From 39ef4bc9a1053b5e036bbae7465a94dcd782f707 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 25 Aug 2020 16:57:10 +0500 Subject: [PATCH 001/153] Update microsoft-defender-atp-mac.md --- .../microsoft-defender-atp-mac.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 62d68dcdee..3f296b7a24 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -67,6 +67,18 @@ Beta versions of macOS are not supported. macOS Sierra (10.12) support ended on After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints. +### Licensing requirements + +Microsoft Defender Advanced Threat Protection for Mac requires one of the following Microsoft Volume Licensing offers: + +- Microsoft 365 E5 (M365 E5) +- Microsoft 365 E5 Security +- Microsoft 365 A5 (M365 A5) + +> [!NOTE] +> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. +> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed. + ### Network connections The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them. From 4607899d82de69af92819cff09dd4bfd77c71cdb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 25 Aug 2020 21:16:09 +0500 Subject: [PATCH 002/153] Update linux-install-manually.md --- .../linux-install-manually.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 1746f4fcb3..b756561136 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -48,6 +48,12 @@ In order to preview new features and provide early feedback, it is recommended t ### RHEL and variants (CentOS and Oracle Linux) +- Install `yum-utils` if it isn't installed yet: + + ```bash + sudo yum install yum-utils + ``` + - Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`. In the below commands, replace *[distro]* and *[version]* with the information you've identified: @@ -71,12 +77,6 @@ In order to preview new features and provide early feedback, it is recommended t sudo rpm --import http://packages.microsoft.com/keys/microsoft.asc ``` -- Install `yum-utils` if it isn't installed yet: - - ```bash - sudo yum install yum-utils - ``` - - Download and make usable all the metadata for the currently enabled yum repositories: ```bash @@ -328,4 +328,4 @@ When upgrading your operating system to a new major version, you must first unin ## Uninstallation -See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices. \ No newline at end of file +See [Uninstall](linux-resources.md#uninstall) for details on how to remove Microsoft Defender ATP for Linux from client devices. From cee429d94e43e66837ff4b4d710461b3cba52f21 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 26 Aug 2020 12:11:52 +0500 Subject: [PATCH 003/153] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 3f296b7a24..6526e63f1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -76,7 +76,7 @@ Microsoft Defender Advanced Threat Protection for Mac requires one of the follow - Microsoft 365 A5 (M365 A5) > [!NOTE] -> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. +> Eligible licensed users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices. > Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed. ### Network connections From 994a5681699589c5b76f7b6d7c21c46d5ebc037e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 16 Sep 2020 16:01:26 +0500 Subject: [PATCH 004/153] Update vpn-conditional-access.md --- .../identity-protection/vpn/vpn-conditional-access.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index df414d1e79..c368ed6c90 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -72,8 +72,8 @@ Two client-side configuration service providers are leveraged for VPN device com - Provisions the Health Attestation Certificate received from the HAS - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification ->[!NOTE] ->Currently, it is required that certificates be issued from an on-premises CA, and that SSO be enabled in the user’s VPN profile. This will enable the user to obtain Kerberos tickets in order to access resources on-premises. Kerberos currently does not support the use of Azure AD certificates. +> [!NOTE] +> Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. ## Client connection flow The VPN client side connection flow works as follows: From d23fab13bd66bf60a0fb7b5f598a0f2a14be7b62 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 21 Sep 2020 09:37:52 +0500 Subject: [PATCH 005/153] Update mac-sysext-policies.md --- .../mac-sysext-policies.md | 31 ++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index a146b082c5..33826c77a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -59,7 +59,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender >JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. >As such, the following steps provide a workaround that involve signing the configuration profile. -1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` +1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor ```xml @@ -122,21 +122,38 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender ``` -2. Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs `OK`: +2. Verify that the above file was copied correctly by running `plutil` utility in the Terminal: ```bash - $ plutil -lint com.microsoft.network-extension.mobileconfig - com.microsoft.network-extension.mobileconfig: OK + $ plutil -lint /com.microsoft.network-extension.mobileconfig ``` + For example, if the file was stored in the Documents: + + ```bash + $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig + ``` + + Verify that the command outputs `OK` + + ```bash + /com.microsoft.network-extension.mobileconfig: OK + ``` + 3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority -4. After the certificate is created and installed to your device, run the following command from the Terminal: +4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: ```bash - $ security cms -S -N "" -i com.microsoft.network-extension.mobileconfig -o com.microsoft.network-extension.signed.mobileconfig + $ security cms -S -N "" -i /com.apple.webcontent-filter.mobileconfig -o /com.microsoft.network-extension.signed.mobileconfig ``` - + + For example, if the certificate name is **SigningCertificate** and the signed file is going to be stored in Documents: + + ```bash + $ security cms -S -N "SigningCertificate" -i ~/Documents/com.apple.webcontent-filter.mobileconfig -o ~/Documents/com.microsoft.network-extension.signed.mobileconfig + ``` + 5. From the JAMF portal, navigate to **Configuration Profiles** and click the **Upload** button. Select `com.microsoft.network-extension.signed.mobileconfig` when prompted for the file. ## Intune From 80d0847c939522443ed8c7c2259d29b1c91044bb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:31 +0500 Subject: [PATCH 006/153] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 33826c77a4..2e237ef886 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -59,7 +59,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender >JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. >As such, the following steps provide a workaround that involve signing the configuration profile. -1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor +1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor: ```xml From bd64e0a24d2741ce405abf59ac302f3f42703df1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:38 +0500 Subject: [PATCH 007/153] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 2e237ef886..a0b2600e6d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -122,7 +122,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender ``` -2. Verify that the above file was copied correctly by running `plutil` utility in the Terminal: +2. Verify that the above file was copied correctly by running the `plutil` utility in the Terminal: ```bash $ plutil -lint /com.microsoft.network-extension.mobileconfig From af0f2cdb0ea96e7f2f2df169f12a966f44463849 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:45 +0500 Subject: [PATCH 008/153] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index a0b2600e6d..8df5adc20d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -134,7 +134,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig ``` - Verify that the command outputs `OK` + Verify that the command outputs `OK`. ```bash /com.microsoft.network-extension.mobileconfig: OK From 8c86554082a2770da119a5b6b30e22599032245b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:17:58 +0500 Subject: [PATCH 009/153] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 8df5adc20d..d94d6f57e5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -140,7 +140,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender /com.microsoft.network-extension.mobileconfig: OK ``` -3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority +3. Follow the instructions on [this page](https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority) to create a signing certificate using JAMF’s built-in certificate authority. 4. After the certificate is created and installed to your device, run the following command from the Terminal to sign the file: From 52e67b477200519a6444ae7e423ed560607491c1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Sep 2020 14:18:10 +0500 Subject: [PATCH 010/153] Update windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index d94d6f57e5..59b00113db 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -128,7 +128,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender $ plutil -lint /com.microsoft.network-extension.mobileconfig ``` - For example, if the file was stored in the Documents: + For example, if the file was stored in Documents: ```bash $ plutil -lint ~/Documents/com.microsoft.network-extension.mobileconfig From 97353b58dbce3ebbd295d78994fba018b20522da Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 24 Sep 2020 14:49:09 -0700 Subject: [PATCH 011/153] Added smartcard policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policy-csp-admx-smartcard.md | 1229 +++++++++++++++++ 2 files changed, 1230 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-smartcard.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 83d6bf4268..7926175bde 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -193,6 +193,7 @@ #### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md) #### [ADMX_MMC](policy-csp-admx-mmc.md) #### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) +#### [ADMX_Smartcard](policy-csp-admx-smartcard.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md new file mode 100644 index 0000000000..f85645bd3b --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -0,0 +1,1229 @@ +--- +title: Policy CSP - ADMX_Smartcard +description: Policy CSP - ADMX_Smartcard +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/24/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Smartcard +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Smartcard policies + +
+
+ ADMX_Smartcard/AllowCertificatesWithNoEKU +
+
+ ADMX_Smartcard/AllowIntegratedUnblock +
+
+ ADMX_Smartcard/AllowSignatureOnlyKeys +
+
+ ADMX_Smartcard/AllowTimeInvalidCertificates +
+
+ ADMX_Smartcard/CertPropEnabledString +
+
+ ADMX_Smartcard/CertPropRootCleanupString +
+
+ ADMX_Smartcard/CertPropRootEnabledString +
+
+ ADMX_Smartcard/DisallowPlaintextPin +
+
+ ADMX_Smartcard/EnumerateECCCerts +
+
+ ADMX_Smartcard/FilterDuplicateCerts +
+
+ ADMX_Smartcard/ForceReadingAllCertificates +
+
+ ADMX_Smartcard/IntegratedUnblockPromptString +
+
+ ADMX_Smartcard/ReverseSubject +
+
+ ADMX_Smartcard/SCPnPEnabled +
+
+ ADMX_Smartcard/SCPnPNotification +
+
+ ADMX_Smartcard/X509HintsNeeded +
+
+ + +
+ + +**ADMX_Smartcard/AllowCertificatesWithNoEKU** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. + +In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction. + +If you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card: + +- Certificates with no EKU +- Certificates with an All Purpose EKU +- Certificates with a Client Authentication EKU + +If you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow certificates with no extended key usage certificate attribute* +- GP name: *AllowCertificatesWithNoEKU* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/AllowIntegratedUnblock** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI). + +In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature. + +If you enable this policy setting, the integrated unblock feature will be available. + +If you disable or do not configure this policy setting then the integrated unblock feature will not be available. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow Integrated Unblock screen to be displayed at the time of logon* +- GP name: *AllowIntegratedUnblock* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/AllowSignatureOnlyKeys** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. + +If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen. + +If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow signature keys valid for Logon* +- GP name: *AllowSignatureOnlyKeys* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/AllowTimeInvalidCertificates** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. + +Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. + +If you enable this policy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired. + +If you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be listed on the logon screen. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow time invalid certificates* +- GP name: *AllowTimeInvalidCertificates* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/CertPropEnabledString** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. + +If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card. + +If you disable this policy setting, certificate propagation will not occur and the certificates will not be made available to applications such as Outlook. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on certificate propagation from smart card* +- GP name: *CertPropEnabled* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/CertPropRootCleanupString** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure root certificate clean up* +- GP name: *RootCertificateCleanupOption* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/CertPropRootEnabledString** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. + +If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. + +> [!NOTE] +> For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card. + +If you disable this policy setting then root certificates will not be propagated from the smart card. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on root certificate propagation from smart card* +- GP name: *EnableRootCertificatePropagation* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/DisallowPlaintextPin** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents plaintext PINs from being returned by Credential Manager. + +If you enable this policy setting, Credential Manager does not return a plaintext PIN. + +If you disable or do not configure this policy setting, plaintext PINs can be returned by Credential Manager. + +> [!NOTE] +> Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent plaintext PINs from being returned by Credential Manager* +- GP name: *DisallowPlaintextPin* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/EnumerateECCCerts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. + +If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain. + +If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain. + +> [!NOTE] +> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. +> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow ECC certificates to be used for logon and authentication* +- GP name: *EnumerateECCCerts* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/FilterDuplicateCerts** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy settings lets you configure if all your valid logon certificates are displayed. + +During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN). + +If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. + +> [!NOTE] +> This setting will be applied after the following policy: "Allow time invalid certificates" + +If you enable or do not configure this policy setting, filtering will take place. + +If you disable this policy setting, no filtering will take place. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Filter duplicate logon certificates* +- GP name: *FilterDuplicateCerts* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/ForceReadingAllCertificates** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the reading of all certificates from the smart card for logon. + +During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior. + +If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP. + +If you disable or do not configure this setting, Windows will only attempt to read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the default will not be available for logon. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Force the reading of all certificates from the smart card* +- GP name: *ForceReadingAllCertificates* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/IntegratedUnblockPromptString** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the displayed message when a smart card is blocked. + +If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. + +> [!NOTE] +> The following policy setting must be enabled: Allow Integrated Unblock screen to be displayed at the time of logon. + +If you disable or do not configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Display string when smart card is blocked* +- GP name: *IntegratedUnblockPromptString* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/ReverseSubject** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. + +By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. + +If you enable this policy setting or do not configure this setting, then the subject name will be reversed. + +If you disable , the subject name will be displayed as it appears in the certificate. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Reverse the subject name stored in a certificate when displaying* +- GP name: *ReverseSubject* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/SCPnPEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether Smart Card Plug and Play is enabled. + +If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time. + +If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader. + +> [!NOTE] +> This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on Smart Card Plug and Play service* +- GP name: *EnableScPnP* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/SCPnPNotification** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. + +If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed. + +If you disable this policy setting, a confirmation message will not be displayed when a smart card device driver is installed. + +> [!NOTE] +> This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Notify user of successful smart card driver installation* +- GP name: *ScPnPNotification* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ + +**ADMX_Smartcard/X509HintsNeeded** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user. + +If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed. + +If you disable or do not configure this policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow user name hint* +- GP name: *X509HintsNeeded* +- GP path: *Windows Components\Smart Card* +- GP ADMX file name: *Smartcard.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 7841741a770d50a2a16f68c1cfd46216bd17070c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 24 Sep 2020 15:10:19 -0700 Subject: [PATCH 012/153] minor update to trigger build --- windows/client-management/mdm/policy-csp-admx-smartcard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index f85645bd3b..8f5ba3ad7f 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 09/24/2020 +ms.date: 09/23/2020 ms.reviewer: manager: dansimp --- From 0487406b71cb40f0ebaab8e93bb55d6f7f0e3bea Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 24 Sep 2020 15:32:58 -0700 Subject: [PATCH 013/153] Added snmp policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policy-csp-admx-snmp.md | 290 ++++++++++++++++++ 2 files changed, 291 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-snmp.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 7926175bde..0a95025892 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -194,6 +194,7 @@ #### [ADMX_MMC](policy-csp-admx-mmc.md) #### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) #### [ADMX_Smartcard](policy-csp-admx-smartcard.md) +#### [ADMX_Snmp](policy-csp-admx-snmp.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md new file mode 100644 index 0000000000..66c2ed2606 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -0,0 +1,290 @@ +--- +title: Policy CSP - ADMX_Snmp +description: Policy CSP - ADMX_Snmp +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/24/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Snmp +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Snmp policies + +
+
+ ADMX_Snmp/SNMP_Communities +
+
+ ADMX_Snmp/SNMP_PermittedManagers +
+
+ ADMX_Snmp/SNMP_Traps_Public +
+
+ + +
+ + +**ADMX_Snmp/SNMP_Communities** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. + +SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events. + +A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network. + +If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community. + +If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead. + +Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control. + +> [!NOTE] +> - It is good practice to use a cryptic community name. +> - This policy setting has no effect if the SNMP agent is not installed on the client computer. + +Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration". + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify communities* +- GP name: *ValidCommunities* +- GP path: *Network\SNMP* +- GP ADMX file name: *Snmp.admx* + + + +
+ + +**ADMX_Snmp/SNMP_PermittedManagers** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. + +Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. + +The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information. + +If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. + +If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead. + +Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control. + +> [!NOTE] +> This policy setting has no effect if the SNMP agent is not installed on the client computer. + +Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name". + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify permitted managers* +- GP name: *PermittedManagers* +- GP path: *Network\SNMP* +- GP ADMX file name: *Snmp.admx* + + + +
+ + +**ADMX_Snmp/SNMP_Traps_Public** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. + +Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. + +This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously. + +If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community. + +If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead. + +> [!NOTE] +> This setting has no effect if the SNMP agent is not installed on the client computer. + +Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name". + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify traps for public community* +- GP name: *public* +- GP path: *Network\SNMP* +- GP ADMX file name: *Snmp.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 3a1641b0e68f0c4a91197bb82e280d1bdb0b7411 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 24 Sep 2020 16:36:57 -0700 Subject: [PATCH 014/153] Added tcpip policies --- windows/client-management/mdm/TOC.md | 1 + .../mdm/policy-csp-admx-tcpip.md | 1011 +++++++++++++++++ 2 files changed, 1012 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-tcpip.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 0a95025892..b7143dcdcf 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -195,6 +195,7 @@ #### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md) #### [ADMX_Smartcard](policy-csp-admx-smartcard.md) #### [ADMX_Snmp](policy-csp-admx-snmp.md) +#### [ADMX_tcpip](policy-csp-admx-tcpip.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md new file mode 100644 index 0000000000..bae676c725 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -0,0 +1,1011 @@ +--- +title: Policy CSP - ADMX_tcpip +description: Policy CSP - ADMX_tcpip +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/23/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_tcpip +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_tcpip policies + +
+
+ ADMX_tcpip/6to4_Router_Name +
+
+ ADMX_tcpip/6to4_Router_Name_Resolution_Interval +
+
+ ADMX_tcpip/6to4_State +
+
+ ADMX_tcpip/IPHTTPS_ClientState +
+
+ ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State +
+
+ ADMX_tcpip/ISATAP_Router_Name +
+
+ ADMX_tcpip/ISATAP_State +
+
+ ADMX_tcpip/Teredo_Client_Port +
+
+ ADMX_tcpip/Teredo_Default_Qualified +
+
+ ADMX_tcpip/Teredo_Refresh_Rate +
+
+ ADMX_tcpip/Teredo_Server_Name +
+
+ ADMX_tcpip/Teredo_State +
+
+ ADMX_tcpip/Windows_Scaling_Heuristics_State +
+
+ + +
+ + +**ADMX_tcpip/6to4_Router_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host. + +If you enable this policy setting, you can specify a relay name for a 6to4 host. + +If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set 6to4 Relay Name* +- GP name: *6to4_RouterName* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/6to4_Router_Name_Resolution_Interval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host. + +If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically. + +If you disable or do not configure this policy setting, the local host setting is used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set 6to4 Relay Name Resolution Interval* +- GP name: *6to4_RouterNameResolutionInterval* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/6to4_State** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. + +If you disable or do not configure this policy setting, the local host setting is used. + +If you enable this policy setting, you can configure 6to4 with one of the following settings: + +Policy Default State: 6to4 is enabled if the host has only link-local IPv6 connectivity and a public IPv4 address. If no global IPv6 address is present and no global IPv4 address is present, the host will not have a 6to4 interface. If no global IPv6 address is present and a global IPv4 address is present, the host will have a 6to4 interface. + +Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. + +Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set 6to4 State* +- GP name: *6to4_State* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/IPHTTPS_ClientState** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. + +If you disable or do not configure this policy setting, the local host settings are used. + +If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings: + +Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options. + +Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options. + +Policy Disabled State: No IP-HTTPS interfaces are present on the host. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set IP-HTTPS State* +- GP name: *IPHTTPS_ClientState* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure IP Stateless Autoconfiguration Limits. + +If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes. + +If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set IP Stateless Autoconfiguration Limits State* +- GP name: *EnableIPAutoConfigurationLimits* +- GP path: *Network\TCPIP Settings\Parameters* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/ISATAP_Router_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. + +If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required. + +If you disable or do not configure this policy setting, the local host setting is used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set ISATAP Router Name* +- GP name: *ISATAP_RouterName* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/ISATAP_State** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. + +If you disable or do not configure this policy setting, the local host setting is used. + +If you enable this policy setting, you can configure ISATAP with one of the following settings: + +Policy Default State: If the ISATAP router name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP router name is not resolved successfully, ISATAP connectivity is not available on the host using the corresponding IPv4 address. + +Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address. + +Policy Disabled State: No ISATAP interfaces are present on the host. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set ISATAP State* +- GP name: *ISATAP_State* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/Teredo_Client_Port** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize. + +If you enable this policy setting, you can customize a UDP port for the Teredo client. + +If you disable or do not configure this policy setting, the local host setting is used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Teredo Client Port* +- GP name: *Teredo_ClientPort* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/Teredo_Default_Qualified** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state. + +If you disable or do not configure this policy setting, the local host setting is used. + +This policy setting contains only one state: + +Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification immediately and remain qualified if the qualification process succeeds. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Teredo Default Qualified* +- GP name: *Teredo_DefaultQualified* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/Teredo_Refresh_Rate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the Teredo refresh rate. + +> [!NOTE] +> On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device. + +If you enable this policy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent. + +If you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Teredo Refresh Rate* +- GP name: *Teredo_RefreshRate* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/Teredo_Server_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied. + +If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client. + +If you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Teredo Server Name* +- GP name: *Teredo_ServerName* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/Teredo_State** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. + +If you disable or do not configure this policy setting, the local host settings are used. + +If you enable this policy setting, you can configure Teredo with one of the following settings: + +Default: The default state is "Client." + +Disabled: No Teredo interfaces are present on the host. + +Client: The Teredo interface is present only when the host is not on a network that includes a domain controller. + +Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Teredo State* +- GP name: *Teredo_State* +- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* +- GP ADMX file name: *tcpip.admx* + + + +
+ + +**ADMX_tcpip/Windows_Scaling_Heuristics_State** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly. + +If you do not configure this policy setting, the local host settings are used. + +If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identify connectivity and throughput problems and take appropriate measures. + +If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems casued by Firewalls or other middle boxes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set Window Scaling Heuristics State* +- GP name: *EnableWsd* +- GP path: *Network\TCPIP Settings\Parameters* +- GP ADMX file name: *tcpip.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 0906102c42bac25ccf7b825e0c4d6fec55b37956 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Fri, 25 Sep 2020 10:27:27 +0300 Subject: [PATCH 015/153] update apps for 2004 https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8017 --- .../apps-in-windows-10.md | 90 +++++++++---------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 9d150d9583..4ccb193f06 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command: Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName ``` -Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909. +Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909 and 2004. -| Package name | App name | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? | +| Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | |----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | x | x | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | x | | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | x | x | x | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | x | No | >[!NOTE] >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. From dcc2f076ea41901eeb50b5da199f212975afb5db Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 25 Sep 2020 19:45:23 +0530 Subject: [PATCH 016/153] addedm update links of 1903 , 1909 and 2004 as per the user report #8354 , so I added update links of 1903,1909 and 2004 --- windows/client-management/troubleshoot-stop-errors.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 7eabdf0411..0ed8e1db70 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -43,7 +43,9 @@ To troubleshoot Stop error messages, follow these general steps: 2. As a best practice, we recommend that you do the following: a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: - + - [Windows 10, version 2004](https://support.microsoft.com/help/4555932) + - [Windows 10, version 1909](https://support.microsoft.com/help/4529964) + - [Windows 10, version 1903](https://support.microsoft.com/help/4498140) - [Windows 10, version 1809](https://support.microsoft.com/help/4464619) - [Windows 10, version 1803](https://support.microsoft.com/help/4099479) - [Windows 10, version 1709](https://support.microsoft.com/help/4043454) From ee31a6e0fef16ffcd58fdc914fb6c92d44eaf2d3 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 25 Sep 2020 11:13:05 -0700 Subject: [PATCH 017/153] Fixed broken link --- windows/client-management/mdm/policy-csp-admx-tcpip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index bae676c725..5a7d162515 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_tcpip/6to4_State** +**ADMX_tcpip/6to4_State** From ecdcdf2b7db5c9f4ca8cc9100bd0415c1362e7ec Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 25 Sep 2020 12:20:30 -0700 Subject: [PATCH 018/153] Updated additional topics --- .../policy-configuration-service-provider.md | 113 +++++++++++++++++- .../mdm/policy-csps-admx-backed.md | 32 +++++ 2 files changed, 144 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d6adbd08d4..3b515627fa 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -933,7 +933,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled + ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled
ADMX_Scripts/MaxGPOScriptWaitPolicy @@ -1039,6 +1039,117 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_Smartcard policies + +
+
+ ADMX_Smartcard/AllowCertificatesWithNoEKU +
+
+ ADMX_Smartcard/AllowIntegratedUnblock +
+
+ ADMX_Smartcard/AllowSignatureOnlyKeys +
+
+ ADMX_Smartcard/AllowTimeInvalidCertificates +
+
+ ADMX_Smartcard/CertPropEnabledString +
+
+ ADMX_Smartcard/CertPropRootCleanupString +
+
+ ADMX_Smartcard/CertPropRootEnabledString +
+
+ ADMX_Smartcard/DisallowPlaintextPin +
+
+ ADMX_Smartcard/EnumerateECCCerts +
+
+ ADMX_Smartcard/FilterDuplicateCerts +
+
+ ADMX_Smartcard/ForceReadingAllCertificates +
+
+ ADMX_Smartcard/IntegratedUnblockPromptString +
+
+ ADMX_Smartcard/ReverseSubject +
+
+ ADMX_Smartcard/SCPnPEnabled +
+
+ ADMX_Smartcard/SCPnPNotification +
+
+ ADMX_Smartcard/X509HintsNeeded +
+
+ +## ADMX_Snmp policies + +
+
+ ADMX_Snmp/SNMP_Communities +
+
+ ADMX_Snmp/SNMP_PermittedManagers +
+
+ ADMX_Snmp/SNMP_Traps_Public +
+
+ +## ADMX_tcpip policies + +
+
+ ADMX_tcpip/6to4_Router_Name +
+
+ ADMX_tcpip/6to4_Router_Name_Resolution_Interval +
+
+ ADMX_tcpip/6to4_State +
+
+ ADMX_tcpip/IPHTTPS_ClientState +
+
+ ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State +
+
+ ADMX_tcpip/ISATAP_Router_Name +
+
+ ADMX_tcpip/ISATAP_State +
+
+ ADMX_tcpip/Teredo_Client_Port +
+
+ ADMX_tcpip/Teredo_Default_Qualified +
+
+ ADMX_tcpip/Teredo_Refresh_Rate +
+
+ ADMX_tcpip/Teredo_Server_Name +
+
+ ADMX_tcpip/Teredo_State +
+
+ ADMX_tcpip/Windows_Scaling_Heuristics_State +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index a28103799c..b50b706576 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -260,6 +260,38 @@ ms.date: 08/18/2020 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit) - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps) - [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd) +- [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku) +- [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock) +- [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys) +- [ADMX_Smartcard/AllowTimeInvalidCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates) +- [ADMX_Smartcard/CertPropEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring) +- [ADMX_Smartcard/CertPropRootCleanupString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring) +- [ADMX_Smartcard/CertPropRootEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring) +- [ADMX_Smartcard/DisallowPlaintextPin](./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin) +- [ADMX_Smartcard/EnumerateECCCerts](./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts) +- [ADMX_Smartcard/FilterDuplicateCerts](./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts) +- [ADMX_Smartcard/ForceReadingAllCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates) +- [ADMX_Smartcard/IntegratedUnblockPromptString](./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring) +- [ADMX_Smartcard/ReverseSubject](./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject) +- [ADMX_Smartcard/SCPnPEnabled](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled) +- [ADMX_Smartcard/SCPnPNotification](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification) +- [ADMX_Smartcard/X509HintsNeeded](./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded) +- [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities) +- [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers) +- [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public) +- [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name) +- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip#admx-tcpip-6to4-router-name-resolution-interval) +- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip#admx-tcpip-6to4-state) +- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip#admx-tcpip-iphttps-clientstate) +- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip#admx-tcpip-ip-stateless-autoconfiguration-limits-state) +- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip#admx-tcpip-isatap-router-name) +- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip#admx-tcpip-isatap-state) +- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip#admx-tcpip-teredo-client-port) +- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip#admx-tcpip-teredo-default-qualified) +- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip#admx-tcpip-teredo-refresh-rate) +- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip#admx-tcpip-teredo-server-name) +- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip#admx-tcpip-teredo-state) +- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip#admx-tcpip-windows-scaling-heuristics-state) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 923e2e55687c368449407f1b076ac17bbbceb71a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 25 Sep 2020 12:27:52 -0700 Subject: [PATCH 019/153] Fixed broken links --- .../policy-configuration-service-provider.md | 24 +++++++++---------- .../mdm/policy-csps-admx-backed.md | 24 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 3b515627fa..6845188857 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1113,40 +1113,40 @@ The following diagram shows the Policy configuration service provider in tree fo ADMX_tcpip/6to4_Router_Name
- ADMX_tcpip/6to4_Router_Name_Resolution_Interval + ADMX_tcpip/6to4_Router_Name_Resolution_Interval
- ADMX_tcpip/6to4_State + ADMX_tcpip/6to4_State
- ADMX_tcpip/IPHTTPS_ClientState + ADMX_tcpip/IPHTTPS_ClientState
- ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State + ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State
- ADMX_tcpip/ISATAP_Router_Name + ADMX_tcpip/ISATAP_Router_Name
- ADMX_tcpip/ISATAP_State + ADMX_tcpip/ISATAP_State
- ADMX_tcpip/Teredo_Client_Port + ADMX_tcpip/Teredo_Client_Port
- ADMX_tcpip/Teredo_Default_Qualified + ADMX_tcpip/Teredo_Default_Qualified
- ADMX_tcpip/Teredo_Refresh_Rate + ADMX_tcpip/Teredo_Refresh_Rate
- ADMX_tcpip/Teredo_Server_Name + ADMX_tcpip/Teredo_Server_Name
- ADMX_tcpip/Teredo_State + ADMX_tcpip/Teredo_State
- ADMX_tcpip/Windows_Scaling_Heuristics_State + ADMX_tcpip/Windows_Scaling_Heuristics_State
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index b50b706576..0a133ca7ed 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -280,18 +280,18 @@ ms.date: 08/18/2020 - [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers) - [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public) - [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name) -- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip#admx-tcpip-6to4-router-name-resolution-interval) -- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip#admx-tcpip-6to4-state) -- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip#admx-tcpip-iphttps-clientstate) -- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip#admx-tcpip-ip-stateless-autoconfiguration-limits-state) -- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip#admx-tcpip-isatap-router-name) -- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip#admx-tcpip-isatap-state) -- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip#admx-tcpip-teredo-client-port) -- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip#admx-tcpip-teredo-default-qualified) -- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip#admx-tcpip-teredo-refresh-rate) -- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip#admx-tcpip-teredo-server-name) -- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip#admx-tcpip-teredo-state) -- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip#admx-tcpip-windows-scaling-heuristics-state) +- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval) +- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state) +- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate) +- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state) +- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name) +- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state) +- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port) +- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified) +- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate) +- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name) +- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state) +- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From a87cf0255395835f28908b65849720eecba6fc1a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 25 Sep 2020 14:08:44 -0700 Subject: [PATCH 020/153] Added thumbnails policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 14 + .../mdm/policy-csp-admx-thumbnails.md | 264 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 3 + 4 files changed, 282 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-thumbnails.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index f4b2ea4002..ebab63e4c5 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -211,6 +211,7 @@ #### [ADMX_Smartcard](policy-csp-admx-smartcard.md) #### [ADMX_Snmp](policy-csp-admx-snmp.md) #### [ADMX_tcpip](policy-csp-admx-tcpip.md) +#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6845188857..ef4dfa5e02 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1150,6 +1150,20 @@ The following diagram shows the Policy configuration service provider in tree fo +## ADMX_Thumbnails policies + +
+
+ ADMX_Thumbnails/DisableThumbnails +
+
+ ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders +
+
+ ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md new file mode 100644 index 0000000000..69fd52c66e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -0,0 +1,264 @@ +--- +title: Policy CSP - ADMX_Thumbnails +description: Policy CSP - ADMX_Thumbnails +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/25/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_Thumbnails +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_Thumbnails policies + +
+
+ ADMX_Thumbnails/DisableThumbnails +
+
+ ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders +
+
+ ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders +
+
+ +
+ + +**ADMX_Thumbnails/DisableThumbnails** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. + +File Explorer displays thumbnail images by default. + +If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images. + +If you disable or do not configure this policy setting, File Explorer displays only thumbnail images. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off the display of thumbnails and only display icons.* +- GP name: *DisableThumbnails* +- GP path: *Windows Components\File Explorer* +- GP ADMX file name: *Thumbnails.admx* + + + +
+ + +**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders. + +File Explorer displays thumbnail images on network folders by default. + +If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders. + +If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off the display of thumbnails and only display icons on network folders* +- GP name: *DisableThumbnailsOnNetworkFolders* +- GP path: *Windows Components\File Explorer* +- GP ADMX file name: *Thumbnails.admx* + + + +
+ + +**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files. + +This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files. + +If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files. + +If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files* +- GP name: *DisableThumbsDBOnNetworkFolders* +- GP path: *Windows Components\File Explorer* +- GP ADMX file name: *Thumbnails.admx* + + + +
+ + +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 0a133ca7ed..e0643a3d68 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -292,6 +292,9 @@ ms.date: 08/18/2020 - [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name) - [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state) - [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state) +- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails#admx-thumbnails-disablethumbnails) +- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails#admx-thumbnails-disablethumbnailsonnetworkfolders) +- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails#admx-thumbnails-disablethumbsdbonnetworkfolders) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 785af45d4a903c66e869c3c84d523d8d18757e1d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 25 Sep 2020 14:52:01 -0700 Subject: [PATCH 021/153] Updated broken links --- windows/client-management/mdm/policy-csps-admx-backed.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index e0643a3d68..4268c0273b 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -292,9 +292,9 @@ ms.date: 08/18/2020 - [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name) - [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state) - [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state) -- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails#admx-thumbnails-disablethumbnails) -- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails#admx-thumbnails-disablethumbnailsonnetworkfolders) -- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails#admx-thumbnails-disablethumbsdbonnetworkfolders) +- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails) +- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders) +- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From dc07d85da292e004599bbaca4bc92a88558bd8f4 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 25 Sep 2020 16:10:11 -0700 Subject: [PATCH 022/153] Added tpm policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 35 + .../mdm/policy-csp-admx-tpm.md | 803 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 10 + 4 files changed, 849 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-tpm.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index ebab63e4c5..6cf683712d 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -212,6 +212,7 @@ #### [ADMX_Snmp](policy-csp-admx-snmp.md) #### [ADMX_tcpip](policy-csp-admx-tcpip.md) #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) +#### [ADMX_TPM](policy-csp-admx-tpm.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index ef4dfa5e02..32152a5096 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1164,6 +1164,41 @@ The following diagram shows the Policy configuration service provider in tree fo +### ADMX_TPM policies + +
+
+ ADMX_TPM/BlockedCommandsList_Name +
+
+ ADMX_TPM/ClearTPMIfNotReady_Name +
+
+ ADMX_TPM/IgnoreDefaultList_Name +
+
+ ADMX_TPM/IgnoreLocalList_Name +
+
+ ADMX_TPM/OSManagedAuth_Name +
+
+ ADMX_TPM/OptIntoDSHA_Name +
+
+ ADMX_TPM/StandardUserAuthorizationFailureDuration_Name +
+
+ ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name +
+
+ ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name +
+
+ ADMX_TPM/UseLegacyDAP_Name +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md new file mode 100644 index 0000000000..9ceb1ccce8 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -0,0 +1,803 @@ +--- +title: Policy CSP - ADMX_TPM +description: Policy CSP - ADMX_TPM +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/25/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_TPM +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_TPM policies + +
+
+ ADMX_TPM/BlockedCommandsList_Name +
+
+ ADMX_TPM/ClearTPMIfNotReady_Name +
+
+ ADMX_TPM/IgnoreDefaultList_Name +
+
+ ADMX_TPM/IgnoreLocalList_Name +
+
+ ADMX_TPM/OSManagedAuth_Name +
+
+ ADMX_TPM/OptIntoDSHA_Name +
+
+ ADMX_TPM/StandardUserAuthorizationFailureDuration_Name +
+
+ ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name +
+
+ ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name +
+
+ ADMX_TPM/UseLegacyDAP_Name +
+
+ + +
+ + +**ADMX_TPM/BlockedCommandsList_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows. + +If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section. + +If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the list of blocked TPM commands* +- GP name: *Enabled* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/ClearTPMIfNotReady_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the system to clear the TPM if it is not in a ready state.* +- GP name: *ClearTPMIfNotReadyGP* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/IgnoreDefaultList_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands. + +If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list. + +The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands. + +If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Ignore the default list of blocked TPM commands* +- GP name: *IgnoreDefaultList* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/IgnoreLocalList_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands. + +If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list. + +The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands. + +If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Ignore the local list of blocked TPM commands* +- GP name: *IgnoreLocalList* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/OSManagedAuth_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password. + +You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none. + +If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose. + +Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used. + +Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic. + +Choose the operating system managed TPM authentication setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications. + +> [!NOTE] +> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the level of TPM owner authorization information available to the operating system* +- GP name: *OSManagedAuthLevel* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/OptIntoDSHA_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Device Health Attestation Monitoring and Reporting* +- GP name: *EnableDeviceHealthAttestationService* +- GP path: *System\Device Health Attestation Service* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM. + +This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. + +An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored. + +For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. + +The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. + +The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. + +The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. + +An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately. + +If this value is not configured, a default value of 480 minutes (8 hours) is used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Standard User Lockout Duration* +- GP name: *StandardUserAuthorizationFailureDuration* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. + +This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. + +An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored. + +For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. + +This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. + +The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. + +The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. + +An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately. + +If this value is not configured, a default value of 4 is used. + +A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Standard User Individual Lockout Threshold* +- GP name: *StandardUserAuthorizationFailureIndividualThreshold* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. + +This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. + +An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored. + +For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. + +The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. + +This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. + +The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. + +An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately. + +If this value is not configured, a default value of 9 is used. + +A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Standard User Total Lockout Threshold* +- GP name: *StandardUserAuthorizationFailureTotalThreshold* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ + +**ADMX_TPM/UseLegacyDAP_Name** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.* +- GP name: *UseLegacyDictionaryAttackParameters* +- GP path: *System\Trusted Platform Module Services* +- GP ADMX file name: *TPM.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 4268c0273b..69e01d46a5 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -295,6 +295,16 @@ ms.date: 08/18/2020 - [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails) - [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders) - [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders) +- [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name) +- [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name) +- [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name) +- [ADMX_TPM/IgnoreLocalList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name) +- [ADMX_TPM/OSManagedAuth_Name](./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name) +- [ADMX_TPM/OptIntoDSHA_Name](./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name) +- [ADMX_TPM/StandardUserAuthorizationFailureDuration_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name) +- [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name) +- [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name) +- [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From fe887186cd821dda6759aa04fd584a526df5f364 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Mon, 28 Sep 2020 09:27:17 +0200 Subject: [PATCH 023/153] Update account-lockout-threshold.md Added note. --- .../security-policy-settings/account-lockout-threshold.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 3db828212a..20f886d1ec 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -87,6 +87,9 @@ For more information about Windows security baseline recommendations for account This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. +> [!NOTE] +> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory). + ### Vulnerability Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed. From 37fa946455d231fd9c80946dbec8819b3f9088d7 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 28 Sep 2020 14:15:30 +0530 Subject: [PATCH 024/153] fixed missing text as per the user report #8370 , so i added the word **Password** --- .../security-policy-settings/minimum-password-length.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 35eaa8ac76..60d1136acd 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -76,7 +76,7 @@ Types of password attacks include dictionary attacks (which attempt to use commo ### Countermeasure -Configure the **** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required. +Configure the **Password** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required. In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack. From 4cae659e0a5849ab535c4c3fc559a987f1b4a7a4 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 28 Sep 2020 18:10:53 +0530 Subject: [PATCH 025/153] Update windows/security/threat-protection/security-policy-settings/minimum-password-length.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../security-policy-settings/minimum-password-length.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 60d1136acd..74ed307f82 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -76,7 +76,7 @@ Types of password attacks include dictionary attacks (which attempt to use commo ### Countermeasure -Configure the **Password** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required. +Configure the **Minimum password length** policy setting to a value of 8 or more. If the number of characters is set to 0, no password will be required. In most environments, we recommend an eight-character password because it is long enough to provide adequate security, but not too difficult for users to easily remember. This configuration provides adequate defense against a brute force attack. Using the [Password must meet complexity requirements](password-must-meet-complexity-requirements.md) policy setting in addition to the **Minimum password length** setting helps reduce the possibility of a dictionary attack. From 3092c8d3eb2477ce9a10a28f0165444e74b15db8 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 28 Sep 2020 13:15:28 -0700 Subject: [PATCH 026/153] Added ADMX_W32Time policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 17 + .../mdm/policy-csp-admx-w32time.md | 425 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 4 + 4 files changed, 447 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-w32time.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 6cf683712d..621e6b7d8e 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -213,6 +213,7 @@ #### [ADMX_tcpip](policy-csp-admx-tcpip.md) #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) #### [ADMX_TPM](policy-csp-admx-tpm.md) +#### [ADMX_W32Time](policy-csp-admx-w32time.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 32152a5096..80a578311f 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1199,6 +1199,23 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_W32Time policies + +
+
+ ADMX_W32Time/W32TIME_POLICY_CONFIG +
+
+ ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT +
+
+ ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT +
+
+ ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md new file mode 100644 index 0000000000..06d706ba16 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -0,0 +1,425 @@ +--- +title: Policy CSP - ADMX_W32Time +description: Policy CSP - ADMX_W32Time +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_W32Time +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_W32Time policies + +
+
+ ADMX_W32Time/W32TIME_POLICY_CONFIG +
+
+ ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT +
+
+ ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT +
+
+ ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER +
+
+ + +
+ + +**ADMX_W32Time/W32TIME_POLICY_CONFIG** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs. + +If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values. + +For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809. + +**FrequencyCorrectRate** +This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar). + +**HoldPeriod** +This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5 + +**LargePhaseOffset** +If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds. + +**MaxAllowedPhaseOffset** +If a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds. + +**MaxNegPhaseCorrection** +If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. + +**MaxPosPhaseCorrection** +If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. + +**PhaseCorrectRate** +This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more slowly; larger values cause the clock to correct more quickly. Default: 7 (scalar). + +**PollAdjustFactor** +This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar). + +**SpikeWatchPeriod** +This parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds. + +**UpdateInterval** +This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second. + +General parameters: + +**AnnounceFlags** +This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal + +**EventLogFlags** +This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask. + +**LocalClockDispersion** +This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds. + +**MaxPollInterval** +This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.) + +**MinPollInterval** +This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds. + +**ClockHoldoverPeriod** +This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds. + +**RequireSecureTimeSyncRequests** +This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean. + +**UtilizeSslTimeData** +This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock. Default: 1 (enabled) Boolean + +**ClockAdjustmentAuditLimit** +This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM). + +RODC parameters: + +**ChainEntryTimeout** +This parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds. + +**ChainMaxEntries** +This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries. + +**ChainMaxHostEntries** +This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries. + +**ChainDisable** +This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean. + +**ChainLoggingRate** +This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Global Configuration Settings* +- GP path: *System\Windows Time Service* +- GP ADMX file name: *W32Time.admx* + + + +
+ + +**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client. + +If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. + +If you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters. + +**NtpServer** +The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". + +**Type** +This value controls the authentication that W32time uses. The default value is NT5DS. + +**CrossSiteSyncFlags** +This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal). + +**ResolvePeerBackoffMinutes** +This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes. + +**ResolvePeerBackoffMaxTimes** +This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts. + +**SpecialPollInterval** +This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds. + +**EventLogFlags** +This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Windows NTP Client* +- GP path: *System\Windows Time Service\Time Providers* +- GP ADMX file name: *W32Time.admx* + + + +
+ + +**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled. + +Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider. + +If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers. + +If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Windows NTP Client* +- GP path: *System\Windows Time Service\Time Providers* +- GP ADMX file name: *W32Time.admx* + + + +
+ + +**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled. + +If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers. + +If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable Windows NTP Server* +- GP path: *System\Windows Time Service\Time Providers* +- GP ADMX file name: *W32Time.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 69e01d46a5..c89979d252 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -305,6 +305,10 @@ ms.date: 08/18/2020 - [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name) - [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name) - [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name) +- [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config) +- [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient) +- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient) +- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From b4d8362c11a91afc2d6f75de1e14f98765f6c631 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 28 Sep 2020 13:45:55 -0700 Subject: [PATCH 027/153] Added ADMX_WinCal policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 11 + .../mdm/policy-csp-admx-wincal.md | 192 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 2 + 4 files changed, 206 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-wincal.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 621e6b7d8e..390a6e745b 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -214,6 +214,7 @@ #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) #### [ADMX_TPM](policy-csp-admx-tpm.md) #### [ADMX_W32Time](policy-csp-admx-w32time.md) +#### [ADMX_WinCal](policy-csp-admx-wincal.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 80a578311f..f3603daa20 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1216,6 +1216,17 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WinCal policies + +
+
+ ADMX_WinCal/TurnOffWinCal_1 +
+
+ ADMX_WinCal/TurnOffWinCal_2 +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md new file mode 100644 index 0000000000..68a446f126 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -0,0 +1,192 @@ +--- +title: Policy CSP - ADMX_WinCal +description: Policy CSP - ADMX_WinCal +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/28/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WinCal +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WinCal policies + +
+
+ ADMX_WinCal/TurnOffWinCal_1 +
+
+ ADMX_WinCal/TurnOffWinCal_2 +
+
+ + +
+ + +**ADMX_WinCal/TurnOffWinCal_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. + +If you enable this setting, Windows Calendar will be turned off. + +If you disable or do not configure this setting, Windows Calendar will be turned on. + +The default is for Windows Calendar to be turned on. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Windows Calendar* +- GP name: *TurnOffWinCal* +- GP path: *Windows Components\Windows Calendar* +- GP ADMX file name: *WinCal.admx* + + + +
+ +
+ + +**ADMX_WinCal/TurnOffWinCal_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars. + +If you enable this setting, Windows Calendar will be turned off. + +If you disable or do not configure this setting, Windows Calendar will be turned on. + +The default is for Windows Calendar to be turned on. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off Windows Calendar* +- GP name: *TurnOffWinCal* +- GP path: *Windows Components\Windows Calendar* +- GP ADMX file name: *WinCal.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index c89979d252..94c351c5f0 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -309,6 +309,8 @@ ms.date: 08/18/2020 - [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient) - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient) - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver) +- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1) +- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 99a9b86d3523469488645ff3a22216fbc89fc117 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 28 Sep 2020 14:56:35 -0700 Subject: [PATCH 028/153] Added ADMX_WindowsAnytimeUpgrade policy --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 8 ++ .../policy-csp-admx-windowsanytimeupgrade.md | 115 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 1 + 4 files changed, 125 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 390a6e745b..d4cb827000 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -215,6 +215,7 @@ #### [ADMX_TPM](policy-csp-admx-tpm.md) #### [ADMX_W32Time](policy-csp-admx-w32time.md) #### [ADMX_WinCal](policy-csp-admx-wincal.md) +#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index f3603daa20..942a169e16 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1227,6 +1227,14 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WindowsAnytimeUpgrade policies + +
+
+ ADMX_WindowsAnytimeUpgrade/Disabled +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md new file mode 100644 index 0000000000..cf1df8947e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -0,0 +1,115 @@ +--- +title: Policy CSP - ADMX_WindowsAnytimeUpgrade +description: Policy CSP - ADMX_WindowsAnytimeUpgrade +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WindowsAnytimeUpgrade +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WindowsAnytimeUpgrade policies + +
+
+ ADMX_WindowsAnytimeUpgrade/Disabled +
+
+ + +
+ + +**ADMX_WindowsAnytimeUpgrade/Disabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators. + +If you enable this policy setting, the wizard will not run. + +If you disable this policy setting or set it to Not Configured, the wizard will run. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent the wizard from running.* +- GP name: *Disabled* +- GP path: *Windows Components\Add features to Windows 10* +- GP ADMX file name: *WindowsAnytimeUpgrade.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 94c351c5f0..e97dd70278 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -311,6 +311,7 @@ ms.date: 08/18/2020 - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver) - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1) - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2) +- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From b1528058b20bb818d5012e571d0bec3bba115fab Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 28 Sep 2020 15:28:43 -0700 Subject: [PATCH 029/153] Added ADMX_WindowsConnectNow policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 14 + .../mdm/policy-csp-admx-windowsconnectnow.md | 264 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 3 + 4 files changed, 282 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index d4cb827000..1a50775fed 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -216,6 +216,7 @@ #### [ADMX_W32Time](policy-csp-admx-w32time.md) #### [ADMX_WinCal](policy-csp-admx-wincal.md) #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) +#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 942a169e16..08f08c8011 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1235,6 +1235,20 @@ The following diagram shows the Policy configuration service provider in tree fo
+## ADMX_WindowsConnectNow policies + +
+
+ ADMX_WindowsConnectNow/WCN_DisableWcnUi_1 +
+
+ ADMX_WindowsConnectNow/WCN_DisableWcnUi_2 +
+
+ ADMX_WindowsConnectNow/WCN_EnableRegistrar +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md new file mode 100644 index 0000000000..42a8d63502 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -0,0 +1,264 @@ +--- +title: Policy CSP - ADMX_WindowsConnectNow +description: Policy CSP - ADMX_WindowsConnectNow +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/28/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WindowsConnectNow +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WindowsConnectNow policies + +
+
+ ADMX_WindowsConnectNow/WCN_DisableWcnUi_1 +
+
+ ADMX_WindowsConnectNow/WCN_DisableWcnUi_2 +
+
+ ADMX_WindowsConnectNow/WCN_EnableRegistrar +
+
+ + +
+ + +**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. + +If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. + +If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit access of the Windows Connect Now wizards* +- GP name: *DisableWcnUi* +- GP path: *Network\Windows Connect Now* +- GP ADMX file name: *WindowsConnectNow.admx* + + + +
+ + +**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. + +If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. + +If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prohibit access of the Windows Connect Now wizards* +- GP name: *DisableWcnUi* +- GP path: *Network\Windows Connect Now* +- GP ADMX file name: *WindowsConnectNow.admx* + + + +
+ + +**ADMX_WindowsConnectNow/WCN_EnableRegistrar** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives. + +Additional options are available to allow discovery and configuration over a specific medium. + +If you enable this policy setting, additional choices are available to turn off the operations over a specific medium. + +If you disable this policy setting, operations are disabled over all media. + +If you do not configure this policy setting, operations are enabled over all media. + +The default for this policy setting allows operations over all media. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configuration of wireless settings using Windows Connect Now* +- GP name: *EnableRegistrars* +- GP path: *Network\Windows Connect Now* +- GP ADMX file name: *WindowsConnectNow.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index e97dd70278..517e1b3242 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -312,6 +312,9 @@ ms.date: 08/18/2020 - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1) - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2) - [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled) +- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1) +- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2) +- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 34711cbcaff1e9144803c2c87fefc4eba3bcc382 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 28 Sep 2020 15:58:04 -0700 Subject: [PATCH 030/153] Minor update to trigger the build --- windows/client-management/mdm/policy-csp-admx-w32time.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 06d706ba16..b36e9f1f97 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 08/13/2020 +ms.date: 09/28/2020 ms.reviewer: manager: dansimp --- From 29c6c4cba72eb604a1ebd284fad07bf6b0179973 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 28 Sep 2020 16:05:04 -0700 Subject: [PATCH 031/153] Triggered build --- .../mdm/policy-csp-admx-windowsanytimeupgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index cf1df8947e..eaec1b6973 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 08/13/2020 +ms.date: 09/28/2020 ms.reviewer: manager: dansimp --- From a5e66c2f9b016b7a4fb357a775e01b3789758755 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 29 Sep 2020 08:15:54 -0700 Subject: [PATCH 032/153] minor update to trigger build --- .../mdm/policy-csp-admx-windowsanytimeupgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index eaec1b6973..8b06f92864 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 09/28/2020 +ms.date: 09/29/2020 ms.reviewer: manager: dansimp --- From b27e93817a1a5e49d4e813395bffe2a370a49ccc Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 29 Sep 2020 14:18:30 -0700 Subject: [PATCH 033/153] Added new policies --- windows/client-management/mdm/TOC.md | 2 + .../policy-configuration-service-provider.md | 22 ++ .../mdm/policy-csp-admx-windowsmediadrm.md | 116 ++++++++ .../mdm/policy-csp-admx-wininit.md | 258 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 4 + 5 files changed, 402 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md create mode 100644 windows/client-management/mdm/policy-csp-admx-wininit.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 1a50775fed..0e3fcee42d 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -217,6 +217,8 @@ #### [ADMX_WinCal](policy-csp-admx-wincal.md) #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) +#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md) +#### [ADMX_WinInit](policy-csp-admx-wininit.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 08f08c8011..b671485756 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1249,6 +1249,28 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WindowsMediaDRM policies + +
+
+ ADMX_WindowsMediaDRM/DisableOnline +
+
+ +### ADMX_WinInit policies + +
+
+ ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription +
+
+ ADMX_WinInit/Hiberboot +
+
+ ADMX_WinInit/ShutdownTimeoutHungSessionsDescription +
+
+ ### ApplicationDefaults policies
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md new file mode 100644 index 0000000000..d9845c8533 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -0,0 +1,116 @@ +--- +title: Policy CSP - ADMX_WindowsMediaDRM +description: Policy CSP - ADMX_WindowsMediaDRM +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 08/13/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WindowsMediaDRM +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WindowsMediaDRM policies + +
+
+ ADMX_WindowsMediaDRM/DisableOnline +
+
+ + +
+ + +**ADMX_WindowsMediaDRM/DisableOnline** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). + +When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades. + +When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario. + +When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Windows Media DRM Internet Access* +- GP name: *DisableOnline* +- GP path: *Windows Components\Windows Media Digital Rights Management* +- GP ADMX file name: *WindowsMediaDRM.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md new file mode 100644 index 0000000000..d643b12d8e --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -0,0 +1,258 @@ +--- +title: Policy CSP - ADMX_WinInit +description: Policy CSP - ADMX_WinInit +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/29/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WinInit +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WinInit policies + +
+
+ ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription +
+
+ ADMX_WinInit/Hiberboot +
+
+ ADMX_WinInit/ShutdownTimeoutHungSessionsDescription +
+
+ + +
+ + +**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system. + +If you enable this policy setting, the system does not create the named pipe remote shutdown interface. + +If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn off legacy remote shutdown interface* +- GP name: *DisableShutdownNamedPipe* +- GP path: *Windows Components\Shutdown Options* +- GP ADMX file name: *WinInit.admx* + + + +
+ + +**ADMX_WinInit/Hiberboot** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup. + +If you enable this policy setting, the system requires hibernate to be enabled. + +If you disable or do not configure this policy setting, the local setting is used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Require use of fast startup* +- GP name: *HiberbootEnabled* +- GP path: *System\Shutdown* +- GP ADMX file name: *WinInit.admx* + + + +
+ + +**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown. + +If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified. + +If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Timeout for hung logon sessions during shutdown* +- GP name: *ShutdownSessionTimeout* +- GP path: *Windows Components\Shutdown Options* +- GP ADMX file name: *WinInit.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 517e1b3242..c3a2099eeb 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -315,6 +315,10 @@ ms.date: 08/18/2020 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1) - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2) - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar) +- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline) +- [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription) +- [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot) +- [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription) - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional) - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient) - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization) From 2c9849af23b1dbf34b6d05e4edefb9293f0f42b2 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 29 Sep 2020 16:57:54 -0700 Subject: [PATCH 034/153] Added ADMX_WindowsMediaPlayer policies --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 68 + .../mdm/policy-csp-admx-windowsmediaplayer.md | 1614 +++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 21 + 4 files changed, 1704 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 0e3fcee42d..ae073dff6b 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -218,6 +218,7 @@ #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) #### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md) +#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md) #### [ADMX_WinInit](policy-csp-admx-wininit.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b671485756..104e8eda94 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1257,6 +1257,74 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_WindowsMediaPlayer policies + +
+
+ ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings +
+
+ ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings +
+
+ ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings +
+
+ ADMX_WindowsMediaPlayer/DisableAutoUpdate +
+
+ ADMX_WindowsMediaPlayer/DisableNetworkSettings +
+
+ ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration +
+
+ ADMX_WindowsMediaPlayer/DoNotShowAnchor +
+
+ ADMX_WindowsMediaPlayer/DontUseFrameInterpolation +
+
+ ADMX_WindowsMediaPlayer/EnableScreenSaver +
+
+ ADMX_WindowsMediaPlayer/HidePrivacyTab +
+
+ ADMX_WindowsMediaPlayer/HideSecurityTab +
+
+ ADMX_WindowsMediaPlayer/NetworkBuffering +
+
+ ADMX_WindowsMediaPlayer/PolicyCodecUpdate +
+
+ ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval +
+
+ ADMX_WindowsMediaPlayer/PreventLibrarySharing +
+
+ ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval +
+
+ ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut +
+
+ ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval +
+
+ ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut +
+
+ ADMX_WindowsMediaPlayer/SkinLockDown +
+
+ ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols +
+
+ ### ADMX_WinInit policies
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md new file mode 100644 index 0000000000..60960251b2 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -0,0 +1,1614 @@ +--- +title: Policy CSP - ADMX_WindowsMediaPlayer +description: Policy CSP - ADMX_WindowsMediaPlayer +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/29/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_WindowsMediaPlayer +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_WindowsMediaPlayer policies + +
+
+ ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings +
+
+ ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings +
+
+ ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings +
+
+ ADMX_WindowsMediaPlayer/DisableAutoUpdate +
+
+ ADMX_WindowsMediaPlayer/DisableNetworkSettings +
+
+ ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration +
+
+ ADMX_WindowsMediaPlayer/DoNotShowAnchor +
+
+ ADMX_WindowsMediaPlayer/DontUseFrameInterpolation +
+
+ ADMX_WindowsMediaPlayer/EnableScreenSaver +
+
+ ADMX_WindowsMediaPlayer/HidePrivacyTab +
+
+ ADMX_WindowsMediaPlayer/HideSecurityTab +
+
+ ADMX_WindowsMediaPlayer/NetworkBuffering +
+
+ ADMX_WindowsMediaPlayer/PolicyCodecUpdate +
+
+ ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval +
+
+ ADMX_WindowsMediaPlayer/PreventLibrarySharing +
+
+ ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval +
+
+ ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut +
+
+ ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval +
+
+ ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut +
+
+ ADMX_WindowsMediaPlayer/SkinLockDown +
+
+ ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols +
+
+ + +
+ + +**ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player. + +If you enable this policy setting, select one of the following proxy types: + +- Autodetect: the proxy settings are automatically detected. +- Custom: unique proxy settings are used. +- Use browser proxy settings: browser's proxy settings are used. + +If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected. + +The Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. + +This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP is not selected. + +If you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the HTTP proxy. + +If you do not configure this policy setting, users can configure the HTTP proxy settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure HTTP Proxy* +- GP name: *ProxyPolicy* +- GP path: *Windows Components\Windows Media Player\Networking* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the MMS proxy settings for Windows Media Player. + +If you enable this policy setting, select one of the following proxy types: + +- Autodetect: the proxy settings are automatically detected. +- Custom: unique proxy settings are used. + +If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected. + +The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. + +This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast is not selected. + +If you disable this policy setting, the MMS proxy server cannot be used and users cannot configure the MMS proxy settings. + +If you do not configure this policy setting, users can configure the MMS proxy settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure MMS Proxy* +- GP name: *ProxyPolicy* +- GP path: *Windows Components\Windows Media Player\Networking* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player. + +If you enable this policy setting, select one of the following proxy types: + +- Autodetect: the proxy settings are automatically detected. +- Custom: unique proxy settings are used. + +If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected. + +The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. + +If you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP proxy settings. + +If you do not configure this policy setting, users can configure the RTSP proxy settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure RTSP Proxy* +- GP name: *ProxyPolicy* +- GP path: *Windows Components\Windows Media Player\Networking* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/DisableAutoUpdate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to turn off do not show first use dialog boxes. + +If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player. + +This policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies. + +If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Automatic Updates* +- GP name: *DisableAutoUpdate* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/DisableNetworkSettings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Network tab. + +If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player. + +If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide Network Tab* +- GP name: *HideNetworkTab* +- GP path: *Windows Components\Windows Media Player\Networking* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode. + +If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available. + +If you disable or do not configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. + +If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window are not available. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do Not Show First Use Dialog Boxes* +- GP name: *GroupPrivacyAcceptance* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/DoNotShowAnchor** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode. + +This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available. + +When this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. + +When this policy is not configured and the Set and Lock Skin policy is enabled, some options in the anchor window are not available. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do Not Show Anchor* +- GP name: *DoNotShowAnchor* +- GP path: *Windows Components\Windows Media Player\User Interface* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/DontUseFrameInterpolation** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent video smoothing from occurring. + +If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available. + +If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and is not available. + +If you do not configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box. + +Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Video Smoothing* +- GP name: *DontUseFrameInterpolation* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/EnableScreenSaver** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows a screen saver to interrupt playback. + +If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available. + +If you disable this policy setting, a screen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and is not available. + +If you do not configure this policy setting, users can change the setting for the Allow screen saver during playback check box. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Allow Screen Saver* +- GP name: *EnableScreenSaver* +- GP path: *Windows Components\Windows Media Player\Playback* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/HidePrivacyTab** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Privacy tab in Windows Media Player. + +If you enable this policy setting, the "Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the "Prevent music file media information retrieval" policy setting is enabled. + +The default privacy settings are used for the options on the Privacy tab unless the user changed the settings previously. + +If you disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by other polices. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Automatic Updates* +- GP name: *HidePrivacyTab* +- GP path: *Windows Components\Windows Media Player\User Interface* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/HideSecurityTab** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Security tab in Windows Media Player. + +If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies. + +If you disable or do not configure this policy setting, users can configure the security settings on the Security tab. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Hide Security Tab* +- GP name: *HideSecurityTab* +- GP path: *WWindows Components\Windows Media Player\User Interface* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/NetworkBuffering** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds. + +If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played. + +- Custom: the number of seconds, up to 60, that streaming media is buffered. +- Default: default network buffering is used and the number of seconds that is specified is ignored. + +The "Use default buffering" and "Buffer" options on the Performance tab in the Player are not available. + +If you disable or do not configure this policy setting, users can change the buffering options on the Performance tab. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Network Buffering* +- GP name: *NetworkBufferingPolicy* +- GP path: *Windows Components\Windows Media Player\Networking* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PolicyCodecUpdate** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent Windows Media Player from downloading codecs. + +If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available. + +If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not available. + +If you do not configure this policy setting, users can change the setting for the Download codecs automatically check box. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Codec Download* +- GP name: *PreventCodecDownload* +- GP path: *Windows Components\Windows Media Player\Playback* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet. + +If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available. + +If you disable or do not configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent CD and DVD Media Information Retrieval* +- GP name: *PreventCDDVDMetadataRetrieval* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PreventLibrarySharing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media sharing from Windows Media Player. + +If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature. + +If you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Media Sharing* +- GP name: *PreventLibrarySharing* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media information for music files from being retrieved from the Internet. + +If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available. + +If you disable or do not configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Music File Media Information Retrieval* +- GP name: *PreventMusicFileMetadataRetrieval* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar. + +If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar. + +If you disable or do not configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Quick Launch Toolbar Shortcut Creation* +- GP name: *QuickLaunchShortcut* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent radio station presets from being retrieved from the Internet. + +If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed. + +If you disable or do not configure this policy setting, the Player automatically retrieves radio station presets from the Internet. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *PPrevent Radio Station Preset Retrieval* +- GP name: *PreventRadioPresetsRetrieval* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop. + +If you enable this policy setting, users cannot add the Player shortcut icon to their desktops. + +If you disable or do not configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent Desktop Shortcut Creation* +- GP name: *DesktopShortcut* +- GP path: *Windows Components\Windows Media Player* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/SkinLockDown** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin. + +If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab. + +You must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank. + +A user has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot choose a different skin. + +If you disable or do not configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Set and Lock Skin* +- GP name: *SetAndLockSkin* +- GP path: *Windows Components\Windows Media Player\User Interface* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ + +**ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services. + +If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected. + +If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is hidden. + +If you do not configure this policy setting, users can select the protocols to use on the Network tab. + +If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media server. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Streaming Media Protocols* +- GP name: *WindowsMediaStreamingProtocols* +- GP path: *Windows Components\Windows Media Player\Networking* +- GP ADMX file name: *WindowsMediaPlayer.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index c3a2099eeb..5e79d454aa 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -316,6 +316,27 @@ ms.date: 08/18/2020 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2) - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar) - [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline) +- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings) +- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings) +- [ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings) +- [ADMX_WindowsMediaPlayer/DisableAutoUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate) +- [ADMX_WindowsMediaPlayer/DisableNetworkSettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings) +- [ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration) +- [ADMX_WindowsMediaPlayer/DoNotShowAnchor](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor) +- [ADMX_WindowsMediaPlayer/DontUseFrameInterpolation](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation) +- [ADMX_WindowsMediaPlayer/EnableScreenSaver](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver) +- [ADMX_WindowsMediaPlayer/HidePrivacyTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab) +- [ADMX_WindowsMediaPlayer/HideSecurityTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab) +- [ADMX_WindowsMediaPlayer/NetworkBuffering](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering) +- [ADMX_WindowsMediaPlayer/PolicyCodecUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate) +- [ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval) +- [ADMX_WindowsMediaPlayer/PreventLibrarySharing](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing) +- [ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval) +- [ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut) +- [ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval) +- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut) +- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown) +- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols) - [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription) - [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot) - [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription) From 4b68c4b2823c88cf302c4afdf8a715f59e20c6e1 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 30 Sep 2020 10:11:13 +0300 Subject: [PATCH 035/153] Update windows/application-management/apps-in-windows-10.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/application-management/apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 4ccb193f06..6e4851acca 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -39,7 +39,7 @@ You can list all provisioned Windows apps with this PowerShell command: Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName ``` -Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909 and 2004. +Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004. | Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | |----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| From 2ad5f1b2418209f0e2e5c02010a041cffb54a2e8 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Wed, 30 Sep 2020 17:07:15 +0200 Subject: [PATCH 036/153] Update windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../security-policy-settings/account-lockout-threshold.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 20f886d1ec..55f3b22031 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -88,7 +88,7 @@ For more information about Windows security baseline recommendations for account This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. > [!NOTE] -> A lockout threshold policy will apply to both local member computer users and Domain Users, in order to allow mitigation of issues as described under "Vulnerability". The Built-In Administrator account however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot logon to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory). +> A lockout threshold policy will apply to both local member computer users and domain users, in order to allow mitigation of issues as described under "Vulnerability". The built-in Administrator account, however, whilst a highly privileged account, has a different risk profile and is excluded from this policy. This ensures there is no scenario where an administrator cannot sign in to remediate an issue. As an administrator, there are additional mitigation strategies available, such as a strong password. See also [Appendix D: Securing Built-In Administrator Accounts in Active Directory](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/appendix-d--securing-built-in-administrator-accounts-in-active-directory). ### Vulnerability From a0591322a45cf907c9f98cbc062e15cc6e151d29 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 30 Sep 2020 22:15:34 +0500 Subject: [PATCH 037/153] Link Update Updated a link to the correct source. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7972 --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 73946540c5..b3788ff49e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) -- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/intune/deploy-use/create-windows-information-protection-policy-with-intune) +- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/) From 02b4e0ea2fd336332abe2e6c90fcb3ddc84231fa Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Wed, 30 Sep 2020 11:03:25 -0700 Subject: [PATCH 038/153] CI 123773 - Updated text and markdown coding --- .../credential-guard-requirements.md | 82 +++++++++++-------- 1 file changed, 50 insertions(+), 32 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index cdf9c3ec9a..3c4371019f 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -12,29 +12,30 @@ ms.author: dansimp manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.date: 01/12/2018 +ms.date: 09/30/2020 ms.reviewer: --- # Windows Defender Credential Guard: Requirements -**Applies to** -- Windows 10 -- Windows Server 2016 +## Applies to +- Windows 10 +- Windows Server 2016 For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). - ## Hardware and software requirements To provide basic protections against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Windows Defender Credential Guard uses: + - Support for Virtualization-based security (required) - Secure boot (required) -- TPM (preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware +- TPM (preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware - UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) The Virtualization-based security requires: + - 64-bit CPU - CPU virtualization extensions plus extended page tables - Windows hypervisor (does not require Hyper-V Windows Feature to be installed) @@ -47,6 +48,7 @@ Credential Guard can protect secrets in a Hyper-V virtual machine, just as it wo - The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. - The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and be running at least Windows Server 2016 or Windows 10. + - Please note that TPM is not a requirement, but we highly recommend to implement TPM. For information about other host platforms, see [Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms](https://blogs.technet.microsoft.com/windowsserver/2016/09/29/enabling-windows-server-2016-and-hyper-v-virtualization-based-security-features-on-other-platforms/). @@ -57,19 +59,21 @@ For information about Windows Defender Remote Credential Guard hardware and soft When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality. >[!WARNING] -> Enabling Windows Defender Credential Guard on domain controllers is not supported.
+> Enabling Windows Defender Credential Guard on domain controllers is not supported. > The domain controller hosts authentication services which integrate with processes isolated when Windows Defender Credential Guard is enabled, causing crashes. >[!NOTE] > Windows Defender Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Windows Defender Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). Applications will break if they require: + - Kerberos DES encryption support - Kerberos unconstrained delegation - Extracting the Kerberos TGT - NTLMv1 Applications will prompt and expose credentials to risk if they require: + - Digest authentication - Credential delegation - MS-CHAPv2 @@ -86,52 +90,66 @@ The following tables describe baseline protections, plus protections for improve > [!NOTE] > Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers. -> +> > If you are an OEM, see [PC OEM requirements for Windows Defender Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx). ### Baseline protections -|Baseline Protections | Description | Security benefits +|Baseline Protections|Description|Security benefits |---|---|---| -| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | -| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT). | VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | -| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations) | A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | -| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)| UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | -| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).| UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 or Windows Server 2016.

