft-compatible security key different (and better) than any other FIDO2 security key +description: Learn how a Microsoft-compatible security key for Windows 10 is different (and better) than any other FIDO2 security key. keywords: FIDO2, security key, CTAP, Hello, WHFB ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index e6ee5742aa..f107a2346a 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -1,6 +1,6 @@ --- title: User Account Control security policy settings (Windows 10) -description: You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. +description: You can use security policies to configure how User Account Control works in your organization. ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98 ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 8905cdb7b4..3338a0ebab 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -1,6 +1,6 @@ --- title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10) -description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy. ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 62403b8b81..02c855053e 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -1,6 +1,6 @@ --- title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10) -description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. +description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud. ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 9270164aec..7c55d51d21 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -1,6 +1,6 @@ --- title: Advanced security audit policies (Windows 10) -description: Advanced security audit policy settings are found in Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies and appear to overlap with basic security audit policies, but they are recorded and applied differently. +description: Advanced security audit policy settings may appear to overlap with basic policies, but they are recorded and applied differently. Learn more about them here. ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 8f4d1d0d23..376cab2bcf 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -1,6 +1,6 @@ --- title: Audit Audit Policy Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy. +description: The Advanced Security Audit policy setting, Audit Audit Policy Change, determines if audit events are generated when changes are made to audit policy. ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 0c779c954f..2bacdbe3a1 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -1,6 +1,6 @@ --- title: Audit Distribution Group Management (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks. +description: The policy setting, Audit Distribution Group Management, determines if audit events are generated for specific distribution-group management tasks. ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index c82bbebd49..4103970aa4 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -1,6 +1,6 @@ --- title: Audit Filtering Platform Policy Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions. +description: The policy setting, Audit Filtering Platform Policy Change, determines if audit events are generated for certain IPsec and Windows Filtering Platform actions. ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index d4aa3ebf77..bf2db28b53 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -1,6 +1,6 @@ --- title: Audit IPsec Main Mode (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. +description: Learn about the policy setting, Audit IPsec Main Mode, which determines if the results of certain protocols generate events during Main Mode negotiations. ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index fe4cd66839..4b0d88838f 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -1,6 +1,6 @@ --- title: Audit Registry (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects. +description: The Advanced Security Audit policy setting, Audit Registry, determines if audit events are generated when users attempt to access registry objects. ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 10c0796852..6e60284ead 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -1,6 +1,6 @@ --- title: Audit SAM (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects. +description: The Advanced Security Audit policy setting, Audit SAM, enables you to audit events generated by attempts to access Security Account Manager (SAM) objects. ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 3d2beb88d0..50dcccadde 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -1,6 +1,6 @@ --- title: Audit Security System Extension (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions. +description: The Advanced Security Audit policy setting, Audit Security System Extension, determines if audit events related to security system extensions are generated. ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index c28ab7c0e4..eb417b74dd 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -1,7 +1,7 @@ --- title: Understanding malware & other threats ms.reviewer: -description: Learn about the most prevalent viruses, malware, and other threats. Understand how they arrive, their detailed behaviors, infection symptoms, and how to prevent & remove them. +description: Learn about the most prevalent viruses, malware, and other threats. Understand how they infect systems, how they behave, and how to prevent and remove them. keywords: security, malware, virus, malware, threat, analysis, research, encyclopedia, dictionary, glossary, ransomware, support scams, unwanted software, computer infection, virus infection, descriptions, remediation, latest threats, mmpc, microsoft malware protection center, wdsi ms.prod: w10 ms.mktglfcycl: secure diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index 1723f5ee27..a896140ce6 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -1,7 +1,7 @@ --- title: Microsoft Virus Initiative ms.reviewer: -description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share antimalware telemetry data with Microsoft. +description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft. keywords: security, malware, MVI, Microsoft Malware Protection Center, MMPC, alliances, WDSI ms.prod: w10 ms.mktglfcycl: secure diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md index 35c6a3a37d..8fafbb0b85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md @@ -1,6 +1,6 @@ --- title: Configure alert notifications in Microsoft Defender ATP -description: Send email notifications to specified recipients to receive new alerts based on severity with Microsoft Defender ATP on Windows 10 Enterprise, Pro, and Education editions. +description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria. keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md index cbdc94c7ae..e9e6d09cf2 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md @@ -1,6 +1,6 @@ --- title: Audit Shut down system immediately if unable to log security audits (Windows 10) -description: Describes the best practices, location, values, management practices, and security considerations for the Audit Shut down system immediately if unable to log security audits security policy setting. +description: Best practices, security considerations, and more for the security policy setting, Audit Shut down system immediately if unable to log security audits. ms.assetid: 2cd23cd9-0e44-4d0b-a1f1-39fc29303826 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index 4d60dbd07d..dbef4f23b0 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -1,6 +1,6 @@ --- title: DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 10) -description: Describes the best practices, location, values, and security considerations for the DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting. +description: Learn about best practices and more for the syntax policy setting, DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL). ms.assetid: 0fe3521a-5252-44df-8a47-8d92cf936e7c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md index 1ffae4c1ad..c7de16a3ed 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md @@ -1,6 +1,6 @@ --- title: Deny access to this computer from the network (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting. +description: Best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting. ms.assetid: 935e9f89-951b-4163-b186-fc325682bb0b ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index dcf829294a..1968ce5913 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -1,6 +1,6 @@ --- title: Trust computer and user accounts for delegation (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Enable computer and user accounts to be trusted for delegation security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Enable computer and user accounts to be trusted for delegation. ms.assetid: 524062d4-1595-41f3-8ce1-9c85fd21497b ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md index 4078193cc3..3668aaef4c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md @@ -1,6 +1,6 @@ --- title: Network access Do not allow storage of passwords and credentials for network authentication (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Do not allow storage of passwords and credentials for network authentication security policy setting. +description: Learn about best practices and more for the security policy setting, Network access Do not allow storage of passwords and credentials for network authentication ms.assetid: b9b64360-36ea-40fa-b795-2d6558c46563 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md index 594926f1d8..1fbdd1c98d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md @@ -1,6 +1,6 @@ --- title: Network access Shares that can be accessed anonymously (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Shares that can be accessed anonymously security policy setting. +description: Learn about best practices, security considerations, and more for the security policy setting, Network access Shares that can be accessed anonymously. ms.assetid: f3e4b919-8279-4972-b415-5f815e2f0a1a ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index 070f0d589a..de1024fc83 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -1,6 +1,6 @@ --- title: Shutdown Allow system to be shut down without having to log on (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Allow system to be shut down without having to log on security policy setting. +description: Best practices, security considerations and more for the security policy setting, Shutdown Allow system to be shut down without having to log on. ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 6023a2ff25..08eaf1bdab 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -1,6 +1,6 @@ --- title: System objects Require case insensitivity for non-Windows subsystems (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the System objects Require case insensitivity for non-Windows subsystems security policy setting. +description: Best practices, security considerations and more for the security policy setting, System objects Require case insensitivity for non-Windows subsystems. ms.assetid: 340d6769-8f33-4067-8470-1458978d1522 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md index d0232771ba..2fd36ac32f 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md @@ -1,6 +1,6 @@ --- title: User Account Control Detect application installations and prompt for elevation (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Detect application installations and prompt for elevation security policy setting. +description: Learn about best practices and more for the security policy setting, User Account Control Detect application installations and prompt for elevation. ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index 4b12248403..e33dc7ed87 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -1,6 +1,6 @@ --- title: Manage packaged apps with AppLocker (Windows 10) -description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. +description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy. ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650 ms.reviewer: ms.author: dansimp From cc49423deab42d82f11745b8898416ba55c0eebf Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 20 Dec 2019 14:57:06 -0800 Subject: [PATCH 100/167] Changed "preventions systems" to "prevention systems" --- .../protect-enterprise-data-using-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 02c855053e..fc2050b5d2 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -59,7 +59,7 @@ To help address this security insufficiency, companies developed data loss preve - **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry). -Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss preventions systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand. +Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand. ### Using information rights management systems To help address the potential data loss prevention system problems, companies developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. From d89b0b9b58287ebb894945d84ff6da23532881fb Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 21 Dec 2019 16:26:04 +0530 Subject: [PATCH 101/167] Added particular file name added the particular file name **Surface_Brightness_Control_v1.16.137.0.msi** which will be used to control the surface brightness --- devices/surface/microsoft-surface-brightness-control.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 8c512f48c2..1765b71f55 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -22,8 +22,7 @@ kiosk scenarios, you can optimize power management using the new Surface Brightness Control app. Available for download with [Surface Tools for -IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is -designed to help reduce thermal load and lower the overall carbon +IT](https://www.microsoft.com/download/details.aspx?id=46703), Download only this file **Surface_Brightness_Control_v1.16.137.0.msi**. Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. The tool automatically dims the screen when not in use and includes the following configuration options: From c3e67b75c56195e24a24d96c79a0d65fd18198d7 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 18:56:22 +0500 Subject: [PATCH 102/167] CSV file verification information addition As mentioned by the user, I added a note regarding the CSV file. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5510 --- windows/deployment/windows-autopilot/add-devices.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 096ebe1151..9187f9991a 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -63,6 +63,9 @@ Note that the hardware hash also contains details about when it was generated, s Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file. +>[!Note] +>Before uploading the CSV file on intune, please make sure that 1st row contains Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). + ### Collecting the hardware ID from existing devices using PowerShell The hardware ID, or hardware hash, for an existing device is available through Windows Management Instrumentation (WMI), as long as that device is running Windows 10 version 1703 or later. To help gather this information, as well as the serial number of the device (useful to see at a glance the machine to which it belongs), a PowerShell script called [Get-WindowsAutoPilotInfo.ps1 has been published to the PowerShell Gallery website](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo). From 311fa6a79a4259ab89c192b73ecf82dc16357d17 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 19:12:33 +0500 Subject: [PATCH 103/167] Missing Windows Version Added missing Windows version in the document. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5511 --- .../smart-card-certificate-requirements-and-enumeration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index a408a47cf2..17564fc13b 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -185,7 +185,7 @@ Certificate requirements are listed by versions of the Windows operating system. The smart card certificate has specific format requirements when it is used with Windows XP and earlier operating systems. You can enable any certificate to be visible for the smart card credential provider. -| **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, and Windows Vista** | **Requirements for Windows XP** | +| **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows 10** | **Requirements for Windows XP** | |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | CRL distribution point location | Not required | The location must be specified, online, and available, for example:
\[1\]CRL Distribution Point
Distribution Point Name:
Full Name:
URL= | | Key usage | Digital signature | Digital signature | From f370b45fcc9411c59007f88dc1e27a1185be548c Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 21:22:23 +0500 Subject: [PATCH 104/167] Information update Deleting old information and redirecting the user to the current and updated document. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5514 --- .../microsoft-cloud-app-security-config.md | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 996ac58a26..3010803ba6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -31,6 +31,10 @@ To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app di >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions. +> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. + +## Enable Microsoft Cloud App Security in Microsoft Defender ATP + 1. In the navigation pane, select **Preferences setup** > **Advanced features**. 2. Select **Microsoft Cloud App Security** and switch the toggle to **On**. 3. Click **Save preferences**. @@ -39,21 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove ## View the data collected -1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com). - -2. Navigate to the Cloud Discovery dashboard. - - ![Image of menu to cloud discovery dashboard](images/atp-cloud-discovery-dashboard-menu.png) - -3. Select **Win10 Endpoint Users report**, which contains the data coming from Microsoft Defender ATP. - - ![Win10 endpoint users](./images/win10-endpoint-users.png) - -This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context. - -Notice the new **Machines** tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (for example, when drilling down to a specific cloud app). - -![Cloud discovery](./images/cloud-discovery.png) +To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). From 3de268961dcf2ea1f20cb56d4533172c323717ad Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 21:59:11 +0500 Subject: [PATCH 105/167] Sentence correction There was confusion in the sentence and its updated now. Probolem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5515 --- .../system-guard-secure-launch-and-smm-protection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 5b92c4240f..18526e6918 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -66,8 +66,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic >[!NOTE] >To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -## Requirements Met by System Guard Enabled Machines -Any machine with System Guard enabled will automatically meet the following low-level hardware requirements: +## System requirments for System Guard |For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| |--------|-----------| From ac7ad5f086bb1535bc9f06189cf01f7bb8655221 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 21 Dec 2019 22:58:08 +0530 Subject: [PATCH 106/167] Added support link and hotfix package link as per the user report, i added the download link for Microsoft Desktop Optimization Pack March 2017 Servicing Release --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index c19488dbb0..a0340871f3 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -39,3 +39,16 @@ This section lists common issues that you may encounter when you upgrade your Ad - Install the required hotfix. - Connect to AGPM using an AGPM client to test that your difference reports are now functioning. + + ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 + + AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs) + install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. + + Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link + https://www.microsoft.com/en-us/download/details.aspx?id=54967 + + + ## Reference link + https://support.microsoft.com/en-us/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp + From c1f869dec54af1355275c6898dab60dc12981a73 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:06:09 +0530 Subject: [PATCH 107/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md accepted Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index a0340871f3..99f67155ee 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -40,7 +40,7 @@ This section lists common issues that you may encounter when you upgrade your Ad - Connect to AGPM using an AGPM client to test that your difference reports are now functioning. - ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 +## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs) install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. From 65bae3e61bffe98ca2d21e1f4c5fce06769a8062 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:06:37 +0530 Subject: [PATCH 108/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md looks good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 99f67155ee..a06d29828b 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -42,7 +42,8 @@ This section lists common issues that you may encounter when you upgrade your Ad ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 - AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs) +**Issue fixed in this hotfix** +AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link From 2f85c29582d9d0008a9678e2b847b53a995b2424 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:06:59 +0530 Subject: [PATCH 109/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md looks ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index a06d29828b..7b77f69f0b 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -44,7 +44,11 @@ This section lists common issues that you may encounter when you upgrade your Ad **Issue fixed in this hotfix** AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). - install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. + +**How to get this update** +Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. + +More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link https://www.microsoft.com/en-us/download/details.aspx?id=54967 From bfdfe7d8e6d3ce3ee5d99bbb3e542198a510bd74 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:08:58 +0530 Subject: [PATCH 110/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md this redirects to https://www.microsoft.com/en-us/download/details.aspx?id=54967 Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 7b77f69f0b..ae6378eb4f 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -51,7 +51,7 @@ Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 S More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link - https://www.microsoft.com/en-us/download/details.aspx?id=54967 +https://www.microsoft.com/download/details.aspx?id=54967 ## Reference link From 6154e207a288ff6eae98661c976cba8fd4d4c2ef Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:10:11 +0530 Subject: [PATCH 111/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md this redirects to https://support.microsoft.com/en-in/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index ae6378eb4f..4301d3b355 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -55,5 +55,5 @@ https://www.microsoft.com/download/details.aspx?id=54967 ## Reference link - https://support.microsoft.com/en-us/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp +https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp From 7ac69c996aaae9da629c9fb70fb327caf78bf337 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:10:38 +0530 Subject: [PATCH 112/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md looks good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 4301d3b355..f372d6c288 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -50,7 +50,7 @@ Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 S More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. - Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link +Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) is shown below: https://www.microsoft.com/download/details.aspx?id=54967 From 7e813f3428b2059c954aca7ad3f882f7c55dcb16 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:10:52 +0530 Subject: [PATCH 113/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index f372d6c288..1449ec5728 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -54,6 +54,6 @@ Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing R https://www.microsoft.com/download/details.aspx?id=54967 - ## Reference link +## Reference link https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp From 1a351dbbf13c91a8ca551f975118cc2efee891a7 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:25:42 +0530 Subject: [PATCH 114/167] Update devices/surface/microsoft-surface-brightness-control.md ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 1765b71f55..f83886b181 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -22,7 +22,8 @@ kiosk scenarios, you can optimize power management using the new Surface Brightness Control app. Available for download with [Surface Tools for -IT](https://www.microsoft.com/download/details.aspx?id=46703), Download only this file **Surface_Brightness_Control_v1.16.137.0.msi**. Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon +Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. +If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. footprint for deployed Surface devices. The tool automatically dims the screen when not in use and includes the following configuration options: From 428b6e7af86fd2f6e831b6abc1a85dcea1bc3685 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:26:08 +0530 Subject: [PATCH 115/167] Update devices/surface/microsoft-surface-brightness-control.md ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index f83886b181..eb63185e2d 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -24,7 +24,7 @@ Brightness Control app. Available for download with [Surface Tools for Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. -footprint for deployed Surface devices. The tool automatically dims the screen when not in use and +The tool automatically dims the screen when not in use and includes the following configuration options: includes the following configuration options: - Period of inactivity before dimming the display. From 1b00d183a32b1270c69cb10d510f1f07337685ce Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:26:34 +0530 Subject: [PATCH 116/167] Update devices/surface/microsoft-surface-brightness-control.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index eb63185e2d..fff81efcd4 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -21,7 +21,7 @@ When deploying Surface devices in point of sale or other “always-on” kiosk scenarios, you can optimize power management using the new Surface Brightness Control app. -Available for download with [Surface Tools for +Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703). Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. The tool automatically dims the screen when not in use and includes the following configuration options: From 9cd7fc1d4b4cf28e93a9595cb9fe22768e7dd138 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:26:56 +0530 Subject: [PATCH 117/167] Update devices/surface/microsoft-surface-brightness-control.md good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index fff81efcd4..47c2ffed10 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -25,7 +25,6 @@ Available for download with [Surface Tools for IT](https://www.microsoft.com/dow Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. The tool automatically dims the screen when not in use and includes the following configuration options: -includes the following configuration options: - Period of inactivity before dimming the display. From 15bfda0dcc72b4dde8f248f1b8a281507704306a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:27:35 +0530 Subject: [PATCH 118/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 1449ec5728..46d606b246 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -42,7 +42,7 @@ This section lists common issues that you may encounter when you upgrade your Ad ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 -**Issue fixed in this hotfix** +**Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). **How to get this update** From 1da0b3d5edde9f4ef8a4a882a64f027aea68e5ff Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:27:56 +0530 Subject: [PATCH 119/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 1 - 1 file changed, 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 46d606b246..cc3a54124e 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -43,7 +43,6 @@ This section lists common issues that you may encounter when you upgrade your Ad ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 **Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). -AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). **How to get this update** Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. From d294d4dce96263faed89819ccb43fa3b00867f77 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:28:13 +0530 Subject: [PATCH 120/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index cc3a54124e..81eeaea9cf 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -44,7 +44,7 @@ This section lists common issues that you may encounter when you upgrade your Ad **Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). -**How to get this update** +**How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. From a0849a5ac51a3a7f16820eaa5406712a09a80811 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:28:28 +0530 Subject: [PATCH 121/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 1 - 1 file changed, 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 81eeaea9cf..cc4fa92c83 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -45,7 +45,6 @@ This section lists common issues that you may encounter when you upgrade your Ad **Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). **How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. -Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. From 816b26c6603e274f9bef04eb3bef1083ecaaba5d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:28:55 +0530 Subject: [PATCH 122/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index cc4fa92c83..721be58506 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -46,7 +46,7 @@ This section lists common issues that you may encounter when you upgrade your Ad **How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. -More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. +More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) is shown below: https://www.microsoft.com/download/details.aspx?id=54967 From 6627a1647024f32062f2dabd8de2799918999586 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:29:17 +0530 Subject: [PATCH 123/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 721be58506..aa0459b438 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -48,7 +48,7 @@ This section lists common issues that you may encounter when you upgrade your Ad More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. -Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) is shown below: +The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967). https://www.microsoft.com/download/details.aspx?id=54967 From 1ee6d78ec02fc7db69955eb1fb3026b071b17c1c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:29:39 +0530 Subject: [PATCH 124/167] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 1 - 1 file changed, 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index aa0459b438..0275e8dc91 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -49,7 +49,6 @@ This section lists common issues that you may encounter when you upgrade your Ad More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967). -https://www.microsoft.com/download/details.aspx?id=54967 ## Reference link From 97216a50616cc5a9ed5231ba92193cf3951deebc Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:31:16 +0500 Subject: [PATCH 125/167] Update windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../system-guard-secure-launch-and-smm-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 18526e6918..05dc390aef 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -66,7 +66,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic >[!NOTE] >To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -## System requirments for System Guard +## System requirements for System Guard |For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| |--------|-----------| From 9d4826fe2360a80d9f72a71f92c922758855932a Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:32:43 +0500 Subject: [PATCH 126/167] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 3010803ba6..0373464307 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -43,7 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove ## View the data collected -To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). +To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). From 749bf1778ec8ed3a9c89ae2b90056fdc28291146 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:32:53 +0500 Subject: [PATCH 127/167] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 0373464307..7b474d5228 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -31,7 +31,7 @@ To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app di >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions. -> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. +> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. ## Enable Microsoft Cloud App Security in Microsoft Defender ATP From 1fcddb19408c66437552377b33b5c7d396fe4ddb Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:34:06 +0500 Subject: [PATCH 128/167] Removed language locale Removed language locale --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 7b474d5228..5779992a72 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -43,7 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove ## View the data collected -To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). +To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). From df2ae5d78bb753a046e626385a92582c64730022 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:35:10 +0500 Subject: [PATCH 129/167] Update windows/deployment/windows-autopilot/add-devices.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 9187f9991a..eb0e05cb61 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -63,7 +63,7 @@ Note that the hardware hash also contains details about when it was generated, s Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file. ->[!Note] +> [!Note] >Before uploading the CSV file on intune, please make sure that 1st row contains Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). ### Collecting the hardware ID from existing devices using PowerShell From 40f978edf603f8e71af18182f67b1b33ed6ada71 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:35:19 +0500 Subject: [PATCH 130/167] Update windows/deployment/windows-autopilot/add-devices.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index eb0e05cb61..4952f77f8f 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -64,7 +64,7 @@ Note that the hardware hash also contains details about when it was generated, s Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file. > [!Note] ->Before uploading the CSV file on intune, please make sure that 1st row contains Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). +> Before uploading the CSV file on intune, please make sure that 1st row contains Device Serial Number, Windows Product ID, Hardware Hash, Group Tag, Assigned User. If there is any header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). ### Collecting the hardware ID from existing devices using PowerShell From 7ce5166c4e0832247a33cece6931d9fcbaf9ab8b Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 23 Dec 2019 11:58:01 +0500 Subject: [PATCH 131/167] Update windows/deployment/windows-autopilot/add-devices.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 4952f77f8f..86c2c3e316 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -64,7 +64,7 @@ Note that the hardware hash also contains details about when it was generated, s Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 version 1703 and higher devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file. > [!Note] -> Before uploading the CSV file on intune, please make sure that 1st row contains Device Serial Number, Windows Product ID, Hardware Hash, Group Tag, Assigned User. If there is any header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). +> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot). ### Collecting the hardware ID from existing devices using PowerShell From 59fdfa26af751a8242d213a9248f6601ac835043 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 23 Dec 2019 14:07:51 -0500 Subject: [PATCH 132/167] items 88 through 120 reviewed --- .../client-management/mdm/wirednetwork-csp.md | 2 +- .../configure-mdt-deployment-share-rules.md | 2 +- .../use-web-services-in-mdt.md | 2 +- ...f-windows-10-with-configuration-manager.md | 2 +- ...-windows-10-using-configuration-manager.md | 295 +++++++++--------- windows/deployment/planning/index.md | 2 +- ...tibility-fixes-and-custom-fix-databases.md | 133 ++++---- ...ection-considerations-for-windows-to-go.md | 173 +++++----- ...ws-personal-data-services-configuration.md | 2 +- .../virtual-smart-card-overview.md | 2 +- ...e-vpn-and-wip-policy-using-intune-azure.md | 2 +- .../create-wip-policy-using-intune-azure.md | 2 +- .../create-wip-policy-using-sccm.md | 2 +- .../mandatory-settings-for-wip.md | 2 +- .../audit-directory-service-changes.md | 2 +- .../audit-filtering-platform-packet-drop.md | 2 +- .../audit-other-account-logon-events.md | 2 +- .../auditing/audit-process-creation.md | 2 +- .../auditing/audit-removable-storage.md | 2 +- .../registry-global-object-access-auditing.md | 2 +- ...oft-defender-advanced-threat-protection.md | 2 +- ...-log-on-through-remote-desktop-services.md | 2 +- ...trong-windows-2000-or-later-session-key.md | 2 +- ...-information-when-the-session-is-locked.md | 2 +- ...logon-machine-account-lockout-threshold.md | 2 +- ...e-encryption-types-allowed-for-kerberos.md | 2 +- .../profile-system-performance.md | 2 +- ...thms-for-encryption-hashing-and-signing.md | 2 +- ...-for-the-built-in-administrator-account.md | 2 +- ...ender-smartscreen-set-individual-device.md | 2 +- 30 files changed, 329 insertions(+), 326 deletions(-) diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md index c5727c4674..92f6496c2d 100644 --- a/windows/client-management/mdm/wirednetwork-csp.md +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -1,6 +1,6 @@ --- title: WiredNetwork CSP -description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. +description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md index 3f8f818281..54f73a5c48 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md @@ -1,6 +1,6 @@ --- title: Configure MDT deployment share rules (Windows 10) -description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. +description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine. ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md index 4f7de42969..2d1cffeadc 100644 --- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md @@ -1,6 +1,6 @@ --- title: Use web services in MDT (Windows 10) -description: In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. +description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522 ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md index d7435593a7..2951abbc45 100644 --- a/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md @@ -1,6 +1,6 @@ --- title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10) -description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE). +description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit. ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08 ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md index 78e75ded51..f807d3f0e8 100644 --- a/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -1,147 +1,148 @@ ---- -title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10) -description: This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. -ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: upgrade, install, installation, computer refresh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager - - -**Applies to** - -- Windows 10 versions 1507, 1511 - ->[!IMPORTANT] ->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). ->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). - -This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md). - -A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps: - -1. Data and settings are backed up locally in a backup folder. - -2. The partition is wiped, except for the backup folder. - -3. The new operating system image is applied. - -4. Other applications are installed. - -5. Data and settings are restored. - -For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0003 is a machine with Windows 7 SP1, on which Windows 10 will be deployed. DC01, CM01, and PC003 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). - -In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with the Configuration Manager client installed. - -## Create a device collection and add the PC0003 computer - - -1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings: - - * General - - * Name: Install Windows 10 Enterprise x64 - - * Limited Collection: All Systems - - * Membership rules: - - * Direct rule - - * Resource Class: System Resource - - * Attribute Name: Name - - * Value: PC0003 - - * Select **Resources** - - * Select **PC0003** - -2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection. - - >[!NOTE] - >It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership. - - - -## Create a new deployment - - -Using the Configuration Manager console, in the Software Library workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the following settings: - -- General - - - Collection: Install Windows 10 Enterprise x64 - -- Deployment Settings - - - Purpose: Available - - - Make available to the following: Configuration Manager clients, media and PXE - - >[!NOTE] - >It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point. - - - -- Scheduling - - - <default> - -- User Experience - - - <default> - -- Alerts - - - <default> - -- Distribution Points - - - <default> - -## Initiate a computer refresh - - -Now you can start the computer refresh on PC0003. - -1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**. - - >[!NOTE] - >The Client Notification feature is new in Configuration Manager. - -2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**. - -3. In the **Software Center** warning dialog box, click **INSTALL OPERATING SYSTEM**. - -## Related topics - - -[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) - -[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) - -[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) - -[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) - -[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) - -[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) - -[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) - -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) +--- +title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10) +description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10. +ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: upgrade, install, installation, computer refresh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager + + +**Applies to** + +- Windows 10 versions 1507, 1511 + +>[!IMPORTANT] +>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). +>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). + +This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md). + +A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps: + +1. Data and settings are backed up locally in a backup folder. + +2. The partition is wiped, except for the backup folder. + +3. The new operating system image is applied. + +4. Other applications are installed. + +5. Data and settings are restored. + +For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0003 is a machine with Windows 7 SP1, on which Windows 10 will be deployed. DC01, CM01, and PC003 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). + +In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with the Configuration Manager client installed. + +## Create a device collection and add the PC0003 computer + + +1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings: + + * General + + * Name: Install Windows 10 Enterprise x64 + + * Limited Collection: All Systems + + * Membership rules: + + * Direct rule + + * Resource Class: System Resource + + * Attribute Name: Name + + * Value: PC0003 + + * Select **Resources** + + * Select **PC0003** + +2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection. + + >[!NOTE] + >It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership. + + + +## Create a new deployment + + +Using the Configuration Manager console, in the Software Library workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the following settings: + +- General + + - Collection: Install Windows 10 Enterprise x64 + +- Deployment Settings + + - Purpose: Available + + - Make available to the following: Configuration Manager clients, media and PXE + + >[!NOTE] + >It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point. + + + +- Scheduling + + - <default> + +- User Experience + + - <default> + +- Alerts + + - <default> + +- Distribution Points + + - <default> + +## Initiate a computer refresh + + +Now you can start the computer refresh on PC0003. + +1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**. + + >[!NOTE] + >The Client Notification feature is new in Configuration Manager. + +2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**. + +3. In the **Software Center** warning dialog box, click **INSTALL OPERATING SYSTEM**. + +## Related topics + + +[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) + +[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) + +[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) + +[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) + +[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) + +[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) + +[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) + +[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) + +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md index 454580a0c1..6f28178063 100644 --- a/windows/deployment/planning/index.md +++ b/windows/deployment/planning/index.md @@ -1,6 +1,6 @@ --- title: Plan for Windows 10 deployment (Windows 10) -description: Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. +description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date. ms.assetid: 002F9B79-B50F-40C5-A7A5-0B4770E6EC15 keywords: deploy, upgrade, update, configure ms.prod: w10 diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md index 47e9283fef..3aac6db8f1 100644 --- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md +++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md @@ -1,66 +1,67 @@ ---- -title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10) -description: This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. -ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Managing Application-Compatibility Fixes and Custom Fix Databases - - -**Applies to** - -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 - -This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. - -## In this section - - - ---- - - - - - - - - - - - - - - - - - - - - -
TopicDescription

Understanding and Using Compatibility Fixes

As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.

Compatibility Fix Database Management Strategies and Deployment

After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:

Testing Your Application Mitigation Packages

This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.

- - - -## Related topics -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) - -[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md) +--- +title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10) +description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases. +ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: appcompat +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Managing Application-Compatibility Fixes and Custom Fix Databases + + +**Applies to** + +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 + +This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. + +## In this section + + + ++++ + + + + + + + + + + + + + + + + + + + + +
TopicDescription

Understanding and Using Compatibility Fixes

As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.

Compatibility Fix Database Management Strategies and Deployment

After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:

Testing Your Application Mitigation Packages

This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.