Important:
Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard.

|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard. | +|Hardware: **64-bit CPU** |A 64-bit computer is required for the Windows hypervisor to provide VBS.| +|Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**:
- These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system.

Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.| +|Hardware: **Trusted Platform Module (TPM)**|**Requirement**:
- TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access.| +|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**:
- See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.| +|Firmware: **Secure firmware update process**|**Requirements**:
- UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.| +|Software: Qualified **Windows operating system**|**Requirement**:
- Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.| + +> [!IMPORTANT] +> Windows Server 2016 running as a domain controller does not support Windows Defender Credential Guard. > [!IMPORTANT] > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide. - ### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 -| Protections for Improved Security | Description | -|-----------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU **Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings. | -| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation | - -
+|Protections for Improved Security|Description| +|---|---| +|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**:
- VT-D or AMD Vi IOMMU

**Security benefits**:
- An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables)| +|Firmware: **Securing Boot Configuration and Management**|**Requirements**:
- BIOS password or stronger authentication must be supported.
- In the BIOS configuration, BIOS authentication must be set.
- There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
- In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.| +|Firmware: **Secure MOR, revision 2 implementation**|**Requirement**:
- Secure MOR, revision 2 implementation| ### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 > [!IMPORTANT] > The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. -| Protections for Improved Security | Description |Security Benefits | +|Protections for Improved Security|Description|Security Benefits| |---|---|---| -| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx). | Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | -| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update. | Helps ensure that firmware updates are fast, secure, and reliable. | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software. | • Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | - -
+|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**:
- Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
- The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
- HSTI provides additional security assurance for correctly secured silicon and platform.| +|Firmware: **Firmware Update through Windows Update**|**Requirements**:
- Firmware must support field updates through Windows Update and UEFI encapsulation update.|Helps ensure that firmware updates are fast, secure, and reliable.| +|Firmware: **Securing Boot Configuration and Management**|**Requirements**:
- Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
- Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.|- Enterprises can choose to allow proprietary EFI drivers/applications to run.
- Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots.| ### 2017 Additional security qualifications starting with Windows 10, version 1703 The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. -| Protections for Improved Security | Description | Security Benefits +|Protections for Improved Security|Description|Security Benefits |---|---|---| -| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volatile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and executable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code | • Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | -| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features. | • Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | +|Firmware: **VBS enablement of NX protection for UEFI runtime services**|**Requirements**:
- VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements:
- Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
- PE sections need to be page-aligned in memory (not required for in non-volatile storage).
- The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
- All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both.
- No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
(**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
- Reduces the attack surface to VBS from system firmware.| +|Firmware: **Firmware support for SMM protection**|**Requirements**:
- The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
- Reduces the attack surface to VBS from system firmware.
- Blocks additional security attacks against SMM.| + +> [!IMPORTANT] +> +>Regarding **VBS enablement of NX protection for UEFI runtime services**: +> +> - This only applies to UEFI runtime service memory, and not UEFI boot service memory. +> +> - This protection is applied by VBS on OS page tables. +> +> Please also note the following: +> +> - Do not use sections that are both writeable and executable +> +> - Do not attempt to directly modify executable system memory +> +> - Do not use dynamic code From 01259a7dbf009d8215b7900348e9554b6e4a83de Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Wed, 30 Sep 2020 22:46:32 +0300 Subject: [PATCH 039/153] Add spclient.wg.spotify.com Add spclient.wg.spotify.com to Windows Family and Home --- .../privacy/windows-endpoints-1909-non-enterprise-editions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index d0d7ff467f..7b104bdcb0 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -95,6 +95,7 @@ The following methodology was used to derive the network endpoints: |wdcp.microsoft.com|HTTPS|Used for Windows Defender when Cloud-based Protection is enabled |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows +|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile ## Windows 10 Pro @@ -159,6 +160,7 @@ The following methodology was used to derive the network endpoints: |windows.policies.live.net|HTTP|OneDrive |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows +|spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile ## Windows 10 Education From b49c6eb30236ead3116f680901083d0d035f75e2 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 30 Sep 2020 17:02:17 -0700 Subject: [PATCH 040/153] Added new policy --- ...y-csp-admx-userexperiencevirtualization.md | 1868 +++++++++++++++++ 1 file changed, 1868 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md new file mode 100644 index 0000000000..a68bb38163 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -0,0 +1,1868 @@ +--- +title: Policy CSP - ADMX_UserExperienceVirtualization +description: Policy CSP - ADMX_UserExperienceVirtualization +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 09/30/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_UserExperienceVirtualization +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_UserExperienceVirtualization policies + +
+
+ ADMX_UserExperienceVirtualization/Calculator +
+
+ ADMX_UserExperienceVirtualization/ConfigureSyncMethod +
+
+ ADMX_UserExperienceVirtualization/ConfigureVdi +
+
+ ADMX_UserExperienceVirtualization/ContactITDescription +
+
+ ADMX_UserExperienceVirtualization/ContactITUrl +
+
+ ADMX_UserExperienceVirtualization/DisableWin8Sync +
+
+ ADMX_UserExperienceVirtualization/DisableWindowsOSSettings +
+
+ ADMX_UserExperienceVirtualization/EnableUEV +
+
+ ADMX_UserExperienceVirtualization/Finance +
+
+ ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled +
+
+ ADMX_UserExperienceVirtualization/Games +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer8 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer9 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer10 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer11 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorerCommon +
+
+ ADMX_UserExperienceVirtualization/Maps +
+
+ ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016 +
+
+ ADMX_UserExperienceVirtualization/Music +
+
+ ADMX_UserExperienceVirtualization/News +
+
+ ADMX_UserExperienceVirtualization/Notepad +
+
+ ADMX_UserExperienceVirtualization/Reader +
+
+ ADMX_UserExperienceVirtualization/RepositoryTimeout +
+
+ ADMX_UserExperienceVirtualization/SettingsStoragePath +
+
+ ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath +
+
+ ADMX_UserExperienceVirtualization/Sports +
+
+ ADMX_UserExperienceVirtualization/SyncEnabled +
+
+ ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork +
+
+ ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming +
+
+ ADMX_UserExperienceVirtualization/SyncProviderPingEnabled +
+
+ ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps +
+
+ ADMX_UserExperienceVirtualization/Travel +
+
+ ADMX_UserExperienceVirtualization/TrayIconEnabled +
+
+ ADMX_UserExperienceVirtualization/Video +
+
+ ADMX_UserExperienceVirtualization/Weather +
+
+ ADMX_UserExperienceVirtualization/Wordpad +
+
+ + +
+ + +**ADMX_UserExperienceVirtualization/Calculator** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Calculator. + +By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers. + +If you enable this policy setting, the Calculator user settings continue to synchronize. + +If you disable this policy setting, Calculator user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Calculator* +- GP name: *MicrosoftCalculator6* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/ConfigureSyncMethod** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers. + +With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location. + +When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later. + +Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path. + +These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place. +With notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears. + +If you disable this policy setting, the sync provider is used to synchronize settings between computers and the settings storage location. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Sync Method* +- GP name: *SyncMethod* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/ConfigureVdi** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment. + +UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. + +Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers. + +If you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login. + +If you disable this policy setting, no UE-V rollback state is copied to the settings storage location. + +If you do not configure this policy, no UE-V rollback state is copied to the settings storage location. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *VDI Configuration* +- GP name: *MicrosoftCalculator6* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/ContactITDescription** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. + +If you enable this policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL. + +If you disable this policy setting, the Company Settings Center does not display an IT Contact link. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Contact IT Link Text* +- GP name: *ContactITDescription* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/ContactITUrl** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the URL for the Contact IT link in the Company Settings Center. + +If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto. + +If you disable this policy setting, the Company Settings Center does not display an IT Contact link. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Contact IT URL* +- GP name: *ContactITUrl* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/DisableWin8Sync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. + +By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location. + +If you enable this policy setting, the UE-V Agent will not synchronize settings for Windows apps. + +If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. + +If you do not configure this policy setting, any defined values are deleted. + +> [!NOTE] +> If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Do not synchronize Windows Apps* +- GP name: *DontSyncWindows8AppSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will synchronize between computers by default. These settings include Windows themes, Windows desktop settings, Ease of Access settings, and network printers. Use this policy setting to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign-in information for certain apps, networks, and certificates. + +If you enable this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronization. + +If you disable this policy setting, all Windows Settings are excluded from the settings synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Synchronize Windows settings* +- GP name: *DesktopSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/EnableUEV** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. + +Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable UEV* +- GP name: *Enabled* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Finance** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance sync between computers. Use the policy setting to prevent the user settings of Finance from synchronizing between computers. + +If you enable this policy setting, Finance user settings continue to sync. + +If you disable this policy setting, Finance user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Finance* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent runs for the first time. By default, a notification informs users that Company Settings Center, the user-facing name for the UE-V Agent, now helps to synchronize settings between their work computers. + +With this setting enabled, the notification appears the first time that the UE-V Agent runs. + +With this setting disabled, no notification appears. + +If you do not configure this policy setting, any defined values are deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *First Use Notification* +- GP name: *FirstUseNotificationEnabled* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Games** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sync between computers. Use the policy setting to prevent the user settings of Games from synchronizing between computers. + +If you enable this policy setting, Games user settings continue to sync. + +If you disable this policy setting, Games user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Games* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/InternetExplorer8** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Internet Explorer 8. + +By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers. + +If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize. + +If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer 8* +- GP name: *MicrosoftInternetExplorer.Version8* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/InternetExplorer9** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers. + +If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize. + +If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer 9* +- GP name: *MicrosoftInternetExplorer.Version9* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/InternetExplorer10** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers. + +If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize. + +If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer 10* +- GP name: *MicrosoftInternetExplorer.Version10* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/InternetExplorer11** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Internet Explorer 11 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 11 from synchronization between computers. + +If you enable this policy setting, the Internet Explorer 11 user settings continue to synchronize. + +If you disable this policy setting, Internet Explorer 11 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer 11* +- GP name: *MicrosoftInternetExplorer.Version11* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/InternetExplorerCommon** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the versions of Internet Explorer. +By default, the user settings which are common between the versions of Internet Explorer synchronize between computers. Use the policy setting to prevent the user settings of Internet Explorer from synchronization between computers. + +If you enable this policy setting, the user settings which are common between the versions of Internet Explorer continue to synchronize. + +If you disable this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Internet Explorer Common Settings* +- GP name: *MicrosoftInternetExplorer.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + + + +**ADMX_UserExperienceVirtualization/Maps** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync between computers. Use the policy setting to prevent the user settings of Maps from synchronizing between computers. + +If you enable this policy setting, Maps user settings continue to sync. + +If you disable this policy setting, Maps user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Maps* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent does not report information about package file size. + +If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. + +If you disable or do not configure this policy setting, no event is written to the event log to report settings package size. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Settings package size warning threshold* +- GP name: *MaxPackageSizeInBytes* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Access 2010* +- GP name: *MicrosoftOffice2010Win32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers. + +If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize. + +If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 2010 Common Settings* +- GP name: *MicrosoftOffice2010Win32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. + + + From 7bdffd4aa7ad7b173f1d1054e3485a4edd5d6571 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:25:43 +0300 Subject: [PATCH 041/153] Update windows/application-management/apps-in-windows-10.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/application-management/apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 6e4851acca..31da1afc51 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -42,7 +42,7 @@ Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004. | Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | -|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| +|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:| | Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes | | Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes | | Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App | From 7f317ac2b550b65c4a1ff39f21883e05ffdeb636 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 1 Oct 2020 15:37:44 +0500 Subject: [PATCH 042/153] Update windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../create-wip-policy-using-intune-azure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index b3788ff49e..fa3972ea0e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -622,7 +622,7 @@ You can restrict which files are protected by WIP when they are downloaded from - [What is Azure Rights Management?](https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) -- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) +- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/overview-create-wip-policy) - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/) From c7650732e8652a74e98bc0656137e2156decafdc Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:30:10 -0700 Subject: [PATCH 043/153] Minor fixes to WDAC vs AppLocker Clarify wording in WDAC system requirements, remove 'legacy' reference, and add back AppLocker recommendation for not enforcing DLLs and drivers --- .../wdac-and-applocker-overview.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index f076b612e7..9bde7a0cc3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -44,7 +44,7 @@ Note that prior to Windows 10, version 1709, Windows Defender Application Contro ### WDAC System Requirements -WDAC policies can only be created on devices running Windows 10 build 1903+ on any SKU, pre-1903 Windows 10 Enterprise, or Windows Server 2016 and above. +WDAC policies can be created on any client edition of Windows 10 build 1903+ or on Windows Server 2016 and above. WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10. @@ -65,12 +65,13 @@ AppLocker policies can be deployed using Group Policy or MDM. ## Choose when to use WDAC or AppLocker -Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker is a legacy technology which will continue to receive security fixes but will not undergo new feature improvements. +Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. Although AppLocker will continue to receive security fixes, it will not undergo new feature improvements. In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when: - You have a mixed Windows operating system (OS) environment and need to apply the same policy controls to Windows 10 and earlier versions of the OS. - You need to apply different policies for different users or groups on shared computers. +- You do not want to enforce application control on application files such as DLLs or drivers. AppLocker can also be deployed as a complement to WDAC to add user- or group-specific rules for shared device scenarios where it is important to prevent some users from running specific apps. As a best practice, you should enforce WDAC at the most restrictive level possible for your organization, and then you can use AppLocker to further fine-tune the restrictions. From 97663ee37bbe6264fe7f79253e68ee5379ec00a6 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Thu, 1 Oct 2020 10:35:14 -0700 Subject: [PATCH 044/153] Add link to WDAC feature availability --- .../wdac-and-applocker-overview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md index 9bde7a0cc3..9fe4c819a1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md @@ -48,6 +48,8 @@ WDAC policies can be created on any client edition of Windows 10 build 1903+ or WDAC policies can be applied to devices running any edition of Windows 10 or Windows Server 2016 and above via a Mobile Device Management (MDM) solution like Intune, a management interface like Configuration Manager, or a script host like PowerShell. Group Policy can also be used to deploy WDAC policies to Windows 10 Enterprise edition or Windows Server 2016 and above, but cannot deploy policies to devices running non-Enterprise SKUs of Windows 10. +For more information on which individual WDAC features are available on which WDAC builds, see [WDAC feature availability](feature-availability.md). + ## AppLocker AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature. From 62006aaf6074c5b3f5053abbf333857145edb266 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 1 Oct 2020 17:01:10 -0700 Subject: [PATCH 045/153] Added more policies --- ...y-csp-admx-userexperiencevirtualization.md | 5317 +++++++++++++++++ 1 file changed, 5317 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index a68bb38163..d438077f75 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -1853,6 +1853,5323 @@ ADMX Info:
+ +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Excel 2010* +- GP name: *MicrosoftOffice2010Win32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of Microsoft InfoPath 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft InfoPath 2010* +- GP name: *MicrosoftOffice2010Win32.InfoPath* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Lync 2010* +- GP name: *MicrosoftLync2010* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of Microsoft OneNote 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft OneNote 2010* +- GP name: *MicrosoftOffice2010Win32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of Microsoft Outlook 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Outlook 2010* +- GP name: *MicrosoftOffice2010Win32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings of Microsoft PowerPoint 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft PowerPoint 2010* +- GP name: *MicrosoftOffice2010Win32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of Microsoft Project 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Project 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Project 2010* +- GP name: *MicrosoftOffice2010Win32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of Microsoft Publisher 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Publisher 2010* +- GP name: *MicrosoftOffice2010Win32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user settings of Microsoft SharePoint Designer 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft SharePoint Designer 2010* +- GP name: *MicrosoftOffice2010Win32.SharePointDesigner* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Workspace 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft SharePoint Workspace 2010* +- GP name: *MicrosoftOffice2010Win32.Groove* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Microsoft Visio 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Visio 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Visio 2010* +- GP name: *MicrosoftOffice2010Win32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Microsoft Word 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2010 from synchronization between computers. + +If you enable this policy setting, Microsoft Word 2010 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Word 2010* +- GP name: *MicrosoftOffice2010Win32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of Microsoft Access 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Access 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Access 2013* +- GP name: *MicrosoftOffice2013Win32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Access 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Access 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. By default, the user settings which are common between the Microsoft Office Suite 2013 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers. + +If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize. + +If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabled. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 2013 Common Settings* +- GP name: *MicrosoftOffice2013Win32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 applications. +Microsoft Office Suite 2013 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. + +If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up. + +If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Common 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Excel 2013. + +By default, the user settings of Microsoft Excel 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Excel 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Excel 2013* +- GP name: *MicrosoftOffice2013Win32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Excel 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Excel 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of Microsoft InfoPath 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft InfoPath 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft InfoPath 2013* +- GP name: *MicrosoftOffice2013Win32.InfoPath* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft InfoPath 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *InfoPath 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.InfoPath* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Microsoft Lync 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Lync 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Lync 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Lync 2013* +- GP name: *MicrosoftLync2013Win32* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Lync 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Lync 2013 backup only* +- GP name: *MicrosoftLync2013BackupWin32* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings of OneDrive for Business 2013 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2013 from synchronization between computers. + +If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize. + +If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft OneDrive for Business 2013* +- GP name: *MicrosoftOffice2013Win32.OneDrive* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of Microsoft OneNote 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft OneNote 2013* +- GP name: *MicrosoftOffice2013Win32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *OneNote 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of Microsoft Outlook 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Outlook 2013* +- GP name: *MicrosoftOffice2013Win32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Outlook 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings of Microsoft PowerPoint 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft PowerPoint 2013* +- GP name: *MicrosoftOffice2013Win32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *PowerPoint 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of Microsoft Project 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Project 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Project 2013* +- GP name: *MicrosoftOffice2013Win32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Project 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Project 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of Microsoft Publisher 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Publisher 2013* +- GP name: *MicrosoftOffice2013Win32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Publisher 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user settings of Microsoft SharePoint Designer 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft SharePoint Designer 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft SharePoint Designer 2013* +- GP name: *MicrosoftOffice2013Win32.SharePointDesigner* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint Designer 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft SharePoint Designer 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *SharePoint Designer 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.SharePointDesigner* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user settings of Microsoft Office 2013 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2013 Upload Center from synchronization between computers. + +If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synchronize. + +If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 2013 Upload Center* +- GP name: *MicrosoftOffice2013Win32.UploadCenter* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Microsoft Visio 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Visio 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Visio 2013* +- GP name: *MicrosoftOffice2013Win32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Visio 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Visio 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Microsoft Word 2013 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2013 from synchronization between computers. + +If you enable this policy setting, Microsoft Word 2013 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Word 2013* +- GP name: *MicrosoftOffice2013Win32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2013 settings. + +If you enable this policy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Word 2013 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Word 2013 backup only* +- GP name: *MicrosoftOffice2013BackupWin32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of Microsoft Access 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Access 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Access 2016* +- GP name: *MicrosoftOffice2016Win32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Access 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Access 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Access 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. By default, the user settings which are common between the Microsoft Office Suite 2016 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers. + +If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize. + +If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabled. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 2016 Common Settings* +- GP name: *MicrosoftOffice2016Win32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 applications. +Microsoft Office Suite 2016 has user settings which are common between applications and are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific common Microsoft Office Suite 2016 applications. + +If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up. + +If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Common 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Microsoft Excel 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Excel 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Excel 2016* +- GP name: *MicrosoftOffice2016Win32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Excel 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Excel 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Excel 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Microsoft Lync 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Lync 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Lync 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Lync 2016* +- GP name: *MicrosoftLync2016Win32* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Lync 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Lync 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Lync 2016 backup only* +- GP name: *MicrosoftLync2016BackupWin32* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings of OneDrive for Business 2016 synchronize between computers. Use the policy setting to prevent the user settings of OneDrive for Business 2016 from synchronization between computers. + +If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize. + +If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft OneDrive for Business 2016* +- GP name: *MicrosoftOffice2016Win32.OneDrive* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of Microsoft OneNote 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft OneNote 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft OneNote 2016* +- GP name: *MicrosoftOffice2016Win32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft OneNote 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *OneNote 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of Microsoft Outlook 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Outlook 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Outlook 2016* +- GP name: *MicrosoftOffice2016Win32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Outlook 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Outlook 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings of Microsoft PowerPoint 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft PowerPoint 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft PowerPoint 2016* +- GP name: *MicrosoftOffice2016Win32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft PowerPoint 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *PowerPoint 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Project 2016. +By default, the user settings of Microsoft Project 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Project 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Project 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Project 2016* +- GP name: *MicrosoftOffice2016Win32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Project 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Project 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Project 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of Microsoft Publisher 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Publisher 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Publisher 2016* +- GP name: *MicrosoftOffice2016Win32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Publisher 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Publisher 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user settings of Microsoft Office 2016 Upload Center synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Office 2016 Upload Center from synchronization between computers. + +If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synchronize. + +If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 2016 Upload Center* +- GP name: *MicrosoftOffice2016Win32.UploadCenter* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Microsoft Visio 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Visio 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Visio 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Visio 2016* +- GP name: *MicrosoftOffice2016Win32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Visio 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Visio 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Visio 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Microsoft Word 2016 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Word 2016 from synchronization between computers. + +If you enable this policy setting, Microsoft Word 2016 user settings continue to synchronize. + +If you disable this policy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Word 2016* +- GP name: *MicrosoftOffice2016Win32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settings that are backed up instead of synchronizing between computers. Use the policy setting to suppress the backup of specific Microsoft Word 2016 settings. + +If you enable this policy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. + +If you disable this policy setting, certain user settings of Microsoft Word 2016 will not be backed up. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Word 2016 backup only* +- GP name: *MicrosoftOffice2016BackupWin32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Access 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Access 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Access 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Access* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V. + +If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue to synchronize with UE-V. + +If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Common 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016 applications. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V. + +If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue to synchronize with UE-V. + +If you disable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Common 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Common* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Excel 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Excel 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Excel 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Excel* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 InfoPath 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 InfoPath 2013* +- GP name: *MicrosoftOffice2013Office365Win32.InfoPath* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Lync 2013* +- GP name: *MicrosoftLync2013Office365Win32* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Lync 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Lync 2016* +- GP name: *MicrosoftLync2016Office365Win32* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 OneNote 2013* +- GP name: *MicrosoftOffice2013Office365Win32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
Footnotes: - 1 - Available in Windows 10, version 1607. From 4e2c13a569474494b4c3b3f64e7f55470ec1bd05 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 2 Oct 2020 12:47:07 -0700 Subject: [PATCH 046/153] Added more policies --- ...y-csp-admx-userexperiencevirtualization.md | 2291 +++++++++++++++++ 1 file changed, 2291 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index d438077f75..40d4574a53 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -7167,6 +7167,2297 @@ ADMX Info: - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 OneNote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 OneNote 2016* +- GP name: *MicrosoftOffice2016Office365Win32.OneNote* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Outlook 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Outlook 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Outlook 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Outlook* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 PowerPoint 2013* +- GP name: *MicrosoftOffice2013Office365Win32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 PowerPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 PowerPoint 2016* +- GP name: *MicrosoftOffice2016Office365Win32.PowerPoint* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Project 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Project 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Project 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Project* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Publisher 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Publisher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Publisher 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Publisher* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 SharePoint Designer 2013* +- GP name: *MicrosoftOffice2013Office365Win32.SharePointDesigner* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Visio 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Visio 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Visio 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Visio* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Word 2013* +- GP name: *MicrosoftOffice2013Office365Win32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 synchronizes certain settings by default without UE-V. If the synchronization capabilities of Microsoft Office 365 are disabled, then the user settings of Microsoft Office 365 Word 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V. + +If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V. + +If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Microsoft Office 365 Word 2016* +- GP name: *MicrosoftOffice2016Office365Win32.Word* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Music** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync between computers. Use the policy setting to prevent the user settings of Music from synchronizing between computers. + +If you enable this policy setting, Music user settings continue to sync. + +If you disable this policy setting, Music user settings are excluded from the synchronizing settings. + +If you do not configure this policy setting, any defined values will be deleted. + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Music* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/News** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync between computers. Use the policy setting to prevent the user settings of News from synchronizing between computers. + +If you enable this policy setting, News user settings continue to sync. + +If you disable this policy setting, News user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *News* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Notepad** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers. + +If you enable this policy setting, the Notepad user settings continue to synchronize. + +If you disable this policy setting, Notepad user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Notepad* +- GP name: *MicrosoftNotepad6* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Reader** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sync between computers. Use the policy setting to prevent the user settings of Reader from synchronizing between computers. + +If you enable this policy setting, Reader user settings continue to sync. + +If you disable this policy setting, Reader user settings are excluded from the synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Reader* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/RepositoryTimeout** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds. + +If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings. + +If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Synchronization timeout* +- GP name: *SyncTimeoutInMilliseconds* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/SettingsStoragePath** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures where the settings package files that contain user settings are stored. + +If you enable this policy setting, the user settings are stored in the specified location. + +If you disable or do not configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Settings storage path* +- GP name: *SettingsStoragePath* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the default Microsoft templates installed with the UE-V Agent. + +If you enable this policy setting, the UE-V Agent checks the specified location once each day and updates its synchronization behavior based on the templates in this location. Settings location templates added or updated since the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location. + +If you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as the default Microsoft templates, they will be ignored. + +If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used. + +If you disable this policy setting, the UE-V Agent will not use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Microsoft templates. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Settings template catalog path* +- GP name: *SettingsTemplateCatalogPath* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Sports** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports sync between computers. Use the policy setting to prevent the user settings of Sports from synchronizing between computers. + +If you enable this policy setting, Sports user settings continue to sync. + +If you disable this policy setting, Sports user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Sports* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/SyncEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Use User Experience Virtualization (UE-V)* +- GP name: *SyncEnabled* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections. By default, the UE-V Agent does not synchronize settings over a metered connection. + +With this setting enabled, the UE-V Agent synchronizes settings over a metered connection. + +With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection. + +If you do not configure this policy setting, any defined values are deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Sync settings over metered connections* +- GP name: *SyncOverMeteredNetwork* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connections outside of the home provider network, for example when connected via a roaming connection. By default, the UE-V Agent does not synchronize settings over a metered connection that is roaming. + +With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming. + +With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roaming. + +If you do not configure this policy setting, any defined values are deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Sync settings over metered connections even when roaming* +- GP name: *SyncOverMeteredNetworkWhenRoaming* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage path before attempting to sync settings. If the ping is successful then the sync provider attempts to synchronize the settings packages. If the ping is unsuccessful then the sync provider doesn’t attempt the synchronization. + +If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages. + +If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages. + +If you do not configure this policy, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Ping the settings storage location before sync* +- GP name: *SyncProviderPingEnabled* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows apps that are not explicitly listed in Windows App List. By default, the UE-V Agent only synchronizes settings of those Windows apps included in the Windows App List. + +With this setting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized. + +With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized. + +If you do not configure this policy setting, any defined values are deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Sync Unlisted Windows Apps* +- GP name: *SyncUnlistedWindows8Apps* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Travel** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync between computers. Use the policy setting to prevent the user settings of Travel from synchronizing between computers. + +If you enable this policy setting, Travel user settings continue to sync. + +If you disable this policy setting, Travel user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Travel* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/TrayIconEnabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray that displays notifications for UE-V. This icon also provides a link to the UE-V Agent application, Company Settings Center. Users can open the Company Settings Center by right-clicking the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. + +With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains accessible through the Control Panel and the Start menu or Start screen. + +If you do not configure this policy setting, any defined values are deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Tray Icon* +- GP name: *TrayIconEnabled* +- GP path: *Windows Components\Microsoft User Experience Virtualization* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Video** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync between computers. Use the policy setting to prevent the user settings of Video from synchronizing between computers. + +If you enable this policy setting, Video user settings continue to sync. + +If you disable this policy setting, Video user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Video* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ + +**ADMX_UserExperienceVirtualization/Weather** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weather sync between computers. Use the policy setting to prevent the user settings of Weather from synchronizing between computers. + +If you enable this policy setting, Weather user settings continue to sync. + +If you disable this policy setting, Weather user settings are excluded from synchronization. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Weather* +- GP name: *SyncSettings* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* +- GP ADMX file name: *UserExperienceVirtualization.admx* + + + +
+ +**ADMX_UserExperienceVirtualization/Wordpad** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device +> * User + +
+ + + +Available in Windows 10 Insider Preview Build 20185. This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers. + +If you enable this policy setting, the WordPad user settings continue to synchronize. + +If you disable this policy setting, WordPad user settings are excluded from the synchronization settings. + +If you do not configure this policy setting, any defined values will be deleted. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *WordPad* +- GP name: *MicrosoftWordpad6* +- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* +- GP ADMX file name: *UserExperienceVirtualization.admx* +
From a4ba7686bdbeb285c386a28cffcf33754c7397f8 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 2 Oct 2020 13:53:34 -0700 Subject: [PATCH 047/153] Updated TOC and additional topics --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 383 ++++++++++++++++++ .../mdm/policy-csps-admx-backed.md | 126 ++++++ 3 files changed, 510 insertions(+) diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index ae073dff6b..3dd5fd7cff 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -213,6 +213,7 @@ #### [ADMX_tcpip](policy-csp-admx-tcpip.md) #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) #### [ADMX_TPM](policy-csp-admx-tpm.md) +#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md) #### [ADMX_W32Time](policy-csp-admx-w32time.md) #### [ADMX_WinCal](policy-csp-admx-wincal.md) #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bd2f27967e..2988a43b90 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1196,6 +1196,389 @@ The following diagram shows the Policy configuration service provider in tree fo
+### ADMX_UserExperienceVirtualization policies + +
+
+ ADMX_UserExperienceVirtualization/Calculator +
+
+ ADMX_UserExperienceVirtualization/ConfigureSyncMethod +
+
+ ADMX_UserExperienceVirtualization/ConfigureVdi +
+
+ ADMX_UserExperienceVirtualization/ContactITDescription +
+
+ ADMX_UserExperienceVirtualization/ContactITUrl +
+
+ ADMX_UserExperienceVirtualization/DisableWin8Sync +
+
+ ADMX_UserExperienceVirtualization/DisableWindowsOSSettings +
+
+ ADMX_UserExperienceVirtualization/EnableUEV +
+
+ ADMX_UserExperienceVirtualization/Finance +
+
+ ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled +
+
+ ADMX_UserExperienceVirtualization/Games +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer8 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer9 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer10 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorer11 +
+
+ ADMX_UserExperienceVirtualization/InternetExplorerCommon +
+
+ ADMX_UserExperienceVirtualization/Maps +
+
+ ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013 +
+
+ ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016 +
+
+ ADMX_UserExperienceVirtualization/Music +
+
+ ADMX_UserExperienceVirtualization/News +
+
+ ADMX_UserExperienceVirtualization/Notepad +
+
+ ADMX_UserExperienceVirtualization/Reader +
+
+ ADMX_UserExperienceVirtualization/RepositoryTimeout +
+
+ ADMX_UserExperienceVirtualization/SettingsStoragePath +
+
+ ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath +
+
+ ADMX_UserExperienceVirtualization/Sports +
+
+ ADMX_UserExperienceVirtualization/SyncEnabled +
+
+ ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork +
+
+ ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming +
+
+ ADMX_UserExperienceVirtualization/SyncProviderPingEnabled +
+
+ ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps +
+
+ ADMX_UserExperienceVirtualization/Travel +
+
+ ADMX_UserExperienceVirtualization/TrayIconEnabled +
+
+ ADMX_UserExperienceVirtualization/Video +
+
+ ADMX_UserExperienceVirtualization/Weather +
+
+ ADMX_UserExperienceVirtualization/Wordpad +
+
+ ### ADMX_W32Time policies
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index 537f4e76c9..1a090c3f99 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -304,6 +304,132 @@ ms.date: 08/18/2020 - [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name) - [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name) - [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name) +- [ADMX_UserExperienceVirtualization/Calculator](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator) +- [ADMX_UserExperienceVirtualization/ConfigureSyncMethod](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod) +- [ADMX_UserExperienceVirtualization/ConfigureVdi](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi) +- [ADMX_UserExperienceVirtualization/ContactITDescription](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription) +- [ADMX_UserExperienceVirtualization/ContactITUrl](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl) +- [ADMX_UserExperienceVirtualization/DisableWin8Sync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync) +- [ADMX_UserExperienceVirtualization/DisableWindowsOSSettings](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings) +- [ADMX_UserExperienceVirtualization/EnableUEV](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev) +- [ADMX_UserExperienceVirtualization/Finance](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance) +- [ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled) +- [ADMX_UserExperienceVirtualization/Games](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games) +- [ADMX_UserExperienceVirtualization/InternetExplorer8](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8) +- [ADMX_UserExperienceVirtualization/InternetExplorer9](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9) +- [ADMX_UserExperienceVirtualization/InternetExplorer10](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10) +- [ADMX_UserExperienceVirtualization/InternetExplorer11](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11) +- [ADMX_UserExperienceVirtualization/InternetExplorerCommon](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon) +- [ADMX_UserExperienceVirtualization/Maps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps) +- [ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013) +- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016) +- [ADMX_UserExperienceVirtualization/Music](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music) +- [ADMX_UserExperienceVirtualization/News](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news) +- [ADMX_UserExperienceVirtualization/Notepad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad) +- [ADMX_UserExperienceVirtualization/Reader](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader) +- [ADMX_UserExperienceVirtualization/RepositoryTimeout](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout) +- [ADMX_UserExperienceVirtualization/SettingsStoragePath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath) +- [ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath) +- [ADMX_UserExperienceVirtualization/Sports](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports) +- [ADMX_UserExperienceVirtualization/SyncEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled) +- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork) +- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming) +- [ADMX_UserExperienceVirtualization/SyncProviderPingEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled) +- [ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps) +- [ADMX_UserExperienceVirtualization/Travel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel) +- [ADMX_UserExperienceVirtualization/TrayIconEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled) +- [ADMX_UserExperienceVirtualization/Video](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video) +- [ADMX_UserExperienceVirtualization/Weather](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather) +- [ADMX_UserExperienceVirtualization/Wordpad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad) - [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config) - [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient) - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient) From 7adc578d934dc1e1bc647d5cfffd0c49554cfec6 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 5 Oct 2020 11:52:53 -0700 Subject: [PATCH 048/153] Added review feedback for tcpip policies --- windows/client-management/mdm/policy-csp-admx-tcpip.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 5a7d162515..48501c3925 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -254,7 +254,7 @@ If you disable or do not configure this policy setting, the local host setting i If you enable this policy setting, you can configure 6to4 with one of the following settings: -Policy Default State: 6to4 is enabled if the host has only link-local IPv6 connectivity and a public IPv4 address. If no global IPv6 address is present and no global IPv4 address is present, the host will not have a 6to4 interface. If no global IPv6 address is present and a global IPv4 address is present, the host will have a 6to4 interface. +Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available. Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. @@ -542,7 +542,7 @@ If you disable or do not configure this policy setting, the local host setting i If you enable this policy setting, you can configure ISATAP with one of the following settings: -Policy Default State: If the ISATAP router name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP router name is not resolved successfully, ISATAP connectivity is not available on the host using the corresponding IPv4 address. +Policy Default State: No ISATAP interfaces are present on the host. Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address. From c16414bd4d1b3e8f4f4b76fdfcb7b5d795f45ee8 Mon Sep 17 00:00:00 2001 From: Scott Brondel Date: Mon, 5 Oct 2020 15:59:34 -0500 Subject: [PATCH 049/153] Update tvm-software-inventory.md I've worked with customers who are expecting a full SCCM-style Software Inventory of all clients because of the sentence "The software inventory in threat and vulnerability management is a list of all the software in your organization". Edit adds on "with known vulnerabilities" to reflect the true scope of this inventory. --- .../microsoft-defender-atp/tvm-software-inventory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 215f2fc19c..2399841129 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -26,7 +26,7 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -The software inventory in threat and vulnerability management is a list of all the software in your organization. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. +The software inventory in threat and vulnerability management is a list of all the software in your organization with known vulnerabilities. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. ## How it works From 0ea7fb8c9bb9c51d52b1f8408ca5adcc1f4a2daa Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Mon, 5 Oct 2020 14:40:33 -0700 Subject: [PATCH 050/153] Add link to Proxy document Add link to Proxy document --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 1def8466e7..6a93a63ec7 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -136,7 +136,7 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. -**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. +**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should setup the proxy via Windows Proxy Settings or the Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/en-us/windows/deployment/update/delivery-optimization-proxy). Most content downloaded via Delivery Optimization leverages Byte Range requests. Make sure your proxy allows Byte Range Requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. **What hostnames should I allow through my firewall to support Delivery Optimization?**: From 3151dce4375a12aea78913e104806902a5703daf Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Mon, 5 Oct 2020 16:44:57 -0700 Subject: [PATCH 051/153] Updated GP names --- .../mdm/policy-csp-admx-smartcard.md | 10 +- .../mdm/policy-csp-admx-snmp.md | 6 +- .../mdm/policy-csp-admx-tcpip.md | 18 +- .../mdm/policy-csp-admx-tpm.md | 20 +- ...y-csp-admx-userexperiencevirtualization.md | 228 +++++++++--------- .../mdm/policy-csp-admx-w32time.md | 4 + .../mdm/policy-csp-admx-wincal.md | 4 +- .../mdm/policy-csp-admx-windowsconnectnow.md | 6 +- .../mdm/policy-csp-admx-windowsmediaplayer.md | 22 +- .../mdm/policy-csp-admx-wininit.md | 6 +- 10 files changed, 164 insertions(+), 160 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 8f5ba3ad7f..11af8944fe 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -422,7 +422,7 @@ If you disable this policy setting, certificate propagation will not occur and t ADMX Info: - GP English name: *Turn on certificate propagation from smart card* -- GP name: *CertPropEnabled* +- GP name: *CertPropEnabledString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -487,7 +487,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting allows ADMX Info: - GP English name: *Configure root certificate clean up* -- GP name: *RootCertificateCleanupOption* +- GP name: *CertPropRootCleanupString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -559,7 +559,7 @@ If you disable this policy setting then root certificates will not be propagated ADMX Info: - GP English name: *Turn on root certificate propagation from smart card* -- GP name: *EnableRootCertificatePropagation* +- GP name: *CertPropRootEnabledString* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -1065,7 +1065,7 @@ If you disable this policy setting, Smart Card Plug and Play will be disabled an ADMX Info: - GP English name: *Turn on Smart Card Plug and Play service* -- GP name: *EnableScPnP* +- GP name: *SCPnPEnabled* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* @@ -1137,7 +1137,7 @@ If you disable this policy setting, a confirmation message will not be displayed ADMX Info: - GP English name: *Notify user of successful smart card driver installation* -- GP name: *ScPnPNotification* +- GP name: *SCPnPNotification* - GP path: *Windows Components\Smart Card* - GP ADMX file name: *Smartcard.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 66c2ed2606..2a83f8346c 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -109,7 +109,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify ADMX Info: - GP English name: *Specify communities* -- GP name: *ValidCommunities* +- GP name: *SNMP_Communities* - GP path: *Network\SNMP* - GP ADMX file name: *Snmp.admx* @@ -189,7 +189,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and " ADMX Info: - GP English name: *Specify permitted managers* -- GP name: *PermittedManagers* +- GP name: *SNMP_PermittedManagers* - GP path: *Network\SNMP* - GP ADMX file name: *Snmp.admx* @@ -267,7 +267,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify ADMX Info: - GP English name: *Specify traps for public community* -- GP name: *public* +- GP name: *SNMP_Traps_Public* - GP path: *Network\SNMP* - GP ADMX file name: *Snmp.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 48501c3925..7bcfda06c8 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -127,7 +127,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: - GP English name: *Set 6to4 Relay Name* -- GP name: *6to4_RouterName* +- GP name: *6to4_Router_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -196,7 +196,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: - GP English name: *Set 6to4 Relay Name Resolution Interval* -- GP name: *6to4_RouterNameResolutionInterval* +- GP name: *6to4_Router_Name_Resolution_Interval* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -415,7 +415,7 @@ If you disable this policy setting, IP Stateless Autoconfiguration Limits will b ADMX Info: - GP English name: *Set IP Stateless Autoconfiguration Limits State* -- GP name: *EnableIPAutoConfigurationLimits* +- GP name: *IP_Stateless_Autoconfiguration_Limits_State* - GP path: *Network\TCPIP Settings\Parameters* - GP ADMX file name: *tcpip.admx* @@ -484,7 +484,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: - GP English name: *Set ISATAP Router Name* -- GP name: *ISATAP_RouterName* +- GP name: *ISATAP_Router_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -628,7 +628,7 @@ If you disable or do not configure this policy setting, the local host setting i ADMX Info: - GP English name: *Set Teredo Client Port* -- GP name: *Teredo_ClientPort* +- GP name: *Teredo_Client_Port* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -699,7 +699,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali ADMX Info: - GP English name: *Set Teredo Default Qualified* -- GP name: *Teredo_DefaultQualified* +- GP name: *Teredo_Default_Qualified* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -771,7 +771,7 @@ If you disable or do not configure this policy setting, the refresh rate is conf ADMX Info: - GP English name: *Set Teredo Refresh Rate* -- GP name: *Teredo_RefreshRate* +- GP name: *Teredo_Refresh_Rate* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -840,7 +840,7 @@ If you disable or do not configure this policy setting, the local settings on th ADMX Info: - GP English name: *Set Teredo Server Name* -- GP name: *Teredo_ServerName* +- GP name: *Teredo_Server_Name* - GP path: *Network\TCPIP Settings\IPv6 Transition Technologies* - GP ADMX file name: *tcpip.admx* @@ -988,7 +988,7 @@ If you disable this policy setting, Window Scaling Heuristics will be disabled a ADMX Info: - GP English name: *Set Window Scaling Heuristics State* -- GP name: *EnableWsd* +- GP name: *Windows_Scaling_Heuristics_State* - GP path: *Network\TCPIP Settings\Parameters* - GP ADMX file name: *tcpip.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index 9ceb1ccce8..aeec40aa7f 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -118,7 +118,7 @@ If you disable or do not configure this policy setting, only those TPM commands ADMX Info: - GP English name: *Configure the list of blocked TPM commands* -- GP name: *Enabled* +- GP name: *BlockedCommandsList_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -183,7 +183,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting configu ADMX Info: - GP English name: *Configure the system to clear the TPM if it is not in a ready state.* -- GP name: *ClearTPMIfNotReadyGP* +- GP name: *ClearTPMIfNotReady_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -254,7 +254,7 @@ If you disable or do not configure this policy setting, Windows will block the T ADMX Info: - GP English name: *Ignore the default list of blocked TPM commands* -- GP name: *IgnoreDefaultList* +- GP name: *IgnoreDefaultList_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -325,7 +325,7 @@ If you disable or do not configure this policy setting, Windows will block the T ADMX Info: - GP English name: *Ignore the local list of blocked TPM commands* -- GP name: *IgnoreLocalList* +- GP name: *IgnoreLocalList_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -403,7 +403,7 @@ Choose the operating system managed TPM authentication setting of "None" for com ADMX Info: - GP English name: *Configure the level of TPM owner authorization information available to the operating system* -- GP name: *OSManagedAuthLevel* +- GP name: *OSManagedAuth_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -468,7 +468,7 @@ Available in Windows 10 Insider Preview Build 20185. This group policy enables D ADMX Info: - GP English name: *Enable Device Health Attestation Monitoring and Reporting* -- GP name: *EnableDeviceHealthAttestationService* +- GP name: *OptIntoDSHA_Name* - GP path: *System\Device Health Attestation Service* - GP ADMX file name: *TPM.admx* @@ -549,7 +549,7 @@ If this value is not configured, a default value of 480 minutes (8 hours) is use ADMX Info: - GP English name: *Standard User Lockout Duration* -- GP name: *StandardUserAuthorizationFailureDuration* +- GP name: *StandardUserAuthorizationFailureDuration_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -632,7 +632,7 @@ A value of zero means the OS will not allow standard users to send commands to t ADMX Info: - GP English name: *Standard User Individual Lockout Threshold* -- GP name: *StandardUserAuthorizationFailureIndividualThreshold* +- GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -715,7 +715,7 @@ A value of zero means the OS will not allow standard users to send commands to t ADMX Info: - GP English name: *Standard User Total Lockout Threshold* -- GP name: *StandardUserAuthorizationFailureTotalThreshold* +- GP name: *StandardUserAuthorizationFailureTotalThreshold_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* @@ -780,7 +780,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting configu ADMX Info: - GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.* -- GP name: *UseLegacyDictionaryAttackParameters* +- GP name: *UseLegacyDAP_Name* - GP path: *System\Trusted Platform Module Services* - GP ADMX file name: *TPM.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 40d4574a53..d967a2db8e 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -471,7 +471,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Calculator* -- GP name: *MicrosoftCalculator6* +- GP name: *Calculator* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -550,7 +550,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Configure Sync Method* -- GP name: *SyncMethod* +- GP name: *ConfigureSyncMethod* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -625,7 +625,7 @@ If you do not configure this policy, no UE-V rollback state is copied to the set ADMX Info: - GP English name: *VDI Configuration* -- GP name: *MicrosoftCalculator6* +- GP name: *ConfigureVdi* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -843,7 +843,7 @@ If you do not configure this policy setting, any defined values are deleted. ADMX Info: - GP English name: *Do not synchronize Windows Apps* -- GP name: *DontSyncWindows8AppSettings* +- GP name: *DisableWin8Sync* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -915,7 +915,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Synchronize Windows settings* -- GP name: *DesktopSettings* +- GP name: *DisableWindowsOSSettings* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -982,7 +982,7 @@ Reboot is needed for enable to take effect. With Auto-register inbox templates e ADMX Info: - GP English name: *Enable UEV* -- GP name: *Enabled* +- GP name: *EnableUEV* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1054,7 +1054,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Finance* -- GP name: *SyncSettings* +- GP name: *Finance* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1197,7 +1197,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Games* -- GP name: *SyncSettings* +- GP name: *Games* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1271,7 +1271,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Internet Explorer 8* -- GP name: *MicrosoftInternetExplorer.Version8* +- GP name: *InternetExplorer8* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1343,7 +1343,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Internet Explorer 9* -- GP name: *MicrosoftInternetExplorer.Version9* +- GP name: *InternetExplorer9* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1415,7 +1415,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Internet Explorer 10* -- GP name: *MicrosoftInternetExplorer.Version10* +- GP name: *InternetExplorer10* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1487,7 +1487,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Internet Explorer 11* -- GP name: *MicrosoftInternetExplorer.Version11* +- GP name: *InternetExplorer11* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1560,7 +1560,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Internet Explorer Common Settings* -- GP name: *MicrosoftInternetExplorer.Common* +- GP name: *InternetExplorerCommon* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1631,7 +1631,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Maps* -- GP name: *SyncSettings* +- GP name: *Maps* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1773,7 +1773,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Access 2010* -- GP name: *MicrosoftOffice2010Win32.Access* +- GP name: *MicrosoftOffice2010Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1845,7 +1845,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 2010 Common Settings* -- GP name: *MicrosoftOffice2010Win32.Common* +- GP name: *MicrosoftOffice2010Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1916,7 +1916,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Excel 2010* -- GP name: *MicrosoftOffice2010Win32.Excel* +- GP name: *MicrosoftOffice2010Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -1988,7 +1988,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft InfoPath 2010* -- GP name: *MicrosoftOffice2010Win32.InfoPath* +- GP name: *MicrosoftOffice2010InfoPath* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2060,7 +2060,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Lync 2010* -- GP name: *MicrosoftLync2010* +- GP name: *MicrosoftOffice2010Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2131,7 +2131,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft OneNote 2010* -- GP name: *MicrosoftOffice2010Win32.OneNote* +- GP name: *MicrosoftOffice2010OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2203,7 +2203,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Outlook 2010* -- GP name: *MicrosoftOffice2010Win32.Outlook* +- GP name: *MicrosoftOffice2010Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2275,7 +2275,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft PowerPoint 2010* -- GP name: *MicrosoftOffice2010Win32.PowerPoint* +- GP name: *MicrosoftOffice2010PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2346,7 +2346,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Project 2010* -- GP name: *MicrosoftOffice2010Win32.Project* +- GP name: *MicrosoftOffice2010Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2418,7 +2418,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Publisher 2010* -- GP name: *MicrosoftOffice2010Win32.Publisher* +- GP name: *MicrosoftOffice2010Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2490,7 +2490,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft SharePoint Designer 2010* -- GP name: *MicrosoftOffice2010Win32.SharePointDesigner* +- GP name: *MicrosoftOffice2010SharePointDesigner* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2562,7 +2562,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft SharePoint Workspace 2010* -- GP name: *MicrosoftOffice2010Win32.Groove* +- GP name: *MicrosoftOffice2010SharePointWorkspace* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2634,7 +2634,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Visio 2010* -- GP name: *MicrosoftOffice2010Win32.Visio* +- GP name: *MicrosoftOffice2010Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2706,7 +2706,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Word 2010* -- GP name: *MicrosoftOffice2010Win32.Word* +- GP name: *MicrosoftOffice2010Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2777,7 +2777,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Access 2013* -- GP name: *MicrosoftOffice2013Win32.Access* +- GP name: *MicrosoftOffice2013Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2849,7 +2849,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Access 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Access* +- GP name: *MicrosoftOffice2013AccessBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2921,7 +2921,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 2013 Common Settings* -- GP name: *MicrosoftOffice2013Win32.Common* +- GP name: *MicrosoftOffice2013Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -2994,7 +2994,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Common 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Common* +- GP name: *MicrosoftOffice2013CommonBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3067,7 +3067,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Excel 2013* -- GP name: *MicrosoftOffice2013Win32.Excel* +- GP name: *MicrosoftOffice2013Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3138,7 +3138,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Excel 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Excel* +- GP name: *MicrosoftOffice2013ExcelBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3210,7 +3210,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft InfoPath 2013* -- GP name: *MicrosoftOffice2013Win32.InfoPath* +- GP name: *MicrosoftOffice2013InfoPath* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3282,7 +3282,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *InfoPath 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.InfoPath* +- GP name: *MicrosoftOffice2013InfoPathBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3353,7 +3353,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Lync 2013* -- GP name: *MicrosoftLync2013Win32* +- GP name: *MicrosoftOffice2013Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3425,7 +3425,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Lync 2013 backup only* -- GP name: *MicrosoftLync2013BackupWin32* +- GP name: *MicrosoftOffice2013LyncBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3497,7 +3497,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft OneDrive for Business 2013* -- GP name: *MicrosoftOffice2013Win32.OneDrive* +- GP name: *MicrosoftOffice2013OneDriveForBusiness* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3569,7 +3569,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft OneNote 2013* -- GP name: *MicrosoftOffice2013Win32.OneNote* +- GP name: *MicrosoftOffice2013OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3641,7 +3641,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *OneNote 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.OneNote* +- GP name: *MicrosoftOffice2013OneNoteBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3712,7 +3712,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Outlook 2013* -- GP name: *MicrosoftOffice2013Win32.Outlook* +- GP name: *MicrosoftOffice2013Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3784,7 +3784,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Outlook 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Outlook* +- GP name: *MicrosoftOffice2013OutlookBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3856,7 +3856,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft PowerPoint 2013* -- GP name: *MicrosoftOffice2013Win32.PowerPoint* +- GP name: *MicrosoftOffice2013PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3928,7 +3928,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *PowerPoint 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.PowerPoint* +- GP name: *MicrosoftOffice2013PowerPointBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -3999,7 +3999,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Project 2013* -- GP name: *MicrosoftOffice2013Win32.Project* +- GP name: *MicrosoftOffice2013Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4071,7 +4071,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Project 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Project* +- GP name: *MicrosoftOffice2013ProjectBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4143,7 +4143,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Publisher 2013* -- GP name: *MicrosoftOffice2013Win32.Publisher* +- GP name: *MicrosoftOffice2013Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4215,7 +4215,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Publisher 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Publisher* +- GP name: *MicrosoftOffice2013PublisherBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4287,7 +4287,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft SharePoint Designer 2013* -- GP name: *MicrosoftOffice2013Win32.SharePointDesigner* +- GP name: *MicrosoftOffice2013SharePointDesigner* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4358,7 +4358,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *SharePoint Designer 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.SharePointDesigner* +- GP name: *MicrosoftOffice2013SharePointDesignerBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4429,7 +4429,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 2013 Upload Center* -- GP name: *MicrosoftOffice2013Win32.UploadCenter* +- GP name: *MicrosoftOffice2013UploadCenter* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4501,7 +4501,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Visio 2013* -- GP name: *MicrosoftOffice2013Win32.Visio* +- GP name: *MicrosoftOffice2013Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4573,7 +4573,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Visio 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Visio* +- GP name: *MicrosoftOffice2013VisioBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4645,7 +4645,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Word 2013* -- GP name: *MicrosoftOffice2013Win32.Word* +- GP name: *MicrosoftOffice2013Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4717,7 +4717,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Word 