+ + + +## Related topics +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) + +[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md) diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index 7eeaf18a3f..d50bf41b49 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -1,86 +1,87 @@ ---- -title: Security and data protection considerations for Windows To Go (Windows 10) -description: One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. -ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: mobile, device, USB, secure, BitLocker -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility, security -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Security and data protection considerations for Windows To Go - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. - -## Backup and restore - - -As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement. - -If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924). - -## BitLocker - - -We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller. - -You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace. - -**Tip**   -If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail) - - - -If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode. - -## Disk discovery and data leakage - - -We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. - -To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. - -For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103). - -## Security certifications for Windows To Go - - -Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics. - -- [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104) - -- [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107) - -## Related topics - - -[Windows To Go: feature overview](windows-to-go-overview.md) - -[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) - -[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) - -[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) - - - - - - - - - +--- +title: Security and data protection considerations for Windows To Go (Windows 10) +description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure. +ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: mobile, device, USB, secure, BitLocker +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: mobility, security +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Security and data protection considerations for Windows To Go + + +**Applies to** + +- Windows 10 + +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + +One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. + +## Backup and restore + + +As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement. + +If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924). + +## BitLocker + + +We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller. + +You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace. + +**Tip**   +If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail) + + + +If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode. + +## Disk discovery and data leakage + + +We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. + +To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. + +For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103). + +## Security certifications for Windows To Go + + +Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics. + +- [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104) + +- [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107) + +## Related topics + + +[Windows To Go: feature overview](windows-to-go-overview.md) + +[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) + +[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) + +[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) + + + + + + + + + diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md index 1366bdd1e6..273f2bac8d 100644 --- a/windows/privacy/windows-personal-data-services-configuration.md +++ b/windows/privacy/windows-personal-data-services-configuration.md @@ -1,6 +1,6 @@ --- title: Windows 10 personal data services configuration -description: An overview of Windows 10 services configuration settings that are used for personal data privacy protection relevant for regulations, such as the General Data Protection Regulation (GDPR) +description: Learn more about Windows 10 configuration settings that are useful for complying with regulations such as the GDPR and protecting users' personal data. keywords: privacy, GDPR, windows, IT ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index 8d19264cfa..aa61d00b97 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -1,6 +1,6 @@ --- title: Virtual Smart Card Overview (Windows 10) -description: This topic for IT professional provides an overview of the virtual smart card technology that was developed by Microsoft, and links to additional topics about virtual smart cards. +description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 8c73819a8e..6c672171ac 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -1,6 +1,6 @@ --- title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune (Windows 10) -description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. +description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy keywords: WIP, Enterprise Data Protection ms.prod: w10 ms.mktglfcycl: explore diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 8f850eed95..74c3b0d7c1 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -1,6 +1,6 @@ --- title: Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune (Windows 10) -description: The Azure portal for Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, supporting mobile device management (MDM), to let you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +description: Learn how to use the Azure portal for Microsoft Intune to create and deploy your Windows Information Protection (WIP) policy to protect data on your network. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index 61ce1a5f3b..2e4f0f0749 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -1,6 +1,6 @@ --- title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10) -description: Configuration Manager (version 1606 or later) helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +description: Use Configuration Manager to make & deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data. ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 6b736fd281..27d3f1d9c9 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -1,6 +1,6 @@ --- title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) -description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP) in your enterprise. +description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise. keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Protected apps list ms.prod: w10 ms.mktglfcycl: explore diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index 4110cd1ec6..1a962ee86f 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -1,6 +1,6 @@ --- title: Audit Directory Service Changes (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (ADÂ DS). +description: The policy setting Audit Directory Service Changes determines if audit events are generated when objects in Active Directory Domain Services (AD DS) are changed ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index b953cf56c0..bdaff33b06 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -1,6 +1,6 @@ --- title: Audit Filtering Platform Packet Drop (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform. +description: The policy setting, Audit Filtering Platform Packet Drop, determines if audit events are generated when packets are dropped by the Windows Filtering Platform. ms.assetid: 95457601-68d1-4385-af20-87916ddab906 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index edbcb2555d..959a951636 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -1,6 +1,6 @@ --- title: Audit Other Account Logon Events (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. +description: The policy setting, Audit Other Account Logon Events, allows you to audit events generated by responses to credential requests for certain kinds of user logons. ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 8532644095..2eb2aa20f8 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -1,6 +1,6 @@ --- title: Audit Process Creation (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts). +description: The Advanced Security Audit policy setting, Audit Process Creation, determines if audit events are generated when a process is created (starts). ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index 96314fa0bd..82d5170b7c 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -1,6 +1,6 @@ --- title: Audit Removable Storage (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive. +description: The Advanced Security Audit policy setting, Audit Removable Storage, determines when there is a read or a write to a removable drive. ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index f11c4a64fd..88585f3a9a 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -1,6 +1,6 @@ --- title: Registry (Global Object Access Auditing) (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer. +description: The Advanced Security Audit policy setting, Registry (Global Object Access Auditing), enables you to configure a global system access control list (SACL). ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md index b498d66535..56b73435ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender Advanced Threat Protection -description: Microsoft Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats. +description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is an enterprise security platform that helps defend against advanced persistent threats. keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md index 621bf61523..5ba0488e44 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md @@ -1,6 +1,6 @@ --- title: Deny log on through Remote Desktop Services (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on through Remote Desktop Services security policy setting. +description: Best practices, location, values, policy management, and security considerations for the security policy setting, Deny log on through Remote Desktop Services. ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md index f4021623d1..9660f69829 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md @@ -1,6 +1,6 @@ --- title: Domain member Require strong (Windows 2000 or later) session key (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Domain member Require strong (Windows 2000 or later) session key security policy setting. +description: Best practices, location, values, and security considerations for the security policy setting, Domain member Require strong (Windows 2000 or later) session key. ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md index dc5baed9b0..98bcd11836 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md @@ -1,6 +1,6 @@ --- title: Interactive logon Display user information when the session is locked (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Interactive logon Display user information when the session is locked security policy setting. +description: Best practices, security considerations, and more for the security policy setting, Interactive logon Display user information when the session is locked. ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md index 1622780408..384e9959b1 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md @@ -1,6 +1,6 @@ --- title: Interactive logon Machine account lockout threshold (Windows 10) -description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine account lockout threshold security policy setting. +description: Best practices, location, values, management, and security considerations for the security policy setting, Interactive logon Machine account lockout threshold. ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index c5496a79f8..1ada850d3b 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -1,6 +1,6 @@ --- title: Network security Configure encryption types allowed for Kerberos -description: Describes the best practices, location, values and security considerations for the Network security Configure encryption types allowed for Kerberos Win7 only security policy setting. +description: Best practices, location, values and security considerations for the policy setting, Network security Configure encryption types allowed for Kerberos Win7 only. ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index 8677916153..c39e1de1d2 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -1,6 +1,6 @@ --- title: Profile system performance (Windows 10) -description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for the Profile system performance security policy setting. +description: Best practices, location, values, policy management, and security considerations for the security policy setting, Profile system performance. ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 3b79ce3312..4ffbf4911b 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -1,6 +1,6 @@ --- title: System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing (Windows 10) -description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting. +description: Best practices, security considerations, and more for the policy setting, System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index 623538938f..c55c11df6a 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -1,6 +1,6 @@ --- title: User Account Control Admin Approval Mode for the Built-in Administrator account (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Admin Approval Mode for the Built-in Administrator account security policy setting. +description: Best practices, security considerations, and more for the policy setting, User Account Control Admin Approval Mode for the Built-in Administrator account. ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md index 9d10a82e3a..bdbd3df95e 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md @@ -1,6 +1,6 @@ --- title: Set up and use Windows Defender SmartScreen on individual devices (Windows 10) -description: Steps about what happens when an employee tries to run an app, how employees can report websites as safe or unsafe, and how employees can use the Windows Security to set Windows Defender SmartScreen for individual devices. +description: Learn how employees can use Windows Security to set up Windows Defender SmartScreen. Windows Defender SmartScreen protects users from running malicious apps. keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen ms.prod: w10 ms.mktglfcycl: explore From f2f743ed66a12871f7753cc0326d61c0ca3ee522 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 23 Dec 2019 16:45:42 -0500 Subject: [PATCH 133/167] items reviewed up through #124 --- .../provisioning-packages/provisioning-create-package.md | 2 +- windows/deployment/update/how-windows-update-works.md | 2 +- windows/deployment/update/windows-update-overview.md | 2 +- windows/deployment/update/wufb-autoupdate.md | 2 +- windows/deployment/update/wufb-manageupdate.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1703.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1709.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1803.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1809.md | 2 +- .../basic-level-windows-diagnostic-events-and-fields-1903.md | 2 +- .../privacy/windows-endpoints-1709-non-enterprise-editions.md | 2 +- .../privacy/windows-endpoints-1803-non-enterprise-editions.md | 2 +- .../privacy/windows-endpoints-1809-non-enterprise-editions.md | 2 +- .../privacy/windows-endpoints-1903-non-enterprise-editions.md | 2 +- .../credential-guard/credential-guard-protection-limits.md | 2 +- .../hello-for-business/hello-cert-trust-policy-settings.md | 2 +- .../hello-for-business/hello-deployment-cert-trust.md | 2 +- .../hello-for-business/hello-deployment-key-trust.md | 2 +- .../hello-for-business/hello-feature-conditional-access.md | 2 +- .../hello-for-business/hello-feature-dynamic-lock.md | 2 +- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- .../microsoft-defender-atp/basic-permissions.md | 2 +- .../microsoft-defender-atp/get-alert-info-by-id.md | 2 +- .../run-advanced-query-sample-powershell.md | 2 +- .../microsoft-defender-atp/run-advanced-query-sample-python.md | 2 +- .../threat-protection/microsoft-defender-atp/update-alert.md | 2 +- .../network-security-ldap-client-signing-requirements.md | 2 +- ...s-compliant-algorithms-for-encryption-hashing-and-signing.md | 2 +- 29 files changed, 29 insertions(+), 29 deletions(-) diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md index 876859b5a0..3f608dd8ee 100644 --- a/windows/configuration/provisioning-packages/provisioning-create-package.md +++ b/windows/configuration/provisioning-packages/provisioning-create-package.md @@ -1,6 +1,6 @@ --- title: Create a provisioning package (Windows 10) -description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. +description: Learn how to create a provisioning package for Windows 10. Provisioning packages let you quickly configure a device without having to install a new image. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 1103564dea..ac597ae387 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -1,6 +1,6 @@ --- title: How Windows Update works -description: Learn how Windows Update works, including architecture and troubleshooting +description: Learn how Windows Update works, including architecture and troubleshooting. ms.prod: w10 ms.mktglfcycl: audience: itpro diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md index 5b7b68067e..47cb14f395 100644 --- a/windows/deployment/update/windows-update-overview.md +++ b/windows/deployment/update/windows-update-overview.md @@ -1,6 +1,6 @@ --- title: Get started with Windows Update -description: Learn how Windows Update works, including architecture and troubleshooting +description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors. ms.prod: w10 ms.mktglfcycl: audience: itpro diff --git a/windows/deployment/update/wufb-autoupdate.md b/windows/deployment/update/wufb-autoupdate.md index 0d7b34374e..828c0bf6b7 100644 --- a/windows/deployment/update/wufb-autoupdate.md +++ b/windows/deployment/update/wufb-autoupdate.md @@ -1,6 +1,6 @@ --- title: Setting up Automatic Update in Windows Update for Business (Windows 10) -description: Learn how to get started using Windows Update for Business. +description: Learn how to configure Automatic Update group policies in Windows Update for Business. ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/deployment/update/wufb-manageupdate.md b/windows/deployment/update/wufb-manageupdate.md index f1513ece69..10037c56b2 100644 --- a/windows/deployment/update/wufb-manageupdate.md +++ b/windows/deployment/update/wufb-manageupdate.md @@ -1,6 +1,6 @@ --- title: Managing feature and quality updates with policies in Windows Update for Business (Windows 10) -description: Learn how to get started using Windows Update for Business. +description: Learn how to manage feature and quality updates using group policies in Windows Update for Business. ms.prod: w10 ms.mktglfcycl: manage audience: itpro diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index fc00e91cc2..555eb005b1 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1703. title: Windows 10, version 1703 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 14db4d2683..1cecae9cf2 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1709. title: Windows 10, version 1709 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index d6eb2975ad..94306ce392 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1803. title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index b5c02de9bd..65bf5e307f 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1809. title: Windows 10, version 1809 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index fd70d1e3bd..894a0dd764 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -1,5 +1,5 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. +description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1903. title: Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md index 13660e8f01..29accd3e32 100644 --- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md @@ -1,6 +1,6 @@ --- title: Windows 10, version 1709, connection endpoints for non-Enterprise editions -description: Explains what Windows 10 endpoints are used in non-Enterprise editions. +description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1709. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md index 208f378b9e..9ceba75493 100644 --- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md @@ -1,6 +1,6 @@ --- title: Windows 10, version 1803, connection endpoints for non-Enterprise editions -description: Explains what Windows 10 endpoints are used in non-Enterprise editions. +description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1803. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index d7ad47c4a1..0bde8377e9 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -1,6 +1,6 @@ --- title: Windows 10, version 1809, connection endpoints for non-Enterprise editions -description: Explains what Windows 10 endpoints are used in non-Enterprise editions. +description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index 96f81d22ed..6c791a5536 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -1,6 +1,6 @@ --- title: Windows 10, version 1903, connection endpoints for non-Enterprise editions -description: Explains what Windows 10 endpoints are used in non-Enterprise editions. +description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index 104cadf507..792587963f 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -1,6 +1,6 @@ --- title: Windows Defender Credential Guard protection limits (Windows 10) -description: Scenarios not protected by Windows Defender Credential Guard in Windows 10. +description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows 10. Learn more with this guide. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index c6b2d2ced0..7f7f59156a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -1,6 +1,6 @@ --- title: Configure Windows Hello for Business Policy settings - certificate trust -description: Configure Windows Hello for Business Policy settings for Windows Hello for Business +description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index d43318ad43..c8f3f83f76 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -1,6 +1,6 @@ --- title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment -description: A guide to an On Premises, Certificate trust Windows Hello for Business deployment +description: A guide to on premises, certificate trust Windows Hello for Business deployment. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index f2cdd5b988..e748408fb5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -1,6 +1,6 @@ --- title: Windows Hello for Business Deployment Guide - On Premises Key Deployment -description: A guide to an On Premises, Certificate trust Windows Hello for Business deployment +description: A guide to on premises, key trust Windows Hello for Business deployment. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 4b08f7b6f1..a1810a0b03 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -1,6 +1,6 @@ --- title: Conditional Access -description: Conditional Access +description: Learn more about conditional access in Azure Active Directory. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 7b37ebf924..53985965fb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -1,6 +1,6 @@ --- title: Dynamic lock -description: Conditional Access +description: Learn how to set Dynamic lock on Windows 10 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration, unlock, conditional access ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 5304c0af57..8ed6db6fb4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -1,6 +1,6 @@ --- title: Hybrid Windows Hello for Business Prerequisites -description: Prerequisites for Hybrid Windows Hello for Business Deployments +description: Prerequisites for hybrid Windows Hello for Business deployments using certificate trust. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index e0c85f3020..d2694a48af 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -1,6 +1,6 @@ --- title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) -description: Prerequisites for Hybrid Windows Hello for Business Deployments +description: Prerequisites for hybrid Windows Hello for Business deployments using key trust. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index b735ec5aa0..d9ced772ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -1,6 +1,6 @@ --- title: Use basic permissions to access Microsoft Defender Security Center -description: Assign read and write or read only access to the Microsoft Defender Advanced Threat Protection portal. +description: Learn how to use basic permissions to access the Microsoft Defender Advanced Threat Protection portal. keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md index 609916b57b..d410e5fdb4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md @@ -1,6 +1,6 @@ --- title: Get alert information by ID API -description: Retrieves an alert by its ID. +description: Retrieve a Microsoft Defender ATP alert by its ID. keywords: apis, graph api, supported apis, get, alert, information, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md index e33a799eb0..87da20c0c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting with Powershell API Basics ms.reviewer: -description: Use this API to run advanced queries +description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using PowerShell. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md index f8b07f534c..deacdfd079 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting with Python API Guide ms.reviewer: -description: Use this API to run advanced queries +description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using Python. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index ff8950239f..1f6195d622 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -1,6 +1,6 @@ --- title: Update alert entity API -description: Retrieves a Microsoft Defender ATP alert by its ID. +description: Update a Microsoft Defender ATP alert via this API. keywords: apis, graph api, supported apis, get, alert, information, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md index 5e40e6cd9c..56613b0b02 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md @@ -1,6 +1,6 @@ --- title: Network security LDAP client signing requirements (Windows 10) -description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting. +description: Best practices, location, values, policy management and security considerations for the policy setting, Network security LDAP client signing requirements. ms.assetid: 38b35489-eb5b-4035-bc87-df63de50509c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 3b79ce3312..75ccece8c3 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -1,6 +1,6 @@ --- title: System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing (Windows 10) -description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting. +description: Best practices, security considerations and more for the policy setting, System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing. ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045 ms.reviewer: ms.author: dansimp From a14c2e7490e6d3e6ed06e4536a1f0aad810b1567 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 23 Dec 2019 17:01:31 -0500 Subject: [PATCH 134/167] removed localization code from url --- .../privacy/windows-endpoints-1803-non-enterprise-editions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md index 9ceba75493..1744c60ff7 100644 --- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md @@ -23,7 +23,7 @@ ms.reviewer: - Windows 10 Professional, version 1803 - Windows 10 Education, version 1803 -In addition to the endpoints listed for [Windows 10 Enterprise](https://docs.microsoft.com/en-gb/windows/privacy/manage-windows-1803-endpoints ), the following endpoints are available on other editions of Windows 10, version 1803. +In addition to the endpoints listed for [Windows 10 Enterprise](https://docs.microsoft.com/windows/privacy/manage-windows-1803-endpoints ), the following endpoints are available on other editions of Windows 10, version 1803. We used the following methodology to derive these network endpoints: From 16c8b81b6ca5fb0243976fb12f39becb6c12c38c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 23 Dec 2019 15:35:23 -0800 Subject: [PATCH 135/167] Changed "Direcory" to "Directory" --- .../create-wip-policy-using-intune-azure.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 74c3b0d7c1..b3f555bb13 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -30,7 +30,7 @@ You can create an app protection policy in Intune either with device enrollment - MAM has additional **Access** settings for Windows Hello for Business. - MAM can [selectively wipe company data](https://docs.microsoft.com/intune/apps-selective-wipe) from a user's personal device. -- MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). +- MAM requires an [Azure Active Directory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). - An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. - MAM supports only one user per device. - MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md). @@ -40,7 +40,7 @@ You can create an app protection policy in Intune either with device enrollment ## Prerequisites -Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. +Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Directory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM. ## Configure the MDM or MAM provider From 577fb497d07fecb2aa53417a9522c92be341d662 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 23 Dec 2019 15:36:41 -0800 Subject: [PATCH 136/167] Changed "therefor" to "therefore" --- ...rity-and-data-protection-considerations-for-windows-to-go.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index d50bf41b49..905e495858 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -53,7 +53,7 @@ If you are using a host computer running Windows 7 that has BitLocker enabled, We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. -To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. +To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103). From 9525675a0a446d3a28ca2d99ebfc4fb9aa3d70c8 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 23 Dec 2019 15:37:37 -0800 Subject: [PATCH 137/167] Inserted "to" in "In order illustrate" --- .../deploy-windows-mdt/configure-mdt-deployment-share-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md index 54f73a5c48..8741709766 100644 --- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md +++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md @@ -27,7 +27,7 @@ When using MDT, you can assign setting in three distinct ways: - You can prompt the user or technician for information. - You can have MDT generate the settings automatically. -In order illustrate these three options, let's look at some sample configurations. +In order to illustrate these three options, let's look at some sample configurations. ## Sample configurations From 896e123d993b5a2dfadb32f5db8b0ce57f3fbe2e Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 23 Dec 2019 16:18:04 -0800 Subject: [PATCH 138/167] Update troubleshooting-mbam-installation.md corrected a few links --- mdop/mbam-v25/troubleshooting-mbam-installation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md index b38d7b7818..d8e8d0fc89 100644 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md @@ -387,7 +387,7 @@ Basic checks: * If the communication between client and server is secure, make sure that you are using a valid SSL certificate. -* Verify network connectivity between the web server and the database server to which the data is sent for insertion. You can check database connectivity from the web server to the database server by using ODBC Data Source Administrator. Detailed SQL Server connection troubleshooting information is available in [How to Troubleshoot Connecting to the SQL Server Database Engine](http://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx). +* Verify network connectivity between the web server and the database server to which the data is sent for insertion. You can check database connectivity from the web server to the database server by using ODBC Data Source Administrator. Detailed SQL Server connection troubleshooting information is available in [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx). #### Troubleshooting the connectivity issue @@ -529,11 +529,11 @@ The web service may not connect to the database server because of a permissions * These groups do not have the required permissions on the database. -You will notice permissions-related errors in the Application logs on the MBAM administration and monitoring server if any of the previous conditions are true. In that case, you should manually add the NT Authority\Network Service account and MBAM administration server’s computer account and grant them a server-wide public role on the SQL database server that is using SQL Server Management Studio (http://msdn.microsoft.com/en-us/library/aa337562.aspx). +You will notice permissions-related errors in the Application logs on the MBAM administration and monitoring server if any of the previous conditions are true. In that case, you should manually add the NT Authority\Network Service account and MBAM administration server’s computer account and grant them a server-wide public role on the SQL database server that is using SQL Server Management Studio (https://msdn.microsoft.com/library/aa337562.aspx). #### Review the web service logs -If no events are logged in the Application logs on the MBAM administration server, it’s time to review the web service logs (.svclog) of the MBAM web service that is hosted on the MBAM administration and monitoring server. You will have to use the Service Trace Viewer Tool (SvcTraceViewer.exe) http://msdn.microsoft.com/en-us/library/ms732023.aspx to view the log file. +If no events are logged in the Application logs on the MBAM administration server, it’s time to review the web service logs (.svclog) of the MBAM web service that is hosted on the MBAM administration and monitoring server. You will have to use the Service Trace Viewer Tool (SvcTraceViewer.exe) https://msdn.microsoft.com/library/ms732023.aspx to view the log file. You should primarily investigate the service trace logs of RecoveryandHardwareService and ComplianceStatusService. By default, web service logs are located in the C:\inetpub\Microsoft BitLocker Management Solution\Logs folder. There, each service writes its .svclog file under its own folder. From 2530dd49bff43a4b4f3997ed580fa1c159e52bf5 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 23 Dec 2019 16:28:34 -0800 Subject: [PATCH 139/167] Update device-update-management.md http to https --- windows/client-management/mdm/device-update-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 414a9c8515..d6aafd84de 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -90,7 +90,7 @@ The response of the GetUpdateData call returns an array of ServerSyncUpdateData - **Language** – The language code identifier (LCID). For example, en or es. - **Title** – Title of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 x64 Edition (KB2526305)” - **Description** – Description of the update. For example, “Windows SharePoint Services 3.0 Service Pack 3 (KB2526305) provides the latest updates to Windows SharePoint Services 3.0. After you install this item, you may have to restart your computer. After you have installed this item, it cannot be removed.” -- **KBArticleID** – The KB article number for this update that has details regarding the particular update. For example, . +- **KBArticleID** – The KB article number for this update that has details regarding the particular update. For example, . ## Recommended Flow for Using the Server-Server Sync Protocol From 4b7abd0f7fa2068c02b493f6be94e3c0959a2bb8 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 23 Dec 2019 16:29:56 -0800 Subject: [PATCH 140/167] Update fips-140-validation.md remove en-us --- windows/security/threat-protection/fips-140-validation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index c91f55f5cf..7b43d6901d 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -39,7 +39,7 @@ Each of the cryptographic modules has a defined security policy that must be met ### Step 3: Enable the FIPS security policy -Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). +Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). ### Step 4: Ensure only FIPS validated cryptographic algorithms are used From ed1b4c1484dad6743144202958634343bce120f8 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 23 Dec 2019 16:31:00 -0800 Subject: [PATCH 141/167] Update deploy-windows-defender-application-control-policies-using-intune.md remove en-us --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 176f9a041b..5fa737a5b4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -43,4 +43,4 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( ![Configure WDAC](images/wdac-intune-wdac-settings.png) -To add a custom profile with an OMA-URI see, [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/en-us/intune/configuration/custom-settings-windows-10). +To add a custom profile with an OMA-URI see, [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/intune/configuration/custom-settings-windows-10). From 49ef3074c08e88df545b2ff6abe3ce4e77ca6b36 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 23 Dec 2019 16:33:16 -0800 Subject: [PATCH 142/167] Update hololens2-language-support.md Update to H2 per following guidance from validation report: Multiple H1s are not allowed. You can only have one top-level heading. NOTE: This Suggestion will become a Warning on 02/03/2020 --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 29553845a4..9c56ec9d8c 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -37,7 +37,7 @@ HoloLens 2 is also available in the following languages. However, this support d - Dutch (Netherlands) - Korean (Korea) -# Changing language or keyboard +## Changing language or keyboard The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**. From 143798dd80d2a31efccb0400666b33bcaadcdbbd Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 26 Dec 2019 15:31:03 -0500 Subject: [PATCH 143/167] reviewed items through #163 --- ...ange-history-for-application-management.md | 2 +- .../change-history-for-client-management.md | 2 +- .../mdm/accountmanagement-csp.md | 2 +- .../mdm/accountmanagement-ddf.md | 2 +- .../mdm/applicationcontrol-csp-ddf.md | 2 +- .../mdm/applicationcontrol-csp.md | 2 +- .../mdm/enrollmentstatustracking-csp-ddf.md | 2 +- .../mdm/enrollmentstatustracking-csp.md | 2 +- .../mdm/policy-csp-devicehealthmonitoring.md | 2 +- .../mdm/policy-csp-timelanguagesettings.md | 2 +- ...change-history-for-configure-windows-10.md | 2 +- windows/deployment/update/waas-overview.md | 2 +- windows/deployment/windows-10-media.md | 190 +++++++++--------- .../windows-autopilot/autopilot-support.md | 2 +- .../hello-cert-trust-validate-pki.md | 2 +- .../hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-hybrid-key-new-install.md | 2 +- .../hello-hybrid-key-whfb-provision.md | 2 +- .../hello-key-trust-validate-pki.md | 2 +- .../automated-investigations.md | 2 +- .../exposed-apis-create-app-nativeapp.md | 2 +- .../exposed-apis-create-app-webapp.md | 2 +- .../manage-auto-investigation.md | 2 +- .../microsoft-recommended-block-rules.md | 2 +- ...er-application-control-deployment-guide.md | 2 +- ...sed-root-of-trust-helps-protect-windows.md | 2 +- .../windows-security-baselines.md | 2 +- .../get-support-for-security-baselines.md | 2 +- .../windows-security-baselines.md | 2 +- 29 files changed, 124 insertions(+), 122 deletions(-) diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md index 2ae0e03c13..fdb6834a7a 100644 --- a/windows/application-management/change-history-for-application-management.md +++ b/windows/application-management/change-history-for-application-management.md @@ -1,6 +1,6 @@ --- title: Change history for Application management in Windows 10 (Windows 10) -description: This topic lists changes to documentation for configuring Windows 10. +description: View changes to documentation for application management in Windows 10. keywords: ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md index 8eabad806b..5a50f731b3 100644 --- a/windows/client-management/change-history-for-client-management.md +++ b/windows/client-management/change-history-for-client-management.md @@ -1,6 +1,6 @@ --- title: Change history for Client management (Windows 10) -description: This topic lists changes to documentation for configuring Windows 10. +description: View changes to documentation for client management in Windows 10. keywords: ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index f14ec54b3b..04edf1f24d 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -1,6 +1,6 @@ --- title: AccountManagement CSP -description: Used to configure settings in the Account Manager service +description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md index 6f6df91fe0..35fd257acb 100644 --- a/windows/client-management/mdm/accountmanagement-ddf.md +++ b/windows/client-management/mdm/accountmanagement-ddf.md @@ -1,6 +1,6 @@ --- title: AccountManagement DDF file -description: Used to configure settings in the Account Manager service +description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index 60449c917c..f6d3ef7a2f 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -1,6 +1,6 @@ --- title: ApplicationControl CSP DDF -description: This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML. +description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index dbbecb3b74..5a4fd15cf0 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -1,6 +1,6 @@ --- title: ApplicationControl CSP -description: ApplicationControl CSP +description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md index 84b5bb69b0..e70eed0ce5 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md @@ -1,6 +1,6 @@ --- title: EnrollmentStatusTracking DDF -description: This topic shows the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML. +description: View the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md index 5fba2bac07..6faa0a9b38 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -1,6 +1,6 @@ --- title: EnrollmentStatusTracking CSP -description: During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. +description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md index 0a4dde8690..0968a81bc8 100644 --- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md +++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md @@ -1,6 +1,6 @@ --- title: Policy CSP - DeviceHealthMonitoring -description: Policy CSP - TimeLanguageSettings +description: Learn which DeviceHealthMonitoring policies are supported for your edition of Windows. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 2f1d95383c..ffc5c62bec 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -1,6 +1,6 @@ --- title: Policy CSP - TimeLanguageSettings -description: Policy CSP - TimeLanguageSettings +description: Learn which TimeLanguageSettings policies are supported for your edition of Windows. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index e1100ede91..daaca17946 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -2,7 +2,7 @@ title: Change history for Configure Windows 10 (Windows 10) ms.reviewer: manager: dansimp -description: This topic lists changes to documentation for configuring Windows 10. +description: View changes to documentation for configuring Windows 10. keywords: ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 23a3c73b90..4f6bf5db20 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -1,6 +1,6 @@ --- title: Overview of Windows as a service (Windows 10) -description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy. +description: Windows as a service introduces a new way to build, deploy, and service Windows. Learn how Windows as a service works. keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index e46fc7ed24..5ca3782f46 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -1,94 +1,96 @@ ---- -title: Windows 10 volume license media -description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. -keywords: deploy, upgrade, update, software, media -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.date: 10/20/2017 -ms.reviewer: -manager: laurawi -ms.audience: itpro author: greg-lindsay -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows 10 volume license media - - -**Applies to** - -- Windows 10 - -With each release of Windows 10, volume license media is made available on the [Volume Licensing Service Center](https://www.microsoft.com/vlsc) (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. This topic provides a description of volume license media, and describes some of the changes that have been implemented with the current release of Windows 10. - -## Windows 10 media - -To download Windows 10 installation media from the VLSC, use the product search filter to find “Windows 10.”  A list of products will be displayed. The page then allows you to use your search results to download products, view keys, and view product and key descriptions. - -When you select a product, for example “Windows 10 Enterprise” or “Windows 10 Education”, you can then choose the specific release by clicking **Download** and choosing the **Download Method**, **Language**, and **Operating system Type** (bitness). - ->If you do not see a Windows 10 release available in the list of downloads, verify the [release date](https://technet.microsoft.com/windows/release-info.aspx). - -In Windows 10, version 1709 the packaging of volume licensing media and upgrade packages is different than it has been for previous releases. Instead of having separate media and packages for Windows 10 Pro (volume licensing version), Windows 10 Enterprise, and Windows 10 Education, all three are bundled together. The following section explains this change. - -### Windows 10, version 1709 - -Windows 10, version 1709 is available starting on 10/17/2017 in all relevant distribution channels. Note: An updated [Windows ADK for Windows 10](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) is also available. - -For ISOs that you download from the VLSC or Visual Studio Subscriptions, you can still search for the individual Windows editions. However, each of these editions (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education) will point to the same ISO file, so you only need to download the ISO once. A single Windows image (WIM) file is included in the ISO that contains all the volume licensing images: - -![Images](images/table01.png) - -When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or System Center Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update. - -For packages published to Windows Server Update Services (WSUS), you’ll also notice the change because, instead of having separate packages for each Windows edition, there will be just one package: - -