2013 backup only* -- GP name: *MicrosoftOffice2013BackupWin32.Word* +- GP name: *MicrosoftOffice2013WordBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4789,7 +4789,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Access 2016* -- GP name: *MicrosoftOffice2016Win32.Access* +- GP name: *MicrosoftOffice2016Access* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4861,7 +4861,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Access 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Access* +- GP name: *MicrosoftOffice2016AccessBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -4933,7 +4933,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 2016 Common Settings* -- GP name: *MicrosoftOffice2016Win32.Common* +- GP name: *MicrosoftOffice2016Common* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5006,7 +5006,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Common 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Common* +- GP name: *MicrosoftOffice2016CommonBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5078,7 +5078,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Excel 2016* -- GP name: *MicrosoftOffice2016Win32.Excel* +- GP name: *MicrosoftOffice2016Excel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5150,7 +5150,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Excel 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Excel* +- GP name: *MicrosoftOffice2016ExcelBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5222,7 +5222,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Lync 2016* -- GP name: *MicrosoftLync2016Win32* +- GP name: *MicrosoftOffice2016Lync* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5294,7 +5294,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Lync 2016 backup only* -- GP name: *MicrosoftLync2016BackupWin32* +- GP name: *MicrosoftOffice2016LyncBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5366,7 +5366,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft OneDrive for Business 2016* -- GP name: *MicrosoftOffice2016Win32.OneDrive* +- GP name: *MicrosoftOffice2016OneDriveForBusiness* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5438,7 +5438,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft OneNote 2016* -- GP name: *MicrosoftOffice2016Win32.OneNote* +- GP name: *MicrosoftOffice2016OneNote* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5510,7 +5510,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *OneNote 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.OneNote* +- GP name: *MicrosoftOffice2016OneNoteBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5582,7 +5582,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Outlook 2016* -- GP name: *MicrosoftOffice2016Win32.Outlook* +- GP name: *MicrosoftOffice2016Outlook* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5654,7 +5654,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Outlook 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Outlook* +- GP name: *MicrosoftOffice2016OutlookBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5726,7 +5726,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft PowerPoint 2016* -- GP name: *MicrosoftOffice2016Win32.PowerPoint* +- GP name: *MicrosoftOffice2016PowerPoint* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5798,7 +5798,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *PowerPoint 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.PowerPoint* +- GP name: *MicrosoftOffice2016PowerPointBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5871,7 +5871,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Project 2016* -- GP name: *MicrosoftOffice2016Win32.Project* +- GP name: *MicrosoftOffice2016Project* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -5942,7 +5942,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Project 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Project* +- GP name: *MicrosoftOffice2016ProjectBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6014,7 +6014,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Publisher 2016* -- GP name: *MicrosoftOffice2016Win32.Publisher* +- GP name: *MicrosoftOffice2016Publisher* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6086,7 +6086,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Publisher 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Publisher* +- GP name: *MicrosoftOffice2016PublisherBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6157,7 +6157,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 2016 Upload Center* -- GP name: *MicrosoftOffice2016Win32.UploadCenter* +- GP name: *MicrosoftOffice2016UploadCenter* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6229,7 +6229,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Visio 2016* -- GP name: *MicrosoftOffice2016Win32.Visio* +- GP name: *MicrosoftOffice2016Visio* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6301,7 +6301,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Visio 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Visio* +- GP name: *MicrosoftOffice2016VisioBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6373,7 +6373,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Word 2016* -- GP name: *MicrosoftOffice2016Win32.Word* +- GP name: *MicrosoftOffice2016Word* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6445,7 +6445,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Word 2016 backup only* -- GP name: *MicrosoftOffice2016BackupWin32.Word* +- GP name: *MicrosoftOffice2016WordBackup* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6517,7 +6517,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Access 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Access* +- GP name: *MicrosoftOffice365Access2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6589,7 +6589,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Access 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Access* +- GP name: *MicrosoftOffice365Access2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6661,7 +6661,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Common 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Common* +- GP name: *MicrosoftOffice365Common2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6732,7 +6732,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Common 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Common* +- GP name: *MicrosoftOffice365Common2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6804,7 +6804,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Excel 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Excel* +- GP name: *MicrosoftOffice365Excel2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6876,7 +6876,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Excel 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Excel* +- GP name: *MicrosoftOffice365Excel2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -6947,7 +6947,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 InfoPath 2013* -- GP name: *MicrosoftOffice2013Office365Win32.InfoPath* +- GP name: *MicrosoftOffice365InfoPath2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7019,7 +7019,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Lync 2013* -- GP name: *MicrosoftLync2013Office365Win32* +- GP name: *MicrosoftOffice365Lync2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7091,7 +7091,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Lync 2016* -- GP name: *MicrosoftLync2016Office365Win32* +- GP name: *MicrosoftOffice365Lync2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7163,7 +7163,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 OneNote 2013* -- GP name: *MicrosoftOffice2013Office365Win32.OneNote* +- GP name: *MicrosoftOffice365OneNote2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7235,7 +7235,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 OneNote 2016* -- GP name: *MicrosoftOffice2016Office365Win32.OneNote* +- GP name: *MicrosoftOffice365OneNote2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7307,7 +7307,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Outlook 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Outlook* +- GP name: *MicrosoftOffice365Outlook2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7379,7 +7379,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Outlook 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Outlook* +- GP name: *MicrosoftOffice365Outlook2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7451,7 +7451,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 PowerPoint 2013* -- GP name: *MicrosoftOffice2013Office365Win32.PowerPoint* +- GP name: *MicrosoftOffice365PowerPoint2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7523,7 +7523,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 PowerPoint 2016* -- GP name: *MicrosoftOffice2016Office365Win32.PowerPoint* +- GP name: *MicrosoftOffice365PowerPoint2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7595,7 +7595,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Project 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Project* +- GP name: *MicrosoftOffice365Project2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7666,7 +7666,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Project 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Project* +- GP name: *MicrosoftOffice365Project2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7738,7 +7738,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Publisher 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Publisher* +- GP name: *MicrosoftOffice365Publisher2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7810,7 +7810,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Publisher 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Publisher* +- GP name: *MicrosoftOffice365Publisher2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7882,7 +7882,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 SharePoint Designer 2013* -- GP name: *MicrosoftOffice2013Office365Win32.SharePointDesigner* +- GP name: *MicrosoftOffice365SharePointDesigner2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -7954,7 +7954,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Visio 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Visio* +- GP name: *MicrosoftOffice365Visio2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8026,7 +8026,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Visio 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Visio* +- GP name: *MicrosoftOffice365Visio2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8098,7 +8098,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Word 2013* -- GP name: *MicrosoftOffice2013Office365Win32.Word* +- GP name: *MicrosoftOffice365Word2013* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8170,7 +8170,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Microsoft Office 365 Word 2016* -- GP name: *MicrosoftOffice2016Office365Win32.Word* +- GP name: *MicrosoftOffice365Word2016* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8241,7 +8241,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Music* -- GP name: *SyncSettings* +- GP name: *Music* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8313,7 +8313,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *News* -- GP name: *SyncSettings* +- GP name: *News* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8385,7 +8385,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Notepad* -- GP name: *MicrosoftNotepad6* +- GP name: *Notepad* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8458,7 +8458,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Reader* -- GP name: *SyncSettings* +- GP name: *Reader* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8528,7 +8528,7 @@ If you disable or do not configure this policy setting, the default value of 200 ADMX Info: - GP English name: *Synchronization timeout* -- GP name: *SyncTimeoutInMilliseconds* +- GP name: *RepositoryTimeout* - GP path: *Windows Components\Microsoft User Experience Virtualization* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -8746,7 +8746,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Sports* -- GP name: *SyncSettings* +- GP name: *Sports* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9170,7 +9170,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Travel* -- GP name: *SyncSettings* +- GP name: *Travel* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9311,7 +9311,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Video* -- GP name: *SyncSettings* +- GP name: *Video* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9383,7 +9383,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *Weather* -- GP name: *SyncSettings* +- GP name: *Weather* - GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps* - GP ADMX file name: *UserExperienceVirtualization.admx* @@ -9454,7 +9454,7 @@ If you do not configure this policy setting, any defined values will be deleted. ADMX Info: - GP English name: *WordPad* -- GP name: *MicrosoftWordpad6* +- GP name: *Wordpad* - GP path: *Windows Components\Microsoft User Experience Virtualization\Applications* - GP ADMX file name: *UserExperienceVirtualization.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index b36e9f1f97..42e29846f8 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -176,6 +176,7 @@ This parameter controls the frequency at which an event that indicates the numbe ADMX Info: - GP English name: *Global Configuration Settings* +- GP name: *W32TIME_POLICY_CONFIG* - GP path: *System\Windows Time Service* - GP ADMX file name: *W32Time.admx* @@ -265,6 +266,7 @@ This value is a bitmask that controls events that may be logged to the System lo ADMX Info: - GP English name: *Configure Windows NTP Client* +- GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT* - GP path: *System\Windows Time Service\Time Providers* - GP ADMX file name: *W32Time.admx* @@ -335,6 +337,7 @@ If you disable or do not configure this policy setting, the local computer clock ADMX Info: - GP English name: *Enable Windows NTP Client* +- GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT* - GP path: *System\Windows Time Service\Time Providers* - GP ADMX file name: *W32Time.admx* @@ -403,6 +406,7 @@ If you disable or do not configure this policy setting, your computer cannot ser ADMX Info: - GP English name: *Enable Windows NTP Server* +- GP name: *W32TIME_POLICY_ENABLE_NTPSERVER* - GP path: *System\Windows Time Service\Time Providers* - GP ADMX file name: *W32Time.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 68a446f126..bceaf394ed 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -96,7 +96,7 @@ The default is for Windows Calendar to be turned on. ADMX Info: - GP English name: *Turn off Windows Calendar* -- GP name: *TurnOffWinCal* +- GP name: *TurnOffWinCal_1* - GP path: *Windows Components\Windows Calendar* - GP ADMX file name: *WinCal.admx* @@ -169,7 +169,7 @@ The default is for Windows Calendar to be turned on. ADMX Info: - GP English name: *Turn off Windows Calendar* -- GP name: *TurnOffWinCal* +- GP name: *TurnOffWinCal_2* - GP path: *Windows Components\Windows Calendar* - GP ADMX file name: *WinCal.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 42a8d63502..80b7d947fa 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -97,7 +97,7 @@ If you disable or do not configure this policy setting, users can access the wiz ADMX Info: - GP English name: *Prohibit access of the Windows Connect Now wizards* -- GP name: *DisableWcnUi* +- GP name: *WCN_DisableWcnUi_1* - GP path: *Network\Windows Connect Now* - GP ADMX file name: *WindowsConnectNow.admx* @@ -166,7 +166,7 @@ If you disable or do not configure this policy setting, users can access the wiz ADMX Info: - GP English name: *Prohibit access of the Windows Connect Now wizards* -- GP name: *DisableWcnUi* +- GP name: *WCN_DisableWcnUi_2* - GP path: *Network\Windows Connect Now* - GP ADMX file name: *WindowsConnectNow.admx* @@ -241,7 +241,7 @@ The default for this policy setting allows operations over all media. ADMX Info: - GP English name: *Configuration of wireless settings using Windows Connect Now* -- GP name: *EnableRegistrars* +- GP name: *WCN_EnableRegistrar* - GP path: *Network\Windows Connect Now* - GP ADMX file name: *WindowsConnectNow.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 60960251b2..61330c15e0 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -163,7 +163,7 @@ If you do not configure this policy setting, users can configure the HTTP proxy ADMX Info: - GP English name: *Configure HTTP Proxy* -- GP name: *ProxyPolicy* +- GP name: *ConfigureHTTPProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -243,7 +243,7 @@ If you do not configure this policy setting, users can configure the MMS proxy s ADMX Info: - GP English name: *Configure MMS Proxy* -- GP name: *ProxyPolicy* +- GP name: *ConfigureMMSProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -321,7 +321,7 @@ If you do not configure this policy setting, users can configure the RTSP proxy ADMX Info: - GP English name: *Configure RTSP Proxy* -- GP name: *ProxyPolicy* +- GP name: *ConfigureRTSPProxySettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -461,7 +461,7 @@ If you disable or do not configure this policy setting, the Network tab appears ADMX Info: - GP English name: *Hide Network Tab* -- GP name: *HideNetworkTab* +- GP name: *DisableNetworkSettings* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -532,7 +532,7 @@ If you do not configure this policy setting, and the "Set and lock skin" policy ADMX Info: - GP English name: *Do Not Show First Use Dialog Boxes* -- GP name: *GroupPrivacyAcceptance* +- GP name: *DisableSetupFirstUseConfiguration* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -961,7 +961,7 @@ If you disable or do not configure this policy setting, users can change the buf ADMX Info: - GP English name: *Configure Network Buffering* -- GP name: *NetworkBufferingPolicy* +- GP name: *NetworkBuffering* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1032,7 +1032,7 @@ If you do not configure this policy setting, users can change the setting for th ADMX Info: - GP English name: *Prevent Codec Download* -- GP name: *PreventCodecDownload* +- GP name: *PolicyCodecUpdate* - GP path: *Windows Components\Windows Media Player\Playback* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1308,7 +1308,7 @@ If you disable or do not configure this policy setting, the user can choose whet ADMX Info: - GP English name: *Prevent Quick Launch Toolbar Shortcut Creation* -- GP name: *QuickLaunchShortcut* +- GP name: *PreventQuickLaunchShortcut* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1445,7 +1445,7 @@ If you disable or do not configure this policy setting, users can choose whether ADMX Info: - GP English name: *Prevent Desktop Shortcut Creation* -- GP name: *DesktopShortcut* +- GP name: *PreventWMPDeskTopShortcut* - GP path: *Windows Components\Windows Media Player* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1518,7 +1518,7 @@ If you disable or do not configure this policy setting, users can display the Pl ADMX Info: - GP English name: *Set and Lock Skin* -- GP name: *SetAndLockSkin* +- GP name: *SkinLockDown* - GP path: *Windows Components\Windows Media Player\User Interface* - GP ADMX file name: *WindowsMediaPlayer.admx* @@ -1591,7 +1591,7 @@ If you disable this policy setting, the Protocols for MMS URLs and Multicast str ADMX Info: - GP English name: *Streaming Media Protocols* -- GP name: *WindowsMediaStreamingProtocols* +- GP name: *WindowsStreamingMediaProtocols* - GP path: *Windows Components\Windows Media Player\Networking* - GP ADMX file name: *WindowsMediaPlayer.admx* diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index d643b12d8e..dbbecca9d5 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -97,7 +97,7 @@ If you disable or do not configure this policy setting, the system creates the n ADMX Info: - GP English name: *Turn off legacy remote shutdown interface* -- GP name: *DisableShutdownNamedPipe* +- GP name: *DisableNamedPipeShutdownPolicyDescription* - GP path: *Windows Components\Shutdown Options* - GP ADMX file name: *WinInit.admx* @@ -166,7 +166,7 @@ If you disable or do not configure this policy setting, the local setting is use ADMX Info: - GP English name: *Require use of fast startup* -- GP name: *HiberbootEnabled* +- GP name: *Hiberboot* - GP path: *System\Shutdown* - GP ADMX file name: *WinInit.admx* @@ -235,7 +235,7 @@ If you disable or do not configure this policy setting, the default timeout valu ADMX Info: - GP English name: *Timeout for hung logon sessions during shutdown* -- GP name: *ShutdownSessionTimeout* +- GP name: *ShutdownTimeoutHungSessionsDescription* - GP path: *Windows Components\Shutdown Options* - GP ADMX file name: *WinInit.admx* From 8dc8bfba9d8c669e59a910d475c5887ceabd06a3 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Mon, 5 Oct 2020 17:50:28 -0700 Subject: [PATCH 052/153] update networkservice table NetworkService + netsh proxy - should be "yes" in the table instead of "no" --- windows/deployment/update/delivery-optimization-proxy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md index 1c4a8224fc..21e355ea15 100644 --- a/windows/deployment/update/delivery-optimization-proxy.md +++ b/windows/deployment/update/delivery-optimization-proxy.md @@ -54,7 +54,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user): |---------|---------| |Internet Explorer proxy, current user | No | |Internet Explorer proxy, device-wide | Yes | -|netsh proxy | No | +|netsh proxy | Yes | |Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, netsh proxy is used | |Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, netsh proxy is used | @@ -76,4 +76,4 @@ However, you can set the Connected Cache server to use an unauthenticated proxy. - [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](https://docs.microsoft.com/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) - [How to use GPP Registry to uncheck automatically detect settings? ](https://docs.microsoft.com/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings) -- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) \ No newline at end of file +- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) From 919bd754123d66a41ec0207e99cac043c9daf48e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 6 Oct 2020 15:05:42 -0700 Subject: [PATCH 053/153] Applied "> [!NOTE]" --- .../account-lockout-threshold.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 55f3b22031..ab09ef2ca5 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -77,8 +77,11 @@ None. Changes to this policy setting become effective without a computer restart ### Implementation considerations Implementation of this policy setting is dependent on your operational environment. You should consider threat vectors, deployed operating systems, and deployed apps, for example: + - The likelihood of an account theft or a DoS attack is based on the security design for your systems and environment. You should set the account lockout threshold in consideration of the known and perceived risk of those threats. + - When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases. + - Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold. For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). @@ -95,17 +98,23 @@ This section describes how an attacker might exploit a feature or its configurat Brute force password attacks can use automated methods to try millions of password combinations for any user account. The effectiveness of such attacks can be almost eliminated if you limit the number of failed sign-in attempts that can be performed. However, a DoS attack could be performed on a domain that has an account lockout threshold configured. An attacker could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the account lockout threshold, the attacker might be able to lock every account without needing any special privileges or being authenticated in the network. -> **Note:** Offline password attacks are not countered by this policy setting. +> [!NOTE] +> Offline password attacks are not countered by this policy setting. + ### Countermeasure Because vulnerabilities can exist when this value is configured and when it is not configured, two distinct countermeasures are defined. Organizations should weigh the choice between the two, based on their identified threats and the risks that they want to mitigate. The two countermeasure options are: + - Configure the **Account lockout threshold** setting to 0. This configuration ensures that accounts will not be locked, and it will prevent a DoS attack that intentionally attempts to lock accounts. This configuration also helps reduce Help Desk calls because users cannot accidentally lock themselves out of their accounts. Because it does not prevent a brute force attack, this configuration should be chosen only if both of the following criteria are explicitly met: + - The password policy setting requires all users to have complex passwords of 8 or more characters. - A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment. + - Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. + Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems. ### Potential impact From 42f240f5f8daaddf61347fce535abd3bca84aa0c Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 6 Oct 2020 15:54:55 -0700 Subject: [PATCH 054/153] Added mixed reality policy settings --- windows/client-management/mdm/TOC.md | 1 + .../policy-configuration-service-provider.md | 23 + .../mdm/policy-csp-mixedreality.md | 497 ++++++++++++++++++ .../mdm/policy-csps-supported-by-hololens2.md | 6 + 4 files changed, 527 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-mixedreality.md diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index a7fbff363b..b448f03859 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -257,6 +257,7 @@ #### [LockDown](policy-csp-lockdown.md) #### [Maps](policy-csp-maps.md) #### [Messaging](policy-csp-messaging.md) +#### [MixedReality](policy-csp-mixedreality.md) #### [MSSecurityGuide](policy-csp-mssecurityguide.md) #### [MSSLegacy](policy-csp-msslegacy.md) #### [NetworkIsolation](policy-csp-networkisolation.md) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 0349f6cde6..312f7f6ed5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3352,6 +3352,29 @@ The following diagram shows the Policy configuration service provider in tree fo
+### MixedReality policies + +
+
+ MixedReality/AADGroupMembershipCacheValidityInDays +
+
+ MixedReality/BrightnessButtonDisabled +
+
+ MixedReality/FallbackDiagnostics +
+
+ MixedReality/HeadTrackingMode +
+
+ MixedReality/MicrophoneDisabled +
+
+ MixedReality/VolumeButtonDisabled +
+
+ ### MSSecurityGuide policies
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md new file mode 100644 index 0000000000..e6bff466a1 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -0,0 +1,497 @@ +--- +title: Policy CSP - MixedReality +description: Policy CSP - MixedReality +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.date: 10/06/2020 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - MixedReality + + + +
+ + +## MixedReality policies + +
+
+ MixedReality/AADGroupMembershipCacheValidityInDays +
+
+ MixedReality/BrightnessButtonDisabled +
+
+ MixedReality/FallbackDiagnostics +
+
+ MixedReality/HeadTrackingMode +
+
+ MixedReality/MicrophoneDisabled +
+
+ MixedReality/VolumeButtonDisabled +
+
+ + +
+ + +**MixedReality/AADGroupMembershipCacheValidityInDays** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign-out and sign-in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. + + + + + + + +Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days). + + + +
+ + +**MixedReality/BrightnessButtonDisabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on Hololens and not the functionality of the button when it is used with other buttons as combination for other purposes. + + + + + + + +The following list shows the supported values: + +- 0 - False (Default) +- 1 - True + + + +
+ + +**MixedReality/FallbackDiagnostics** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls when and if diagnostic logs can be collected using specific button combination on Hololens. + + + + + + + +The following list shows the supported values: + +- 0 - Disabled +- 1 - Enabled for device owners +- 2 - Enabled for all (Default) + + + +
+ + +**MixedReality/HeadTrackingMode** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting configures behavior of HUP to determine which algorithm to use for head tracking. It requires a reboot for the policy to take effect. + + + + + + + +The following list shows the supported values: + +- 0 - Feature. Default feature based/SLAM based tracker (Default) +- 1 - Constellation. LR constellation based tracker + + + +
+ + +**MixedReality/MicrophoneDisabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls whether microphone on HoloLens 2 is disabled or not. + + + + + + + +The following list shows the supported values: + +- 0 - False (Default) +- 1 - True + + + +
+ + +**MixedReality/VolumeButtonDisabled** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes. + + + + + + + +The following list shows the supported values: + +- 0 - False (Default) +- 1 - True + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. +- 9 - Available in Windows 10, version 2010. + + + diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md index e5cdb0f0ca..4b8afaf626 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md @@ -50,6 +50,12 @@ ms.date: 05/11/2020 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) +- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) +- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) +- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) +- [MixedReality/HeadTrackingMode](./policy-csp-mixedreality.md#mixedreality-headtrackingmode) +- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) +- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization) - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo) - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps) From 093740981a0df4ea36859abd0d35834432eb4fc3 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 6 Oct 2020 16:48:17 -0700 Subject: [PATCH 055/153] Updated with review feedback --- .../policy-configuration-service-provider.md | 3 - .../mdm/policy-csp-mixedreality.md | 84 ------------------- .../mdm/policy-csps-supported-by-hololens2.md | 14 +++- 3 files changed, 13 insertions(+), 88 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 312f7f6ed5..521212345b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3364,9 +3364,6 @@ The following diagram shows the Policy configuration service provider in tree fo
MixedReality/FallbackDiagnostics
-
- MixedReality/HeadTrackingMode -
MixedReality/MicrophoneDisabled
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index e6bff466a1..f56c1835af 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -31,9 +31,6 @@ manager: dansimp
MixedReality/FallbackDiagnostics
-
- MixedReality/HeadTrackingMode -
MixedReality/MicrophoneDisabled
@@ -262,79 +259,6 @@ The following list shows the supported values:
- -**MixedReality/HeadTrackingMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecross mark
Educationcross mark
HoloLens (1st gen) Development Editioncross mark
HoloLens (1st gen) Commercial Suitecross mark
HoloLens 2check mark9
- - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting configures behavior of HUP to determine which algorithm to use for head tracking. It requires a reboot for the policy to take effect. - - - - - - - -The following list shows the supported values: - -- 0 - Feature. Default feature based/SLAM based tracker (Default) -- 1 - Constellation. LR constellation based tracker - - - -
- **MixedReality/MicrophoneDisabled** @@ -483,14 +407,6 @@ The following list shows the supported values: Footnotes: -- 1 - Available in Windows 10, version 1607. -- 2 - Available in Windows 10, version 1703. -- 3 - Available in Windows 10, version 1709. -- 4 - Available in Windows 10, version 1803. -- 5 - Available in Windows 10, version 1809. -- 6 - Available in Windows 10, version 1903. -- 7 - Available in Windows 10, version 1909. -- 8 - Available in Windows 10, version 2004. - 9 - Available in Windows 10, version 2010. diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md index 4b8afaf626..b877a6a8aa 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md @@ -53,9 +53,14 @@ ms.date: 05/11/2020 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) -- [MixedReality/HeadTrackingMode](./policy-csp-mixedreality.md#mixedreality-headtrackingmode) - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) +- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) +- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) +- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery) +- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin) +- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) +- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization) - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo) - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps) @@ -79,6 +84,8 @@ ms.date: 05/11/2020 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) 8 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) 8 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation) +- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage) +- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage) - [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption) - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime) - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn) @@ -87,6 +94,10 @@ ms.date: 05/11/2020 - [System/AllowLocation](policy-csp-system.md#system-allowlocation) - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry) +- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) +- [Update/ActiveHoursEnd](#update-activehoursend) +- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) +- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice) - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel) @@ -97,6 +108,7 @@ ms.date: 05/11/2020 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates) - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday) - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime) +- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess) - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl) - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8 From dcbeadfeada3227c4d52dd24ad616f2ed1b5247c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 6 Oct 2020 16:54:13 -0700 Subject: [PATCH 056/153] Added image border and spacing --- .../vpn/vpn-conditional-access.md | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index c368ed6c90..fc09e68a62 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -48,25 +48,29 @@ The following client-side components are also required: - Trusted Platform Module (TPM) ## VPN device compliance + At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section. Server-side infrastructure requirements to support VPN device compliance include: -- The VPN server should be configured for certificate authentication -- The VPN server should trust the tenant-specific Azure AD CA -- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO) +- The VPN server should be configured for certificate authentication. +- The VPN server should trust the tenant-specific Azure AD CA. +- For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO). After the server side is set up, VPN admins can add the policy settings for conditional access to the VPN profile using the VPNv2 DeviceCompliance node. Two client-side configuration service providers are leveraged for VPN device compliance. -- VPNv2 CSP DeviceCompliance settings +- VPNv2 CSP DeviceCompliance settings: + - **Enabled**: enables the Device Compliance flow from the client. If marked as **true**, the VPN client attempts to communicate with Azure AD to get a certificate to use for authentication. The VPN should be set up to use certificate authentication and the VPN server must trust the server returned by Azure AD. - **Sso**: entries under SSO should be used to direct the VPN client to use a certificate other than the VPN authentication certificate when accessing resources that require Kerberos authentication. - **Sso/Enabled**: if this field is set to **true**, the VPN client looks for a separate certificate for Kerberos authentication. - **Sso/IssuerHash**: hashes for the VPN client to look for the correct certificate for Kerberos authentication. - **Sso/Eku**: comma-separated list of Enhanced Key Usage (EKU) extensions for the VPN client to look for the correct certificate for Kerberos authentication. + - HealthAttestation CSP (not a requirement) - functions performed by the HealthAttestation CSP include: + - Collects TPM data used to verify health states - Forwards the data to the Health Attestation Service (HAS) - Provisions the Health Attestation Certificate received from the HAS @@ -76,16 +80,22 @@ Two client-side configuration service providers are leveraged for VPN device com > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources. ## Client connection flow + The VPN client side connection flow works as follows: -![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png) +> [!div class="mx-imgBorder"] +> ![Device compliance workflow when VPN client attempts to connect](images/vpn-device-compliance.png) When a VPNv2 Profile is configured with \ \true<\/Enabled> the VPN client uses this connection flow: 1. The VPN client calls into Windows 10’s Azure AD Token Broker, identifying itself as a VPN client. + 2. The Azure AD Token Broker authenticates to Azure AD and provides it with information about the device trying to connect. The Azure AD Server checks if the device is in compliance with the policies. -3. If compliant, Azure AD requests a short-lived certificate + +3. If compliant, Azure AD requests a short-lived certificate. + 4. Azure AD pushes down a short-lived certificate to the Certificate Store via the Token Broker. The Token Broker then returns control back over to the VPN client for further connection processing. + 5. The VPN client uses the Azure AD-issued certificate to authenticate with the VPN server. ## Configure conditional access From 05990316de89615dc44e651f687db5d1c8405266 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 6 Oct 2020 16:55:44 -0700 Subject: [PATCH 057/153] Fixed broken link --- .../client-management/mdm/policy-csps-supported-by-hololens2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md index b877a6a8aa..7b1571901c 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md @@ -95,7 +95,7 @@ ms.date: 05/11/2020 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry) - [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) -- [Update/ActiveHoursEnd](#update-activehoursend) +- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend) - [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) From e25ba0b403693a4cc75a650ade5a2cc5d715aabf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 6 Oct 2020 18:11:23 -0700 Subject: [PATCH 058/153] m365solution-scenario --- .../manage-atp-post-migration-configuration-manager.md | 4 +++- .../manage-atp-post-migration-group-policy-objects.md | 4 +++- .../manage-atp-post-migration-intune.md | 4 +++- .../manage-atp-post-migration-other-tools.md | 4 +++- .../microsoft-defender-atp/manage-atp-post-migration.md | 4 +++- .../mcafee-to-microsoft-defender-onboard.md | 1 + .../mcafee-to-microsoft-defender-prepare.md | 1 + .../mcafee-to-microsoft-defender-setup.md | 3 ++- .../microsoft-defender-atp/migration-guides.md | 1 + 9 files changed, 20 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md index 6d04ee080e..c086033e55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md index 016d29c822..512edb5f3c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md index eeefc94bfd..eb630aad88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md index 4eb3a79282..111459747f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: article ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md index 417f5267d3..246b542364 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md @@ -14,7 +14,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- M365-security-compliance +- m365solution-scenario ms.topic: conceptual ms.date: 09/22/2020 ms.reviewer: chventou diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md index 3422d29ce9..d38a5977e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md @@ -17,6 +17,7 @@ audience: ITPro ms.collection: - M365-security-compliance - m365solution-McAfeemigrate +- m365solution-scenario ms.custom: migrationguides ms.topic: article ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md index a22a3a83d5..fe973d1a59 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md @@ -17,6 +17,7 @@ audience: ITPro ms.collection: - M365-security-compliance - m365solution-mcafeemigrate +- m365solution-scenario ms.topic: article ms.custom: migrationguides ms.date: 09/22/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md index 7e0da8d519..8813e53523 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md @@ -16,7 +16,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-mcafeemigrate +- m365solution-mcafeemigrate +- m365solution-scenario ms.topic: article ms.custom: migrationguides ms.date: 09/22/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md index 193a2a1360..308308a4d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md +++ b/windows/security/threat-protection/microsoft-defender-atp/migration-guides.md @@ -11,6 +11,7 @@ ms.prod: w10 ms.localizationpriority: medium ms.collection: - M365-security-compliance +- m365solution-scenario ms.custom: migrationguides ms.reviewer: chriggs, depicker, yongrhee f1.keywords: NOCSH From 45967fe5b7eb7b85f088b21f92259a6db5bb402a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 6 Oct 2020 18:14:02 -0700 Subject: [PATCH 059/153] m365solution-scenario --- .../onboarding-endpoint-configuration-manager.md | 3 ++- .../microsoft-defender-atp/onboarding-endpoint-manager.md | 3 ++- .../threat-protection/microsoft-defender-atp/onboarding.md | 3 ++- .../microsoft-defender-atp/prepare-deployment.md | 3 ++- .../microsoft-defender-atp/production-deployment.md | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index d839dabec7..c09d936fcd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -14,7 +14,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 31593b47cc..76f2c2c7e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -14,7 +14,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index feeca610db..6ac048cf9d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -14,7 +14,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 1217b7de99..9e4e98ffb5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -15,7 +15,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 6e8ce89f59..4a974f0e24 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -15,7 +15,8 @@ manager: dansimp audience: ITPro ms.collection: - M365-security-compliance -- m365solution-endpointprotect +- m365solution-endpointprotect +- m365solution-scenario ms.topic: article --- From e021ddf40cd3a797231797313ee43ede6ba0aae5 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Tue, 6 Oct 2020 18:27:00 -0700 Subject: [PATCH 060/153] Update azure-active-directory-integration-with-mdm.md --- .../mdm/azure-active-directory-integration-with-mdm.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 8e84d077d5..b511fd100f 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a ### Add cloud-based MDM to the app gallery -You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery. +> [!NOTE] +> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application + +The following table shows the required information to create an entry in the Azure AD app gallery. From a58d7d00f1351e174404c6f38853505fb11386a0 Mon Sep 17 00:00:00 2001 From: schmurky Date: Wed, 7 Oct 2020 19:48:46 +0800 Subject: [PATCH 061/153] Update passive --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 74c6ee2735..be374197ff 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -77,7 +77,7 @@ The following table summarizes the functionality and features that are available |Automatic disabled mode |No |Yes |No |No |No | - In Active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself). -- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. +- In Passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections which are shared with the Microsoft Defender ATP service. Therefore, you might encounter alerts in the Security Center console with Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in Passive mode. - When [EDR in block mode](../microsoft-defender-atp/edr-in-block-mode.md) (currently in private preview) is turned on, Microsoft Defender Antivirus is not used as the primary antivirus solution, but can still detect and remediate malicious items. - In Automatic disabled mode, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. From 9021c8114720e4caa426776c5cc45b68dbd798ef Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 7 Oct 2020 19:42:32 +0530 Subject: [PATCH 062/153] removed invalid path , added correct path while reading this article, i found an invalid registry path, so I removed the path and added the correct path and added a screenshot. --- .../microsoft-defender-atp/enable-network-protection.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index a6090f9ae7..2d96393904 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -33,12 +33,14 @@ Check if network protection has been enabled on a local device by using Registry 1. Select the **Start** button in the task bar and type **regedit** to open Registry editor 1. Choose **HKEY_LOCAL_MACHINE** from the side menu -1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager** +1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Windows Defender Exploit Guard** > **Network Protection** 1. Select **EnableNetworkProtection** to see the current state of network protection on the device * 0, or **Off** * 1, or **On** * 2, or **Audit** mode + + ![networkprotection](https://user-images.githubusercontent.com/3296790/95341270-b738b280-08d3-11eb-84a0-16abb140c9fd.PNG) ## Enable network protection @@ -107,7 +109,7 @@ Confirm network protection is enabled on a local computer by using Registry edit 1. Select **Start** and type **regedit** to open **Registry Editor**. -2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection +2. Navigate to **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection** 3. Select **EnableNetworkProtection** and confirm the value: * 0=Off From f6be1fd70afde097ac197fce2eaeaadded20ce8a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 7 Oct 2020 10:53:22 -0700 Subject: [PATCH 063/153] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...-baselines-microsoft-defender-antivirus.md | 29 ++----------------- 1 file changed, 2 insertions(+), 27 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index d1cb0e3d28..69288217fe 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -74,39 +74,14 @@ All our updates contain: - serviceability improvements - integration improvements (Cloud, Microsoft 365 Defender)
-
- September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4) - - Security intelligence update version: **1.323.2254.0** - Released: **October 6, 2020** - Platform: **4.18.2009.x** - Engine: **1.1.17500.4** - Support phase: **Security and Critical Updates** - -### What's new - -- Admin permissions are required to restore files in quarantine -- XML formatted events are now supported -- CSP support for ignoring exclusion merge -- New management interfaces for:
- - UDP Inspection - - Network Protection on Server 2019 - - IP Address exclusions for Network Protection -- Improved visibility into TPM measurements -- Improved Office VBA module scanning - -### Known Issues -No known issues -
-
- September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4) + September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)  Security intelligence update version: **1.325.10.0**  Released: **October 01, 2020** - Platform: **4.18.2009.X** + Platform: **4.18.2009.7**  Engine: **1.1.17500.4**  Support phase: **Security and Critical Updates** From 883829ebbc486d0092ce3060566143ea02e7ba8b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 7 Oct 2020 12:53:38 -0700 Subject: [PATCH 064/153] Updated AllowCommercialDataPipeline policy --- windows/client-management/mdm/policy-csp-system.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 05c983440b..634ba6f584 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -212,14 +212,13 @@ The following list shows the supported values: -This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices. +This policy setting opts the device into the Windows enterprise data pipeline. -If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. +If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline. -If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. +If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline. ->[!Note] -> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device. +Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10. @@ -234,8 +233,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) - Do not use the Windows Commercial Data Pipeline -- 1 - Use the Windows Commercial Data Pipeline +- 0 (default) - Disabled. +- 1 - Enabled. From d33adbe72a743839fcd8779aa428c41a7d10fc5b Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 7 Oct 2020 12:58:39 -0700 Subject: [PATCH 065/153] Formatting update --- windows/client-management/mdm/policy-csp-system.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 634ba6f584..6c68af9cff 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -244,7 +244,9 @@ The following list shows the supported values: +
+ **System/AllowDeviceNameInDiagnosticData** From 69b918851e2664befcaf0155b5a43b0a75d41336 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:29:34 -0700 Subject: [PATCH 066/153] new procedure for drivers --- windows/deployment/upgrade/quick-fixes.md | 61 ++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index fa2817f19b..c4a602aacd 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -38,6 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • +
  • Check for unsigned drivers and update or uninstall them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -152,9 +153,67 @@ To check and repair system files: ``` > [!NOTE] - > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). + > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system). +### Remove unsigned drivers + +Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **sigverif** and press ENTER. +6. The File Signature Verification tool will open. Click **Start**. +7. After the scanning process is complete, click **Advanced**, and then click **View Log**. +8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). + +>[!NOTE] +>If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers. + +#### Optional: Use sigcheck + +[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. + +To use sigcheck: + +1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. +2. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. +6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: + + ```cmd + C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt + + ``` +7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver. +8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example: + + ``` + C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll + + Sigcheck v2.80 - File version and signature viewer + Copyright (C) 2004-2020 Mark Russinovich + Sysinternals - www.sysinternals.com + + c:\windows\system32\DolbyMATEnc.dll: + Verified: Unsigned + Link date: 6:43 PM 9/20/2028 + Publisher: n/a + Company: Microsoft Corporation + Description: Dolby MAT Encoder DLL + Product: Microsoft« Windows« Operating System + Prod version: 10.0.18362.1 + File version: 10.0.18362.1 (WinBuild.160101.0800) + MachineType: 64-bit + + ``` +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue. + ### Update Windows You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer. From a979898513556b30d2ff01c437794b1307fc117c Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:41:27 -0700 Subject: [PATCH 067/153] typo and add graphic --- windows/deployment/images/sigverif.png | Bin 0 -> 38498 bytes windows/deployment/upgrade/quick-fixes.md | 9 ++++++--- 2 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 windows/deployment/images/sigverif.png diff --git a/windows/deployment/images/sigverif.png b/windows/deployment/images/sigverif.png new file mode 100644 index 0000000000000000000000000000000000000000..0ed0c2fd0c452ba73af39bdfa1ef0494fee155c8 GIT binary patch literal 38498 zcmc%xdpy(qA3u(Frj$d8a+*WYkxS(;hpik^$+1G_P$;nwbDB9^m7Hy)oJ~l$9F{Pa zQ$b$sh*`&HXx^V_z)$R3Vwy+dhD1y z<6iT*ymu2X?lJB{(miftE1YRy1qqeQ?cuY{D|(2^h|NQhAtp&jBw$r|AR~m<)4bv- z7O*ks${T#n-yG$ye{kKLbQRsG=dXh!b;J@#|E9tDRvy^HO*4IXSs5U zbhp|U=~Rt*jm>e5J)7N8YZ`wBHk}x>scF5B>21j|44v#!1f*HhcV9gGD_p|=?ph&# zgUAp63Fg!J*9A8fH|jJi*7I5!G{m`F)hZ?AqAr!PUprKM34A%-(7CZ~bC$SSu}~7l zE%|fr@SE>Y_pK_Q!-!m7!SRk=7hk*)1lk=zrehb4gh}vaA<3N;)^z2AjjkS-9b`<3k=H$=MH3B z1G)k;*RQ>_Yb<+`-T8+`y?>SAovYU~%l#z(+!ECtWnD}6xcz!>34-siA7h;y+X0+v3b zI&hbIIt%ISm3txhmH#CrLc{bZpEnw{8p59&HQb;?t@{BYS)54L*yu)1RMEy9Yg2s- zLt!Pr%SSe$CpRR~GKKO1@{OcN!znXOki23&C-{w0l!sn$vC_AcY4Hb6PFL6=E$qBl zL0I|AZLAFf%V1;0kH6B^%C+ZTTdN%9p8c~r(5bP)dE3>KPKOEmKE^o3I<)yQd=x!j zb8U>|_4{>?S|*8n_@l54n$8PX z{<7qe;o&Wif<|4LwX0GakrIzpA z4(B6lLQ=#l%O?wBuDdH`>Q%@$_WuRnr}gjHr$Q(M=x0sC;a&9_H2U^x|D;AuqkkA; zr+oJYU0GHfC?EON5F!H^Z=gpT_5SY(=&dKzcNh-BGu}t8n~f9`jPgRtz~znoO8wRP z$)^5(dwn?{uAUtDJ)z&%&8_`S-28&sNZ5R(Joh2ad1kN@VAeR0W{sb_;2|S&r=VeE zr>oWzgvE*f?~A@^@Samw9_#=06ZgFs>Bsv%R1A`wX&6!QUH-7cK{#=I*LTs_&o@fp zg0=sd;xK!AKJS_9>TX_Ga|3f{y$)VIh({7zU6{cNn8jc!C=IM_dJWeeNG!2t|DTKI z8|XVh>qPzgX+tIE6xlE02)z=)|<=g*x}E=VEH%mQ8-ZhS@!<{{3+fL zF#jW;zm^}hD$O5voz{qmr+~1*Wi%{G+`HI%r$!XBcrBYh3Smy;P;ewcI+UCLV=1%u# z+?rPQkDC95{3*UzD15~;YQ=L|=nxI$J-qVRVxpM>3VtR-A)hYjFnSw!M89QhCnw9m zw3Ox$??16AU~p{z>etPr|HgGufWUb$`@C4|YGP}tY{$IQM$?@Zrn`CRSZ~QQ8IhX> z9TBQl65gGQ$4ejl7jc6&0ph>%H@$doP^%x?E7wZ_$G0$^wKOiRwhq5XEjHo}s7%@Z zCrAc(!6lyj+5BHR5fgyxJscYr@6LGQKCSW5tNNti3KJZ?F!-SN(#aqHOCkmMaHVy~ z<4EhWJ)X$S`v2k>67qpDe^wR+wB|d7oDmH3d`vLn{qT%3a|Z=jhLjWshwdomIaxgb zMb4alH^<>mwCOYxY5n?3hObx{jKRhW`WAV%LPA7bMDk<#L_VkXCK$Up-2f@*kZ?;b zEu0;9a+jMHGh*gG|CP^8AXTm=WPcNod~v-ve-{`2Y>2Eu-`vbk8l)1(yG)c4gH~bn@Uv#L667F^g}XZjZN6MiUr(os z{Q(M(2O>SzWX>hiszOSMa<|?Zm)`rJi;&y59BzQJ#Z~E&^D0 zz{_vRKHU6QP&u9D@P8Shfp~b8UFRW#9}&@th9^!+C?DuDGC(wCT7&Ut_X5@$G(S?( zr=Xz!8wFZ1@)VK$!b>jX%)sfR1YENAF}=_pf1}d!iyF^{CWX#na>acQeR9uo6=^be z-^p-L?{>+7RQX96jcQtH-M+$fw5LJznXne;#8ITC!5cM$sCTbOmL)FDZ-f|r&XoCK zyhDc-XrRuW1&o+sHwRS>=B`C)4-L0*cK#`6{yApp)6g#$kXCl3N zZO9Eg`Qv#{*s+r?!nSe{x-6LmwJ>rfyT+GJTrSI=G$81MD$Mq2RTYz5xEn9umo$MO zWbMjH7@qFEo=Xc0Xzq(zWH-N8jZ%ooCBNhZBXV)U%aQ+94&T+)BLc9I&-9QgnhN)1 zz|p0JiUu=}vNErHve|uq)~_?a3emKlM9bk;O0eOy@8BpsRsW@-UwVYSj6ihpPoK)V z@|k~2)0PxBrt1o+=1t$*Z^H6G{Ice0a;oG>QM#(T|Ew3nXIn^1l0&btcwKSiC>7)C4epe6_gd^slGb?Fn(m; z^3is2)ti?+4z!!e6ORo%l{}6t{zpOeN)DZJxU@v1ZUr@^zMBP)eh>2dxWLvydor@^ zp-&y6;64F8Yln=Ql|HR~4J(6hu$>tz&m0pb4gRIDKOdiN;Cka9mTjs3{_$Be!Wc=E zhy0Zwr*U!sKOVBVIyF}{emI)@qM@t00-;dQGO@-WlE-mC+-4d5D#}xQCK1hYtk)P= zXB9_2octpND2Oid_1c4tGW^J1Eo2j{!R+OX+9)`gW?PWXuX?ulE4HfjG61F1~+%o)UqqDJzvnN2xFB+fh7@Pezj682UtM&9PF5K{HY5jyW?(STN z@AT5D^MoC=3Z15A7`1kVju_|C(Q0zRRS^a0?#nV`xkIh9YiPn@Oav|x0t-j=qVUK{ zgFk7$@Eq?hs2j!HK@lxvj)b?Il6Abz&zUh>Elt<%#qg`I4$J57o~^z3a`|n?811^) zd=69SR5E5`U~R<4P=U9RY?d4KoTn>F0`m;6GG16SG+R5ExzYxs3|KM0OxV&;K_9#L zZ!IxbST#UY$Q3ED(X`dq(b;Bls*g|-HviKv1}#n8TVe9+NDpr$_ir+2tAH5Yq ziHQEk!iXtI%l%gh4Agc1Ya&9O9$EiKcjg;@zWR^q|MdU(|I>q!IpW?)f2?u<%DQy# zZ)=9zwomJiN0Yu-p!(a3PV6`_@W+5VZF`pe+wZ1`yt4lH%I%Wge+;Jj-$oXHI)L5( zf4|vWLVbS3%KQ&?KLAx@N}laPj%3fZxy?#6MV%(kPmPVle*SL07|r0$&-K#siJqYw zYEyu6jOPh!O_JX8HUwS*wKZe@Ife~`E#m{0&_86OOj$a=#{yToSKAuv z#r#a#XY*x74Vof2n`3Q-1Ys`(e;!0coR1RkWvKSaR+VAas(5K7OQS9NA@V-RT;q@s zkJ;pWY4S?|CpP39iKv<9Nqdh~D31^>sTvEio}Y_zK@L^3@dauqw^FQEms-W zl0m4J76Z%?#5%~uy{m+gL*S7J_I$OrnQ_hDSzcBsAB({>MSuw$sDU1RGrutuZ4aF_ zkS@a(us-Xe6frMd+OinK*_0XX_cb!GIaYz~$q{b~`2rtZhuaeesq1^l`b{h`5(k#c zKM#HvZZ*mMJlqC0*T;;Q|A96(Dz&6qY~`-bRiifiJyDQ2vu(VsO@HHa-c)T+w~%A` z(W;ZATCv;CH>!%NfZs4GpaG*@)LOCeFlSzMofwWAnnAAPI|y~zRKd_+rr=^EV7SjI z;$m*DK4!3;p~h(9WILRm^7wIz#abAS^zmEd=T-*f-H1~C0yIMs;o+i;e2E$7g{ABk zHRYW{b>(&S_vw zxe($)JbA8oiz;&&m93pTjgepI=8@J_V$@d*)D9rd&;mrrCvpdcBJY&~{hfn)&(pVM zpi9o7!2Qs)#V;@eHBUn0LZp*3-};6Nrw#febpMwQt?R7HA&prydjLpiP4CysGOuFa zQO}%O*J8F1%JEoTa=4HFnf%0KljREmgkRzCjR(AR*`p+bFc3p9uc~_-AV`n=Z~j7} zaK4in0ELh7V%+l#QLR5SVx!lrsVysqP(gj8Oh(e!gfpeosW z%IW{~{D?SX#_;>A0$zJrepHW7(p%F+hcaFE{Z92Ct0JN6JE6S0EjsDsciNlhT#I0_ z&>_816^#3WZV7(%BkO59;khfSn)_8hvZ5RI_vu^#U;vCeGt44y62{w4?8;)3fZcWZ z%9rn{+3<1Uv|v;vG*f{y-mLvDf&ioIE*N0YiH94O@4TnIKQeGUDS^zKmBhs>lYgV18Sh@dQ$KH|AQM65Unlr zDTM_b`Ga0734RJfZ(bG9>;GbBb#NvZ;u_`7&||=@4A8wWv>ra54(AZ@dz5dV`szjf zMZX_XMa~U%N&gqOA~t9;A`LGF$S{1v{yn2gHo&F($!93XcB|BKx=F4dAb`%ssJpK7 zms-~f-Y#6){LXL~$X~lisRAxINb{h1|7I1t|NEi*wDa_lQee|&0F%vDZf^?FN1Z3j z8-fu;`?o=a8}x>sbq0k5%6r1$dvj?n^g(xsL4G&cKXDQc9yc6FWC*oo%W5U-q1R){ zw%!4t@7bKxg5Now*ZP2Bm54vGnPt8CEjelj8lGg`^`2Ss^_~JKd^|rb7P<%{aq%wr zaeqy6Jc-v0gkZ6=zUC(|FW)v1&cmdMZ3~R1P%)pX z^DcCSl_RgIWQT}ud=XWrIO;xc3&h#H)+Bil-X?1Ped{iPhIR4+=B3v*Ib(KGfS6A+ zZGKMnQ*mdm14v;OEmM>Q#En>Pd`ZL!ju;S(&#B)WA(x9a*P!b7FmK^L0cd6Ph&SXn zi`R+qgYtRypw(sg4DG3Ku0&BX3^EeVJT1z0c#qKhZXOG)if>*33q}Tt1xXvS&-9 zos#QbOYA`M@#Du%-O@LL9dH@XwHi~XIz(qz|*=kKaKvPK&^6FGn(5Gx_5i?8}a6L8cxt0x;IR%)9beE%kWXj8Tth9-t<+d zO(}RES+X!A)F8vSAaXxBoZloRSW}9=%BFG@e|~cW!h3d<+uY*!B{n9Kr2*O%E(fD> z{fZ$Qg$M2cWSpl#6U)c>!JIY~XEG&{8cb-<3gSR5K|+TBuQz+G`IeYLx`h#hF{!r% z%wsTdY`p@*dIZMU(6e?l9}%%p!Q%JU{`cFso^pE4pN5WR%EWCAQilsj!Z*^mG1~2(9pUW-E}h) z$ryCd3U2yX&SdS?)d_CY(jG>8vgS#zv{*I@+-aUYPfYocS5A*t_cEvd_`=D z>FVCppbn&mI@3vpRY0~}&-eF>kLdtAfRmH`lZ_W)>pyz|rDm9?OZG;*vDM}3TpH0z zdQWOb9^Xbc+(|8el#Q9B;`W)LOdrsfwMyuLAE%%->qo4bB0n_+Pxk1Uk=dP`=)b_6 zP(Zt%rGcL7Ke*}lKGZDE$KMMmdKcycqOQ~73jJd;I)CE%-F1Seafh~Q98pmnylH(k zs@f{5i@xSX_`rR?CriI(t_%hq1I`CAFn1NE&QvW2M#xj{!jcEj@G)5M&hK+UrS>0YmGZylrFtaUUgr%8H$rL@)btVg zV)L22N$)B#jY~|}w8CTU(C2N5J{6eLbYcZ!Zdfh<=^=MxP(-L9Hd00e=@Q%2@s_&6 z=qC|==2w;=oO$`tfb|ATgI3ZU{huZB;Dpxul`b-atFM}rVdc|9ua}S;w*Tf3ZB=8j^kb~gaE&fm z_>|)`gjbe_u^^GPW?$#t<_zG7213u0gJOZWsp{pR>%axQ+1whkk3l`8Q>Zq9JOc-_ z8wduivW)$?dgSd0)VZ8@FicaK-cB>S8>_Z|Y zY*9LRy(<8y0ZJNuI1+q^tkruGntz+q&_NoB5S9Aw{?eZ>{w|DI@Fx6r}?*`bROH_S{%d12eP9H*j>LvRnr$39+(aEh_ zb6^3wodwm7)UbO?h>R?2By*vKjnSs>FdxjKoF;ySzvi^pjUncO1ZpM_s)MaU%PN~U z%CDIX-EI^G@cmOu*#6W**6ETH z10jOe+sLAm@kF4pIPgkzqEUp9b?M20=qB~8QH{ziiP*=i*S$NiDb->u>WqfnTcDo; z)h@MsRAPOK`M4({G}M*cGkUU|aVeOa?MIy&jgvB3i*zz0G@do{vTPhFu7b*esCy02 zI=}QhkSl~tfaAXt7t{tgi|EE4?XJ45=rQ+x^{IVK$sPRlkf+MABNoM;K|Ya4A0+g z=UN2v>Km6`GiD=j>cZ~^*D%V|jpDoM9u%HlOTQy^r}D<7rR+&|3t#SY zm{KQG3XLVrkk7ODU#4jIfH|OyLJsUcb(0oJ2%_Unh2g;8$Q5-`-dJ0`dl>z}V!7=8 zAy-&a)cTc}@+*1b1M$nbW?NgJecvY?ee}pQ0$ifFK0<#H- z`_!?mn@U3^j9m6_@q4rMVD37EX#f^UsJDrws8R9iV^R>P!e3vA=l2Cgp7B)hBRow8 zqFSiuiHJ5bo8tDy^>`kg3>}56_qhMab|su|mhzlpI_I!+8J2%;yL@=9pmjY8w2{o` z@k3YhsXTyK)J_wG8YnCO%7WTv@Qk^>TU8g%!1Lw$XxPT%VGSH$entG_=)17?-2QAm zYyxDW4(XlOx>+CDwDgQWiHFE_ID%3(2S5qUya?l5*eC~#!m-v;0THVdK8MeqFX3;B z0XFA3yW^v{`TV6Z4L-wFebg^s^44Dg;5rLk#cpV};&^(}FEoAGmwhsR?I)+t>I4 z54vHIb;-sre9m`0dM4Pvxu4y#towIm3HfzBS@O1=%cy^>y<*9`u z3`fr?pFFT&y=WjnX@YjKphZ~;1AgUp>bdH-l88=M6CbndxZ&8J#T%|foIwnhQ=@CN z59TYE11sN<+Z~rrcMLo_F#Y5K(2t&5drLu!ZiGvPG9~MKo;Le_MbS6 zF|XxsR?NW<;^<-C72&it<>d`T-}09FliTd0k(#U0)O1oNlw{Q~AsDvHU50 zu~F_yy+VtMM8JVEm*!E>Ny~l9H$!3?G;VuLY3je1&oE7GX&616v}pCWil6qxpWqHs0mfU@;^K8d+gPKl|pO{5dH58eCfhg~SaF6W<1KQ_HtW~y!` zUsLL%#s%iP_nub9ocdVSd=PrYmvAc{xsWneO(;axVSDpD!oKvbvFr*q`QUJdPHS;E zJ*1^be^Ao9VBh6AdT_Jz9cbh|D0RwV$kgySn0R6!14R9uplu9?QR7N?mr?F=n0vFJ z2~;674bzje!w6f8@VgD0Q<%YH8XXeF7u~E&F~Y&6#?RLYwaXT@H)J(SBjU>I)w&ER5KUINCvX6ks% zbu;kPB{%o$Y~@;(TIaG>zWPAF`z7@e zbbz3STt}IaJINHkx;T(`4E`pXGeUo`unOV1Rf2rUZxA!rT&3*HZj?|qxYI}wx0gp9DaWaItsu`$+Uw8{ZBY~7I_7gIPrXHx6d+@hvwjlrDHm!>IYtQx>lTW3 zG|4t{F13BWZhp6Gbm6qJ+K%kv3ZyI7aKQOhvQB@<9->hh`{r}(t}c3~;~I6A>+qqE zmKTrNH@nQ{-wdC}|1GmV(^7ChjLJb54btj|r_@`gW^xZNS9kJvok5dn^wLr8`AxCz zz9t^0!;~=xs`6LM6<_o(uy&Q86o?jB`q!P$8-h!R)tx^OKd3#SyQu!00j}6fteqQ=ExqtCxL?Ms~r)Qb*2opK4X=J0}{S z>^Py+Q(1LcVmM_=m8h5;D=DVg5!f^U2bl+&Ok`V^$a^=V1Ud%Vu^zzRF-?d{eP|?% zlMt}PgIW-5^hBheDJSB1z(YDB^@nOZ8W2#*4(^5e9`Dc;{pd^@z+SoU4Fwl={xhXm zr2unr_o6p^nXDd;m8{oHwSVdEr?VZU-JvO@)d}~x^5_usN)<<`QR=Mc4kvE+0w8Kt zAs-bvJkw_y)`QPwZ9b_FPsyN>q8%}@jhN^Z*=I%(ri+FHPaRayujZ~n0Z(Qld=TJW zxXD^Dz39N>oL1Izgbi4A%&~dtEB8;IDW?7UH@*3s>Q+_R>GWxn9u-Y2xxLYuD6e(K?REQ-c!hH4NThPgh-o6r+U!HJR zBHTIIry!K7uKD-8Z}M)7*L{}nDsbYo0qxY4@FbNI_vVof6K`_gPz(nWDK+7g5mHd| z&`h7+vK~u^fKCidxci?rk_RWnArkCq0^1}a$ofvI=(1w(<4*4ZEq|nDtx}7G5>_E- zc>UDSkd%oNEH4>i(S6A`Rpc%qqP8x7=w)V+gM4)G>6q*F1_1=cugZ0CN?kbh#9HNZ z`W+xESlOuCgjT`_-#XKWDlyaE15PI0_flQz8qbsrqh9A?D@CvC4>ZMYZ7bleZsoyh zLHqUh%%X&v%M#zUMHdFAai#;=%_kPU`xr$Uw4y6yCmHqvmOab35RYsUX4>2|aa8)} zsR`7@M0@CP&(T7%(ci|epe=Q#cA6~`7O&1`|IFSW@-4GN&jrRKC09Dd!3ZHAE$hP{ z{duO>R)uc$m0PTM?i5^li5g*NVheGZ)J|5?2%r=q&62p{bV2iWXeusE*StMf#=Y`x zh5NZYkH*Wwm49`y6~vw5%k#V@w0G+DdwG)=sGe@4rcV)IGut1EIIA*Ge>LK3#+Ov#|C z%Si}*&J9qzE-Cx9WAv?Ojzt4zN!roDDwaN}x0WE1ig=rnCpoX-hbiG1qpHMHU#L?4 zgTNu3$Ag+L9cBGYBB4#GA(_oAW?ZW5@u4ZLrWLkE%NO~rO`8ePtz--9j%D72AUaJY zyR`PM1W){h4iJZw*F5mKw9Af?GAvm{3ZRlS+e_I_X_GPt1XNA$2v_}+YPWK=QX?Ar zZa?msI0D3hG_XK#ifGV5 zZ>sUuPSLP}q~QF*P=V;1JnxrOs@TWNH~m*~u|;;Y6Xfzzx5Slm+*L(VB1K2>J=LzZ zwfXc&VbSwkw_Y8^I`z*_9n9Ms5~}I9k|4<(mC-^GEd9(ri8V~ShnvK`{Q(2oNqmJ({Iq9zYC(?havp@S;AYv(SO$i3ES$8}t- zQmWHbWvY@oJqv@6Fg_(krv23R#dSgrxwsK-v$IOas&TxaZRw2IGCx7FVaG|TE#Fpj z2NXw#s%g0tSdxG8)4z&bJC5Jqd)b*)GD7e40xx1+223CeL!=O8a`caNoO3Ze4wQZm zF5_qO`ewCO-GRNnJ}j|?xE99#3ZLf{5uI=Ai-M>%I<(Rgc@Vn*8`$7TCaWS+=UV*48+85{nxu0)SPPL;& zu97y6v}(|mK9o`0b?a}4`bbmH^cg2LnN=YLoA zD1GijE@(?VoV^@-9a@Xs++!@yX?pd9!gaX;n=Z0DW`}n}(~X|jTsU2qEQ5kXy!1rD zrS(K~+UvgrCNnfAd@5B*%4IhwDgrJh2X=SZT_1<6Yk}KKflmi)f2Z>L--1-05j+0R znZ%yU`~4NzN<_4|&!NeKO6}!w{#Se_URMTG*esR-a4C~YQ<}v3Bkil+`!C*M`)ak@ z7w&r`AF|*>>ob$=+OMe)4Rn(MC@(fT95{wWUh;+N3-;YKlZncCzN}8zwMg!e!N1Hs zCP=En`tXKT(Qmn?ddG(FkO*)3#tFicFBNo0!vM5ZU%L*|0D8eu);0%5js5AZzN{4n zd8WG9yy)Zd*(jKPXQrUc@ zdrj()t9PG?<9ZoVf2;HVL!q^FvBMtimtL9L9&i0}VE?CK3J?8YU{&`u)>Kw(q4%8p zr(wK-(F2%?%aBCKRjoE;O^15-sgK69G-tG7!X3x`x3LejPGWpex}HmvCN1&rLka=P z*t*J3vYPa3o0*ZUrHpS);tx07q_^rMXsb?sFYrB=EZpVe(;adfndc=un<;i1Tm2&T zn3#k+)vU2vic#7pj5CE4PT961$<>_)^uJy7(B>%Br<+wKmv3`NCq5d`(%kd(N=bOi zXCVH8yWF>#ac`XEgwdOvBW8gyLk2E0_rEda;=dPH`MfgXaT@**SWkfUqE4jShJyE% zNA2RjY_MlNHMeKU2T)N>asFxdGk#sgy2~vxle2v& z@%-Vr3U&a%#zc$!&vk@v(kF4le3Kz=@!9eBgwGo{)5hVCE$d+un_>u8@><{BSjY8) zB@j@k*l!l4Z5e{M#%J9i#d;n?yN)`vBnEsbJ5usK#RCH!9Zr3Hn+;5OI}_S|p-L;e zKKF~CxckYHgU&NI3wH`vU&ajjr+LU5yGUGJ9+p#jYpe3^hj$-xWO`bxn*8jTm5qlM zUU8Q_rBBSZbufM7qA={TH$y#e>1_5Dyc2ct(w0UD{aO8|$sb;g{g;@YWiETM^qWtN z-x^mOkJ*o6YTjQYT=1}mI>k{OX6o~%Z|ZFOm7M*cB+g(+3GZA1o23c7!6itZ;hlO67Y1a@`$e&=ds=)FDRz<`yPI*Jt!FtL0MkZk?w0FiMc&FM#Yls{< z(|7I9sS2IFg2MSzVJ784oS!t~Vh5I+LLnhrI!hC3OkTQnV}{}^Qf>%r-re5#6z!9j zEsvPsme^+%{E32N(AxNWIJ2_ll}r{+wLgL0?6>$3cj{}UYGLQEuNZj7aA%f7NrP$X z1LuNCIFk=ZdUZPN?<<(Z|>uJ;D`8`y*e_T1% z)aC5uDC9M0teo_akAl({&vMAMbS5Lf!)lqG;#I&aZy(D5D<0hgXW&pWbDdWtc>uZv^rXe>?JnF>8EN~}D!G$bcgy@s=m7>=|`T+e;e+MNTO>h?E<>>UV3OBbe81b`Ow#|;N8PdveAN5QE!Y3 z>%d)swf#N{Xt5ti&AHzi$=NOl^~T>+V`kz0tG?s86hqP0G3z05XL(}+F-It?gy3XPG;0VjP-=gkRqLCa=2@v6D#{B9Vn595bZ3SWhwr2#odgQ5r@mm!g(}5pNtj+P* zf2-Se0l&Y6lq!8vB~}8MFZ}e05=xCJZp5;ULUp=QV;RP$YcenZHs+IqDxs>yc`^0)!M<9a$` z)Y~|-4&y-JYMaGlQBfSRMTOr6Sg=d#Dsjj=m2#}_y=-2<@(NNZMzSP0d7p_k{sFxy zt<_9#=u}7CDg4#klH38~M=Dd*(_;RZvlrtG!NUHvb*jsKQhjo66NY5G#hoI%g_V@@ z2H~eERCRKZAT2~c+G!%?rpzHly}i|m!I--5_@#8Qe>G)F(1NFqDR?JSrHoki)-mT(Gfs>7MgTv&RkYG5o@x9kgc9IGWVU< z`7(Dwe62_8RK4O*DmgNJd|10Ix#dG%58MxAZXt{r7(q z{5h*&j&n8VA_s8sjD(iOtF*roJMF4{H9HiWOP9Ivl?ER5@v!74oo8oaw2vL389PmW zJJL>~DU#yiZvhJbVdj0`eS7>bDfr!6vhD(@8&dtIUByg!fTAI5;~%x6hG0k1w64F} z>XMhioV7~3RrNnfAF`G7J^BMu#xd@mdUT^W7-G;~v8^sS(^^w~EoGAA3y&B7d8|Le zeh4;Q-!M3*$-mr2<;Zkaa*PY@&pA`hCImWOx6Nf!32QH}7`w1FJU?bmh3|h(@h&1v z>Ub}T9sB2qSRVxxmEf2`i4zFtmWaFjZg#}9+U+Rf!*N5wcahU@A7k$#UlmWdAKn4^ ziR1B71jMYm$xH0$U?Yb{_FRgQhsZj1^70K&Kd7k2y;Up7VveA{=XeGrwF! zi?y{OV&r>p-}2!u{Q<%E1zM&_qCaB9_3Oaf)_VO@`PAv6WMM(u1pmcwNGxRl2WE~e zPFwjGjhHy@y78J6@NFfN0wi~sXlq>t(~nse4s(^-oD=NFE8^b9+$mQ?0F)_(ac8}i za8mf{6gOv;W4c4|k{|Tz)x8q&$gpI2UV+KKNoTMn<~zaLZ(}KjiX}0bD??hwe(tfU_83N1)oIH7ymJg zY{A~}O^%=cDs?p(J9kA$+#y*Nm!1|Z%NVbKNffab%w6wP^|J09=uU3zD<2*v1FlW{ zk+)uBfxJ~4kN7b&Kg0dh9Px^ug7z=UN<7JBy8zA!5+E3TT&Uo4CS9wx5-oKAo#^=HH_8+f4#iM@{0C`u)w#4ly*b+R@kvp>QX6U-SKs_gEy| z06cG$3z0zkF*}*Jd>__RbW-}Kfkd6h$mxk-M&i=t0RuN5KeunWpY=@i+TUM2S2$&e z1r13x-ht?wKT4m#8RFmXl;=qqcQh0Kgnw?QApBk&>+82xz80{P#iBl$>aRms^6e6JJXT)9-r$ z(slZItBjai&gY}H22494aat)mbNBnMn#90~FxTi?#~l}Cn#H>E#xFxWupO#hj%pI_ z)B1fRAXP#9uKc376R|#6R@T(9NVpVxrrPi2bWDqElyyQ_Cd ztvi%+^5~^~So*u0Rz|&ls!~pj0F$@ImHM6PgOG1Y;Uiw8YPq~inGp{ULgW789&}gJ zo59}GbMsE@DLhbS3U*shN7X_`@MorgmkvEhCE2_&4KT#iVkg&;TG0+%g^Y`~hJ_eq zMzwh`@qkT-(Gz=`MT}w036um)+`U}Zu9kbt5!xqlZHgyy&|Q-^Z*(RNkl-shvEfnZBFiwj`l6{M4kr1$Fgb=Kp^EvSJ+X z{3=5^Lfkmz>9F6y17kiC0Z?9ppW|*|VPZg{a^(X`rEL1s&MLRK1;xHNDv>E8EB;fi zF7Fpjwe4VRi|{FL$7V&_e`s;1Dv=5Q#8+NDJuc=YEAffDCZ>FiP_zhE9|HQ`fo2Lv zwZt82K*m`fdWgHfK1lnOF1B@WOFZCrSLKQqoTZbW*&e5Hg?FZxV?XF*WbT)L6ag=+TSC^f>ghWTT(thD}CR7znaJAS&5An_fce` zt^|-a)rm^pATE5E4(W-=Qei6CXt*oXsR#H(#vkDv2`BR(pe7qt60Yo=i2eU)@#5yJ z8&4Qlup_>yHeH<1Sw!b_sN}CJH@QouE=Q($Vsva)vZX2yc$w;tEB0s=zG)vKoM9_{ z(Gt2X>XaFzb9?vsiSt)6W@+~sA&)I3*pAUnT!)I?z{^e~Iy|$#2peRHI-Bp_ldM~7 znyX^JF791MI}6xq=9yb5(5OG4+$d50pgvdJy~cr_+X?N4AjF}<)l;_MLg7lR5_X6P zKSUL$m9hLWBf_b^`n^2u*fG0(84hV4DMP6mL4x;+eKW-)9x`x-nG5V}m_;HQpPiZ* zROnh*N!k5lkp%FbtfuRYi=a^u6n*-CY)SgAuG(lIg=TX>Br+3(~`#4DBq>D6>P z&Rqef%nh6FKEjQtz=P0SnY4>$`X+ky_tZm5>sRLm(+qzgw&TFZj@Vn=M`4SxgU5}0 zV7E?Dn-HsSE3$BET?XUR)x-Vn5f+&4!9K7bY8}vp4`5-0My)W?0;TvUTDK3j?W8(0 zW#)F_rIDBEE!P470OfZ3-7+SlMN1YhiZwo!<7#Cq-I8S5Nt`3R;ov0eQjWYkXb)6 zb>^Foy(3?(h@PQ8uwWeD6#KrKQ}DX6P3fJ6(m{wtB`zUHa`LO zqvJT_r>qjPhydmN`U7#)n2F0tE5`^_9TS%u5P_;o7^7h~tFe)@x=_Fl!AtWa?m)MP zeHfqJ2P+$i>T#!PpLLeUAuqr$2in{!GbQZClC-)k*X|7joyq>*5hi%+jWLs)Y0~Tn zbv2)?pG`r(oO|YlVc8JkyQ!uNr&!>e|afI|YP>2H`k6qw8b%bvxvoH(&7%f9SQ%cw=2laVv zvGwhB)}RC87;96ZRhy8-d9e~gVrx-bP>c+y68f;@f zaLyRn7b8gq4QX9VMt)|>Ml$wz1d1GPdtj`mbq(-t+6I5ip@>kpy|1>^y|RVC0nNY$ z7W|WkT`yNWgXi>Nc1BeESY$ZdqjVT$-x#J8q-zP3`NV(<^J#>pT^GP^@@e<3S0cSa z@~9x1aW`nz*g%wcyQ+7p7cjua`Je|om}hRMzz9_bK7H!|FXav*T&s=(n(TB$HaB77 zw8h+KORF@Bs|r}E`<5NiTt5SI9{eVY#{jst-O;TFqg_-!*>8IO^db-C^Tj(t#g^AM zx*0aqd=;0RDq0V;9~fqp=b*ub@DDvIjG9{hw1yoeCz9Ra$iM?u8#Ok-)~c?ms?%CQ zBd7qL8kIb;wzZSmJZZcuM4(81U&_vi*)oBCV#)^;KWeFZ`AWcQq3yDn(ti>5OTkyV8RmfA=sGmtsa=|ZVjYR-gZk^*~g3j2}Z=(^p zvWtV@n+&0ep3u2SUXGR-@nZ)t7OKDC5D*Cqch4IkbEmn2Q+aAsbE`(uXPh)$4{_Em zg8-kZySg^%;6m#OE5|!y;F#8MD$+DK6e-1{!CqvaXC;2w%^=YyikzZ=YHPZ`-?2Lu z>+TKOeB3@3d#H~%-ZY3=JOe!JmP9{6QzbaRianw%?^Ce1mUS_w6n*D-*YWI9$0%{; zksGhI15(V15Lx$g(m+5BTw8Felw`FgwZ5T>DV66Q3_6fcubzyVKA1}}YD{jUNWpq7 zE6uf81=KN3fD|scyg6GM;J8U7`UQjL^|d`;?39jaI^W)Z?LR^#RYCr9pPO!AVy94K+Z8lMFP*Gg zL-l6r`C(dvkUMACt?OYA^Jvp`5^sXeOIJYh>jj~ALDgaZ8-3|-!^a$VHCzqs4w{V> zH4TUjUsC!YVOV18hivH}{{ude<-h7GQNiWRYE;NxHTs1Z2Q$e<(K@=) zH|_N3Z2bY1$(`OA$ztUrVpg9)wb$R+G_IzUPjj_B-w;RjIGKQuxuyKaH7}y(5jHmG zbJeB*QPT>BLfS55)*U7cb?*(*kL-6P;ZY#+#`yMmtC{|YMqX3`I=C_srs3h`06lpF zO9(B$+`}M4ZX3EHSYkK5HPi1BV<_uAzY7&sfVD1i^bF99Jo!716_uAiRKmMauY?`Q)U9 z#StVa@(?%R*#=ba^+Ozg9UEy>A&%s&0V+d6;+d|26}|C;9t4*0%oplju^y~yu%Id0TV z#u%${uucKAav)HFbedImp5c6A08iItw}1pEZV7^~!U{LC5=BUrL`tF)e>}nh4fw65 zTE}!v96tk@*Er!j#wlF&_N#AhJue~@{|L@gk#-x2m*HI&J*;(QGQnWV=kQnY-Xl4C z@6L@UVS7%pEglpF8^p$YB~5~66thcfw2bcrDRdNyx&v9TKm)D=8G0rx>I;hIoUKpd zjNGg3cC71|X6k9rT6a5gjpO~hg`NqdbWAgjNs1l3CK@B(v{*2?+#h?-oz^x`4Y;t# za7H7RGavTW`}vQ^0zOn?3E+hS#FE@YC;9?Abbd_zU+PSA^OY4|Rjk)SopTWj4l#Az z4atU6)glOD#=8ZyUJdo1H)sK649voswX2#z{Ci_i60U+>rJ`EkB&Ok41GtZ%osX>yNk#^F8bDdHTl|I?X3qGPG@TP4?& zdUof2d_OTf+Rww_n#WgG@n;vA?s#0Ria1z1HGA1NViGvVn*pHtg}8X^;PS z?i;yfQkD+FeHvASX9W7H5I&RhUOF|gk=P@ivi(qnsR3__$A1fDU6Xv<_tCr-CWM6&fmIVJ23};!EI)=M)a82 ze3{8gYTW2`G#XZq44?NX+X1S6KY&reyk`tgkw~&(eBD_Fw@GGG_w~Ibjrnw@ytnp259-Yoq4m0O9&UX;EUGSLkoT-sw;P)K zg+H2IIQO|FY-BmF;VU-A8P*}^@j|10ieqjn$^ryK~@xLn5vA^AohZQ7* zNN~H&jkT+pv^`z=%s z6FVK_{*>2mde&OzizzepRmbL`^!XT9UMShH$5y2dCKmR|va1Z?!?hKiiykNn@oM|w z7pUPFOVZ5!DQ&GziLqb7(=j=|j2-eM9NQr+K}(H#RRT$w?^X}}tC^tKao{xwo2Z0f zg6yyTEtj7`%x=b{`;(J&0@5wg&;KMf{IeA1TRvA``R0R&V$%2ch$|H=F#v^uZJ2?T z9_U5t7#0aD5Mi8$%PP7s@4!rZ)EVt zhj+Q|-45O8+tw2uEYNiIqe6MZ?u8^IQDY9#Tv>i6bJ|USs+^>Px!lHM3Xg^q@_JYB z)t>P8bPeRsUMZ+L>UD$|>-G4$&RJ=e7Ti;`fcW1pA<`N5ui5Q*`?4-3hE$nEU4Evw zXG_;uNvfWR2G`k9AbK{~#4FfjsPG16?04@pRer1J^w44-Mhgd6eQM~G#OrN`AkHPr zn$y&6)KN*VL*ubP1NF#QjkD-d4A`Ng@O?1n{%^%opS00dahEqHgi})L6KP_~`X7qy z>e4V~$vOG>Vycr#Q#fiv=-tGlaHr?0YcBf_c_5#>5oFNdgq&HuMBNO`?%z8}7CD2c z(-*|O9rv^qA!o{Vi4)|WO8B;^{ir5}LbHTO0dupxoDxk~l$ab4-~tQRF%Cx7O+G}d z<0JDXB>~QysGI-lKc1_fp+2}b{|qJJ%}LD0+x66+dxMX}9kWQS&?`TIq?*Z{;c4kH zsG848Vbn=#+NDpGz05k;1NrAkJhWtr9;zN zk)^#71NE9t;{wAuy>91{A9W_l>JYfqx?vAAy!g1P#HhRX51P;CpRVq_FkS1FKvC(k z5I-AyestQ*4KP5JiY7BiXEb3D#Sw2|UrpX`Jqq&fDLo2zbf zwI5)~viZTC%-caPcdb=NdZfz;%e8jd(*r4TD|5IHri3&VuCv!7+-rcF`TXN>L|Ia{ zJ^A987x8(F>J4HSdq_J>joco*aLjk|5~*0Ze_!lIn@{&HbgW~rf`yWX9;5PrrEM7Y zg5K>LWRfgD;+-vd@}4|+!yW_EgC}qmJMJqCv1F3uz>oP(YRl@lUD+^WV0g)}SgGhH z;Q)#DkY5S~n+6sR7O*qwPhIIi2?`STD-J$BFkZDAo!&z@JRw7IG)c6SN@R+tFpt|+ zTak|Bj78>wP!kSU5nuNw4xhoYkN*xy!DQ`rw4r-t;>w;G#%0a9RP-)7A!5;(rNl|n ze$G4W29b~RN;b&WkE=KailUovcz;lMerZ-1gi)JUmkQf$cXY#_<8br& zc4@^btX#V?JiKKacv`jF!x$uKbbsh+zekA*8-Q1n?-0O~PBlqnwlh`lqZ?099X{hK zR+Sln1l#KP z=^s0j*e^j;;3#o;TJ%Y}=#GKK<8R%>KdU*~fN#*yqJ#})k7+JJf(njKb@P=)Te#_d{j;Wis0}k4Q}(t&|52Do#+Ag>^Blf97LyH%c>Z%!rn!^P zk80NiIkJ=TitEE`Ce5w=Y(U(u>LVz0J30)1^K0EhcA74-=K9YSPXIOHL9DCh<@z%< zu`#6blfBroKjcW8Na-5uvrqB{e#WsSf4#MsQj`y*vtnNy-UrI~bIxygMyPA2HK?ytvxUbivAePt?OP z4aYMH;cZjZ+_M-1AJG{0LFTvsYp&mTk&o@rer`yWWIAMw^yW+m@ofZJ8|v@RGDNQ9 zo(lSZ{?G~BOznhSP(%KaqkL`gKa-#@pxahlqO$hl?;G_#TKYv-{qyse<@jY~wbFKw zcR1_>{Ogy`P>DcTe(rDu5Uo!J~v!Wr4jUEac zv$0DBVSI4U>d!EIm`W96jYx7EX?c|D1nCN9FATA}#<4n3${8!>bgq@mFL1a`Xffpn zKNf??Qv$l;;m_=!G&Hc!l0ZXS|}-uPKxZ9uI)j(^AJ^7x3K2$$RlY<~hh^Z;8rH~f-U96A(&uKU_5 zQ*c;v%~erl@v(Axz~@s>{g3N-95VO-e8~n9P8>CdXRYV z@xynBWb91_!m{m6m~AGmF|%hDx~y%SA<3X5OTulbeerIoo`Vr!f|GAok`4_( z14vtJ&o112m=9G8nRrbMGY($$M@O|xY_Pv7w40x|`wMpKbgxUz{1s?YGj*c;h0K`! z_3flq(01L(ex?v6yW@tUiOX#K-+mO|oV4Tfsv#Vd;6AjZYdZVz)%tJEIX{_Rj}3Qz}kl1>kk9c4yK=;EFB#oL~|yGk8Vcm zu$fAh4&|FdO6TMrx>7JmLJT>SS5WcCq5xxi_qk2; zv^x@=R7Yd|M4+VT@fV*tnfXpiG7~GCuEqmF4fj}$qh_!;b3rNO0jBEN=S>}|Bhj+> z)Es4T^PGcH7?7=bN{T(J50Yogmu^kGgT$d~%>bwe>FXnxyvY6zD^t5zuZEM0AX*F% znBwP1Ab#F&da!D;7t}+zif*@>a!S(>#Z4r!l<_aOui*Y^MB2RR7`I+{BpzxL@;&H? zcT+;eZD6KVT~g66YQEOF?lAu#ZZD6&{o=9K$hMalPhBY6QNWtM#IwKfQEQs3G}gm7 z92Dl=&9&2(g(wmEtSY)EneLekecVmOcnb(r8(J~g>+ISdHX5n&Q3}=c3Kdwu_VGq^ zM!dDc4wzj{@t4xJNQbl+D5Nlayv3?T&3txcJ1BgZ28+vhU0Hwj600`G^YrXUsrTgV zWi61mT|X1r5&g^=;>oL-`?S<6ZiC7+$`$I`@xM2%d=7H7*QDYu9^nQ1~{F z>l57rhmu%TkwHK^gq@iX&%Q)?{0U)y9~L1U)!af*&5<@wudnI3Nq&kq9^&Ys)y+i& z3&3V=O`%j?{EsSfD?A7llzSd^zML7J(gzYhN%d{>oq0OX)K1WQ%8j=wkV>{nAITOd z-W=lc;eAcdM5@II4~*uH058C>W&pCa0?b=)Q3{jF3bF4^{EiWgU{#3EyvDeSz!iQj#FO~+MwiLuM52JMJ=}k;EJ^u=*T*l) z6^I=&-Nm2i*Iak-1Ql;}F?|RB9HOwFa33inB&}G1`SxZjyz!!m4AWqCHfqU}9U*Fy zgim9C3U{`RGBF&YRO0Rm@v*+-RhmW56p9v^{1k}FhP_`t93JTma4W2~o#sUkQ7z@V zDle#8)Pb?Fq_}X#%H-1*_QqpTh&&ZwHR-DN(;RvZrmHjdytFQ#cAW&1w&6LCV#;?F zP%mzmX>_=D2-ZS!x5afjVO?2@G!1<1Xk$4(w2JHt5PWX?LkOW~QIoQ?ylFLsH zmDN@+{(f4JP)U#9KdKE6c1rddC3s%Ro^zS}G^aJbA!Vw{$J$#wSFz*~`;QUq^k&ci zd(dFZ*d%ED_*b#my&^VJGty{s8er6H9;oHERo|Gjyuq`Yg+8?@GQOl+is+6U@QXp4 z!Db>rUqv$O(D`cXAuL6bjXETww;0v?V3A}Y!*2lK9)8I())fvxePE)~z+~DgpDiC7 zmK}8gEi!l$^VWZQ)KsWjEl>U~6#EV@;X)A+@`%PK4Y9Cos}pLRM`P={&LKC?p;J-m zl^$(UduM|5f*24*5;llkK5kP@k)OZ7*y_G+yz*s3PNkIr$ zHhgY(6zfg8oIJ~oBrf;OX7y$!neY!*dl$a;4CT{H{+57wmwi4|L(g=54%w0n*eO%b zZs^yGe&JRB?SWf?2bQ?lJ-e{mPJb^Au?wTu{x>u+l*5~K!=p`oOU-R}YlS!;Eb0mh zy@^HRF6;?ju5}ymO2J~hlI2)TP-@68J6)w|7$K;4WSE;bu4fVC%0UA&-5CG_3UA@Cn{XL2{bq=HdA z==wdhxk8G)GeVn0l$E zyY7Wg>oK!Qw_uhYZ&+Qm;^d58d4SR$GZIykjjDtm?8uVQ%8xkwf(#HWq)8T1C17=Y z05aY~zu~)|b@kMFtv=pE1^c@G10S+Ez>z+8Uxlk#Sk63|Nf#KVLV5Si%N-Z%Z+y0J z4AOPNwzrGNU75Qdk2>BIzKN{x&A8MOuoK!dMWDj?0lEr3TBkSskHMYsA!tu+Zg)(u zX@bspcre-TsHOLbw7#ah@0*8hVm7q3?rwF?v|=oW?0yiOJb`6J?;BCdD=a{`2A6UL-y#I>9wPqChL8 zCcZly2-6p9#2k1#l=0i=bK{p9{`n`hmWgD?K1Puj;kh$bsm7wA5A^=YdZY1o?@N81uu|&zj^{C6yaWjWv(*(; z+B7PdH=28AwGmZ$@s#TGNlH1r$L#WitG$NmIf*K?^sH)F7tMW2?sAAy(JfP>GxgRd+M|9-;UO?N{sq)w#z?D&*v!yTr?=nmg3x94~?YzgLI&lGrN z412WqmRExNOr@REKGf{8CQld*@Gf{?n`rl&&8f+&!!CZAKtHTG>5p0lD(ip08rah* zi8G&s^=g6!7P61d&i23C;1!D~qyju0n_`HzCF{X03047}`Oevit@QaaCF;k$#93PT zT)b;D90FwtLfhlnP`$Y5zrX3AVJDD@2Lq8l_p3zlQH4pEmjR6T?#RPWWDaaGI3Wb> zkuKV5$;Ofgf_!q~!--RwxA94()fbgq1qX`=U2__emtP#}Xj2~UI2EbY3*li==QyrX z9*yAj7UUt5nYq`@_j77`O)FH=FqEZ#hN|~+NaVZ-Z|BofrP)t^TMRBlH4I?)azHSv z+I!j!Cx?uEEyUVs0f;8@%NR!F|-Mv(H zu#lkAHCk-(OOM3_mV5x*$m6Ds;!$&QeSS67gkGoi$ZPDS>9e!>-v7M56ic4o{r0jI z2#~hJdl3dy`f%-p$Dt96a2DIDoQT;5NpBQqv9gm?Y+*n#?9#RKC6H=DfzERF*#bT* zY9Q`IFJDiW#as%^$p?wkHGu3?P8cl5PqGrwSP2tV#vn503S*j2a;)@259WbQ4g(QO zL-FoXRjGUz245!c^zNW$28h#pnesmH1Y@rcTDn5T>VG$h@Ox7`j!&2k&t3p%K%Y3! z(&QinX^5)9lJ1#AvX1pyIKJ9du^i_T>~*$&;=EWtF7@oHy~Q=(jdIsTFVV>1=3O4^ z^xx-*4#B84z<-LQO2t#r!Je_dkPXS5<$E=F%D&R*6!5;kN0&W{myeO)I^7ybYih5K@lmy2u?1#%c_#_A}n02OFCdD^Z>LdW}`0V0Qfv^_yi+d-Z- z#C4!s%2R@P^M#cg*C_y+Co<{&fCZ(x-{3Fup6)un486Blm$xaO7H)HC9fqCrZ=G-F=Z=MTJt`IOUn2HY{kc$7z;+)~7v(~h>V1Au( z;y{cX>Pb(^M5s=Rwhk(SftLM_u=6%(G-rzT&s!MVjNDR6+GXiSvbN#sj0n|ID^~EE zd=H`I+ErS1`=p$Jm4bs&m&<#w#FRxVPa7V|zkI?0RT(_%Pr)lg?ne!^ zE!STD&uWiU6UL)BimC?@lCbcP)pFpNWMRP3l31-E0RI2jYK+CXWbStYH%3)pNMyi5 zpPL0%`>!`M-9p=p^f)B)=kRx?@jQG4;%yRao3uZ(BOgj49+x{Mq>Vhj)F$EXrhFM__C7w1pmx3*KRmkW6=OypCB&FWxoIw*ql*1{gJrfP9EG~tc_Qe4+t#|a2_8bo#kpaef8nOFsiv2eGgn=d+dtPFp+ECnLGvC7x+K}AWM{6cX+Zo*;05+ z-#!20V?6ni3rTzJZ9;RzTOHho((Ma2w^Za?kl3o zil$$Unna|1KJ=v%qz)J-H_IWL^2-mq7Y>-Y%5qyVb{lINnI>TmuMeN|(!Jz+lfun3 zJrPq2^5kbZLAK%g{7VV?%xV>;p2Gm|RHx|U5(3y-plo3*zOECw{0>Y6*QHV(CW zS>3Z3gSlT~ew``qAJs%g@cEfe`Sog+4TzCbC8OT>xmlr&2@oULIbM3W-%e_Ktnq+f zfkpB*;Q`p=9g?`CPp^bS%{zC}6c9xuk+B{F0d)$Y&Mh|k+9yr3|ww&tPi+z0SMZPUmxw)<=q3+FN3e<%fvPJ z0j7-}d^IrAV+^{y(Yf(d1JRE%OA|j$tzNp@J2J6mtWy#dTlR*bMjzvK1tN(*VQV{Q zqppPd3#EL$6kW1m;Q5`tK}mXl8Y?`yg2dAVFi}IRpi_Ku26gFbknCn{&o~qp<9&!! zu~<{n4Q1(!i|vQc$2On2)*Wfk#fUYPVN`9Bd+VJPQ0&{)w<%gRZu%&$o=|N>ZAhb& z{kuero+?qz1(Gn=6!RkUS7<*$V-ET*tjB_={}3u}jQ-;^XcF7(H-lc$MyJdIn|I#$ z!r@$B?{1M^o_NGU>wHT&M31Ms1!6we-ErHnfA$Xa9*`ye#uV(+Up>nLF(D_wO#4@^ zd5a|EY%~V3Xh(9LCBcgv3W5?)~^vlu1{G+K7!6}ImZy2od;!gX?!RxWh!Vm_YlIMVz&n&bHN zyAiwpTX6{`^Nsh2&>`#CKC$P-m6Lk-0D>b)VUj_^wNE!64c-J{0<3K@7A}u8sXCR8IaR^oq(G|~UCf()?d+bnf)F0F* zzCI~)zjR$-Z{e#pKL6i#=o6n^?2?Tpp8b7He0nshGP;kM79{pZ?p^PlK5}W1KP!=G z^DlP9OPZ;#xg zqGc<3McTL%f@YU`9;a|4mF)5z%yDSUKK^eJbk+NPVldzAssz1n518(?6J^4?Y*f>2 zoHwM;>-fZQy*8q0Js4Q1OMN-WJzn2&oP+QQzPLk74byuBorQRSBml%{PYZMqrJ8o6 z()z^hHZP8oS8k1Ogw-{yKP%<-z?1Ng9jhnNe`ENoMyye#Fn&&l>wS|wn2MZ)=;q2_ z%ibh!1X zaokx+!VZ|i>zVuxJkg|?I{`VBF0ya)HAc6IzlUqSIl6^P@{{XTseSv&2NYH3n2(_e z?+`Qge5U^bfZnYTIktF-jUU5?T@4f}A07s;K}d{ep-_?LJMKyB7!S)$sSaxxNncB% zhYr(-B(wmV>x=%85h{x{+-XNnlLoQ}&bT63_B|a#d(IHMZ@?LwzeG}>UJA8XGgfY@5=CPob}FdRN$#397TC^4ZnX(Djti$+mh3L{3B4zAp0d6rFPS zb*kuOBr+(`Bc3)Sw&R36&9k?d2KyoQjh{z*V+d}8yaZYkO|5{#o6=p(Y(Fj_gtHTR zX|wK@568b~;)~{t#b$T?)-s)2ggS0hkUDBF9>CJE_m&s z$Cyr@V&~$qg62Mz#mKf!nCR3^G$(+VjO&lw#tmj@U++L9g((EWL&^C2<4}gAl-Q7JQfwke1Lt3`db@2 zb3TWS5*mAWW!vOgk{n}uCLn@JSrH=R)AkMUM1%22_)mYAbx!9QxKX%@CS%Yy3gWQg zcRTdYmYmd2Dk8%U{Xl-oXjNR+4Ei6)lM-cDH^jrmOnHr!WAYTGoV?dnK&bLg#%fEP zI3WQNtKj13x^l3um55oZy9hmZ#@B}@63kmX7%pddMQ>S9XHGFA15vBmWJoUR7FckGbaO_eI*N}C`me3tz7iVU7-h1@*Y7Okivw^#-4sEyO z9BfOZ>m{h{BOSb-cB!BrQ+RteCRqz#n}jMR*?R$^-b+p-Cx&ys3}^yBAvgFOpjXcx z%C!970r5dIOro)rC@i&QB)kC0eZT>;hUSDT42@F5V z69HC4wj?Y7(d5QISgIzgb*~t?kctoLz$HgD((I&_wKM}}WS%+$JJB1Y`g&ZtK8`v( zt$DCY7ecB(CwjTWbRV|9gyaPJWQsf&ohWw3s$!Ay-tE8{guc2Ol}+Z)?tfi`CU!=o zaq7hvOmMihcW{ISx?0z)I`$) z!rDi&$1J2G?7$Edjei>K%a>@nN+>N6iSM!qDu~LTfAI#jQej-AIuPPHaNS5AQvd1y zo>5az1K1OG<@&_{&ujMs!w@wx$lXVb8yt_$;RJ^rZ0riQZ1XM-X`2gEmu40-Sa464 z?+kCjD&qa3Ozo?|;W7~WWs0XD5Lc<0ajE^JCosPZeK$|94dYpLL1iF*gG4Wg)q!$bkM-}cm2LV_tyxAHeq6GPG@ zxvdL*vjkkp-tSl+!Ky!xuSA_V2WUW#yHX&-2OOKPaqOMdPHUOEriEpIMHBWFm=JCZ zN{pCb3;hKie)=M*BmPX0x8Oj9E3=XeE`P^=j480TS9P1D%d=-C?+OR^&|QYH4~Gu6 zlk-Afk_(I{wU0tz)Z!mc{dol zy9BK&$VTBm>*8YmBfKMi<(^SulU$|gBmH+4UmewHQ;(Gs^qsI9EJ9ODawmn(mFwVy zmv_PHr_y^$w2+0rKz?v4+fGNZnQ8o>`HXNoAe<>rwT6_viOxOJx8`p4OrdqtRX?1muQN%} zd(K8&*FT-+$)O`OpN1X?B0AQSrFXUT`y^H%;m;3~7_PNEQ#?@d>(*k`Q(s za`vC^Xe{&9<*Lt)yr!>+uh0wPs_!O|gM}7AyfE52YFkkU2G6qGQ`wPF-8Z{``S?w0 zaG3FUN?0HN2@cfzbpF2ah%d1t8DI*W~B?p9%a*+t4m1>Ma(v^bE|1t=4S1TCdCHBv%fv{<*4D!%j ztCPKuEThqaxi?X82%l)By9mmP8p@&t;-@7b)IO(&Ffv@|c(%?T1aRncOp-qTu1W z3dSQkt8Yf-bx?9C%b;ayg zJ z2wwR8FWXm7T^v292h2~O!VMIRtUa-Nm@V922HV$iv(*uVve!jrOl6uoaNyeFwuJ#U z=A!<2A7o2_08}`OM}TlCXBt?$@C5(ix*MIr1!efB6+&X|4I<2Z+zs49mBLt=)WwwB zOWQLDxolfw)V9Itw?FdbtEDo&F-V1H*u{O|A`kDt)>HA?Xo5~-SRlY4cwF03Pb%{ux*Mh-UO-b7|fq!-R3$w_^oH&Z|Vg(2(AP!`lu z_-tr`Uh5O1uIEJ5@b@nLZTME%p;dh$^819sXNmtD)R1KsofVt|g$AM;qf6;ix;4!v zOly!333pCG#@rNm*yZFFay~^B5Nmmre6IT2nHZmlvL}V@6zZP>6xM4C;{Y((Q3rS* zLIB@2xkFK!GYY<;a2Jquukl$IOIrV%_*Mj5Nm#Q%Wg&SgRitKM>Kb^|cdPGc7he%j zCUp>dly$=+K1V=19%@rdSKN!yUKNgYZltOaP7Uu0vlFvyquJwr_*-re>2}G$hJ4uEM(ja9wS~c|8+QzSFENT-D zPMZv6?xRe4Y@m22Hmj#~(4+k=;oiAYIR)J(dzj?;;eD8+&L20IG-sP$IXPv`IQZ-u0PMzs(B6w&ifdw z?Pe+IkKe3sOR(Z=7Mez)lLk`y(WOK)QK61xSmWl%7X6lPC2HgBayJ%{xf*g?O^biy zQsu>tu$~$zPk$b+r(JA@2SPj==*G%dZ-O^sXEkc-4%WOwBpoE_HJ7wZm7T!FKxo>* zVrNJ$3dvXxI3LyQk0Ol{XvDb~PkN6&6H#%#E9&Q$;hFdRdzECFNAxBbv@P3?dk^np zn4o|87nbvlTe3hpo(%u8Ikog;0hkK_Gl~dV5vm5^##Z>hBt{9?uEbKb-+AX?}icmD-kr{c6F6S zLBjf3g#Hj8S8*KxttCXj+SB_Gr7G0L0esUDV~_HaWu)UfSy2IwO6Pjl0_5b;gS>&+ zOtvaCN$-QIaRb$G$R#6`dZRzy-@~TdzUj#L&J!hcBto#4hQ-G`RmX&G1G)treY5Yr z!wj@jU6iHkTol_Ey8VqiU1xl?mhnFm)@!OAdD^Y;_mUGqqjrJRj{6$WH0vh8JtLG! zpg}N|(w&XMRbl}z`Vg(&u{0?v0bSmdY2HMnG)pwertJO?AQmb)ifrdunCxg0NYxP@ zpfQdQyQE9b;S!%TA+E}`RJF*#cl%eZ(BGEeZeUp=EW7BdJlS&6VWxhF;g53W9De|b zDks)_E|@IX7;-^>Qr~*G79HAmpD`%uWh17dnhlLRCKajYcwksMkRce zGiW=QK`@$psTPDOG^67OZlze|A~(*QD&mF^mh!+hy+4=pYm>IfTOnvkPlucjMjN^P=xpu0fza)8ZY1aD%hqos|}7 zx;Y@$U_6_XJH(B&-RnNBT3Fsf5qrcQZw0dDlSQKM)AlNP4B(1iOpaaqaIdRT!C@M@DAT>0U!zO7m|Hg_?xfZ^md$|#+=cm&l%6gXz{SR@!(+G z))s0#6-S&aG>nVfbw50aeW;V>Z`omeysYi6?wBe<4uo^X$|4`Y(>%DwsD&=vsaV$?k?3E>Xbwaz=}7I&y9X*hm5`w5d+{vSECbMVpTI5SUvY-M z8sGzrSOu{~1jx0Q)Ghk{1Qp01?B@I&41jF_6q8ByZl{QRy1rvZ4g^blP@B6X~k(S6KjW%nuR(3Vq>iRw8|&7b$I;46DX7Z zOV-0O6ROiJsn?ogll#9X@8$UII(2g7BZ=OtRJ|VDv6J_+?Uz7739%h(Xqf_Sja2kqO}3Kr>If0)7c?b;+s+p0K%$Rax)8jFlyO5kV0Y0AqiFmTS9}(Lv1!uC(oU=wGLUq_wfnGCs3ZE##+}uaZ+tzmT~yo z@B^fO><5<52>01vd?#ylbzRkkj z0d}z>(5a&@xwHve{Y(6V7r3-hOsaam#MR}e$`ZN$6=M=2u@uo9_}PJnAlq>eGw~se zayLI-$xsO<5KeSNykRD{19|l8Qg2Hd9htiLQp)xNZFz6uk)b~gp%az|#t(ModNx)K z0`aBQJ5|4}LzOy#%_eI%h3eo3853)C!u%s_GsEiN=ge8JXAGja7!R@&SyWV4p2PER zT-wuOCk=JR)*hIJSb1jvU;J$4q zX}s!I3<1No*P7J&fudXkOiztU)Rh;FsbYV-^5;I!E#jgceI|GtoGbPv)H=)n;uXrP zVv@lz>9Uly0Y{{6AP-j>{P1HiJM0Y^Ax zc}|wai>m!}M8?=lL#p&C>`T@UNjP67|>a0$}`TH#(5DXHK%dOG5XW* zwA0=me{2x1xVUq7j7KRt;bbPV%&|3?s(J)%#MR!zFL!S0#;7eaeA^Vy>(izcRZ%x( zOIQG47}U;+3~;(hzXkVZO=ns2jrFE2oU$Wc7?e+Bm_YIE&PB%T@6`zJ)o|8ql2_IV zPtW`2a)^G$qK7)t5JNb4Uw5A?H~Rfm6MmL#_Eoq!zgAaPg-BxM-vB^uLat+b?HNvo zG$!c7xSaB=Un0uNUzGM68OlhUgSvaP z*dZ3kx>56Fj0VEFBPU*qk{<_)cb;+{o>u-sZ5$*Us6nQaXfH8bJ5=u-DG9|esp%fb1$L(Yhk{Jl1Q|ZjsHz&8z0Q+w7q^sn zI_#tFqTz>^0H?J&?cN?5fzn5V!MpemNmK1BG0EZ2YPxKb(m=j8@d*$B8gqzMq9ghg z@}i_!*aOup{K{Ec@ZWy(Ce`uvuUkSIX8yF4x<>r_Jmpn^rY_!M=pauYt_o4PLNZqV zXgh$cM3;##!qRyAPh3dzPJU8SUcjN(b4uqs7Wla>SewaEqdAl|Mj9Pii~f87eViA0 zdgn)C{lm2jf8q@vTx%6R3h)0>D57rw275GnP$8&xTK2EsF0FWxU72xVd zRO8mC=KjuT1r28t*e`VEL z!+&!9OSm}o)iX{3+(L8C`8#%U$G0v441oVHUndO!p;bcvUwP5>|NmzH&s&R-}U~=ukf^ z2im;m;J(!z3U*yw_9xTXhFRW*Vb;cKex8&rh0hh}wuO1P-f70_SZ5VAq z+vcwT@vnxMZ?Cg?BNXsi;Q!JYKf7hKT=MNmQ}KK1n;xH;VY7UfSb#X;WApEug~Tgh z|0v0e*ZtQ!eH=GcJpD(@Cw6|Q)hA~D^BcCN&&ssAvd>qh`y8<%-(mW|+=W~W8TBP9 zPN4<-nGgJL0Ecc^xj)>n^o2Sd6??Gnp-b%Y796pDUJ(`DME-g?YAY|w=-;RI4=Yid zcV3gU`YbBmnS1DNzi~Imrq|||{1|IX&S2y`Kg0gR`a3B+vrR|u17Nc9stJ_QSES@? zx9np^!{ZgJ3A=pQgVm$jkKbiVoFEw6)Y>r>y~X;Re;^y>0~o8?iJjvk62{Q03QE1w zbd>e9{Fw{r-**2fmAcd%jh&J=^%C$OPLgFK75I0|`YGx{c$(?MXRXJ=|7w`G2s-q3 z9{6nn4~avhjwOdCU@Y|A2=Lt4XZ}C{uV4Do^u<);ZvDhEq|qeum%p$?K~&B?fy(%j zU&ti;`SKP!ocC01?5FMHvD|S~P;B_J+*%>y519Laf`9qDA+!i0wRkUClt&E|@?yo5 ztzp0ow7|u?K(AQ+0vU$zU7%M$o7aD7t8rX8%b9*VxUO1U77UseqBoRMgOY00$7gL0 zCs9tR2G)?wH_b9p{3hqd5`v4T!Jb0{8=Ou?UkbGlsNWc zU}!mGN36F1y-&Yd8e4GVZC=IClR!`N^ZvTb@@0ruZxj61wohy0Jv1U7#+fdrT-$iD z)N+i|JI1)2^UjU23L7z<`Zq{&&3CWP9OJJeW~7-P|e*S#(X&#UIH?x zI2lCq`M+wr)}W@6ER0%~jLS;}k?imqR#8M8QE*lscZd@hP$2^gSOf?RG87NxWzYmn zMj$+fl?1cODvwkKA20$jGDtMUhyemP!Ylz2g$RfPMFL3>Lf*;V1kkPhxmDYB|J+-B zPn~o6bf50i-RG<^v zvFAJ9Ji&(jKCUlVl=#1OJA7yaOgyC-ie8A#^rdpids|LU&dPZU-DKW1`71E(l&T)B z1=9$nd}@kuia)=n+3|wNQe0#S6T?}1@`sk3vX!U_OxWka;q`J5YqYG|MyS;suC^u)S&MFD)6yS&)ea7 zB*Y6-VcMG9zDxb6^A5aYE>$#i)t{$rPb*xMd4tCu>qqbM%xaa(n7~H-{D}e7nt*dZ zZrB=vSqec$M@mXZCB-d3#y-c#OJVAz00BTW*TjgX8Rt5RF|@H3X-ri*C~IRTS@2Yf7=hsDq@3;hsR)% zul4^R%yv7dwoXzoH!a6XONKH>EQr(V>7}A21gT;Wx=`MbP|Dh4wk}ZyAop$!GySv{_ z>Q*~s#p}Z53_VZ5t%A>VHFmz*0juTV;{0p@qJqIvGcb(Y0yZb4arzYlS|@4feQ%ZK zUU@#NmS~JzT0zBjiiIKV#E_rn19%geovG=~JPi;{De(dT-0S2&YXx!L{#n+NnNc+3 z>a-zk{nep&2bU|wN6V$F zH_O8~@-T@&T!lX&2|Z3JNp5hO42sKCKMzij&`rP=25XCNskB@KgR9h~Dsq^D8LCc5 zeF~QdRyRd(g0nm)e!Z4|<{_+79V$h+@I5(K_S2vI88}i-b?(X}D_!;P$-bHyoQB}2 z`xl@JGMY_sf%Ozw3Rmp!w8m}^(<;e&G%8y22&%{^U~tAPT`ma3*&&Td)sR1R4br~+ zyWbtiKEgPVAXCg*?(z390}hl|bXT97DGVs{UbADzEs7NS8Z~^|i@52B52yn#8C*n1 zK6n|oj+kcM`fPE_&HB3#*Iwp6tMphiEW^yhOioFdgVMob*$G(>6b7l2In4}n%6|z<8EKUe&amK-^uBxAK@w<7!ch;@O`&3zKos&@ zENH!B=suL`hW1HW-(5bSIaYB@bka8aNR3OQJOYd;1*wLc_)rXm^~y z#2%Ztc+mOD9<#6!9u2R%^dNiKZ7j02 z=(5SWZrmRcekgDKqAvMFt-Sek(Or0Eux#uC$Uq-z_k#QDPqjdTZBbPgw=Cua*Hekf d5MQupSbux>oI~!etS|vfFf8<&R%k-uzX9vP2P*&o literal 0 HcmV?d00001 diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index c4a602aacd..b6a64d28e9 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -3,7 +3,7 @@ title: Quick fixes - Windows IT Pro ms.reviewer: manager: laurawi ms.author: greglin -description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade. +description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade. keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro ms.prod: w10 ms.mktglfcycl: deploy @@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • -
  • Check for unsigned drivers and update or uninstall them. More information.
    • +
  • Check for unsigned drivers and update or remove them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -166,6 +166,9 @@ Drivers that are not properly signed can block the upgrade process. To check you 4. If you are prompted by UAC, click **Yes**. 5. Type **sigverif** and press ENTER. 6. The File Signature Verification tool will open. Click **Start**. + + ![File Signature Verification](../images/sigverif.png) + 7. After the scanning process is complete, click **Advanced**, and then click **View Log**. 8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). @@ -212,7 +215,7 @@ To use sigcheck: MachineType: 64-bit ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue. +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. ### Update Windows From eb8290ee4e9c8549c262b119fe6b504af852d925 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:47:09 -0700 Subject: [PATCH 068/153] added txt --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index b6a64d28e9..837199548a 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -215,7 +215,7 @@ To use sigcheck: MachineType: 64-bit ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid. ### Update Windows From 697519637081d513b664800c47556840e8e712c5 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 15:53:11 -0700 Subject: [PATCH 069/153] fix link --- windows/deployment/upgrade/quick-fixes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 837199548a..a4619b4f14 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • -
  • Check for unsigned drivers and update or remove them. More information.
    • +
  • Check for unsigned drivers and update or remove them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -193,7 +193,7 @@ To use sigcheck: C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt ``` -7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver. +7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver. 8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example: ``` From ffd4ebc8dca3e52f965f995c58fe7e15c6259f97 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 16:00:14 -0700 Subject: [PATCH 070/153] update resolution proc doc --- windows/deployment/upgrade/resolution-procedures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index a96205d6fd..6b8a9587d2 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). -To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. +To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers). See the following general troubleshooting procedures associated with a result code of 0xC1900101:

    @@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Contact your hardware vendor to obtain updated device drivers.
    Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
    This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
    Review the rollback log and determine the stop code.
    The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
     
    Info SP Crash 0x0000007E detected
    Info SP Module name :
    Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
    Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
    Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
    Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
    Info SP Cannot recover the system.
    Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
     
    Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
     
    1. Make sure you have enough disk space.
    2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
    3. Try changing video adapters.
    4. Check with your hardware vendor for any BIOS updates.
    5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
    Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
    This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)."
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 4f348378a25dd517ec6ad2c951d3ca9bbb0a70d9 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Wed, 7 Oct 2020 16:12:42 -0700 Subject: [PATCH 071/153] update --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index a4619b4f14..3f2fc11c16 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -187,7 +187,7 @@ To use sigcheck: 3. Right-click **Command Prompt** and then left-click **Run as administrator**. 4. If you are prompted by UAC, click **Yes**. 5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: +6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: ```cmd C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt From 8afbba9a89f8d304b7db5db7e68d2d642b25d07a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 7 Oct 2020 16:44:47 -0700 Subject: [PATCH 072/153] Updated topic titles and filenames --- .openpublishing.redirection.json | 45 +++++++++++++++++++ windows/client-management/mdm/TOC.md | 16 +++---- .../mdm/enable-admx-backed-policies-in-mdm.md | 2 +- ...ew-in-windows-mdm-enrollment-management.md | 2 +- ... => policies-in-policy-csp-admx-backed.md} | 10 ++--- ...n-policy-csp-supported-by-group-policy.md} | 10 ++--- ...d-by-hololens-1st-gen-commercial-suite.md} | 6 +-- ...y-hololens-1st-gen-development-edition.md} | 6 +-- ...s-in-policy-csp-supported-by-hololens2.md} | 6 +-- ...es-in-policy-csp-supported-by-iot-core.md} | 6 +-- ...policy-csp-supported-by-iot-enterprise.md} | 6 +-- ...in-policy-csp-supported-by-surface-hub.md} | 6 +-- ...n-policy-csp-that-can-be-set-using-eas.md} | 6 +-- .../policy-configuration-service-provider.md | 30 ++++++------- .../mdm/policy-csp-controlpolicyconflict.md | 2 +- 15 files changed, 102 insertions(+), 57 deletions(-) rename windows/client-management/mdm/{policy-csps-admx-backed.md => policies-in-policy-csp-admx-backed.md} (99%) rename windows/client-management/mdm/{policy-csps-supported-by-group-policy.md => policies-in-policy-csp-supported-by-group-policy.md} (99%) rename windows/client-management/mdm/{policy-csps-supported-by-hololens-1st-gen-commercial-suite.md => policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md} (95%) rename windows/client-management/mdm/{policy-csps-supported-by-hololens-1st-gen-development-edition.md => policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md} (95%) rename windows/client-management/mdm/{policy-csps-supported-by-hololens2.md => policies-in-policy-csp-supported-by-hololens2.md} (98%) rename windows/client-management/mdm/{policy-csps-supported-by-iot-core.md => policies-in-policy-csp-supported-by-iot-core.md} (97%) rename windows/client-management/mdm/{policy-csps-supported-by-iot-enterprise.md => policies-in-policy-csp-supported-by-iot-enterprise.md} (96%) rename windows/client-management/mdm/{policy-csps-supported-by-surface-hub.md => policies-in-policy-csp-supported-by-surface-hub.md} (97%) rename windows/client-management/mdm/{policy-csps-that-can-be-set-using-eas.md => policies-in-policy-csp-that-can-be-set-using-eas.md} (90%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8d507ba71a..b15fa65bb2 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -14565,41 +14565,86 @@ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-admx-backed.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas", + "redirect_document_id": false + }, { "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs", diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index a7fbff363b..6b92d9991b 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -159,14 +159,14 @@ #### [Personalization DDF file](personalization-ddf.md) ### [Policy CSP](policy-configuration-service-provider.md) #### [Policy DDF file](policy-ddf-file.md) -#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md) -#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md) -#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md) -#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) -#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) -#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) -#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) -#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) +#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md) +#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md) +#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) +#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) #### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md) #### [AboveLock](policy-csp-abovelock.md) #### [Accounts](policy-csp-accounts.md) diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index 805f9ee481..d79b428c0e 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune]( ## Enable a policy > [!NOTE] -> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies). +> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies). 1. Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description. - GP English name diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index d919c5f1a7..ba8dc31c1f 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -2515,7 +2515,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o

    Added a new section:

     diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md similarity index 99% rename from windows/client-management/mdm/policy-csps-admx-backed.md rename to windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index a580f4a524..75ac21a8b3 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -1,6 +1,6 @@ --- -title: ADMX-backed policy CSPs -description: ADMX-backed policy CSPs +title: ADMX-backed policies in Policy CSP +description: ADMX-backed policies in Policy CSP ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,12 +12,12 @@ ms.localizationpriority: medium ms.date: 08/18/2020 --- -# ADMX-backed policy CSPs +# ADMX-backed policies in Policy CSP > [!div class="op_single_selector"] > -> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md) -> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md) +> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md) +> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md) > - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites) diff --git a/windows/client-management/mdm/policy-csps-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md similarity index 99% rename from windows/client-management/mdm/policy-csps-supported-by-group-policy.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 651f088e72..09c680512c 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by Group Policy -description: Policy CSPs supported by Group Policy +title: Policies in Policy CSP supported by Group Policy +description: Policies in Policy CSP supported by Group Policy ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,12 +12,12 @@ ms.localizationpriority: medium ms.date: 07/18/2019 --- -# Policy CSPs supported by Group Policy +# Policies in Policy CSP supported by Group Policy > [!div class="op_single_selector"] > -> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md) -> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md) +> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md) +> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md) > - [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock) diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md similarity index 95% rename from windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md index f77d3c1308..0a8beec733 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite -description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite +title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite +description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 09/17/2019 --- -# Policy CSPs supported by HoloLens (1st gen) Commercial Suite +# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite > [!div class="op_single_selector"] > diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md similarity index 95% rename from windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md index 2dec2fdb8b..256ddb3528 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by HoloLens (1st gen) Development Edition -description: Policy CSPs supported by HoloLens (1st gen) Development Edition +title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition +description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 07/18/2019 --- -# Policy CSPs supported by HoloLens (1st gen) Development Edition +# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition > [!div class="op_single_selector"] > diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md similarity index 98% rename from windows/client-management/mdm/policy-csps-supported-by-hololens2.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index e5cdb0f0ca..4757f9c46c 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by HoloLens 2 -description: Policy CSPs supported by HoloLens 2 +title: Policies in Policy CSP supported by HoloLens 2 +description: Policies in Policy CSP supported by HoloLens 2 ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 05/11/2020 --- -# Policy CSPs supported by HoloLens 2 +# Policies in Policy CSP supported by HoloLens 2 > [!div class="op_single_selector"] > diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md similarity index 97% rename from windows/client-management/mdm/policy-csps-supported-by-iot-core.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md index c43363b357..f3143ed222 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-iot-core.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by Windows 10 IoT Core -description: Policy CSPs supported by Windows 10 IoT Core +title: Policies in Policy CSP supported by Windows 10 IoT Core +description: Policies in Policy CSP supported by Windows 10 IoT Core ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 09/16/2019 --- -# Policy CSPs supported by Windows 10 IoT Core +# Policies in Policy CSP supported by Windows 10 IoT Core > [!div class="op_single_selector"] > diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md similarity index 96% rename from windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md index 8e70dd707e..afb79c5bfe 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by Windows 10 IoT Enterprise -description: Policy CSPs supported by Windows 10 IoT Enterprise +title: Policies in Policy CSP supported by Windows 10 IoT Enterprise +description: Policies in Policy CSP supported by Windows 10 IoT Enterprise ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 07/18/2019 --- -# Policy CSPs supported by Windows 10 IoT Enterprise +# Policies in Policy CSP supported by Windows 10 IoT Enterprise > [!div class="op_single_selector"] > diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md similarity index 97% rename from windows/client-management/mdm/policy-csps-supported-by-surface-hub.md rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index 1d89eb88de..e39b0aef27 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs supported by Microsoft Surface Hub -description: Policy CSPs supported by Microsoft Surface Hub +title: Policies in Policy CSP supported by Microsoft Surface Hub +description: Policies in Policy CSP supported by Microsoft Surface Hub ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 07/22/2020 --- -# Policy CSPs supported by Microsoft Surface Hub +# Policies in Policy CSP supported by Microsoft Surface Hub - [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate) diff --git a/windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md similarity index 90% rename from windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md rename to windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md index 171652aa2b..4fa3380c87 100644 --- a/windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md +++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md @@ -1,6 +1,6 @@ --- -title: Policy CSPs that can be set using Exchange Active Sync (EAS) -description: Policy CSPs that can be set using Exchange Active Sync (EAS) +title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS) +description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS) ms.reviewer: manager: dansimp ms.author: dansimp @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 07/18/2019 --- -# Policy CSPs that can be set using Exchange Active Sync (EAS) +# Policies in Policy CSP that can be set using Exchange Active Sync (EAS) - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera) - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 0349f6cde6..ba400e3ffb 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4901,27 +4901,27 @@ The following diagram shows the Policy configuration service provider in tree fo -## Policy CSPs supported by Group Policy and ADMX-backed policy CSPs -- [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md) -- [ADMX-backed policy CSPs](policy-csps-admx-backed.md) +## Policies in Policy CSP supported by Group Policy and ADMX-backed policies in Policy CSP +- [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md) +- [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md) > [!NOTE] -> Not all Policy CSPs supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). -## Policy CSPs supported by HoloLens devices -- [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md) -- [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) -- [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) +## Policies in Policy CSP supported by HoloLens devices +- [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md) +- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) +- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) -## Policy CSPs supported by Windows 10 IoT -- [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) -- [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) +## Policies in Policy CSP supported by Windows 10 IoT +- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) +- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) -## Policy CSPs supported by Microsoft Surface Hub -- [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) +## Policies in Policy CSP supported by Microsoft Surface Hub +- [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) -## Policy CSPs that can be set using Exchange ActiveSync (EAS) -- [Policy CSPs that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md) +## Policies in Policy CSP that can be set using Exchange ActiveSync (EAS) +- [Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md) ## Related topics diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index 9a867b0778..2cde160250 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the - \ - \ -For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy +For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy ](policy-csps-supported-by-group-policy.md). The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**. From 06fb11bd53e606a642a9c3daa863c7455d505bcc Mon Sep 17 00:00:00 2001 From: Aasawari Navathe Date: Wed, 7 Oct 2020 18:06:22 -0700 Subject: [PATCH 073/153] Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives --- windows/client-management/mdm/devicestatus-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 06e4d21323..97daf7a3ce 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -107,7 +107,7 @@ Supported operation is Get. Node for the compliance query. **DeviceStatus/Compliance/EncryptionCompliance** -Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following: +Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following: - 0 - not encrypted - 1 - encrypted From 5713121545fdc0cf96777a410047500c510d1837 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 8 Oct 2020 02:12:53 -0700 Subject: [PATCH 074/153] update --- windows/deployment/upgrade/quick-fixes.md | 88 ++++++++++--------- .../upgrade/resolution-procedures.md | 4 +- 2 files changed, 49 insertions(+), 43 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 3f2fc11c16..e69527eeb0 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
  • Check the system drive for errors and attempt repairs. More information.
  • Run the Windows Update troubleshooter. More information.
  • Attempt to restore and repair system files. More information.
    • -
  • Check for unsigned drivers and update or remove them. More information.
    • +
  • Check for unsigned drivers and update or repair them. More information.
  • Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
  • Temporarily uninstall non-Microsoft antivirus software. More information.
    • @@ -156,9 +156,15 @@ To check and repair system files: > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system). -### Remove unsigned drivers +### Repair unsigned drivers -Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers: +Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you: +- Disabled driver signature verification (highly not recommended). +- A catalog file used to sign a driver is corrupt or missing. + +Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. + +To check your system for unsigned drivers: 1. Click **Start**. 2. Type **command**. @@ -169,53 +175,53 @@ Drivers that are not properly signed can block the upgrade process. To check you ![File Signature Verification](../images/sigverif.png) -7. After the scanning process is complete, click **Advanced**, and then click **View Log**. -8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). +7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers. +8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired. +9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below). +10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. ->[!NOTE] ->If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers. - -#### Optional: Use sigcheck - -[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. - -To use sigcheck: - -1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. -2. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: - - ```cmd - C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt + [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: +11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. +12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \** and press ENTER. See the following example: ``` -7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver. -8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example: - - ``` - C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll + C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com - - c:\windows\system32\DolbyMATEnc.dll: - Verified: Unsigned - Link date: 6:43 PM 9/20/2028 - Publisher: n/a - Company: Microsoft Corporation - Description: Dolby MAT Encoder DLL - Product: Microsoft« Windows« Operating System - Prod version: 10.0.18362.1 - File version: 10.0.18362.1 (WinBuild.160101.0800) - MachineType: 64-bit + c:\windows\system32\drivers\afd.sys: + Verified: Signed + Signing date: 6:18 PM 11/29/2017 + Signing date: 6:18 PM 11/29/2017 + Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat + Signers: + Microsoft Windows + Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. + Valid Usage: NT5 Crypto, Code Signing + Cert Issuer: Microsoft Windows Verification PCA + Serial Number: 33 00 00 00 4B 76 63 2D 24 A2 39 9A 8B 00 01 00 00 00 4B + Thumbprint: B8037C46D0DB7A8CEE502407469B0EE3234D3365 + Algorithm: sha1RSA + Valid from: 11:46 AM 3/1/2017 + Valid to: 11:46 AM 5/9/2018 + (output truncated) ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid. + +13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example: + + ```cmd + C:\>Driverquery /si + + DeviceName InfName IsSigned Manufacturer + ============================== ============= ======== ========================= + Microsoft ISATAP Adapter nettun.inf TRUE Microsoft + Generic volume shadow copy volsnap.inf TRUE Microsoft + Generic volume volume.inf TRUE Microsoft + (truncated) + ``` + For more information about using driverquery, see [Two Minute Drill: DriverQuery.exe](https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-driverquery-exe/ba-p/374977) and [driverquery](https://docs.microsoft.com/windows-server/administration/windows-commands/driverquery). ### Update Windows diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 6b8a9587d2..1d75d19367 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1 The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). -To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers). +To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers). See the following general troubleshooting procedures associated with a result code of 0xC1900101:

    @@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Contact your hardware vendor to obtain updated device drivers.
    Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
    Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
    This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
    Review the rollback log and determine the stop code.
    The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
     
    Info SP Crash 0x0000007E detected
    Info SP Module name :
    Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
    Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
    Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
    Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
    Info SP Cannot recover the system.
    Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
     
    Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
     
    1. Make sure you have enough disk space.
    2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
    3. Try changing video adapters.
    4. Check with your hardware vendor for any BIOS updates.
    5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
    Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
    This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
     
    Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
     
    Computers that run Citrix VDA
    You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
     
    This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
     
    **Resolution**
     
    To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
     
    You can work around this problem in two ways:
     
    **Workaround 1**
     
    1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
    2. Run the Windows upgrade again.
    3. Reinstall Citrix VDA.
     
    **Workaround 2**
     
    If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
     
    1. In Registry Editor, go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
    2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
    3. Go to the following subkey:
    **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
    4. Delete the **CtxMcsWbc** entry.
    5. Restart the computer, and then try the upgrade again.
     
    **Non-Microsoft information disclaimer**
    The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
    This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 96a295c4f02ced1e7a2ea0f33f9ee8a9d84535bf Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 8 Oct 2020 02:34:44 -0700 Subject: [PATCH 075/153] up --- windows/deployment/upgrade/quick-fixes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index e69527eeb0..f1d655d44b 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -183,7 +183,7 @@ To check your system for unsigned drivers: [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: 11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \** and press ENTER. See the following example: +12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -i \** and press ENTER (or sigcheck -i for a 32 bit OS). See the following example: ``` C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys From b26a5781b35b69f178629b1a1da9ca44c930140d Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Thu, 8 Oct 2020 10:08:15 -0400 Subject: [PATCH 076/153] Update surfacehub-csp.md Clarify background path requirements --- windows/client-management/mdm/surfacehub-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index fcb23c170c..cc0a0bc3d0 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format

    The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -

    Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). +

    Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.