- -| Title | Classification | Description | -| --- | --- | --- | -| Feature update to Windows 10, version 1709, \ | Upgrades | Package to upgrade Windows 10 Pro (VL), Windows 10 Enterprise, or Windows 10 Education to version 1709 | -| Windows 7 and 8.1 upgrade to Windows 10, version 1709, \ | Upgrades | Package to upgrade Windows 7 Professional (VL), Windows 7 Enterprise, Windows 8.1 Professional (VL), or Windows 8.1 Enterprise to Windows 10 1709 | - -
- -When you approve one of these packages, it applies to all of the editions. - -This Semi-Annual Channel release of Windows 10 continues the Windows as a service methodology.  For more information about implementing Windows as a service in your organization in order to stay up to date with Windows, see [Update Windows 10 in the enterprise](https://aka.ms/waas). - - -### Language packs - -- **Windows 10 versions 1507 and 1511**: you can select **Windows 10 Enterprise Language Pack**, click **Download** and then select **English** and **64-bit** to see these downloads.  -- **Windows 10 1607 and later**: you must select **Multilanguage** from the drop-down list of languages. - -See the following example for Windows 10, version 1709: - -![Windows 10, version 1709 lang pack](images/lang-pack-1709.png) - -### Features on demand - -[Features on demand](https://blogs.technet.microsoft.com/mniehaus/2015/08/31/adding-features-including-net-3-5-to-windows-10/) can be downloaded by searching for "**Windows 10 Enterprise Features on Demand**" and then following the same download process that is described above. - -Features on demand is a method for adding features to your Windows 10 image that aren’t included in the base operating system image. - - -## Related topics - -[Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/download/details.aspx?id=10585) -
[Volume Activation for Windows 10](https://docs.microsoft.com/windows/deployment/volume-activation/volume-activation-windows-10) -
[Plan for volume activation](https://docs.microsoft.com/windows/deployment/volume-activation/plan-for-volume-activation-client) -
[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) -
[Download and burn an ISO file on the volume licensing site (VLSC)](https://support.microsoft.com/help/2472143/download-and-burn-an-iso-file-on-the-volume-licensing-site-vlsc) - - -  - -  - - - - - +--- +title: Windows 10 volume license media +description: Learn about volume license media in Windows 10, and channels such as the Volume License Service Center (VLSC). +keywords: deploy, upgrade, update, software, media +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.date: 10/20/2017 +ms.reviewer: +manager: laurawi +ms.audience: itpro +author: greg-lindsay +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows 10 volume license media + + +**Applies to** + +- Windows 10 + +With each release of Windows 10, volume license media is made available on the [Volume Licensing Service Center](https://www.microsoft.com/vlsc) (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. This topic provides a description of volume license media, and describes some of the changes that have been implemented with the current release of Windows 10. + +## Windows 10 media + +To download Windows 10 installation media from the VLSC, use the product search filter to find “Windows 10.”  A list of products will be displayed. The page then allows you to use your search results to download products, view keys, and view product and key descriptions. + +When you select a product, for example “Windows 10 Enterprise” or “Windows 10 Education”, you can then choose the specific release by clicking **Download** and choosing the **Download Method**, **Language**, and **Operating system Type** (bitness). + +>If you do not see a Windows 10 release available in the list of downloads, verify the [release date](https://technet.microsoft.com/windows/release-info.aspx). + +In Windows 10, version 1709 the packaging of volume licensing media and upgrade packages is different than it has been for previous releases. Instead of having separate media and packages for Windows 10 Pro (volume licensing version), Windows 10 Enterprise, and Windows 10 Education, all three are bundled together. The following section explains this change. + +### Windows 10, version 1709 + +Windows 10, version 1709 is available starting on 10/17/2017 in all relevant distribution channels. Note: An updated [Windows ADK for Windows 10](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) is also available. + +For ISOs that you download from the VLSC or Visual Studio Subscriptions, you can still search for the individual Windows editions. However, each of these editions (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education) will point to the same ISO file, so you only need to download the ISO once. A single Windows image (WIM) file is included in the ISO that contains all the volume licensing images: + +![Images](images/table01.png) + +When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or System Center Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update. + +For packages published to Windows Server Update Services (WSUS), you’ll also notice the change because, instead of having separate packages for each Windows edition, there will be just one package: + +
+ +| Title | Classification | Description | +| --- | --- | --- | +| Feature update to Windows 10, version 1709, \ | Upgrades | Package to upgrade Windows 10 Pro (VL), Windows 10 Enterprise, or Windows 10 Education to version 1709 | +| Windows 7 and 8.1 upgrade to Windows 10, version 1709, \ | Upgrades | Package to upgrade Windows 7 Professional (VL), Windows 7 Enterprise, Windows 8.1 Professional (VL), or Windows 8.1 Enterprise to Windows 10 1709 | + +
+ +When you approve one of these packages, it applies to all of the editions. + +This Semi-Annual Channel release of Windows 10 continues the Windows as a service methodology.  For more information about implementing Windows as a service in your organization in order to stay up to date with Windows, see [Update Windows 10 in the enterprise](https://aka.ms/waas). + + +### Language packs + +- **Windows 10 versions 1507 and 1511**: you can select **Windows 10 Enterprise Language Pack**, click **Download** and then select **English** and **64-bit** to see these downloads.  +- **Windows 10 1607 and later**: you must select **Multilanguage** from the drop-down list of languages. + +See the following example for Windows 10, version 1709: + +![Windows 10, version 1709 lang pack](images/lang-pack-1709.png) + +### Features on demand + +[Features on demand](https://blogs.technet.microsoft.com/mniehaus/2015/08/31/adding-features-including-net-3-5-to-windows-10/) can be downloaded by searching for "**Windows 10 Enterprise Features on Demand**" and then following the same download process that is described above. + +Features on demand is a method for adding features to your Windows 10 image that aren’t included in the base operating system image. + + +## Related topics + +[Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/download/details.aspx?id=10585) +
[Volume Activation for Windows 10](https://docs.microsoft.com/windows/deployment/volume-activation/volume-activation-windows-10) +
[Plan for volume activation](https://docs.microsoft.com/windows/deployment/volume-activation/plan-for-volume-activation-client) +
[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) +
[Download and burn an ISO file on the volume licensing site (VLSC)](https://support.microsoft.com/help/2472143/download-and-burn-an-iso-file-on-the-volume-licensing-site-vlsc) + + +  + +  + + + + + diff --git a/windows/deployment/windows-autopilot/autopilot-support.md b/windows/deployment/windows-autopilot/autopilot-support.md index 233173427b..7fd687321a 100644 --- a/windows/deployment/windows-autopilot/autopilot-support.md +++ b/windows/deployment/windows-autopilot/autopilot-support.md @@ -1,6 +1,6 @@ --- title: Windows Autopilot support -description: Support information for Windows Autopilot +description: Find out who to contact for help with your Windows Autopilot installation. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index e0c4077f94..067d2d3504 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -1,6 +1,6 @@ --- title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business) -description: How to Validate Public Key Infrastructure for Windows Hello for Business +description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 8b3b535bc4..9d05788513 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -1,6 +1,6 @@ --- title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business) -description: Provisioning for Hybrid Windows Hello for Business Deployments +description: Provisioning for hybrid certificate trust deployments of Windows Hello for Businesss. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 351e8af565..74797d1ac1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -1,6 +1,6 @@ --- title: Windows Hello for Business Key Trust New Installation -description: Windows Hello for Business Hybrid baseline deployment +description: Learn how to perform a hybrid key trust deployment of Windows Hello for Business, for systems with no previous installations. keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 99e9682540..526f538aa6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -1,6 +1,6 @@ --- title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business) -description: Provisioning for Hybrid Windows Hello for Business Deployments +description: Provisioning for hybrid key trust deployments of Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index df1cdd141d..5f6fb9480c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -1,6 +1,6 @@ --- title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business) -description: How to Validate Public Key Infrastructure for Windows Hello for Business +description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. keywords: identity, PIN, biometric, Hello, passport ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index a4990b44f7..609d5c04cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -1,6 +1,6 @@ --- title: Use automated investigations to investigate and remediate threats -description: View the list of automated investigations, its status, detection source and other details. +description: Understand the automated investigation flow in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). keywords: automated, investigation, detection, source, threat types, id, tags, machines, duration, filter export search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index fa48fed697..d6a0591dad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -1,7 +1,7 @@ --- title: Use Microsoft Defender Advanced Threat Protection APIs ms.reviewer: -description: Use the exposed data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. +description: Learn how to design a native Windows app to get programmatic access to Microsoft Defender ATP without a user. keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md index a54534e8f5..f69367a074 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md @@ -1,7 +1,7 @@ --- title: Create an Application to access Microsoft Defender ATP without a user ms.reviewer: -description: Use the exposed data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. +description: Learn how to design a web app to get programmatic access to Microsoft Defender ATP without a user. keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 87208d5142..9614834d72 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -1,6 +1,6 @@ --- title: Learn about the automated investigations dashboard in Microsoft Defender Security Center -description: View the list of automated investigations, its status, detection source and other details. +description: View the automated investigations list. View the status, detection source and other details for automated investigations. keywords: autoir, automated, investigation, detection, dashboard, source, threat types, id, tags, machines, duration, filter export search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index a9250a0e9e..fc2d28a1c6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -1,6 +1,6 @@ --- title: Microsoft recommended block rules (Windows 10) -description: To help you plan and begin the initial test stages of a deployment of Microsoft Windows Defender Application Control, this article outlines how to gather information, create a plan, and begin to create and test initial code integrity policies. +description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index 80ddc17590..7b2d9a09d7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -1,6 +1,6 @@ --- title: Planning and getting started on the Windows Defender Application Control deployment process (Windows 10) -description: To help you plan and begin the initial test stages of a deployment of Microsoft Windows Defender Application Control, this article outlines how to gather information, create a plan, and begin to create and test initial code integrity policies. +description: Learn how to gather information, create a plan, and begin to create and test initial code integrity policies for your Windows Defender Application Control deployment. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index a7def9d5fd..5508e75a4f 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -1,6 +1,6 @@ --- title: How a Windows Defender System Guard helps protect Windows 10 -description: Windows Defender System Guard in Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits. +description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index 30b70df2a4..e3e3748b5c 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -1,6 +1,6 @@ --- title: Windows security baselines -description: This article, and the articles it links to, describe how to use Windows security baselines in your organization +description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server, and Office 365 ProPlus. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index 6ef956ed10..bfabb7cc00 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -1,6 +1,6 @@ --- title: Get support for Windows security baselines -description: This article, and the articles it links to, answers frequently asked question on how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization +description: Find answers to frequently asked question on how to get support for Windows baselines, the Security Compliance Toolkit (SCT), and related topics in your organization. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 723c0bfe49..78f942c5a5 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -1,6 +1,6 @@ --- title: Windows security baselines guide -description: This article, and the articles it links to, describe how to use Windows security baselines in your organization +description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server 2016, and Office 2016. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy From 0005059cb07f5acdf19146e29aeb71ddf357d672 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 26 Dec 2019 13:36:27 -0800 Subject: [PATCH 144/167] Changed "organizationspro" to "organization" --- .../configuration/change-history-for-configure-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index daaca17946..700b2a16cc 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -119,7 +119,7 @@ The following topics were moved into the [Privacy](/windows/privacy/index) libra New or changed topic | Description --- | --- -[Configure Windows diagnostic data in your organizationspro](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | Updated endpoints. +[Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | Updated endpoints. [Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied. ## March 2018 @@ -233,4 +233,4 @@ The topics in this library have been updated for Windows 10, version 1703 (also - [Use the Lockdown Designer app to create a Lockdown XML file](mobile-devices/mobile-lockdown-designer.md) - [Add image for secondary tiles](start-secondary-tiles.md) - [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md) -- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) \ No newline at end of file +- [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703) From 705b977dce07dde1a109b9df4f34c3e4a1613df1 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 26 Dec 2019 13:40:41 -0800 Subject: [PATCH 145/167] Changed "review configure" to "review"... ...and corrected the name of the targeted topic in the link. --- .../hello-for-business/hello-hybrid-key-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 74797d1ac1..6ab596d350 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -126,7 +126,7 @@ If your organization uses Azure MFA on a per-consumption model (no licenses), th Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings. Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings. #### Azure MFA User States -After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users. +After you have completed configuring your Azure MFA settings, you want to review [How to require two-step verification for a user](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users. ### Azure MFA via ADFS Alternatively, you can configure Windows Server 2016 Active Directory Federation Services (AD FS) to provide additional multi-factor authentication. To configure, read the [Configure AD FS 2016 and Azure MFA](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa) section. From e6e4e5407d0cafd717296924343a366649f8130a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 26 Dec 2019 13:51:56 -0800 Subject: [PATCH 146/167] Corrected markup of a note --- windows/deployment/windows-10-media.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 5ca3782f46..2b435c0edc 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -31,7 +31,8 @@ To download Windows 10 installation media from the VLSC, use the product search When you select a product, for example “Windows 10 Enterprise” or “Windows 10 Education”, you can then choose the specific release by clicking **Download** and choosing the **Download Method**, **Language**, and **Operating system Type** (bitness). ->If you do not see a Windows 10 release available in the list of downloads, verify the [release date](https://technet.microsoft.com/windows/release-info.aspx). +> [!NOTE] +> If you do not see a Windows 10 release available in the list of downloads, verify the [release date](https://technet.microsoft.com/windows/release-info.aspx). In Windows 10, version 1709 the packaging of volume licensing media and upgrade packages is different than it has been for previous releases. Instead of having separate media and packages for Windows 10 Pro (volume licensing version), Windows 10 Enterprise, and Windows 10 Education, all three are bundled together. The following section explains this change. From a4ec3067768daeed637c8bb44b33939084eb024e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 26 Dec 2019 13:55:43 -0800 Subject: [PATCH 147/167] =?UTF-8?q?Changed=20"Windows=EF=BF=BD10"=20to=20"?= =?UTF-8?q?Windows=2010"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaced a character that was rendered as a question mark in a diamond with a space character. --- .../hello-for-business/hello-hybrid-key-whfb-provision.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 526f538aa6..85992e20d5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -19,7 +19,7 @@ ms.reviewer: # Hybrid Windows Hello for Business Provisioning **Applies to** -- Windows�10, version 1703 or later +- Windows 10, version 1703 or later - Hybrid deployment - Key trust From 63360e14388826ebe78a6a7c62cf1e05a0c059e1 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 26 Dec 2019 13:59:01 -0800 Subject: [PATCH 148/167] Corrected markup of a tip --- .../microsoft-defender-atp/automated-investigations.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 609d5c04cb..b9aad84bc9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -23,7 +23,8 @@ Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) offers a The automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. The **Automated investigations** list shows all the investigations that were initiated automatically, and includes details, such as status, detection source, and when the investigation was initiated. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) +> [!TIP] +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) ## Understand the automated investigation flow From 76c68f76bfc03a2c37ac6875c7ed7ffd0ca75c5c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 26 Dec 2019 14:04:31 -0800 Subject: [PATCH 149/167] Corrected an ordered list to unordered --- ...how-hardware-based-root-of-trust-helps-protect-windows.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 5508e75a4f..87aa58c2e4 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -60,10 +60,11 @@ Secure Launch simplifies management of SRTM measurements because the launch code System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS. SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor. + To defend against this, two techniques are used: -1. Paging protection to prevent inappropriate access to code and data -2. SMM hardware supervision and attestation + - Paging protection to prevent inappropriate access to code and data + - SMM hardware supervision and attestation Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been specifically assigned. From b99e1b5f1c39496fc7e16556575d2fd78903e3e0 Mon Sep 17 00:00:00 2001 From: illfated Date: Fri, 27 Dec 2019 01:14:06 +0100 Subject: [PATCH 150/167] Windows 2 Go/Kingston IronKey USB: URL updated Based on the suggestion from @jvsam in issue ticket #5562 (Erreur 404), all the 3 links used for Kingston IronKey USB drives should point to the same Kingston DataTraveler Workspace+B2:M22 support page https://www.kingston.com/support/technical/products?model=dtws Thanks to Efflamm for reporting the link as broken (error 404). Changes proposed: - Replace the 3 different go.microsoft.com/fwlink/ URLs with a common link pointing to the DataTraveler Workspace+B2:M22 support page. issue ticket closure or reference: Closes #5562 --- windows/deployment/planning/windows-to-go-overview.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index ba83d6224b..d162aa111d 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -92,9 +92,9 @@ As of the date of publication, the following are the USB drives currently certif > [!WARNING] > Using a USB drive that has not been certified is not supported. -- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714)) -- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717)) -- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718)) +- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://www.kingston.com/support/technical/products?model=dtws)) +- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws)) +- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws)) - Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719)) - Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) From a27dba1c16e0c7364bc2e62e8cb6fe485df85fec Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 27 Dec 2019 17:33:26 -0500 Subject: [PATCH 151/167] reviewed items through #138 --- windows/client-management/mdm/index.md | 2 +- .../mdm/windowssecurityauditing-ddf-file.md | 2 +- ...ng-your-application-mitigation-packages.md | 2 +- ...olume-activation-management-tool-client.md | 159 +++++++++--------- .../volume-activation-windows-10.md | 2 +- .../collect-wip-audit-event-logs.md | 2 +- .../overview-create-wip-policy-sccm.md | 2 +- .../audit-application-group-management.md | 2 +- .../auditing/audit-detailed-file-share.md | 2 +- .../audit-directory-service-access.md | 2 +- .../auditing/basic-audit-object-access.md | 2 +- .../microsoft-defender-atp/tvm-weaknesses.md | 2 +- ...ager-hash-value-on-next-password-change.md | 2 +- ...ity-restrict-ntlm-incoming-ntlm-traffic.md | 2 +- ...ly-sign-communications-if-server-agrees.md | 2 +- 15 files changed, 94 insertions(+), 93 deletions(-) diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 7608a417e2..44d416b67a 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -1,6 +1,6 @@ --- title: Mobile device management -description: Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. +description: Windows 10 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy MS-HAID: - 'p\_phDeviceMgmt.provisioning\_and\_device\_management' - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm' diff --git a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md index a42d7ec535..c4710fae63 100644 --- a/windows/client-management/mdm/windowssecurityauditing-ddf-file.md +++ b/windows/client-management/mdm/windowssecurityauditing-ddf-file.md @@ -1,6 +1,6 @@ --- title: WindowsSecurityAuditing DDF file -description: This topic shows the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. This CSP was added in Windows 10, version 1511. +description: View the OMA DM device description framework (DDF) for the WindowsSecurityAuditing configuration service provider. ms.assetid: B1F9A5FA-185B-48C6-A7F4-0F0F23B971F0 ms.reviewer: manager: dansimp diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md index 6782e5861f..c3c759c319 100644 --- a/windows/deployment/planning/testing-your-application-mitigation-packages.md +++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md @@ -1,6 +1,6 @@ --- title: Testing Your Application Mitigation Packages (Windows 10) -description: This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues. +description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues. ms.assetid: ae946f27-d377-4db9-b179-e8875d454ccf ms.reviewer: manager: laurawi diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 39f4344b23..07047dd903 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -1,79 +1,80 @@ ---- -title: Use the Volume Activation Management Tool (Windows 10) -description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. -ms.assetid: b11f0aee-7b60-44d1-be40-c960fc6c4c47 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: vamt, volume activation, activation, windows activation -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.date: 07/27/2017 -ms.topic: article ---- - -# Use the Volume Activation Management Tool - -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 - -**Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) - -The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. - -By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be -installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. - -The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). - -In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature. - -## Activating with the Volume Activation Management Tool - -You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios: -- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. - By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations. - -## Tracking products and computers with the Volume Activation Management Tool - -The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing. - -![VAMT showing the licensing status of multiple computers](../images/volumeactivationforwindows81-18.jpg) - -**Figure 18**. The VAMT showing the licensing status of multiple computers - -## Tracking key usage with the Volume Activation Management Tool - -The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. - -![VAMT showing key types and usage](../images/volumeactivationforwindows81-19.jpg) - -**Figure 19**. The VAMT showing key types and usage - -## Other Volume Activation Management Tool features - -The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: -- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. -- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. -- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. - -For more information, see: -- [Volume Activation Management Tool (VAMT) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618266) -- [VAMT Step-by-Step Scenarios](https://go.microsoft.com/fwlink/p/?LinkId=618267) - -## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) -  -  +--- +title: Use the Volume Activation Management Tool (Windows 10) +description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys. +ms.assetid: b11f0aee-7b60-44d1-be40-c960fc6c4c47 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: vamt, volume activation, activation, windows activation +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.date: 07/27/2017 +ms.topic: article +--- + +# Use the Volume Activation Management Tool + +**Applies to** +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2008 R2 + +**Looking for retail activation?** +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) + +The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. + +By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be +installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. + +The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). + +In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature. + +## Activating with the Volume Activation Management Tool + +You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios: +- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. +- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. + By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations. + +## Tracking products and computers with the Volume Activation Management Tool + +The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing. + +![VAMT showing the licensing status of multiple computers](../images/volumeactivationforwindows81-18.jpg) + +**Figure 18**. The VAMT showing the licensing status of multiple computers + +## Tracking key usage with the Volume Activation Management Tool + +The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. + +![VAMT showing key types and usage](../images/volumeactivationforwindows81-19.jpg) + +**Figure 19**. The VAMT showing key types and usage + +## Other Volume Activation Management Tool features + +The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: +- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. +- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. +- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. + +For more information, see: +- [Volume Activation Management Tool (VAMT) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618266) +- [VAMT Step-by-Step Scenarios](https://go.microsoft.com/fwlink/p/?LinkId=618267) + +## See also +- [Volume Activation for Windows 10](volume-activation-windows-10.md) +  +  diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index f308f019a8..a820b9e25b 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -1,6 +1,6 @@ --- title: Volume Activation for Windows 10 -description: This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. +description: Learn how to use volume activation to deploy & activate Windows 10. Includes details for orgs that have used volume activation for earlier versions of Windows. ms.assetid: 6e8cffae-7322-4fd3-882a-cde68187aef2 ms.reviewer: manager: laurawi diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 0d7d91e071..78edc9a59e 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -1,6 +1,6 @@ --- title: How to collect Windows Information Protection (WIP) audit event logs (Windows 10) -description: How to collect and understand your Windows Information Protection audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices only). +description: How to collect & understand Windows Information Protection audit event logs via the Reporting configuration service provider (CSP) or Windows Event Forwarding. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md index 40ab9e148d..e8ad475fda 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md @@ -1,6 +1,6 @@ --- title: Create a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10) -description: System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +description: System Center Configuration Manager helps you create & deploy your enterprise data protection (WIP) policy. ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: ms.prod: w10 diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 96f7a50301..8dce282dfa 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -1,6 +1,6 @@ --- title: Audit Application Group Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed. +description: The policy setting, Audit Application Group Management, determines if audit events are generated when application group management tasks are performed. ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 41ed83320d..69a9d636c7 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -1,6 +1,6 @@ --- title: Audit Detailed File Share (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder. +description: The Advanced Security Audit policy setting, Audit Detailed File Share, allows you to audit attempts to access files and folders on a shared folder. ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index ae15d23652..0a13f90a87 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -1,6 +1,6 @@ --- title: Audit Directory Service Access (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (ADÂ DS) object is accessed. +description: The policy setting Audit Directory Service Access determines if audit events are generated when an Active Directory Domain Services (ADA DS) object is accessed. ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 438dd850c9..b6b09ddae8 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -1,6 +1,6 @@ --- title: Audit object access (Windows 10) -description: Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified. +description: The policy setting, Audit object access, determines whether to audit the event generated when a user accesses an object that has its own SACL specified. ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 4a0ed9a714..bc53f59808 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -1,6 +1,6 @@ --- title: Weaknesses -description: The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, breach, and threat insights. +description: Windows Defender Security Center offers a Weaknesses page, which lists vulnerabilities found in the infected software running in your organization. keywords: mdatp threat & vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md index 17bf06d448..49e3824a89 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md @@ -1,6 +1,6 @@ --- title: Network security Do not store LAN Manager hash value on next password change (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network security Do not store LAN Manager hash value on next password change security policy setting. +description: Best practices, security considerations, and more for the security policy setting, Network security Do not store LAN Manager hash value on next password change. ms.assetid: 6452b268-e5ba-4889-9d38-db28f919af51 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md index 01de4dd73c..2b0c20bc29 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md @@ -1,6 +1,6 @@ --- title: Network security Restrict NTLM Incoming NTLM traffic (Windows 10) -description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Incoming NTLM traffic security policy setting. +description: Best practices, security considerations, and more for the security policy setting, Network Security Restrict NTLM Incoming NTLM traffic. ms.assetid: c0eff7d3-ed59-4004-908a-2205295fefb8 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index db0f82e3ff..9a0a7b65c2 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -1,6 +1,6 @@ --- title: SMBv1 Microsoft network client Digitally sign communications (if server agrees) (Windows 10) -description: For SMBv1 only, describes the best practices, location, values, and security considerations for the Microsoft network client Digitally sign communications (if server agrees) security policy setting. +description: Best practices, location, values, and security considerations for the policy setting, Microsoft network client Digitally sign communications (if server agrees). ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd ms.reviewer: ms.author: dansimp From f8b014109b0ea05d2179b28dfa04269832b2d57f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 27 Dec 2019 15:50:19 -0800 Subject: [PATCH 152/167] Indent 2 notes in procedures --- .../microsoft-defender-atp/tvm-weaknesses.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index bc53f59808..aa146289f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -50,8 +50,8 @@ You can access the list of vulnerabilities in a few places in the portal: ![tvm-vuln-globalsearch](images/tvm-vuln-globalsearch.png) 3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates. ->[!NOTE] ->To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search. + > [!NOTE] + > To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search. *Weaknesses page in the menu* 1. Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open up the list of vulnerabilities found in your organization. @@ -116,8 +116,8 @@ You can report a false positive when you see any vague, inaccurate, missing, or 5. Include your machine name for investigation context. ->[!NOTE] -> You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context. + > [!NOTE] + > You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context. 6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context. From 4b101fb56033b791d008362e0803f1a79cba11a5 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 27 Dec 2019 15:52:52 -0800 Subject: [PATCH 153/167] Changed a list from ordered to unordered to meet style guidelines --- ...ot-store-lan-manager-hash-value-on-next-password-change.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md index 49e3824a89..32ad4fc2b7 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md @@ -38,8 +38,8 @@ By attacking the SAM file, attackers can potentially gain access to user names a ### Best practices -1. Set **Network security: Do not store LAN Manager hash value on next password change** to **Enabled**. -2. Require all users to set new passwords the next time they log on to the domain so that LAN Manager hashes are removed. + - Set **Network security: Do not store LAN Manager hash value on next password change** to **Enabled**. + - Require all users to set new passwords the next time they log on to the domain so that LAN Manager hashes are removed. ### Location From 688dd6708365b54cedb904bdc582f6cf388a4981 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 27 Dec 2019 16:01:14 -0800 Subject: [PATCH 154/167] Style corrections: changed list to unordered, corrected markup of note --- ...lient-digitally-sign-communications-if-server-agrees.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index 9a0a7b65c2..47483249d7 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -51,14 +51,14 @@ There are three other policy settings that relate to packet-signing requirements ### Best practices -1. Configure the following security policy settings as follows: + - Configure the following security policy settings as follows: - Disable [Microsoft network client: Digitally sign communications (always)](smbv1-microsoft-network-client-digitally-sign-communications-always.md). - Disable [Microsoft network server: Digitally sign communications (always)](smbv1-microsoft-network-server-digitally-sign-communications-always.md). - Enable **Microsoft Network Client: Digitally Sign Communications (If Server Agrees)**. - Enable [Microsoft network server: Digitally sign communications (if client agrees)](smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md). -2. Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems. + - Alternately, you can set all of these policy settings to Enabled, but enabling them can cause slower performance on client devices and prevent them from communicating with legacy SMB applications and operating systems. ### Location @@ -107,7 +107,8 @@ Configure the settings as follows: In highly secure environments we recommend that you configure all of these settings to Enabled. However, that configuration may cause slower performance on client devices and prevent communications with earlier SMB applications and operating systems. ->**Note:**  An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. +> [!NOTE] +> An alternative countermeasure that could protect all network traffic is to implement digital signatures with IPsec. There are hardware-based accelerators for IPsec encryption and signing that could be used to minimize the performance impact on the servers' CPUs. No such accelerators are available for SMB signing. ### Potential impact From af951b97fdc52b8d81792834db0534389f9a2a6e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 27 Dec 2019 17:20:26 -0800 Subject: [PATCH 155/167] link updates --- .../intelligence/prevent-malware-infection.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 7bce69882c..b6125b263c 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -53,7 +53,7 @@ Using pirated content is not only illegal, it can also expose your device to mal Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported. -To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/s-mode?