    The data type is string. Supported operation is Get and Replace. From bf9fdab616073a163800b1c819fd847803cb5ea5 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 8 Oct 2020 08:54:03 -0700 Subject: [PATCH 077/153] pencil edit --- windows/client-management/mdm/devicestatus-csp.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 97daf7a3ce..6ab35ba018 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -36,9 +36,8 @@ Supported operation is Get. **DeviceStatus/CellularIdentities** Required. Node for queries on the SIM cards. -> **Note**  Multiple SIMs are supported. - - +>[!NOTE] +>Multiple SIMs are supported. **DeviceStatus/CellularIdentities/***IMEI* The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device. From fce88befcc084ff10f297162d632cc11c86ed68a Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 09:34:01 -0700 Subject: [PATCH 078/153] minor update to trigger build --- .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 75ac21a8b3..5a62b30b51 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -9,7 +9,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 08/18/2020 +ms.date: 10/08/2020 --- # ADMX-backed policies in Policy CSP From 62c79b0aa1014c007cf8e01b2633925c0bfd6f89 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 11:42:03 -0700 Subject: [PATCH 079/153] minor update to trigger build --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 4eb84a8e80..20d7139bc6 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -9,7 +9,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 05/11/2020 +ms.date: 10/08/2020 --- # Policies in Policy CSP supported by HoloLens 2 From b566b00acea20c62c2fe6711930273f6b1d856a8 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 11:45:17 -0700 Subject: [PATCH 080/153] update --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 20d7139bc6..12fc2dea7c 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -50,6 +50,8 @@ ms.date: 10/08/2020 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) +- MemoryDump/AllowCrashDump +- MemoryDump/AllowLiveDump - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) From 6b10684bbc99dd211879247e1101a2110c53a936 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 11:50:57 -0700 Subject: [PATCH 081/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 6b6a753cf0..94d1519031 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -1,6 +1,6 @@ --- title: Protect security settings with tamper protection -ms.reviewer: +ms.reviewer: shwjha manager: dansimp description: Use tamper protection to prevent malicious apps from changing important security settings. keywords: malware, defender, antivirus, tamper protection @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 08/31/2020 +ms.date: 10/08/2020 --- # Protect security settings with tamper protection From 7db6caa5f7a2d9fd2054cacf1d54984e138a92e7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 11:53:41 -0700 Subject: [PATCH 082/153] Updated SKU table --- .../mdm/policy-csp-mixedreality.md | 100 ------------------ 1 file changed, 100 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index f56c1835af..ec855a1a28 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -51,26 +51,6 @@ manager: dansimp

    - - - - - - - - - - - - - - - - - - - - @@ -121,26 +101,6 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60 - - - - - - - - - - - - - - - - - - - - @@ -194,26 +154,6 @@ The following list shows the supported values: - - - - - - - - - - - - - - - - - - - - @@ -268,26 +208,6 @@ The following list shows the supported values: - - - - - - - - - - - - - - - - - - - - @@ -341,26 +261,6 @@ The following list shows the supported values: - - - - - - - - - - - - - - - - - - - - From 56065015776635e45e571f8e23f413a98a2022aa Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 12:50:29 -0700 Subject: [PATCH 083/153] Minor update --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 -- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 12fc2dea7c..20d7139bc6 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -50,8 +50,6 @@ ms.date: 10/08/2020 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) -- MemoryDump/AllowCrashDump -- MemoryDump/AllowLiveDump - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index ec855a1a28..131a087561 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -307,7 +307,7 @@ The following list shows the supported values: Footnotes: -- 9 - Available in Windows 10, version 2010. +- 9 - Available in the next major release of Windows 10. From 292b55448dd1d5126e182d200caaf8274b754c1d Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 12:55:07 -0700 Subject: [PATCH 084/153] added prerelease warning --- windows/client-management/mdm/policy-csp-mixedreality.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 131a087561..7e46b61a7d 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -13,7 +13,8 @@ manager: dansimp --- # Policy CSP - MixedReality - +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
    From 9b2031bf49407b4dc2dc365557fb6b7acfbd9fec Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 13:01:33 -0700 Subject: [PATCH 085/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ecurity-settings-with-tamper-protection.md | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 94d1519031..d2ed2e7ca4 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -25,6 +25,7 @@ ms.date: 10/08/2020 **Applies to:** - Windows 10 +- Windows Server 2019 ## Overview @@ -41,7 +42,7 @@ With tamper protection, malicious apps are prevented from taking actions such as ### How it works - Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as: +Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as: - Configuring settings in Registry Editor on your Windows machine - Changing settings through PowerShell cmdlets @@ -125,6 +126,25 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release 3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.) +## Manage tamper protection with Configuration Manager, version 2006 + +> [!IMPORTANT] +> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Otherwise, tamper protection is supported on Windows 10 only. + +If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. + +1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). + +2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**. + +3. Configure tamper protection as part of the new policy. + +4. Deploy the policy to your device collection. + +Need help? See the following resources: + +- + ## View information about tampering attempts Tampering attempts typically indicate bigger cyberattacks. Bad actors try to change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about such attempts, and then take appropriate actions to mitigate threats. From bf6305fe8d3e0b33cf35e0d5ba30cc58ea59f5d4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 13:07:20 -0700 Subject: [PATCH 086/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...t-changes-to-security-settings-with-tamper-protection.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index d2ed2e7ca4..190da47cf3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -143,7 +143,11 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c Need help? See the following resources: -- +- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) + +- [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy) + +- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy) ## View information about tampering attempts From 4299c090623706a320c5185b5c4b3caca0eed240 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 13:27:46 -0700 Subject: [PATCH 087/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...nt-changes-to-security-settings-with-tamper-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 190da47cf3..3ee78515ef 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -143,11 +143,14 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c Need help? See the following resources: +- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy) + +- [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings) + - [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) - [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy) -- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy) ## View information about tampering attempts From 5f0dbed362be305a5b1bfe2b09c990542bef6f7f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 13:32:40 -0700 Subject: [PATCH 088/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...nt-changes-to-security-settings-with-tamper-protection.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 3ee78515ef..0567d06391 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -25,7 +25,7 @@ ms.date: 10/08/2020 **Applies to:** - Windows 10 -- Windows Server 2019 +- Windows Server 2019 (if using tenant attach with [Configuation Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006)) ## Overview @@ -55,6 +55,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And, 1. Turn tamper protection on
    - [For an individual machine, use Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine). - [For your organization, use Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune). + - [Use tenant attach with Configuration Manager, version 2006, for devices running Windows 10 or Windows Server 2019](#manage-tamper-protection-with-configuration-manager-version-2006) 2. [View information about tampering attempts](#view-information-about-tampering-attempts). @@ -129,7 +130,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release ## Manage tamper protection with Configuration Manager, version 2006 > [!IMPORTANT] -> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Otherwise, tamper protection is supported on Windows 10 only. +> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. From 1aa42c42ad086c96e0d10e3805a0b9ff70433adb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 13:37:12 -0700 Subject: [PATCH 089/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 0567d06391..6c6e149977 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -123,7 +123,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release 1. Open the Windows PowerShell app. -2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) PowerShell cmdlet. +2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet. 3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.) From ab42b3ab7124d126cbdbbafac18cabc1cd6a0175 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Thu, 8 Oct 2020 13:39:33 -0700 Subject: [PATCH 090/153] Added Acrolinx suggestion --- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 7e46b61a7d..5984507040 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -79,7 +79,7 @@ manager: dansimp -This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign-out and sign-in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. +This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. From 84bc28dfc12ff2f95c2f63d80f2c03f522b1669b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 14:01:43 -0700 Subject: [PATCH 091/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...security-settings-with-tamper-protection.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 6c6e149977..efae8a1640 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -181,9 +181,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). -### Is configuring tamper protection in Intune supported on servers? - -No +If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy) ### Will tamper protection have any impact on third party antivirus registration? @@ -197,7 +195,11 @@ Tamper protection will not have any impact on such devices. If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). -If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune). +If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: + +- [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune) + +- [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) ### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy? @@ -220,7 +222,7 @@ Configuring tamper protection in Intune can be targeted to your entire organizat ### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager? -Currently we do not have support to manage Tamper Protection through Microsoft Endpoint Configuration Manager. +If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) and [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin). ### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune? @@ -248,11 +250,7 @@ In addition, your security operations team can use hunting queries, such as the [View information about tampering attempts](#view-information-about-tampering-attempts). -### Will there be a group policy setting for tamper protection? - -No. - -## Related articles +## See also [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) From 6f43aad10b51a41854b81bd16822290a59d5ba54 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 14:05:22 -0700 Subject: [PATCH 092/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index efae8a1640..c9adfbfd6a 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -181,7 +181,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). -If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy) +If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy). ### Will tamper protection have any impact on third party antivirus registration? From 514a85ee9042187d499ab22fb282f1f27b0dc6a8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 14:26:36 -0700 Subject: [PATCH 093/153] Update manage-updates-baselines-microsoft-defender-antivirus.md --- ...ates-baselines-microsoft-defender-antivirus.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 69288217fe..a44d487b2b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp -ms.date: 10/06/2020 +ms.date: 10/08/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines @@ -110,11 +110,14 @@ No known issues  Support phase: **Security and Critical Updates** ### What's new -* Add more telemetry events -* Improved scan event telemetry -* Improved behavior monitoring for memory scans -* Improved macro streams scanning -* Added `AMRunningMode` to Get-MpComputerStatus PowerShell CmdLet + +- Add more telemetry events +- Improved scan event telemetry +- Improved behavior monitoring for memory scans +- Improved macro streams scanning +- Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet +- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored + ### Known Issues No known issues From 6bff7182b95065bcbedfc49b90d536d4c34f4755 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 8 Oct 2020 14:42:31 -0700 Subject: [PATCH 094/153] Acrolinx: "Hololens", "AAD" --- windows/client-management/mdm/policy-csp-mixedreality.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 5984507040..79fa5b1264 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -79,7 +79,7 @@ manager: dansimp -This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. +This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. @@ -129,7 +129,7 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60 -This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on Hololens and not the functionality of the button when it is used with other buttons as combination for other purposes. +This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes. @@ -182,7 +182,7 @@ The following list shows the supported values: -This policy setting controls when and if diagnostic logs can be collected using specific button combination on Hololens. +This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens. From 670a32d09acfe89b68e89e63d201d76809e69053 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 15:46:30 -0700 Subject: [PATCH 095/153] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index a44d487b2b..d352e882bd 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -116,7 +116,7 @@ No known issues - Improved behavior monitoring for memory scans - Improved macro streams scanning - Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet -- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored +- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program. ### Known Issues From 24e16d1f873c2baae804aac73beb2efe24320a34 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 16:09:36 -0700 Subject: [PATCH 096/153] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index 21443608c3..f0de0e3d85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -11,9 +11,10 @@ ms.localizationpriority: medium audience: ITPro author: denisebmsft ms.author: deniseb -ms.reviewer: +ms.reviewer: sugamar, jcedola manager: dansimp ms.custom: asr +ms.date: 10/08/2020 --- # Reduce attack surfaces with attack surface reduction rules From 17dd944440c57751638b6bb2e81efb585549d677 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 8 Oct 2020 16:11:43 -0700 Subject: [PATCH 097/153] Update attack-surface-reduction.md --- .../microsoft-defender-atp/attack-surface-reduction.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index f0de0e3d85..45db3aa0c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -327,10 +327,7 @@ GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c` ### Block untrusted and unsigned processes that run from USB -With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include: - -* Executable files (such as .exe, .dll, or .scr) -* Script files (such as a PowerShell .ps, Visual Basic .vbs, or JavaScript .js file) +With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr) This rule was introduced in: - [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) From 0d2f73a6ddf50632e91293026019bed1d72a87fd Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 8 Oct 2020 16:23:25 -0700 Subject: [PATCH 098/153] Acrolinx: "Configuation" --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index c9adfbfd6a..c49d6a763f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -25,7 +25,7 @@ ms.date: 10/08/2020 **Applies to:** - Windows 10 -- Windows Server 2019 (if using tenant attach with [Configuation Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006)) +- Windows Server 2019 (if using tenant attach with [Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006)) ## Overview From 7b7f30c8c6cf68b5ce773881e07e5938263e80ed Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Fri, 9 Oct 2020 08:38:37 -0700 Subject: [PATCH 099/153] Removed hyperlinks --- .../credential-guard/credential-guard-requirements.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 3c4371019f..239fc8e129 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -100,8 +100,8 @@ The following tables describe baseline protections, plus protections for improve |Hardware: **64-bit CPU** |A 64-bit computer is required for the Windows hypervisor to provide VBS.| |Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**:
    - These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system.

    Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.| |Hardware: **Trusted Platform Module (TPM)**|**Requirement**:
    - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access.| -|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**:
    - See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.| -|Firmware: **Secure firmware update process**|**Requirements**:
    - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.| +|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**:
    - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.| +|Firmware: **Secure firmware update process**|**Requirements**:
    - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.| |Software: Qualified **Windows operating system**|**Requirement**:
    - Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.| > [!IMPORTANT] @@ -125,7 +125,7 @@ The following tables describe baseline protections, plus protections for improve |Protections for Improved Security|Description|Security Benefits| |---|---|---| -|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**:
    - Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
    - The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
    - HSTI provides additional security assurance for correctly secured silicon and platform.| +|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**:
    - Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby
    - The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
    - HSTI provides additional security assurance for correctly secured silicon and platform.| |Firmware: **Firmware Update through Windows Update**|**Requirements**:
    - Firmware must support field updates through Windows Update and UEFI encapsulation update.|Helps ensure that firmware updates are fast, secure, and reliable.| |Firmware: **Securing Boot Configuration and Management**|**Requirements**:
    - Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
    - Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.|- Enterprises can choose to allow proprietary EFI drivers/applications to run.
    - Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots.| From ba9066e0a8ebb4649b20a4f4764a052981980829 Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Fri, 9 Oct 2020 08:44:29 -0700 Subject: [PATCH 100/153] Acrolinx --- .../credential-guard-requirements.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 239fc8e129..ec08c99def 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -23,7 +23,7 @@ ms.reviewer: - Windows 10 - Windows Server 2016 -For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). +For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). ## Hardware and software requirements @@ -31,7 +31,7 @@ To provide basic protections against OS level attempts to read Credential Manage - Support for Virtualization-based security (required) - Secure boot (required) -- TPM (preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware +- Trusted Platform Module (TPM, preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware - UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) The Virtualization-based security requires: @@ -48,7 +48,7 @@ Credential Guard can protect secrets in a Hyper-V virtual machine, just as it wo - The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. - The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and be running at least Windows Server 2016 or Windows 10. - - Please note that TPM is not a requirement, but we highly recommend to implement TPM. + - TPM is not a requirement, but we recommend that you implement TPM. For information about other host platforms, see [Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms](https://blogs.technet.microsoft.com/windowsserver/2016/09/29/enabling-windows-server-2016-and-hyper-v-virtualization-based-security-features-on-other-platforms/). @@ -99,8 +99,8 @@ The following tables describe baseline protections, plus protections for improve |---|---|---| |Hardware: **64-bit CPU** |A 64-bit computer is required for the Windows hypervisor to provide VBS.| |Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**:
    - These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system.

    Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.| -|Hardware: **Trusted Platform Module (TPM)**|**Requirement**:
    - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access.| -|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**:
    - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.| +|Hardware: **Trusted Platform Module (TPM)**|**Requirement**:
    - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. TPM helps protect against attacks involving a physically present user with BIOS access.| +|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**:
    - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code, and can prevent boot kits and root kits from installing and persisting across reboots.| |Firmware: **Secure firmware update process**|**Requirements**:
    - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.| |Software: Qualified **Windows operating system**|**Requirement**:
    - Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.| @@ -114,7 +114,7 @@ The following tables describe baseline protections, plus protections for improve |Protections for Improved Security|Description| |---|---| -|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**:
    - VT-D or AMD Vi IOMMU

    **Security benefits**:
    - An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables)| +|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**:
    - VT-D or AMD Vi IOMMU