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed. +To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/s-mode), which ensures that only vetted apps from the Windows Store are installed. ## Don't attach unfamiliar removable drives @@ -65,7 +65,7 @@ Only use removable drives that you are familiar with or that come from a trusted At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. -By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/access-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. +By default, Windows uses [User Account Control (UAC)](../access-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. @@ -77,7 +77,7 @@ Whenever necessary, log in as an administrator to install apps or make configura To further ensure that data is protected from malware as well as other threats: -* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about/?ocid=cx-wdsi-articles) for reliable cloud-based copies that allows access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware. +* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about) for reliable cloud-based copies that allows access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware. * Be wary when connecting to public hotspots, particularly those that do not require authentication. @@ -93,7 +93,7 @@ Microsoft provides comprehensive security capabilities that help protect against * [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up-to-date to get the latest protections. -* [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. +* [Controlled folder access](../microsoft-defender-atp/enable-controlled-folders.md) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. * [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) browser protects against threats such as ransomware by preventing exploit kits from running. By using [Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/index), Microsoft Edge blocks access to malicious websites. @@ -101,13 +101,13 @@ Microsoft provides comprehensive security capabilities that help protect against * [Microsoft Safety Scanner](safety-scanner-download.md) helps remove malicious software from computers. NOTE: This tool does not replace your antimalware product. -* [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/#pivot=itadmin&panel=it-security) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data. +* [Microsoft 365](https://docs.microsoft.com/microsoft-365/enterprise/) includes Office 365, Windows 10, and Enterprise Mobility + Security. These resources power productivity while providing intelligent security across users, devices, and data. -* [Office 365 Advanced Threat Protection](https://technet.microsoft.com/library/exchange-online-advanced-threat-protection-service-description.aspx) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders. +* [Office 365 Advanced Threat Protection](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description) includes machine learning capabilities that block dangerous emails, including millions of emails carrying ransomware downloaders. * [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection. -* [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender ATP free of charge. +* [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender ATP free of charge. * [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account. From 06395f1bfb8148dbd18b203bedaa779fe091b7ce Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 27 Dec 2019 17:39:29 -0800 Subject: [PATCH 156/167] fixed url --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index b6125b263c..0aeeda5cb3 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -65,7 +65,7 @@ Only use removable drives that you are familiar with or that come from a trusted At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. -By default, Windows uses [User Account Control (UAC)](../access-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. +By default, Windows uses [User Account Control (UAC)](../identity-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. From 4593992a76db2861356461c340c502f3a7832b90 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 27 Dec 2019 17:56:03 -0800 Subject: [PATCH 157/167] updated link --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 0aeeda5cb3..6b5251e172 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -65,7 +65,7 @@ Only use removable drives that you are familiar with or that come from a trusted At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. -By default, Windows uses [User Account Control (UAC)](../identity-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. +By default, Windows uses [User Account Control (UAC)](../security/identity-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. From d0ff0b40fe9a1d1eaa5843c967c1007a82958fe9 Mon Sep 17 00:00:00 2001 From: Jack Lin Date: Sun, 29 Dec 2019 11:08:37 +1100 Subject: [PATCH 158/167] Fix spelling mistake in open-windows-firewall-with-advanced-security.md --- .../open-windows-firewall-with-advanced-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index 17d43619ee..cbf3fd9257 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -31,7 +31,7 @@ To complete this procedure, you must be a member of the Administrators group. Fo ## To open Windows Defender Firewall using the UI -Click Start, type **Windows Defender Firewall**, and the press ENTER. +Click Start, type **Windows Defender Firewall**, and then press ENTER. ## To open Windows Defender Firewall from a command prompt From 4787b28007ec32d3d23cc6be566e84a4ad7f4339 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 30 Dec 2019 00:10:59 +0500 Subject: [PATCH 159/167] RegEditor Information Correction There is data correction made for setting tags using Registry Editor. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5553 --- .../threat-protection/microsoft-defender-atp/machine-tags.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md index 608409befc..daf8b70f1e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine-tags.md @@ -76,8 +76,8 @@ Machines with similar tags can be handy when you need to apply contextual action Use the following registry key entry to add a tag on a machine: - Registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\` -- Registry key name: `Group` -- Registry key value (REG_SZ): `Name of the tag you want to set` +- Registry key value (REG_SZ): `Group` +- Registry key data: `Name of the tag you want to set` >[!NOTE] >The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report. From 42a566b80d15c31a10da223519b79b93778ea8cc Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 30 Dec 2019 00:28:39 +0500 Subject: [PATCH 160/167] Command Upgrade With recent changes in how autopilot JSON file creation works, the command in action is Connect-MSGraph and has been updated in the doc. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5443 --- windows/deployment/windows-autopilot/existing-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 9f4cdcfc25..d1699e9473 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -74,7 +74,7 @@ See the following examples. - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. ```powershell - Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com + Connect-MSGraph ``` The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
See the following example: From 4d3377d16814dd2b52d272cf4312cb8f2a3eabe4 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 30 Dec 2019 00:37:17 +0500 Subject: [PATCH 161/167] Broken Link Upgrade A broken link has been updated. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5752 --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 7bce69882c..dd9d229a58 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -93,7 +93,7 @@ Microsoft provides comprehensive security capabilities that help protect against * [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up-to-date to get the latest protections. -* [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. +* [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. * [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) browser protects against threats such as ransomware by preventing exploit kits from running. By using [Windows Defender SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/index), Microsoft Edge blocks access to malicious websites. From 9e3b64e80a2668f27fa2a582879657bb7bfc10c8 Mon Sep 17 00:00:00 2001 From: Mark Aldridge Date: Mon, 30 Dec 2019 16:05:34 +1100 Subject: [PATCH 162/167] Updated PowerShell command #5443 Connect-AutopilotIntune has been removed from the module. For more info see https://oofhours.com/2019/11/02/whats-new-with-the-windowsautopilotintune-powershell-module/ --- windows/deployment/windows-autopilot/existing-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 9f4cdcfc25..0fd535d10e 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -74,7 +74,7 @@ See the following examples. - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights. ```powershell - Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com + Connect-MSGraph -user admin@M365x373186.onmicrosoft.com ``` The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
See the following example: From 1f85e383d97f7eb814bba87a1f154554ce722b9f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 30 Dec 2019 09:55:51 -0800 Subject: [PATCH 163/167] trying to go directly to file --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 6b5251e172..71f4e058ab 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -65,7 +65,7 @@ Only use removable drives that you are familiar with or that come from a trusted At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. -By default, Windows uses [User Account Control (UAC)](../security/identity-protection/user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. +By default, Windows uses [User Account Control (UAC)](../user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. From 9c1830edd117734f6c54f5d3b0acbbce5b6a62ba Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 30 Dec 2019 10:05:39 -0800 Subject: [PATCH 164/167] full link --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 71f4e058ab..b0fa8e3398 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -65,7 +65,7 @@ Only use removable drives that you are familiar with or that come from a trusted At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. -By default, Windows uses [User Account Control (UAC)](../user-account-control/user-account-control-overview.md) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. +By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. From 9770f4c6ad239283745cd9e39acaa15eb73d4ba3 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 30 Dec 2019 10:16:21 -0800 Subject: [PATCH 165/167] grammar --- .../intelligence/prevent-malware-infection.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index b0fa8e3398..3313e1d680 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -17,9 +17,9 @@ search.appverid: met150 --- # Prevent malware infection -Malware authors are always looking for new ways to infect computers. Follow the simple tips below to stay protected and minimize threats to your data and accounts. +Malware authors are always looking for new ways to infect computers. Follow the tips below to stay protected and minimize threats to your data and accounts. -## Keep software up-to-date +## Keep software up to date [Exploits](exploits-malware.md) typically use vulnerabilities in popular software such as web browsers, Java, Adobe Flash Player, and Microsoft Office to infect devices. Software updates patch vulnerabilities so they aren't available to exploits anymore. @@ -27,7 +27,7 @@ To keep Microsoft software up to date, ensure that [automatic Microsoft Updates] ## Be wary of links and attachments -Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails will give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. +Email and other messaging tools are a few of the most common ways your device can get infected. Attachments or links in messages can open malware directly or can stealthily trigger a download. Some emails give instructions to allow macros or other executable content designed to make it easier for malware to infect your devices. * Use an email service that provides protection against malicious attachments, links, and abusive senders. [Microsoft Office 365](https://support.office.com/article/Anti-spam-and-anti-malware-protection-in-Office-365-5ce5cf47-2120-4e51-a403-426a13358b7e) has built-in antimalware, link protection, and spam filtering. @@ -35,7 +35,7 @@ For more information, see [phishing](phishing.md). ## Watch out for malicious or compromised websites -By visiting malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers. +When you visit malicious or compromised sites, your device can get infected with malware automatically or you can get tricked into downloading and installing malware. See [exploits and exploit kits](exploits-malware.md) as an example of how some of these sites can automatically install malware to visiting computers. To identify potentially harmful websites, keep the following in mind: @@ -43,7 +43,7 @@ To identify potentially harmful websites, keep the following in mind: * Sites that aggressively open popups and display misleading buttons often trick users into accepting content through constant popups or mislabeled buttons. -To block malicious websites, use a modern web browser like [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) which identifies phishing and malware websites and checks downloads for malware. +To block malicious websites, use a modern web browser like [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge?ocid=cx-wdsi-articles) that identifies phishing and malware websites and checks downloads for malware. If you encounter an unsafe site, click **More […] > Send feedback** on Microsoft Edge. You can also [report unsafe sites directly to Microsoft](https://www.microsoft.com/wdsi/support/report-unsafe-site). @@ -57,7 +57,7 @@ To stay safe, download movies, music, and apps from official publisher websites ## Don't attach unfamiliar removable drives -Some types of malware can spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives—leaving these drives in public places to victimize unsuspecting individuals. +Some types of malware spread by copying themselves to USB flash drives or other removable drives. There are malicious individuals that intentionally prepare and distribute infected drives by leaving them in public places for unsuspecting individuals. Only use removable drives that you are familiar with or that come from a trusted source. If a drive has been used in publicly accessible devices, like computers in a café or a library, make sure you have antimalware running on your computer before you use the drive. Avoid opening unfamiliar files you find on suspect drives, including Office and PDF documents and executable files. @@ -65,7 +65,7 @@ Only use removable drives that you are familiar with or that come from a trusted At the time they are launched, whether inadvertently by a user or automatically, most malware run under the same privileges as the active user. This means that by limiting account privileges, you can prevent malware from making consequential changes any devices. -By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can simply override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. +By default, Windows uses [User Account Control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) to provide automatic, granular control of privileges—it temporarily restricts privileges and prompts the active user every time an application attempts to make potentially consequential changes to the system. Although UAC helps limit the privileges of admin users, users can override this restriction when prompted. As a result, it is quite easy for an admin user to inadvertently allow malware to run. To help ensure that everyday activities do not result in malware infection and other potentially catastrophic changes, it is recommended that you use a non-administrator account for regular use. By using a non-administrator account, you can prevent installation of unauthorized apps and prevent inadvertent changes to system settings. Avoid browsing the web or checking email using an account with administrator privileges. @@ -75,9 +75,9 @@ Whenever necessary, log in as an administrator to install apps or make configura ## Other safety tips -To further ensure that data is protected from malware as well as other threats: +To further ensure that data is protected from malware and other threats: -* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about) for reliable cloud-based copies that allows access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware. +* Backup files. Follow the 3-2-1 rule: make **3 copies**, store in at least **2 locations**, with at least **1 offline copy**. Use [OneDrive](https://onedrive.live.com/about) for reliable cloud-based copies that allow access to files from multiple devices and helps recover damaged or lost files, including files locked by ransomware. * Be wary when connecting to public hotspots, particularly those that do not require authentication. @@ -91,7 +91,7 @@ To further ensure that data is protected from malware as well as other threats: Microsoft provides comprehensive security capabilities that help protect against threats. We recommend: -* [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up-to-date to get the latest protections. +* [Automatic Microsoft updates](https://support.microsoft.com/help/12373/windows-update-faq) keeps software up to date to get the latest protections. * [Controlled folder access](../microsoft-defender-atp/enable-controlled-folders.md) stops ransomware in its tracks by preventing unauthorized access to your important files. Controlled folder access locks down folders, allowing only authorized apps to access files. Unauthorized apps, including ransomware and other malicious executable files, DLLs, and scripts are denied access. @@ -117,6 +117,6 @@ Microsoft provides comprehensive security capabilities that help protect against ## What to do with a malware infection -Microsoft Defender ATP antivirus capabilities helps reduce the chances of infection and will automatically remove threats that it detects. +Microsoft Defender ATP antivirus capabilities help reduce the chances of infection and will automatically remove threats that it detects. In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware). From f3b52cf9908083d946d8a63a96b96c155e655883 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 30 Dec 2019 14:25:52 -0500 Subject: [PATCH 166/167] items reviewed through #168 --- ...ew-in-windows-mdm-enrollment-management.md | 2 +- ...ree-azure-active-directory-subscription.md | 2 +- .../mdm/reporting-ddf-file.md | 2 +- .../mdm/unifiedwritefilter-csp.md | 2 +- .../mdm/windows-mdm-enterprise-settings.md | 2 +- .../cortana-at-work-overview.md | 2 +- ...s-7-computer-with-a-windows-10-computer.md | 2 +- ...e-boot-image-with-configuration-manager.md | 235 +++++++++--------- ...ications-in-compatibility-administrator.md | 2 +- .../credential-guard-how-it-works.md | 2 +- .../guidance-and-best-practices-wip.md | 2 +- .../auditing/audit-account-lockout.md | 2 +- .../audit-computer-account-management.md | 2 +- .../auditing/audit-ipsec-driver.md | 2 +- .../auditing/audit-ipsec-extended-mode.md | 2 +- .../auditing/audit-pnp-activity.md | 2 +- .../auditing/audit-security-state-change.md | 2 +- .../auditing/audit-special-logon.md | 2 +- .../threat-protection/auditing/event-5027.md | 2 +- .../threat-protection/auditing/event-5148.md | 2 +- .../threat-and-vuln-mgt-scenarios.md | 2 +- .../microsoft-defender-atp/tvm-remediation.md | 2 +- ...case-domain-controller-is-not-available.md | 2 +- ...connect-clients-when-logon-hours-expire.md | 2 +- ...g-and-security-model-for-local-accounts.md | 2 +- ...ystem-to-use-computer-identity-for-ntlm.md | 2 +- ...ry-write-failures-to-per-user-locations.md | 2 +- ...e-worm-targets-out-of-date-systems-wdsi.md | 2 +- ...stand-applocker-policy-design-decisions.md | 2 +- ...lication-control-with-managed-installer.md | 2 +- 30 files changed, 147 insertions(+), 146 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 15f103ba47..77441ceba1 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1,6 +1,6 @@ --- title: What's new in MDM enrollment and management -description: This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices. +description: Discover what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices. MS-HAID: - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview' - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management' diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md index 0f8b376074..30c3b3aa9f 100644 --- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md +++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md @@ -1,6 +1,6 @@ --- title: Register your free Azure Active Directory subscription -description: If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. +description: Paid subscribers to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, have a free subscription to Azure AD. ms.assetid: 97DCD303-BB11-4AFF-84FE-B7F14CDF64F7 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md index 41ad075f64..5b16192077 100644 --- a/windows/client-management/mdm/reporting-ddf-file.md +++ b/windows/client-management/mdm/reporting-ddf-file.md @@ -1,6 +1,6 @@ --- title: Reporting DDF file -description: This topic shows the OMA DM device description framework (DDF) for the Reporting configuration service provider. This CSP was added in Windows 10, version 1511. Support for desktop security auditing was added for the desktop in Windows 10, version 1607. +description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider. ms.assetid: 7A5B79DB-9571-4F7C-ABED-D79CD08C1E35 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index f9ff52da32..ae0b5e11c1 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -1,6 +1,6 @@ --- title: UnifiedWriteFilter CSP -description: The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type. +description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media. ms.assetid: F4716AC6-0AA5-4A67-AECE-E0F200BA95EB ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index 75f0d91a1b..a8be6bba9c 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -1,6 +1,6 @@ --- title: Enterprise settings, policies, and app management -description: The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. +description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow. MS-HAID: - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management' - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings' diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md index cca8151178..fb9e1c7935 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md @@ -2,7 +2,7 @@ title: Cortana integration in your business or enterprise (Windows 10) ms.reviewer: manager: dansimp -description: The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. +description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md index dee4dd39d2..f02158277d 100644 --- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md +++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md @@ -1,6 +1,6 @@ --- title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10) -description: A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10; however, because you are replacing a machine, you cannot store the backup on the old computer. +description: Learn how to replace a Windows 7 device with a Windows 10 device. Although the process is similar to performing a refresh, you'll need to backup data externally ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md index 34a005a021..975eb2a944 100644 --- a/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md @@ -1,117 +1,118 @@ ---- -title: Create a custom Windows PE boot image with Configuration Manager (Windows 10) -description: In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. -ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: tool, customize, deploy, boot image -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Create a custom Windows PE boot image with Configuration Manager - - -**Applies to** - -- Windows 10 versions 1507, 1511 - ->[!IMPORTANT] ->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). ->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). - -In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process. - -For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). - -## Add DaRT 10 files and prepare to brand the boot image - - -The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. We assume you have downloaded Microsoft Desktop Optimization Pack (MDOP) 2015 and copied the x64 version of MSDaRT10.msi to the C:\\Setup\\DaRT 10 folder. We also assume you have created a custom background image and saved it in C:\\Setup\\Branding on CM01. In this section, we use a custom background image named ContosoBackground.bmp. - -1. Install DaRT 10 (C:\\Setup\\DaRT 10\\MSDaRT10.msi) using the default settings. - -2. Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder. - -3. Copy the Toolsx64.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x64** folder. - -4. Copy the Toolsx86.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x86** folder. - -5. Using File Explorer, navigate to the **C:\\Setup** folder. - -6. Copy the **Branding** folder to **E:\\Sources\\OSD**. - -## Create a boot image for Configuration Manager using the MDT wizard - - -By using the MDT wizard to create the boot image in Configuration Manager, you gain additional options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard. - -1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**. - -2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**. - - >[!NOTE] - >The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard. - -3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**. - -4. On the **Options** page, select the **x64** platform, and click **Next**. - -5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. - - ![Add the DaRT component to the Configuration Manager boot image](../images/mdt-06-fig16.png "Add the DaRT component to the Configuration Manager boot image") - - Figure 15. Add the DaRT component to the Configuration Manager boot image. - -6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice. - - >[!NOTE] - >It will take a few minutes to generate the boot image. - -7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**. - -8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard. - -9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image. - - ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus.png "Content status for the Zero Touch WinPE x64 boot image") - - Figure 16. Content status for the Zero Touch WinPE x64 boot image - -10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**. - -11. In the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and click **OK**. - -12. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: Expanding PS10000B to E:\\RemoteInstall\\SMSImages. - -13. Review the **E:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS10000B) is from your new boot image with DaRT. - -## Related topics - - -[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) - -[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) - -[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) - -[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) - -[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) - -[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) - -[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) - -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) - -  - -  +--- +title: Create a custom Windows PE boot image with Configuration Manager (Windows 10) +description: Microsoft System Center 2012 R2 Configuration Manager can create custom Windows Preinstallation Environment (Windows PE) boot images with extra features. +ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: tool, customize, deploy, boot image +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Create a custom Windows PE boot image with Configuration Manager + + +**Applies to** + +- Windows 10 versions 1507, 1511 + +>[!IMPORTANT] +>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). +>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). + +In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process. + +For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. Both are members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). + +## Add DaRT 10 files and prepare to brand the boot image + + +The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. We assume you have downloaded Microsoft Desktop Optimization Pack (MDOP) 2015 and copied the x64 version of MSDaRT10.msi to the C:\\Setup\\DaRT 10 folder. We also assume you have created a custom background image and saved it in C:\\Setup\\Branding on CM01. In this section, we use a custom background image named ContosoBackground.bmp. + +1. Install DaRT 10 (C:\\Setup\\DaRT 10\\MSDaRT10.msi) using the default settings. + +2. Using File Explorer, navigate to the **C:\\Program Files\\Microsoft DaRT\\v10** folder. + +3. Copy the Toolsx64.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x64** folder. + +4. Copy the Toolsx86.cab file to the **C:\\Program Files\\Microsoft Deployment Toolkit\\Templates\\Distribution\\Tools\\x86** folder. + +5. Using File Explorer, navigate to the **C:\\Setup** folder. + +6. Copy the **Branding** folder to **E:\\Sources\\OSD**. + +## Create a boot image for Configuration Manager using the MDT wizard + + +By using the MDT wizard to create the boot image in Configuration Manager, you gain additional options for adding components and features to the boot image. In this section, you create a boot image for Configuration Manager using the MDT wizard. + +1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**. + +2. On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**. + + >[!NOTE] + >The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard. + +3. On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**. + +4. On the **Options** page, select the **x64** platform, and click **Next**. + +5. On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box. + + ![Add the DaRT component to the Configuration Manager boot image](../images/mdt-06-fig16.png "Add the DaRT component to the Configuration Manager boot image") + + Figure 15. Add the DaRT component to the Configuration Manager boot image. + +6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ ContosoBackground.bmp**. Then click **Next** twice. + + >[!NOTE] + >It will take a few minutes to generate the boot image. + +7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**. + +8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard. + +9. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Do not continue until you can see that the boot image is distributed. Look for the line that reads STATMSG: ID=2301. You also can view Content Status in the Configuration Manager Console by selecting **the Zero Touch WinPE x86** boot image. + + ![Content status for the Zero Touch WinPE x64 boot image](../images/fig16-contentstatus.png "Content status for the Zero Touch WinPE x64 boot image") + + Figure 16. Content status for the Zero Touch WinPE x64 boot image + +10. Using the Configuration Manager Console, right-click the **Zero Touch WinPE x64** boot image and select **Properties**. + +11. In the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and click **OK**. + +12. Using Configuration Manager Trace, review the E:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: Expanding PS10000B to E:\\RemoteInstall\\SMSImages. + +13. Review the **E:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS10000B) is from your new boot image with DaRT. + +## Related topics + + +[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) + +[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) + +[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) + +[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) + +[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) + +[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) + +[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) + +[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) + +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) + +  + +  diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md index 955117dcd6..f0e3ef4473 100644 --- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md @@ -1,6 +1,6 @@ --- title: Searching for Fixed Applications in Compatibility Administrator (Windows 10) -description: With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. +description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. ms.assetid: 1051a2dc-0362-43a4-8ae8-07dae39b1cb8 ms.reviewer: manager: laurawi diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md index 00a4a3e6bb..4eaf65890c 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md @@ -1,6 +1,6 @@ --- title: How Windows Defender Credential Guard works -description: Using virtualization-based security, Windows Defender Credential Guard features a new component called the isolated LSA process, which stores and protects secrets, isolating them from the rest of the operating system, so that only privileged system software can access them. +description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index f9e51d4cb9..576fe7cf71 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -1,6 +1,6 @@ --- title: General guidance and best practices for Windows Information Protection (WIP) (Windows 10) -description: This section includes info about the enlightened Microsoft apps, including how to add them to your Protected Apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP). +description: Find resources about apps that can work with Windows Information Protection (WIP) to protect data. Enlightened apps can tell corporate and personal data apart. ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 34e1304ce4..1ea3e878e6 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -1,6 +1,6 @@ --- title: Audit Account Lockout (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Account Lockout, which enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out. +description: The policy setting, Audit Account Lockout, enables you to audit security events generated by a failed attempt to log on to an account that is locked out. ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index d0d902a868..ab838fd042 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -1,6 +1,6 @@ --- title: Audit Computer Account Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Computer Account Management, which determines whether the operating system generates audit events when a computer account is created, changed, or deleted. +description: The policy setting, Audit Computer Account Management, determines if audit events are generated when a computer account is created, changed, or deleted. ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 0f0a9fa7b5..d396f0ed40 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -1,6 +1,6 @@ --- title: Audit IPsec Driver (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit IPsec Driver, which determines whether the operating system generates audit events for the activities of the IPsec driver. +description: The Advanced Security Audit policy setting, Audit IPsec Driver, determines if audit events are generated for the activities of the IPsec driver. ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index af3502ddce..37421d3b3e 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -1,6 +1,6 @@ --- title: Audit IPsec Extended Mode (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. +description: The setting, Audit IPsec Extended Mode, determines if audit events are generated for the results of IKE protocol and AuthIP during Extended Mode negotiations. ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 6e2ce1aa93..2d1298584a 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -1,6 +1,6 @@ --- title: Audit PNP Activity (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit PNP Activity, which determines when plug and play detects an external device. +description: The advanced security audit policy setting, Audit PNP Activity, determines when plug and play detects an external device. ms.assetid: A3D87B3B-EBBE-442A-953B-9EB75A5F600E ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index f002a9938a..c10e8072f7 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -1,6 +1,6 @@ --- title: Audit Security State Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system. +description: The policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system. ms.assetid: decb3218-a67d-4efa-afc0-337c79a89a2d ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index cae080c72b..eccb70f553 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -1,6 +1,6 @@ --- title: Audit Special Logon (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances. +description: The Advanced Security Audit policy setting, Audit Special Logon, determines if audit events are generated under special sign in (or logon) circumstances. ms.assetid: e1501bac-1d09-4593-8ebb-f311231567d3 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 326fc606d7..23bf6e5c30 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -1,6 +1,6 @@ --- title: 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. (Windows 10) -description: Describes security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. +description: Details on security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 7206b6d8af..6787ac6329 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -1,6 +1,6 @@ --- title: 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. (Windows 10) -description: Describes security event 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. +description: Details on Security event 5148(F), The Windows Filtering Platform has detected a DoS attack and entered a defensive mode. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 13b98ef44d..e7108f42c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -1,6 +1,6 @@ --- title: Threat & Vulnerability Management scenarios -description: Learn how to use Threat & Vulnerability Management in the context of scenarios that Security Administrators encounter when you collaborate with IT Administrators and SecOps as you protect your organization from cybersecurity threats. +description: Learn how Threat & Vulnerability Management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats. keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 1d7a8392e8..e10d5c43c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -1,6 +1,6 @@ --- title: Remediation and exception -description: You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations or filing exceptions provided there are compensation controls. Threat & Vulnerability Management bridges the gap between security administration and IT administration during remediation process. It does so by creating a security task or ticket through integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM). +description: Remediate security weaknesses and fill exceptions by integrating Microsoft Intune and Microsoft System Center Configuration Manager (SCCM). keywords: microsoft defender atp tvm remediation, mdatp tvm, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md index de6c9be4ad..93b8bde24d 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md @@ -1,6 +1,6 @@ --- title: Interactive logon Number of previous logons to cache (in case domain controller is not available) (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Number of previous logons to cache (in case domain controller is not available) security policy setting. +description: Best practices and more for the security policy setting, Interactive logon Number of previous logons to cache (in case domain controller is not available). ms.assetid: 660e925e-cc3e-4098-a41e-eb8db8062d8d ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md index 6e1da49f14..d763e077ca 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md @@ -1,6 +1,6 @@ --- title: Microsoft network server Disconnect clients when logon hours expire (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Microsoft network server Disconnect clients when logon hours expire security policy setting. +description: Best practices, location, values, and security considerations for the policy setting, Microsoft network server Disconnect clients when logon hours expire. ms.assetid: 48b5c424-9ba8-416d-be7d-ccaabb3f49af ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md index 4ec22d8d3f..8ae8bcfd3d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md @@ -1,6 +1,6 @@ --- title: Network access Sharing and security model for local accounts (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Sharing and security model for local accounts security policy setting. +description: Best practices, security considerations, and more for the security policy setting, Network access Sharing and security model for local accounts. ms.assetid: 0b3d703c-ea27-488f-8f59-b345af75b994 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md index 0d0633f105..43611938d0 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md @@ -1,6 +1,6 @@ --- title: Network security Allow Local System to use computer identity for NTLM (Windows 10) -description: Describes the location, values, policy management, and security considerations for the Network security Allow Local System to use computer identity for NTLM security policy setting. +description: Location, values, policy management, and security considerations for the policy setting, Network security Allow Local System to use computer identity for NTLM. ms.assetid: c46a658d-b7a4-4139-b7ea-b9268c240053 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md index 3ec0475be4..8fb6f6ead6 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md @@ -1,6 +1,6 @@ --- title: User Account Control Virtualize file and registry write failures to per-user locations (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Virtualize file and registry write failures to per-user locations security policy setting. +description: Best practices, security considerations and more for the policy setting, User Account Control Virtualize file and registry write failures to per-user locations. ms.assetid: a7b47420-cc41-4b1c-b03e-f67a05221261 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md index 0a5d73d832..017b3050a2 100644 --- a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md @@ -1,6 +1,6 @@ --- title: WannaCrypt ransomware worm targets out-of-date systems -description: In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response. +description: This is an early analysis of the WannaCrypt ransomware attack. Microsoft antimalware diagnostic data immediately picked up signs of this campaign in May 2017. keywords: wannacry, wannacrypt, wanna, ransomware search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index fedd0c187e..7baf71b5df 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -1,6 +1,6 @@ --- title: Understand AppLocker policy design decisions (Windows 10) -description: This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment. +description: Review some common considerations while you are planning to use AppLocker to deploy application control policies within a Windows environment. ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6 ms.reviewer: ms.author: macapara diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index e22de90c86..8b552f93a6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -1,6 +1,6 @@ --- title: Authorize apps deployed with a WDAC managed installer (Windows 10) -description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as System Center Configuration Manager. +description: Learn how to use a managed installer to automatically authorize apps added by a designated software distribution solution, such as SCCM. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 From 12027330d74c4c2aeadfa9b9829254622d4653c6 Mon Sep 17 00:00:00 2001 From: martyav Date: Mon, 30 Dec 2019 15:02:54 -0500 Subject: [PATCH 167/167] fixed issue with non-http links --- .../threat-protection/auditing/audit-special-logon.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index eccb70f553..ec7e84c990 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -37,9 +37,9 @@ This subcategory allows you to audit events generated by special logons such as | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | Yes | No | Yes | No | This subcategory is very important because of [Special Groups](http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) related events, you must enable this subcategory for Success audit if you use this feature.
At the same time this subcategory allows you to track account logon sessions to which sensitive privileges were assigned.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Member Server | Yes | No | Yes | No | This subcategory is very important because of [Special Groups](http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) related events, you must enable this subcategory for Success audit if you use this feature.
At the same time this subcategory allows you to track account logon sessions to which sensitive privileges were assigned.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | -| Workstation | Yes | No | Yes | No | This subcategory is very important because of [Special Groups](http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) related events, you must enable this subcategory for Success audit if you use this feature.
At the same time this subcategory allows you to track account logon sessions to which sensitive privileges were assigned.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Domain Controller | Yes | No | Yes | No | This subcategory is very important because of [Special Groups](https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) related events, you must enable this subcategory for Success audit if you use this feature.
At the same time this subcategory allows you to track account logon sessions to which sensitive privileges were assigned.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Member Server | Yes | No | Yes | No | This subcategory is very important because of [Special Groups](https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) related events, you must enable this subcategory for Success audit if you use this feature.
At the same time this subcategory allows you to track account logon sessions to which sensitive privileges were assigned.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | +| Workstation | Yes | No | Yes | No | This subcategory is very important because of [Special Groups](https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) related events, you must enable this subcategory for Success audit if you use this feature.
At the same time this subcategory allows you to track account logon sessions to which sensitive privileges were assigned.
This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. | **Events List:**