    **Security benefits**:
    - An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables)| |Firmware: **Securing Boot Configuration and Management**|**Requirements**:
    - BIOS password or stronger authentication must be supported.
    - In the BIOS configuration, BIOS authentication must be set.
    - There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
    - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.| |Firmware: **Secure MOR, revision 2 implementation**|**Requirement**:
    - Secure MOR, revision 2 implementation| @@ -135,8 +135,8 @@ The following table lists qualifications for Windows 10, version 1703, which are |Protections for Improved Security|Description|Security Benefits |---|---|---| -|Firmware: **VBS enablement of NX protection for UEFI runtime services**|**Requirements**:
    - VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volatile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
    - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both.
    - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
    (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
    - Reduces the attack surface to VBS from system firmware.| -|Firmware: **Firmware support for SMM protection**|**Requirements**:
    - The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
    - Reduces the attack surface to VBS from system firmware.
    - Blocks additional security attacks against SMM.| +|Firmware: **VBS enablement of No-Execute (NX) protection for UEFI runtime services**|**Requirements**:
    - VBS will enable NX protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections must be page-aligned in memory (not required for in non-volatile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
    - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both.
    - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.
    (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
    - Reduces the attack surface to VBS from system firmware.| +|Firmware: **Firmware support for SMM protection**|**Requirements**:
    - The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an ACPI table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
    - Reduces the attack surface to VBS from system firmware.
    - Blocks additional security attacks against SMM.| > [!IMPORTANT] > From 38d10098edb3161424935f2f82d8fcbfc206f5fe Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 10:34:24 -0700 Subject: [PATCH 101/153] Minor update to trigger build --- .../client-management/mdm/policy-csp-admx-windowsmediaplayer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 61330c15e0..53b0047ca3 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 09/29/2020 +ms.date: 10/09/2020 ms.reviewer: manager: dansimp --- From f0a7150756e60166c1c3c4eca6632cd19a526f61 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 9 Oct 2020 10:45:45 -0700 Subject: [PATCH 102/153] fix link --- windows/whats-new/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md index 6f809cdf89..619ac8d2e0 100644 --- a/windows/whats-new/index.md +++ b/windows/whats-new/index.md @@ -27,7 +27,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec ## Learn more -- [Windows 10 release information](https://technet.microsoft.com/windows/release-info) +- [Windows 10 release information](https://docs.microsoft.com/en-us/windows/release-information/) - [Windows 10 release health dashboard](https://docs.microsoft.com/windows/release-information/status-windows-10-2004) - [Windows 10 update history](https://support.microsoft.com/help/4555932/windows-10-update-history) - [What’s new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new) From bb38eec55ba921a3e7b865dcca61aa303edc03e9 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 9 Oct 2020 10:52:28 -0700 Subject: [PATCH 103/153] fix link --- windows/whats-new/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md index 619ac8d2e0..7f2d33540e 100644 --- a/windows/whats-new/index.md +++ b/windows/whats-new/index.md @@ -27,7 +27,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec ## Learn more -- [Windows 10 release information](https://docs.microsoft.com/en-us/windows/release-information/) +- [Windows 10 release information](https://docs.microsoft.com/windows/release-information/) - [Windows 10 release health dashboard](https://docs.microsoft.com/windows/release-information/status-windows-10-2004) - [Windows 10 update history](https://support.microsoft.com/help/4555932/windows-10-update-history) - [What’s new for business in Windows 10 Insider Preview Builds](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new) From 988c4f5dc8d127218b3cb2ac60dc417565019224 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 9 Oct 2020 11:01:01 -0700 Subject: [PATCH 104/153] Fixed Acrolinx suggestions --- .../client-management/mdm/policy-csp-admx-smartcard.md | 8 ++++---- windows/client-management/mdm/policy-csp-admx-tcpip.md | 2 +- windows/client-management/mdm/policy-csp-admx-w32time.md | 2 +- .../mdm/policy-csp-admx-windowsmediaplayer.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index 11af8944fe..76452c2119 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -474,7 +474,7 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. +Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff. > [!TIP] @@ -755,11 +755,11 @@ ADMX Info: -Available in Windows 10 Insider Preview Build 20185. This policy settings lets you configure if all your valid logon certificates are displayed. +Available in Windows 10 Insider Preview Build 20185. This policy setting lets you configure if all your valid logon certificates are displayed. During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN). -If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. +If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown. > [!NOTE] > This setting will be applied after the following policy: "Allow time invalid certificates" @@ -980,7 +980,7 @@ By default the user principal name (UPN) is displayed in addition to the common If you enable this policy setting or do not configure this setting, then the subject name will be reversed. -If you disable , the subject name will be displayed as it appears in the certificate. +If you disable, the subject name will be displayed as it appears in the certificate. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 7bcfda06c8..b43d4d2011 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -975,7 +975,7 @@ If you do not configure this policy setting, the local host settings are used. If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identify connectivity and throughput problems and take appropriate measures. -If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems casued by Firewalls or other middle boxes. +If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems caused by Firewalls or other middle boxes. > [!TIP] diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 42e29846f8..a9b6715a43 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -232,7 +232,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting specifi If you enable this policy setting, you can specify the following parameters for the Windows NTP Client. -If you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters. +If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters. **NtpServer** The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index 53b0047ca3..69a27c1fef 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -888,7 +888,7 @@ If you disable or do not configure this policy setting, users can configure the ADMX Info: - GP English name: *Hide Security Tab* - GP name: *HideSecurityTab* -- GP path: *WWindows Components\Windows Media Player\User Interface* +- GP path: *Windows Components\Windows Media Player\User Interface* - GP ADMX file name: *WindowsMediaPlayer.admx* From 9416c647f64a393eb751e151f41c5753d1007ddd Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Oct 2020 13:58:34 -0700 Subject: [PATCH 105/153] update win 10 --- .../microsoft-defender-atp/minimum-requirements.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index d934a67ccf..0fab8add04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -80,12 +80,11 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo - Windows 7 SP1 Pro - Windows 8.1 Enterprise - Windows 8.1 Pro -- Windows 10, version 1607 or later - - Windows 10 Enterprise - - [Windows 10 Enterprise LTSC](https://docs.microsoft.com/windows/whats-new/ltsc/) - - Windows 10 Education - - Windows 10 Pro - - Windows 10 Pro Education +- Windows 10 Enterprise +- [Windows 10 Enterprise LTSC](https://docs.microsoft.com/windows/whats-new/ltsc/) +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education - Windows server - Windows Server 2008 R2 SP1 - Windows Server 2012 R2 From 7342d2d318d88b4825a31667e4cf6227b3ef028c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Oct 2020 14:01:28 -0700 Subject: [PATCH 106/153] Update configure-endpoints-sccm.md update --- .../microsoft-defender-atp/configure-endpoints-sccm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index edc7d67d77..2372dd38c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -37,14 +37,14 @@ Based on the version of Configuration Manager you're running, the following clie #### Configuration Manager version 1910 and prior -- Clients computers running Windows 10, version 1607 and later +- Clients computers running Windows 10 #### Configuration Manager version 2002 and later Starting in Configuration Manager version 2002, you can onboard the following operating systems: - Windows 8.1 -- Windows 10, version 1607 or later +- Windows 10 - Windows Server 2012 R2 - Windows Server 2016 - Windows Server 2016, version 1803 or later From ea543764be181082e3efdea6db349bbee531e944 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 15:38:41 -0700 Subject: [PATCH 107/153] updating metadata for MDATP --- .../advanced-hunting-best-practices.md | 4 +- .../android-configure.md | 4 +- .../microsoft-defender-atp/android-intune.md | 4 +- .../android-support-signin.md | 4 +- .../auto-investigation-action-center.md | 4 +- .../automated-investigations.md | 4 +- .../behavioral-blocking-containment.md | 2 + .../client-behavioral-blocking.md | 2 + .../configure-microsoft-threat-experts.md | 4 +- .../edr-in-block-mode.md | 3 + ...endpoint-detection-response-mac-preview.md | 4 +- .../investigate-alerts.md | 4 +- .../investigate-behind-proxy.md | 4 +- .../investigate-domain.md | 4 +- .../investigate-files.md | 4 +- .../investigate-incidents.md | 4 +- .../microsoft-defender-atp/investigate-ip.md | 4 +- .../investigate-machines.md | 4 +- .../investigate-user.md | 4 +- .../microsoft-defender-atp/investigation.md | 4 +- .../ios-configure-features.md | 4 +- .../microsoft-defender-atp/ios-install.md | 4 +- .../ios-privacy-statement.md | 4 +- .../microsoft-defender-atp/ios-terms.md | 4 +- .../linux-exclusions.md | 4 +- .../linux-install-manually.md | 4 +- .../linux-install-with-ansible.md | 4 +- .../linux-install-with-puppet.md | 4 +- .../linux-preferences.md | 4 +- .../microsoft-defender-atp/linux-pua.md | 4 +- .../microsoft-defender-atp/linux-resources.md | 4 +- .../linux-static-proxy-configuration.md | 4 +- .../linux-support-connectivity.md | 4 +- .../linux-support-install.md | 4 +- .../linux-support-perf.md | 4 +- .../microsoft-defender-atp/linux-updates.md | 4 +- .../microsoft-defender-atp/linux-whatsnew.md | 4 +- .../microsoft-defender-atp/mac-exclusions.md | 4 +- .../mac-install-jamfpro-login.md | 4 +- .../mac-install-manually.md | 4 +- .../mac-install-with-intune.md | 4 +- .../mac-install-with-jamf.md | 4 +- .../mac-install-with-other-mdm.md | 4 +- .../mac-jamfpro-device-groups.md | 4 +- .../mac-jamfpro-enroll-devices.md | 4 +- .../mac-jamfpro-policies.md | 4 +- .../microsoft-defender-atp/mac-preferences.md | 4 +- .../microsoft-defender-atp/mac-privacy.md | 4 +- .../microsoft-defender-atp/mac-pua.md | 4 +- .../microsoft-defender-atp/mac-resources.md | 4 +- .../mac-schedule-scan-atp.md | 4 +- .../mac-support-install.md | 4 +- .../mac-support-kext.md | 4 +- .../mac-support-license.md | 4 +- .../mac-support-perf.md | 4 +- .../mac-sysext-policies.md | 4 +- .../mac-sysext-preview.md | 4 +- .../microsoft-defender-atp/mac-updates.md | 4 +- .../microsoft-defender-atp/mac-whatsnew.md | 4 +- .../manage-auto-investigation.md | 4 +- .../microsoft-defender-atp/manage-edr.md | 4 +- .../manage-incidents.md | 5 +- .../microsoft-defender-atp-android.md | 4 +- .../microsoft-defender-atp-ios.md | 4 +- .../microsoft-defender-atp-linux.md | 4 +- .../microsoft-defender-atp-mac.md | 4 +- .../microsoft-defender-security-center.md | 4 +- .../microsoft-threat-experts.md | 4 +- .../microsoft-defender-atp/review-alerts.md | 4 +- .../run-detection-test.md | 4 +- .../threat-analytics.md | 4 +- .../threat-and-vuln-mgt-event-timeline.md | 4 +- .../threat-and-vuln-mgt-scenarios.md | 4 +- .../tvm-dashboard-insights.md | 4 +- .../tvm-exposure-score.md | 4 +- .../tvm-microsoft-secure-score-devices.md | 4 +- .../microsoft-defender-atp/tvm-remediation.md | 4 +- .../tvm-security-recommendation.md | 4 +- .../tvm-software-inventory.md | 4 +- .../tvm-supported-os.md | 4 +- .../microsoft-defender-atp/tvm-weaknesses.md | 4 +- ...e-worm-targets-out-of-date-systems-wdsi.md | 254 ------------------ .../troubleshooting-uwp-firewall.md | 4 +- 83 files changed, 244 insertions(+), 334 deletions(-) delete mode 100644 windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 55a5df13d1..f5897e5067 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -13,7 +13,9 @@ author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index e8bb4f8847..23418c880c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 079bb71234..3d0596a066 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index a989d91d73..4c894c657b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index bca632927a..b1ca5d6277 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -12,7 +12,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index d422058827..4d6b8f369b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -15,7 +15,9 @@ ms.date: 09/30/2020 ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.custom: AIR diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index e9516735d3..1dde7195b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -16,6 +16,8 @@ ms.custom: - next-gen - edr ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint --- # Behavioral blocking and containment diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index fee9bbd249..94b228841a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -16,6 +16,8 @@ ms.custom: - next-gen - edr ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint --- # Client behavioral blocking diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index 7503ffcee1..b6a1734953 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -14,7 +14,9 @@ author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index a92e2b43c4..e0044d7767 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -16,6 +16,9 @@ ms.custom: - next-gen - edr ms.date: 08/21/2020 +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint --- # Endpoint detection and response (EDR) in block mode diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index d8b5e85940..60fa3bbb66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 892f860dff..6d68413d04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 0738fd810b..79ea086abc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 65739231df..1a81d14c1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 0c25dc5114..3ea4a81ef3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index 2c7b5a46cc..9248b00bc1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 5bcdb3f2c1..6ad54fdad1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 6e97ffcfa7..0c27dfa596 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index dd1a9f6766..67e50c3db9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 6f499c34c0..74aab18e01 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -12,7 +12,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 95350170ab..3e1d3e88ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index d4f6077795..589ac8f728 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md index f775848c86..18efc534bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md @@ -14,7 +14,9 @@ author: sunasing ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index 6969f1c941..8b27316acf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -14,7 +14,9 @@ author: sunasing ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index baf41c376e..40e11bc1ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 9d3a0f6ab6..bb7ea0b659 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 4e622f504d..29d00b8682 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index a89c89272b..5329ff85b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 22cebfbcda..4623b9404c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index 40ac81e1d0..f8a1528015 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index e79f91ce6c..0c0540d5fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index d2df9ea151..5b58e7360d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 81de10526e..cf4c908330 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 5453c8c205..14bdaf18cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index e0c27b4a46..22da390046 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +mms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index adc018682b..75b74c04c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 302d9c6717..4ee52d6643 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 2399987032..7a94346bfa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index 49c40a09a3..6f531869c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index db852ca545..70327e5dbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index d7a00dd754..8a12f3b24a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index f0d4ab8a8a..9f1df1d2eb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index 1f4d373697..d889ac46d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -13,7 +13,9 @@ author: maximvelichko ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 0c869e76e4..2905fb1e88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index fd353eceb3..d043bfc33d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index 10411a985d..fb8ad38590 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md index a85c712b92..f0e31f2f99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md index 5bb254d10c..a721605327 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md index e13d95555f..d2c603c8a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 2aafa7220d..787970e267 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index 5fde32aab8..da8701705a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md index feb636fd2d..78aef5a5d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index f773e91875..fb981aa16e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md index 72cfd50ff0..090950a69c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index 04cfb43c25..edaed64d2b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 24c22d7bd0..fc8f955180 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index 27ec242709..2f83c71bf8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index a356d8d895..c67b6de1e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 7748721340..c3c24ac819 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 116cc0e459..fe448008b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -13,7 +13,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ms.date: 09/15/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index 1755204179..d60924e1fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index 05f77e6b94..aefc151c14 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -13,9 +13,10 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article -ms.date: 10/08/2018 --- # Manage Microsoft Defender ATP incidents diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index a382a8463d..bcdc9ac3e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index ed5256954e..be494de5b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 1e0b400707..667e35238c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 7d4487ffaf..5a96df370a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md index ee826bd394..0e6a5a3770 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index 9831cb1cf8..fe2daca8e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md index b956165700..3a52dc1d5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md @@ -11,7 +11,9 @@ author: danihalfin ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ms.date: 5/1/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index 257fb9494d..0aff954d23 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index caf55924e5..0af52385dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -14,7 +14,9 @@ author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 3ad5cff1e5..1be7e019e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Event timeline - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 85d599cd64..ad34d33afc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 00d85e1d60..087609d893 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Threat and vulnerability management dashboard insights diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 28da6b8c57..ddebda2984 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Exposure score - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index ad687089f9..7578763d5b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Microsoft Secure Score for Devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 3a45c885e5..847425a5c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Remediation activities and exceptions - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index a64042be50..7aa0b7c039 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Security recommendations - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 215f2fc19c..d87740df9c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Software inventory - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 0b2eca42e4..f142e959a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- # Supported operating systems and platforms - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 4f2cc260b4..27a8549bbe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Weaknesses found by threat and vulnerability management diff --git a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md deleted file mode 100644 index 387aca9327..0000000000 --- a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ /dev/null @@ -1,254 +0,0 @@ ---- -title: WannaCrypt ransomware worm targets out-of-date systems -description: This is an early analysis of the WannaCrypt ransomware attack. Microsoft antimalware diagnostic data immediately picked up signs of this campaign in May 2017. -keywords: wannacry, wannacrypt, wanna, ransomware -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.localizationpriority: medium -author: dulcemontemayor -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp -ms.author: dansimp ---- - -# WannaCrypt ransomware worm targets out-of-date systems - - -On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx) if they have not already done so. - -Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. - -In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response. - -## Attack vector - -Ransomware threats do not typically spread rapidly. Threats like WannaCrypt (also known as WannaCry, WanaCrypt0r, WCrypt, or WCRY) usually leverage social engineering or email as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators used publicly available exploit code for the patched SMB 'EternalBlue' vulnerability, [CVE-2017-0145](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145), which can be triggered by sending a specially crafted packet to a targeted SMBv1 server. This vulnerability was fixed in security bulletin [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx), which was released on March 14, 2017. - -WannaCrypt's spreading mechanism is borrowed from [well-known](https://packetstormsecurity.com/files/142464/MS17-010-SMBv1-SrvOs2FeaToNt-OOB-Remote-Code-Execution.html) [public SMB exploits](https://github.com/RiskSense-Ops/MS17-010), which armed this regular ransomware with worm-like functionalities, creating an entry vector for machines still unpatched even after the fix had become available. - -The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack. - -We haven't found evidence of the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly possible explanations for the spread of this ransomware: - -- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit -- Infection through SMB exploit when an unpatched computer is addressable from other infected machines - -## Dropper - -The threat arrives as a dropper Trojan that has the following two components: - -1. A component that attempts to exploit the SMB CVE-2017-0145 vulnerability in other computers -2. The ransomware known as WannaCrypt - -The dropper tries to connect the following domains using the API `InternetOpenUrlA()`: - -- www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com -- www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com - -If connection to the domains is successful, the dropper does not infect the system further with ransomware or try to exploit other systems to spread; it simply stops execution. However, if the connection fails, the threat proceeds to drop the ransomware and creates a service on the system. - -In other words, unlike in most malware infections, **IT Administrators should NOT block these domains**. Note that the malware is not proxy-aware, so a local DNS record may be required. This does not need to point to the Internet, but can resolve to any accessible server which will accept connections on TCP 80. - -![Connection information from WannaCrypt code](images/wanna1.png) - -The threat creates a service named *mssecsvc2.0*, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system: -``` -Service Name: mssecsvc2.0 -Service Description: (Microsoft Security Center (2.0) Service) -Service Parameters: '-m security' -``` - - ![Mssecsvc2.0 process details](images/wanna2.png) - -## WannaCrypt ransomware - -The ransomware component is a dropper that contains a password-protected .zip archive in its resource section. The document encryption routine and the files in the .zip archive contain support tools, a decryption tool, and the ransom message. In the samples we analyzed, the password for the .zip archive is 'WNcry@2ol7'. - -When run, WannaCrypt creates the following registry keys: - -- *HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\\ = '\\tasksche.exe'* -- *HKLM\SOFTWARE\WanaCrypt0r\\wd = '\'* - -It changes the wallpaper to a ransom message by modifying the following registry key: - -- *HKCU\Control Panel\Desktop\Wallpaper: '\\\@WanaDecryptor@.bmp'* - -It creates the following files in the malware's working directory: - -- *00000000.eky* -- *00000000.pky* -- *00000000.res* -- *274901494632976.bat* -- @Please_Read_Me@.txt -- @WanaDecryptor@.bmp -- @WanaDecryptor@.exe -- *b.wnry* -- *c.wnry* -- *f.wnry* -- *m.vbs* -- *msg\m_bulgarian.wnry* -- *msg\m_chinese (simplified).wnry* -- *msg\m_chinese (traditional).wnry* -- *msg\m_croatian.wnry* -- *msg\m_czech.wnry* -- *msg\m_danish.wnry* -- *msg\m_dutch.wnry* -- *msg\m_english.wnry* -- *msg\m_filipino.wnry* -- *msg\m_finnish.wnry* -- *msg\m_french.wnry* -- *msg\m_german.wnry* -- *msg\m_greek.wnry* -- *msg\m_indonesian.wnry* -- *msg\m_italian.wnry* -- *msg\m_japanese.wnry* -- *msg\m_korean.wnry* -- *msg\m_latvian.wnry* -- *msg\m_norwegian.wnry* -- *msg\m_polish.wnry* -- *msg\m_portuguese.wnry* -- *msg\m_romanian.wnry* -- *msg\m_russian.wnry* -- *msg\m_slovak.wnry* -- *msg\m_spanish.wnry* -- *msg\m_swedish.wnry* -- *msg\m_turkish.wnry* -- *msg\m_vietnamese.wnry* -- *r.wnry* -- *s.wnry* -- *t.wnry* -- *TaskData\Tor\libeay32.dll* -- *TaskData\Tor\libevent-2-0-5.dll* -- *TaskData\Tor\libevent_core-2-0-5.dll* -- *TaskData\Tor\libevent_extra-2-0-5.dll* -- *TaskData\Tor\libgcc_s_sjlj-1.dll* -- *TaskData\Tor\libssp-0.dll* -- *TaskData\Tor\ssleay32.dll* -- *TaskData\Tor\taskhsvc.exe* -- *TaskData\Tor\tor.exe* -- *TaskData\Tor\zlib1.dll* -- *taskdl.exe* -- *taskse.exe* -- *u.wnry* - -WannaCrypt may also create the following files: - -- *%SystemRoot%\tasksche.exe* -- *%SystemDrive%\intel\\\\tasksche.exe* -- *%ProgramData%\\\\tasksche.exe* - -It may create a randomly named service that has the following associated ImagePath: `cmd.exe /c '\tasksche.exe'`. - -It then searches the whole computer for any file with any of the following file name extensions: *.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der' , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw.* - -WannaCrypt encrypts all files it finds and renames them by appending *.WNCRY* to the file name. For example, if a file is named *picture.jpg*, the ransomware encrypts and renames the file to *picture.jpg.WNCRY*. - -This ransomware also creates the file @Please_Read_Me@.txt in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image (see screenshot below). - -After completing the encryption process, the malware deletes the volume shadow copies by running the following command: -`cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet` - -It then replaces the desktop background image with the following message: - -![Example background image of WannaCrypt](images/wanna3.png) - -It also runs an executable showing a ransom note which indicates a $300 ransom in Bitcoins as well as a timer: - - ![Screenshot of WannaCrypt ransom notice](images/wanna4.png) - -The text is localized into the following languages: Bulgarian, Chinese (simplified), Chinese (traditional), Croatian, Czech, Danish, Dutch, English, Filipino, Finnish, French, German, Greek, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, Swedish, Turkish, and Vietnamese. - -The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. - - ![Screenshot of decryption window](images/wanna5.png) - -## Spreading capability - -The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host, which can be observed by SecOps personnel, as shown below. - -![Spreading scanning activity](images/wanna6.png) - -The Internet scanning routine randomly generates octets to form the IPv4 address. The malware then targets that IP to attempt to exploit CVE-2017-0145. The threat avoids infecting the IPv4 address if the randomly generated value for first octet is 127 or if the value is equal to or greater than 224, in order to skip local loopback interfaces. Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. - -When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode that seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems. - - ![Kernel-level shellcode used by WannaCrypt](images/wanna7.png) - - ![Kernel-level shellcode used by WannaCrypt](images/wanna8.png) - -## Protection against the WannaCrypt attack - -To get the latest protection from Microsoft, upgrade to [Windows 10](https://www.microsoft.com/windows/windows-10-upgrade). Keeping your computers [up-to-date](https://www.microsoft.com/security/portal/mmpc/help/updatefaqs.aspx) gives you the benefits of the latest features and proactive mitigations built into the latest versions of Windows. - -We recommend customers that have not yet installed the security update [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx) do so as soon as possible. Until you can apply the patch, we also recommend two possible workarounds to reduce the attack surface: - -- Disable SMBv1 with the steps documented at [Microsoft Knowledge Base Article 2696547](https://support.microsoft.com/kb/2696547) and as [recommended previously](https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/) -- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445 - -[Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) detects this threat as [Ransom:Win32/WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt) as of the *1.243.297.0* update. Microsoft Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats. - -For enterprises, use [Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide) to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running. - -Use [Office 365 Advanced Threat Protection](https://blogs.office.com/2015/04/08/introducing-exchange-online-advanced-threat-protection/), which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware. - -Monitor networks with [Windows Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), which alerts security operations teams about suspicious activities. Download this playbook to see how you can leverage Windows Defender ATP to detect, investigate, and mitigate ransomware in networks: [Windows Defender Advanced Threat Protection - Ransomware response playbook](https://www.microsoft.com/download/details.aspx?id=55090). - -## Resources - -Download English language security updates: [Windows Server 2003 SP2 x64](http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe), [Windows Server 2003 SP2 x86,](http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe) [Windows XP SP2 x64](http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe), [Windows XP SP3 x86](http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe), [Windows XP Embedded SP3 x86](http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-embedded-custom-enu_8f2c266f83a7e1b100ddb9acd4a6a3ab5ecd4059.exe), [Windows 8 x86,](http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x86_a0f1c953a24dd042acc540c59b339f55fb18f594.msu) [Windows 8 x64](http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu) - -Download localized language security updates: [Windows Server 2003 SP2 x64](https://www.microsoft.com/downloads/details.aspx?FamilyId=d3cb7407-3339-452e-8371-79b9c301132e), [Windows Server 2003 SP2 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=350ec04d-a0ba-4a50-9be3-f900dafeddf9), [Windows XP SP2 x64](https://www.microsoft.com/downloads/details.aspx?FamilyId=5fbaa61b-15ce-49c7-9361-cb5494f9d6aa), [Windows XP SP3 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=7388c05d-9de6-4c6a-8b21-219df407754f), [Windows XP Embedded SP3 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=a1db143d-6ad2-4e7e-9e90-2a73316e1add), [Windows 8 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=6e2de6b7-9e43-4b42-aca2-267f24210340), [Windows 8 x64](https://www.microsoft.com/downloads/details.aspx?FamilyId=b08bb3f1-f156-4e61-8a68-077963bae8c0) - -MS17-010 Security Update: [https://technet.microsoft.com/library/security/ms17-010.aspx](https://technet.microsoft.com/library/security/ms17-010.aspx) - -Customer guidance for WannaCrypt attacks: [https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/) - -General information on ransomware: [https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx](https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx) - -## Indicators of compromise - -SHA1 of samples analyzed: - -- 51e4307093f8ca8854359c0ac882ddca427a813c -- e889544aff85ffaf8b0d0da705105dee7c97fe26 - -Files created: - -- %SystemRoot%\mssecsvc.exe -- %SystemRoot%\tasksche.exe -- %SystemRoot%\qeriuwjhrf -- b.wnry -- c.wnry -- f.wnry -- r.wnry -- s.wnry -- t.wnry -- u.wnry -- taskdl.exe -- taskse.exe -- 00000000.eky -- 00000000.res -- 00000000.pky -- @WanaDecryptor@.exe -- @Please_Read_Me@.txt -- m.vbs -- @WanaDecryptor@.exe.lnk -- @WanaDecryptor@.bmp -- 274901494632976.bat -- taskdl.exe -- Taskse.exe -- Files with '.wnry' extension -- Files with '.WNCRY' extension - -Registry keys created: - -- HKLM\SOFTWARE\WanaCrypt0r\wd - - - -*Karthik Selvaraj, Elia Florio, Andrea Lelli, and Tanmay Ganacharya*
    *Microsoft Malware Protection Center* - diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md index 6071427eda..00bdfd5630 100644 --- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md +++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md @@ -10,7 +10,9 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-windows-security ms.topic: troubleshooting --- From 55eec2b02f715e8a19320275b596af48b24c68ab Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 16:06:17 -0700 Subject: [PATCH 108/153] few more --- .../microsoft-defender-atp/configure-proxy-internet.md | 4 +++- .../threat-protection/microsoft-defender-atp/preview.md | 4 +++- .../whats-new-in-microsoft-defender-atp.md | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index d115e3867d..8d3133a0cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index e67120d349..e6bc0d25bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 2f6aaf198d..ef2b779d74 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- From fc37a78541593f6ed25395208d5e61e3a970d5c4 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 16:10:56 -0700 Subject: [PATCH 109/153] one more --- .../advanced-hunting-best-practices.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index f5897e5067..fa0707db95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -13,9 +13,8 @@ author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365-initiative-defender-endpoint +ms.collection: m365-security-compliance + ms.topic: article --- From 4c2187b6a8ad21e5c3a95c66e8ce78a64e132198 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 16:14:48 -0700 Subject: [PATCH 110/153] Update advanced-hunting-best-practices.md --- .../microsoft-defender-atp/advanced-hunting-best-practices.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index fa0707db95..439322a448 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -14,7 +14,6 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: m365-security-compliance - ms.topic: article --- From e66287b049fd4af97f7996239941a8fb513383f9 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Fri, 9 Oct 2020 16:27:20 -0700 Subject: [PATCH 111/153] Update advanced-hunting-query-language.md --- .../advanced-hunting-query-language.md | 40 +++++++++---------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index 7003a2670e..f392fb5bbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -21,13 +21,12 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) -Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query. +Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-reference.md). To understand these concepts better, run your first query. ## Try your first query @@ -52,26 +51,21 @@ union DeviceProcessEvents, DeviceNetworkEvents FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType | top 100 by Timestamp ``` - -This is how it will look like in advanced hunting. - -![Image of Microsoft Defender ATP advanced hunting query](images/advanced-hunting-query-example-2.png) - +**[Run this query in advanced hunting](https://securitycenter.windows.com/hunting?query=H4sIAAAAAAAEAI2TT0vDQBDF5yz4HUJPFcTqyZsXqyCIBFvxKNGWtpo_NVlbC8XP7m8mado0K5Zls8nkzdu3b2Z70pNAbmUmqYyk4D2UTJYyllwGMmWNGQHrN_NNvsSBzUBrbMFMiWieAx3xDEBl4GL4AuNd8B0bNgARENcdUmIZ3yM5liPwac3bN-YZPGPU5ET1rWDc7Ox4uod8YDp4MzI-GkjlX4Ne2nly0zEkKzFWh4ZE5sSuTN8Ehq5couvEMnvmUAhez-HsRBMipVa_W_OG6vEfGtT12JRHpqV064e1Kx04NsxFzXxW1aFjp_djXmDRPbfY3XMMcLogTz2bWZ2KqmIJI6q6wKe2WYnrRsa9KVeU9kCBBo2v7BzPxF_Bx2DKiqh63SGoRoc6Njti48z_yL71XHQAcgAur6rXRpcqH3l-4knZF23Utsbq2MircEqmw-G__xR1TdZ1r7zb7XLezmx3etkvGr-ze6NdGdW92azUfpcdluWvr-aqbh_nofnqcWI3aYyOsBV7giduRUO7187LMKTT5rxvHHX80_t8IeeMgLquvL7-Ak3q-kz8BAAA&runQuery=true&timeRangeId=week)** ### Describe the query and specify the tables to search -A short comment has been added to the beginning of the query to describe what it is for. This helps if you later decide to save the query and share it with others in your organization. +A short comment has been added to the beginning of the query to describe what it is for. This comment helps if you later decide to save the query and share it with others in your organization. ```kusto // Finds PowerShell execution events that could involve a download ``` - -The query itself will typically start with a table name followed by a series of elements started by a pipe (`|`). In this example, we start by creating a union of two tables, `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed. +The query itself will typically start with a table name followed by several elements that start with a pipe (`|`). In this example, we start by creating a union of two tables, `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed. ```kusto union DeviceProcessEvents, DeviceNetworkEvents ``` ### Set the time range -The first piped element is a time filter scoped to the previous seven days. Keeping the time range as narrow as possible ensures that queries perform well, return manageable results, and don't time out. +The first piped element is a time filter scoped to the previous seven days. Limiting the time range helps ensure that queries perform well, return manageable results, and don't time out. ```kusto | where Timestamp > ago(7d) @@ -101,7 +95,7 @@ Afterwards, the query looks for strings in command lines that are typically used ``` ### Customize result columns and length -Now that your query clearly identifies the data you want to locate, you can add elements that define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process. +Now that your query clearly identifies the data you want to locate, you can define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process. ```kusto | project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, @@ -109,7 +103,7 @@ FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType | top 100 by Timestamp ``` -Click **Run query** to see the results. Select the expand icon at the top right of the query editor to focus on your hunting query and the results. +Select **Run query** to see the results. Use the expand icon at the top right of the query editor to focus on your hunting query and the results. ![Image of the Expand control in the advanced hunting query editor](images/advanced-hunting-expand.png) @@ -118,7 +112,7 @@ Click **Run query** to see the results. Select the expand icon at the top right ## Learn common query operators for advanced hunting -Now that you've run your first query and have a general idea of its components, it's time to backtrack a little bit and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones. +You've just run your first query and have a general idea of its components. It's time to backtrack slightly and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones. | Operator | Description and usage | |--|--| @@ -137,15 +131,17 @@ To see a live example of these operators, run them from the **Get started** sect ## Understand data types -Data in advanced hunting tables are generally classified into the following data types. +Advanced hunting supports Kusto data types, including the following common types: | Data type | Description and query implications | |--|--| -| `datetime` | Data and time information typically representing event timestamps | -| `string` | Character string | -| `bool` | True or false | -| `int` | 32-bit numeric value | -| `long` | 64-bit numeric value | +| `datetime` | Data and time information typically representing event timestamps. [See supported datetime formats](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/datetime) | +| `string` | Character string in UTF-8 enclosed in single quotes (`'`) or double quotes (`"`). [Read more about strings](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/string) | +| `bool` | This data type supports `true` or `false` states. [See supported literals and operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/bool) | +| `int` | 32-bit integer | +| `long` | 64-bit integer | + +To learn more about these data types, [read about Kusto scalar data types](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/). ## Get help as you write queries Take advantage of the following functionality to write queries faster: @@ -155,7 +151,7 @@ Take advantage of the following functionality to write queries faster: - **[Schema reference](advanced-hunting-schema-reference.md#get-schema-information-in-the-security-center)**—in-portal reference with table and column descriptions as well as supported event types (`ActionType` values) and sample queries ## Work with multiple queries in the editor -The query editor can serve as your scratch pad for experimenting with multiple queries. To use multiple queries: +You can use the query editor to experiment with multiple queries. To use multiple queries: - Separate each query with an empty line. - Place the cursor on any part of a query to select that query before running it. This will run only the selected query. To run another query, move the cursor accordingly and select **Run query**. @@ -171,7 +167,7 @@ The **Get started** section provides a few simple queries using commonly used op ![Image of the advanced hunting get started tab](images/atp-advanced-hunting.png) > [!NOTE] -> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the GitHub query repository. +> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the [GitHub query repository](https://aka.ms/hunting-queries). ## Access comprehensive query language reference From 0f08bfb9860b4a8606163024b22817d136854859 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Fri, 9 Oct 2020 16:34:46 -0700 Subject: [PATCH 112/153] Update advanced-hunting-query-language.md --- .../microsoft-defender-atp/advanced-hunting-query-language.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index f392fb5bbc..e115475712 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -74,7 +74,7 @@ The first piped element is a time filter scoped to the previous seven days. Limi ### Check specific processes The time range is immediately followed by a search for process file names representing the PowerShell application. -``` +```kusto // Pivoting on PowerShell processes | where FileName in~ ("powershell.exe", "powershell_ise.exe") ``` From 37d71890cd2049a5474e96efcf1b0c068d508acd Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 9 Oct 2020 17:14:48 -0700 Subject: [PATCH 113/153] Update preview.md --- .../threat-protection/microsoft-defender-atp/preview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index e67120d349..b59b351315 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -21,6 +21,8 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +>[!IMPORTANT] +>The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From 9e401054bba93feb1d41bf0d1c18e8efb4d5e39d Mon Sep 17 00:00:00 2001 From: Keith McCammon Date: Sat, 10 Oct 2020 09:51:41 -0600 Subject: [PATCH 114/153] Clarify language re: firmware-based threats --- .../security/threat-protection/intelligence/fileless-threats.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 6ae2dcfe4c..a5f4583231 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -43,7 +43,7 @@ A fully fileless malware can be considered one that never requires writing a fil A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls. -Infections of this type can be extra difficult deal with because antivirus products usually don’t have the capability to inspect firmware. Even if they did, it would be extremely challenging to detect and remediate threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. +Infections of this type can be particularly difficult to detect because most antivirus products don’t have the capability to inspect firmware. In cases where a product does have the ability to inspect and detect malicious firmware, there are still significant challenges associated with remediation of threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. ## Type II: Indirect file activity From 04cba9086d6a8dea6d437b3ec39203bb2087593d Mon Sep 17 00:00:00 2001 From: Ryan Steele Date: Sat, 10 Oct 2020 18:22:57 -0700 Subject: [PATCH 115/153] Fix broken link --- .../microsoft-defender-atp/configure-endpoints-non-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index 82e701c6e9..2f52d63533 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -40,7 +40,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib You'll need to take the following steps to onboard non-Windows devices: 1. Select your preferred method of onboarding: - - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-atp-mac). + - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**. 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. From 9775f9ca518c20aaf16787cb19bee4a9a4377e79 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 11 Oct 2020 08:32:54 +0500 Subject: [PATCH 116/153] Update waas-delivery-optimization.md --- .../deployment/update/waas-delivery-optimization.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 77c469b79d..9e420e620d 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -193,6 +193,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol - Clients aren’t able to reach the Delivery Optimization cloud services. - The cloud service doesn’t see other peers on the network. - Clients aren’t able to connect to peers that are offered back from the cloud service. +- None of the computers on the network are peering. ### Clients aren't able to reach the Delivery Optimization cloud services. @@ -204,7 +205,6 @@ If you suspect this is the problem, try these steps: 3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. - ### The cloud service doesn't see other peers on the network. If you suspect this is the problem, try these steps: @@ -223,6 +223,15 @@ If you suspect this is the problem, try a Telnet test between two devices on the 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. +### None of the computers on the network are peering + +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check following settings in assigned group policies, local group policies and MDM policies, whether they are too restrictive: + +- Minimum RAM (inclusive) allowed to use Peer Caching +- Minimum disk size allowed to use Peer Caching +- Enable Peer Caching while the device connects via VPN +- Allow uploads while the device is on battery while under set Battery level + From 8034fda3ed2a47056f605cb7f316e3b8e4d0ed48 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 09:40:03 +0500 Subject: [PATCH 117/153] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 9e420e620d..9051fde57c 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -225,7 +225,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the ### None of the computers on the network are peering -If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check following settings in assigned group policies, local group policies and MDM policies, whether they are too restrictive: +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: - Minimum RAM (inclusive) allowed to use Peer Caching - Minimum disk size allowed to use Peer Caching From 4655fb01438d225a84e82da1b3bdde4bbc6624f6 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 09:59:59 +0500 Subject: [PATCH 118/153] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 9051fde57c..2176e4545b 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -227,7 +227,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: -- Minimum RAM (inclusive) allowed to use Peer Caching +- Minimum RAM (inclusive) allowed to use Peer Caching. - Minimum disk size allowed to use Peer Caching - Enable Peer Caching while the device connects via VPN - Allow uploads while the device is on battery while under set Battery level From e2c92ed14b5e7d9a4e40147bfdb49e6d8293ef8c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:00:07 +0500 Subject: [PATCH 119/153] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2176e4545b..0b72208001 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -228,7 +228,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: - Minimum RAM (inclusive) allowed to use Peer Caching. -- Minimum disk size allowed to use Peer Caching +- Minimum disk size allowed to use Peer Caching. - Enable Peer Caching while the device connects via VPN - Allow uploads while the device is on battery while under set Battery level From b8711edafd7b10950a355c4ad946c84c271512d1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:00:14 +0500 Subject: [PATCH 120/153] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 0b72208001..58dffde87b 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -230,7 +230,7 @@ If you suspect this is the problem, check Delivery Optimization settings that co - Minimum RAM (inclusive) allowed to use Peer Caching. - Minimum disk size allowed to use Peer Caching. - Enable Peer Caching while the device connects via VPN -- Allow uploads while the device is on battery while under set Battery level +- Allow uploads when the device is on battery while under the set battery level. From 4c9deba8d979f29cd454f8ef34d499fde7df3538 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:00:23 +0500 Subject: [PATCH 121/153] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 58dffde87b..f54ac455eb 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -229,7 +229,7 @@ If you suspect this is the problem, check Delivery Optimization settings that co - Minimum RAM (inclusive) allowed to use Peer Caching. - Minimum disk size allowed to use Peer Caching. -- Enable Peer Caching while the device connects via VPN +- Enable Peer Caching while the device connects via VPN. - Allow uploads when the device is on battery while under the set battery level. From 3ca0598fab79ce05369f9a9c5d5fb54a1d9ab2bc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:53:30 +0530 Subject: [PATCH 122/153] replaced broken link with correct link as per user report #8445, so I replaced the correct link. --- .../microsoft-defender-atp/minimum-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 0fab8add04..3e712cd6f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -61,7 +61,7 @@ For detailed licensing information, see the [Product Terms site](https://www.mic For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare). -For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559). +For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf). ## Browser requirements Access to Microsoft Defender ATP is done through a browser, supporting the following browsers: From 53f0f0d13c7f009f7283a90f27b601511c9bd600 Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Mon, 12 Oct 2020 18:22:46 +0300 Subject: [PATCH 123/153] Add cs.dds.microsoft.com --- .../privacy/windows-endpoints-1909-non-enterprise-editions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md index 7b104bdcb0..90ab13ce23 100644 --- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md @@ -96,6 +96,7 @@ The following methodology was used to derive the network endpoints: |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows |spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile +|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices. ## Windows 10 Pro @@ -161,6 +162,7 @@ The following methodology was used to derive the network endpoints: |activity.windows.com|TLSV1.2|Used by Activity Feed Service which enables multiple cross-device data roaming scenarios on Windows |adl.windows.com|HTTP|Used for compatibility database updates for Windows |spclient.wg.spotify.com|TLSV1.2|Used for Spotify Live Tile +|cs.dds.microsoft.com|TLSV1.2|Used by Device Directory Service to keep track of user-device associations and storing metadata about the devices. ## Windows 10 Education From a82cfa3e8315f91f82cea608709a7ce320094b80 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 12 Oct 2020 10:01:57 -0700 Subject: [PATCH 124/153] edit --- windows/deployment/upgrade/quick-fixes.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index f1d655d44b..445b6d5c18 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -158,11 +158,11 @@ To check and repair system files: ### Repair unsigned drivers -Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you: +[Drivers](https://docs.microsoft.com/windows-hardware/drivers/gettingstarted/what-is-a-driver-) are files ending in *.dll or *.sys that are used to communicate with hardware components. Because drivers are so important, they are cryptographically signed to ensure they are genuine. Drivers with a *.sys extension that are not properly signed frequently block the upgrade process. Drivers might not be properly signed if you: - Disabled driver signature verification (highly not recommended). - A catalog file used to sign a driver is corrupt or missing. -Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. + Catalog files (files with a *.cat extension) are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. To check your system for unsigned drivers: @@ -178,7 +178,7 @@ To check your system for unsigned drivers: 7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers. 8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired. 9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below). -10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. +10. The next step is to check that the driver reported as unsigned by sigverif.exe has a problem. In some cases, sigverif.exe might not be successful at locating the catalog file used to sign a driver, even though the catalog file exists. To perform a detailed driver check, download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: @@ -208,6 +208,8 @@ To check your system for unsigned drivers: Valid to: 11:46 AM 5/9/2018 (output truncated) ``` + In the example above, the afd.sys driver is properly signed by the catalog file Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat. + 13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example: From e6e5bd607217be3b61e1cf516f7db6f9b249c47c Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 12 Oct 2020 10:20:15 -0700 Subject: [PATCH 125/153] Update waas-delivery-optimization.md Correcting language. Do not use "peer" as a verb--that means "to look at closely." --- .../update/waas-delivery-optimization.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index f54ac455eb..359a306462 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -193,7 +193,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol - Clients aren’t able to reach the Delivery Optimization cloud services. - The cloud service doesn’t see other peers on the network. - Clients aren’t able to connect to peers that are offered back from the cloud service. -- None of the computers on the network are peering. +- None of the computers on the network are getting updates from peers. ### Clients aren't able to reach the Delivery Optimization cloud services. @@ -223,14 +223,14 @@ If you suspect this is the problem, try a Telnet test between two devices on the 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. -### None of the computers on the network are peering +### None of the computers on the network are getting updates from peers -If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, are MDM policies are too restrictive: -- Minimum RAM (inclusive) allowed to use Peer Caching. -- Minimum disk size allowed to use Peer Caching. -- Enable Peer Caching while the device connects via VPN. -- Allow uploads when the device is on battery while under the set battery level. +- Minimum RAM (inclusive) allowed to use peer caching +- Minimum disk size allowed to use peer caching +- Enable peer caching while the device connects using VPN. +- Allow uploads when the device is on battery while under the set battery level From a8c234a42b59b0d9c600832d8e1429fadf7aa026 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 12 Oct 2020 10:24:46 -0700 Subject: [PATCH 126/153] Update waas-delivery-optimization.md De-localizing links. --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 6a93a63ec7..232279701e 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -136,7 +136,7 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. -**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should setup the proxy via Windows Proxy Settings or the Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/en-us/windows/deployment/update/delivery-optimization-proxy). Most content downloaded via Delivery Optimization leverages Byte Range requests. Make sure your proxy allows Byte Range Requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. +**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/delivery-optimization-proxy). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update). **What hostnames should I allow through my firewall to support Delivery Optimization?**: From 40ef166bc2ef7df36b84e1a1d883bd51079b57c3 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 12 Oct 2020 11:40:59 -0700 Subject: [PATCH 127/153] updating tag --- windows/deployment/update/waas-configure-wufb.md | 2 +- windows/deployment/update/waas-delivery-optimization.md | 2 +- windows/deployment/update/waas-integrate-wufb.md | 2 +- .../update/waas-servicing-strategy-windows-10-updates.md | 2 +- windows/deployment/update/waas-wufb-group-policy.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 727ec90959..68b9bc63f3 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -5,7 +5,7 @@ manager: laurawi description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. ms.prod: w10 ms.mktglfcycl: deploy -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy audience: itpro author: jaimeo ms.localizationpriority: medium diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 77c469b79d..5c622d9fe5 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium ms.author: jaimeo ms.collection: - M365-modern-desktop -- M365initiative-coredeploy +- m365initiative-coredeploy ms.topic: article --- diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 2dc3cc3ff3..f473a704b2 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 1ee1fa50de..737657aea5 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -9,7 +9,7 @@ ms.author: jaimeo ms.reviewer: manager: laurawi ms.topic: article -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy --- # Prepare servicing strategy for Windows 10 updates diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 6f780e8656..5c22b5cd47 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy manager: laurawi ms.topic: article --- From 5267e5d4a3ba8e807f493fda1e1c976fddeddf13 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 12 Oct 2020 11:52:02 -0700 Subject: [PATCH 128/153] revising metadata --- .../microsoft-defender-atp/android-configure.md | 2 +- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- .../microsoft-defender-atp/android-support-signin.md | 2 +- .../microsoft-defender-atp/auto-investigation-action-center.md | 2 +- .../microsoft-defender-atp/automated-investigations.md | 2 +- .../microsoft-defender-atp/behavioral-blocking-containment.md | 2 +- .../microsoft-defender-atp/client-behavioral-blocking.md | 2 +- .../configure-microsoft-threat-experts.md | 2 +- .../microsoft-defender-atp/configure-proxy-internet.md | 2 +- .../microsoft-defender-atp/edr-in-block-mode.md | 2 +- .../endpoint-detection-response-mac-preview.md | 2 +- .../microsoft-defender-atp/investigate-alerts.md | 2 +- .../microsoft-defender-atp/investigate-behind-proxy.md | 2 +- .../microsoft-defender-atp/investigate-domain.md | 2 +- .../microsoft-defender-atp/investigate-files.md | 2 +- .../microsoft-defender-atp/investigate-incidents.md | 2 +- .../threat-protection/microsoft-defender-atp/investigate-ip.md | 2 +- .../microsoft-defender-atp/investigate-machines.md | 2 +- .../microsoft-defender-atp/investigate-user.md | 2 +- .../threat-protection/microsoft-defender-atp/investigation.md | 2 +- .../microsoft-defender-atp/ios-configure-features.md | 2 +- .../threat-protection/microsoft-defender-atp/ios-install.md | 2 +- .../microsoft-defender-atp/ios-privacy-statement.md | 2 +- .../threat-protection/microsoft-defender-atp/ios-terms.md | 2 +- .../microsoft-defender-atp/linux-exclusions.md | 2 +- .../microsoft-defender-atp/linux-install-manually.md | 2 +- .../microsoft-defender-atp/linux-install-with-ansible.md | 2 +- .../microsoft-defender-atp/linux-install-with-puppet.md | 2 +- .../microsoft-defender-atp/linux-preferences.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-pua.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-resources.md | 2 +- .../microsoft-defender-atp/linux-static-proxy-configuration.md | 2 +- .../microsoft-defender-atp/linux-support-connectivity.md | 2 +- .../microsoft-defender-atp/linux-support-install.md | 2 +- .../microsoft-defender-atp/linux-support-perf.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-updates.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-whatsnew.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-exclusions.md | 2 +- .../microsoft-defender-atp/mac-install-jamfpro-login.md | 2 +- .../microsoft-defender-atp/mac-install-manually.md | 2 +- .../microsoft-defender-atp/mac-install-with-intune.md | 2 +- .../microsoft-defender-atp/mac-install-with-jamf.md | 2 +- .../microsoft-defender-atp/mac-install-with-other-mdm.md | 2 +- .../microsoft-defender-atp/mac-jamfpro-device-groups.md | 2 +- .../microsoft-defender-atp/mac-jamfpro-enroll-devices.md | 2 +- .../microsoft-defender-atp/mac-jamfpro-policies.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-preferences.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-privacy.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-pua.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-resources.md | 2 +- .../microsoft-defender-atp/mac-schedule-scan-atp.md | 2 +- .../microsoft-defender-atp/mac-support-install.md | 2 +- .../microsoft-defender-atp/mac-support-kext.md | 2 +- .../microsoft-defender-atp/mac-support-license.md | 2 +- .../microsoft-defender-atp/mac-support-perf.md | 2 +- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- .../microsoft-defender-atp/mac-sysext-preview.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-updates.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- .../threat-protection/microsoft-defender-atp/manage-edr.md | 2 +- .../microsoft-defender-atp/manage-incidents.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-android.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-ios.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- .../microsoft-defender-security-center.md | 2 +- .../microsoft-defender-atp/microsoft-threat-experts.md | 2 +- .../threat-protection/microsoft-defender-atp/preview.md | 2 +- .../threat-protection/microsoft-defender-atp/review-alerts.md | 2 +- .../microsoft-defender-atp/run-detection-test.md | 2 +- .../microsoft-defender-atp/threat-analytics.md | 2 +- .../threat-and-vuln-mgt-event-timeline.md | 2 +- .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 2 +- .../microsoft-defender-atp/tvm-dashboard-insights.md | 2 +- .../microsoft-defender-atp/tvm-exposure-score.md | 2 +- .../tvm-microsoft-secure-score-devices.md | 2 +- .../threat-protection/microsoft-defender-atp/tvm-remediation.md | 2 +- .../microsoft-defender-atp/tvm-security-recommendation.md | 2 +- .../microsoft-defender-atp/tvm-software-inventory.md | 2 +- .../microsoft-defender-atp/tvm-supported-os.md | 2 +- .../threat-protection/microsoft-defender-atp/tvm-weaknesses.md | 2 +- .../whats-new-in-microsoft-defender-atp.md | 2 +- 83 files changed, 83 insertions(+), 83 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index 23418c880c..6edfd475aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 3d0596a066..b70734bf7c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index 4c894c657b..d2d946c3fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index b1ca5d6277..0a77813dd2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 4d6b8f369b..ef999e9cca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -17,7 +17,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.custom: AIR diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index 1dde7195b9..8d29204276 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -17,7 +17,7 @@ ms.custom: - edr ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Behavioral blocking and containment diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index 94b228841a..52e97e1b70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -17,7 +17,7 @@ ms.custom: - edr ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Client behavioral blocking diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index b6a1734953..23f1b28355 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 8d3133a0cf..12c3637695 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index e0044d7767..b5679d1756 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -18,7 +18,7 @@ ms.custom: ms.date: 08/21/2020 ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Endpoint detection and response (EDR) in block mode diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index 60fa3bbb66..4d724bc3ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 6d68413d04..1b20360ecd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 79ea086abc..37ca52cd85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 1a81d14c1a..7bd899fd9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 3ea4a81ef3..f5c2fcb4ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index 9248b00bc1..419b64c153 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 6ad54fdad1..fb1109d764 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 0c27dfa596..5419c76996 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index 67e50c3db9..7593f22e63 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 74aab18e01..87bac34185 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 3e1d3e88ec..abb45e662b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index 589ac8f728..be3fe61fbf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md index 18efc534bd..04c810e52c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index 8b27316acf..39f57d1213 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index 40e11bc1ae..8bee109c6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index bb7ea0b659..3012e87c2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 29d00b8682..2cc5610a4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 5329ff85b5..68fe2b6926 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 4623b9404c..e2944beb87 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index f8a1528015..58b9c14323 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 0c0540d5fd..7c779b7d9d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index 5b58e7360d..d3b7796378 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index cf4c908330..3406767afa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 14bdaf18cd..15d0e69c78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 22da390046..8390f37105 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro mms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index 75b74c04c6..dd01c882b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 4ee52d6643..8e290c8ff5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 7a94346bfa..3eeb408c4d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index 6f531869c4..59d65172e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index 70327e5dbc..3f720e90e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index 8a12f3b24a..91a5ea6044 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 9f1df1d2eb..b02fdd72d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index d889ac46d6..1e43a13d07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 2905fb1e88..04cb07cd04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index d043bfc33d..ffd3980a4a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index fb8ad38590..a56afd0ef7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md index f0e31f2f99..ec94cef29a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md index a721605327..42d1a1e3fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md index d2c603c8a2..266a05a30f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 787970e267..21653f6dc7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index da8701705a..fdad212625 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md index 78aef5a5d7..f4a32380f3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index fb981aa16e..d369e94d36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md index 090950a69c..a05f815303 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index edaed64d2b..385a3fddb2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index fc8f955180..461973a0a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index 2f83c71bf8..86a435cc65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index c67b6de1e3..740aaacb77 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index c3c24ac819..43115e4395 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index fe448008b1..ab130cb910 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.date: 09/15/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index d60924e1fc..458c0798ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index aefc151c14..04dc76e4e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index bcdc9ac3e3..4b4a872950 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index be494de5b9..118ea48672 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 667e35238c..ea21452763 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 5a96df370a..06899fd04e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md index 0e6a5a3770..e04a02313b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index fe2daca8e4..4aed901842 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 6ec6e5ba57..4443433ac4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md index 3a52dc1d5f..55fe2974c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.date: 5/1/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index 0aff954d23..a40530476f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 0af52385dc..bdb20dff52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 1be7e019e4..86dbfb50a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Event timeline - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index ad34d33afc..77b4642f92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 087609d893..eca2eff41e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Threat and vulnerability management dashboard insights diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index ddebda2984..1773f17654 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Exposure score - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 7578763d5b..59c5598a86 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Microsoft Secure Score for Devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 847425a5c6..96e22571c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Remediation activities and exceptions - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 7aa0b7c039..723a90bded 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Security recommendations - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index e3220fbd89..13d0634456 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Software inventory - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index f142e959a4..4de1a79a1e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- # Supported operating systems and platforms - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 27a8549bbe..523a9d850b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Weaknesses found by threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index ef2b779d74..38c6bd4b37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- From 972c2ab0bc673793c2e5150868a0f9b51adbd6e9 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 15:35:42 -0700 Subject: [PATCH 129/153] Release notes for 101.09.50 --- .../microsoft-defender-atp/mac-install-with-intune.md | 2 +- .../microsoft-defender-atp/mac-resources.md | 2 +- .../microsoft-defender-atp/mac-whatsnew.md | 11 +++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index d7a00dd754..a22b5aab16 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -195,7 +195,7 @@ To approve the system extensions: 9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download `netfilter.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. -10. To allow Defender and Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. +10. To allow Microsoft Defender ATP for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. 11. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 2aafa7220d..87146fc807 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -97,7 +97,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [path]` | |Health |Check the product's health |`mdatp health` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | |Protection |Scan a path |`mdatp scan custom --path [path]` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 7748721340..af2c710e12 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -41,6 +41,17 @@ ms.topic: conceptual > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md). > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update. +## 101.09.50 + +- This product version has been validated on macOS Big Sur 11 beta 9 +- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender ATP for Mac](mac-resources.md#configuring-from-the-command-line) + + > [!NOTE] + > The old command-line tool syntax will be removed from the product on **January 1st, 2021**. + +- Extended `mdatp diagnostic create` with a new parameter (`--path`) that allows the diagnostic logs to be saved to a different location +- Performance improvements & bug fixes + ## 101.09.49 - User interface improvements to differentiate exclusions that are managed by the IT administrator versus exclusions defined by the local user From 74118dfa4198a685d3e9f1ffba22c459e58b2052 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 16:54:43 -0700 Subject: [PATCH 130/153] Add note on new parameter --- .../threat-protection/microsoft-defender-atp/mac-resources.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 87146fc807..22b92d8e46 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -44,6 +44,9 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. + > [!TIP] + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command. + ```bash sudo mdatp diagnostic create ``` From 144cf1be53c5348e402581db452201abcc0dcdf1 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 16:58:38 -0700 Subject: [PATCH 131/153] Clarity --- .../threat-protection/microsoft-defender-atp/mac-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 22b92d8e46..9c0b4cd2a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -45,7 +45,7 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. > [!TIP] - > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command. + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command, replacing `[path]` with the desired path. ```bash sudo mdatp diagnostic create From 2a864f18f85712d2eb04969b8c20d36bdb1a7f6c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 12 Oct 2020 17:37:37 -0700 Subject: [PATCH 132/153] Acrolinx: "occured" --- windows/client-management/mdm/surfacehub-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index cc0a0bc3d0..330dddba01 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -161,7 +161,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format     - + From 887e29376706dd6d2c683ea48f331f34007731d5 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Mon, 12 Oct 2020 19:35:14 -0700 Subject: [PATCH 133/153] Clarify that path is directory --- .../threat-protection/microsoft-defender-atp/mac-resources.md | 4 ++-- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 9c0b4cd2a5..7ce45a0fee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -45,7 +45,7 @@ If you can reproduce a problem, increase the logging level, run the system for s 3. Run `sudo mdatp diagnostic create` to back up Microsoft Defender ATP's logs. The files will be stored inside a .zip archive. This command will also print out the file path to the backup after the operation succeeds. > [!TIP] - > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the location where diagnostic logs are saved, pass `--path [path]` to the below command, replacing `[path]` with the desired path. + > By default, diagnostic logs are saved to `/Library/Application Support/Microsoft/Defender/wdavdiag/`. To change the directory where diagnostic logs are saved, pass `--path [directory]` to the below command, replacing `[directory]` with the desired directory. ```bash sudo mdatp diagnostic create @@ -100,7 +100,7 @@ Important tasks, such as controlling product settings and triggering on-demand s |Configuration|Turn on audit mode for PUA protection |`mdatp threat policy set --type potentially_unwanted_application -- action audit` | |Configuration|Turn on/off passiveMode |`mdatp config passive-mode --value enabled [enabled/disabled]` | |Diagnostics |Change the log level |`mdatp log level set --level [error/warning/info/verbose]` | -|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [path]` | +|Diagnostics |Generate diagnostic logs |`mdatp diagnostic create --path [directory]` | |Health |Check the product's health |`mdatp health` | |Health |Check for a spefic product attribute |`mdatp health --field [attribute: healthy/licensed/engine_version...]` | |Protection |Scan a path |`mdatp scan custom --path [path]` | diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index af2c710e12..434fdb15ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -49,7 +49,7 @@ ms.topic: conceptual > [!NOTE] > The old command-line tool syntax will be removed from the product on **January 1st, 2021**. -- Extended `mdatp diagnostic create` with a new parameter (`--path`) that allows the diagnostic logs to be saved to a different location +- Extended `mdatp diagnostic create` with a new parameter (`--path [directory]`) that allows the diagnostic logs to be saved to a different directory - Performance improvements & bug fixes ## 101.09.49 From fe713333bd2533087f597008aade8762e350c925 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Tue, 13 Oct 2020 06:44:22 -0700 Subject: [PATCH 134/153] Update hello-faq.md --- .../security/identity-protection/hello-for-business/hello-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index e6d36e6967..b5dfff553e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -75,6 +75,7 @@ Communicating with Azure Active Directory uses the following URLs: - enterpriseregistration.windows.net - login.microsoftonline.com - login.windows.net +- account.live.com If your environment uses Microsoft Intune, you need these additional URLs: - enrollment.manage.microsoft.com From 42a23fb3f4d6bab6cd61e6fb19cd71d36cbead9e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 13 Oct 2020 11:20:48 -0700 Subject: [PATCH 135/153] ios privacy --- .openpublishing.redirection.json | 5 ++ .../microsoft-defender-atp/ios-privacy.md | 78 +++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b15fa65bb2..81696cd310 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -79,6 +79,11 @@ "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations", "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy", + "redirect_document_id": true }, { "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md", diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md new file mode 100644 index 0000000000..4a18d89818 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -0,0 +1,78 @@ +--- +title: Microsoft Defender ATP for iOS note on Privacy +ms.reviewer: +description: Describes the Microsoft Defender ATP for iOS Privacy +keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: sunasing +author: sunasing +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +hideEdit: true +--- + +# Microsoft Defender ATP for iOS - Privacy information + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for iOS](microsoft-defender-atp-ios.md) + +>[!NOTE] +> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization **does not see your browsing activity**. + +Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. + +Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service. + +## Required data + +Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected: + +### Web page / Network information + +- Connection information +- Protocol type (such as HTTP, HTTPS, etc.) + +### Device and account information + +- Device information such as date & time, iOS version, CPU info, and Device identifier +- Device identifier is one of the below: + - Wi-Fi adapter MAC address + - Randomly generated globally unique identifier (GUID) + +- Tenant, Device, and User information + - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. + - Azure tenant ID - GUID that identifies your organization within Azure Active Directory + - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted + - User Principal Name Email ID of the user + +### Product and service usage data + +- App package info, including name, version, and app upgrade status +- Actions performed in the app +- Crash report logs generated by iOS +- Memory usage data + +## Optional data + +Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. + +Optional diagnostic data includes: + +- App, CPU, and network usage +- Features configured by the admin + +**Feedback Data** is collected through in-app feedback provided by the user. + +- The users email address, if they choose to provide it +- Feedback type (smile, frown, idea) and any feedback comments submitted by the user + +[More on Privacy](https://aka.ms/mdatpiosprivacystatement) \ No newline at end of file From 73ed2e0959bb48acbeee760653e03c84323aa7ec Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 13 Oct 2020 16:12:59 -0700 Subject: [PATCH 136/153] MErged with master --- windows/client-management/mdm/policy-csp-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 6c68af9cff..39de0473a2 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 08/12/2020 +ms.date: 10/13/2020 ms.reviewer: manager: dansimp --- From b79239c830e8247c64b54c296b4e4e45d109a4e8 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 08:25:36 -0700 Subject: [PATCH 137/153] minor change to trigger build --- windows/client-management/mdm/policy-csp-system.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 39de0473a2..8370931097 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/13/2020 +ms.date: 10/14/2020 ms.reviewer: manager: dansimp --- From 47e2728c2a03ffb3da7891170c1d3d7634c852f4 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 14 Oct 2020 08:36:18 -0700 Subject: [PATCH 138/153] Added Acrolinx suggestions --- windows/client-management/mdm/policy-csp-system.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 8370931097..6012a60ed9 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1,6 +1,6 @@ --- title: Policy CSP - System -description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update. +description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -489,7 +489,7 @@ The following list shows the supported values: -Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts. +Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts. This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled). @@ -510,7 +510,7 @@ ADMX Info: The following list shows the supported values: -- 0 - false - No traffic to fs.microsoft.com and only locally-installed fonts are available. +- 0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available. - 1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them. @@ -1606,7 +1606,7 @@ The following list shows the supported values: This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. -To enable this behavior you must complete two steps: +To enable this behavior, you must complete two steps:
    • Enable this policy setting
    • Set Allow Telemetry to level 2 (Enhanced)
      • From 23a6f2c5552bc9d2b2cbd2a28de939fec39ea67e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Oct 2020 08:52:09 -0700 Subject: [PATCH 139/153] fix chars --- .../threat-protection/microsoft-defender-atp/ios-privacy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md index 4a18d89818..1bef25da5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -52,7 +52,7 @@ Required data consists of data that is necessary to make Microsoft Defender ATP - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. - Azure tenant ID - GUID that identifies your organization within Azure Active Directory - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted - - User Principal Name Email ID of the user + - User Principal Name - Email ID of the user ### Product and service usage data @@ -72,7 +72,7 @@ Optional diagnostic data includes: **Feedback Data** is collected through in-app feedback provided by the user. -- The users email address, if they choose to provide it +- The user's email address, if they choose to provide it - Feedback type (smile, frown, idea) and any feedback comments submitted by the user [More on Privacy](https://aka.ms/mdatpiosprivacystatement) \ No newline at end of file From 74bece44c3d71328d7707656985464640caf29c0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:03:20 -0700 Subject: [PATCH 140/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ecurity-settings-with-tamper-protection.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index c49d6a763f..089733cd93 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -1,6 +1,6 @@ --- title: Protect security settings with tamper protection -ms.reviewer: shwjha +ms.reviewer: shwjha, hayhov manager: dansimp description: Use tamper protection to prevent malicious apps from changing important security settings. keywords: malware, defender, antivirus, tamper protection @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 10/08/2020 +ms.date: 10/14/2020 --- # Protect security settings with tamper protection @@ -161,7 +161,7 @@ When a tampering attempt is detected, an alert is raised in the [Microsoft Defen ![Microsoft Defender Security Center](images/tamperattemptalert.png) -Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender ATP, your security operations team can investigate and address such attempts. +Using [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) and [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) capabilities in Microsoft Defender for Endpoint, your security operations team can investigate and address such attempts. ## Review your security recommendations @@ -179,7 +179,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili ### To which Windows OS versions is configuring tamper protection is applicable? -Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). +Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy). @@ -195,7 +195,7 @@ Tamper protection will not have any impact on such devices. If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). -If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: +If you are an organization using [Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: - [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune) @@ -216,7 +216,7 @@ Some sample Microsoft Defender Antivirus settings: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
      Value `DisableRealtimeMonitoring` = 0 -### For Microsoft Defender ATP E5, is configuring tamper protection in Intune targeted to the entire organization only? +### For Microsoft Defender for Endpoint E5, is configuring tamper protection in Intune targeted to the entire organization only? Configuring tamper protection in Intune can be targeted to your entire organization as well as to specific devices and user groups. @@ -226,9 +226,9 @@ If you are using tenant attach, you can use Microsoft Endpoint Configuration Man ### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune? -Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). +Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). -### What happens if I try to change Microsoft Defender ATP settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? +### What happens if I try to change Microsoft Defender for Endpoint settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? You won’t be able to change the features that are protected by tamper protection; such change requests are ignored. @@ -236,9 +236,9 @@ You won’t be able to change the features that are protected by tamper protecti No. Local admins cannot change or modify tamper protection settings. -### What happens if my device is onboarded with Microsoft Defender ATP and then goes into an off-boarded state? +### What happens if my device is onboarded with Microsoft Defender for Endpoint and then goes into an off-boarded state? -In this case, tamper protection status changes, and this feature is no longer applied. +If a devices is offboarded from In this case, tamper protection status changes, and this feature is no longer applied. ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center? @@ -254,6 +254,6 @@ In addition, your security operations team can use hunting queries, such as the [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) -[Get an overview of Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) +[Get an overview of Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) -[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](why-use-microsoft-defender-antivirus.md) +[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) From 50bd0c97f793275475344da7317b3eda79421a9c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:06:40 -0700 Subject: [PATCH 141/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 089733cd93..2617b61873 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -189,7 +189,7 @@ No. Third-party antivirus offerings will continue to register with the Windows S ### What happens if Microsoft Defender Antivirus is not active on a device? -Tamper protection will not have any impact on such devices. +Devices that are onboarded to Microsoft Defender for Endpoint will have Microsoft Defender Antivirus running in passive mode. Tamper protection will continue to protect the service and its features. ### How can I turn tamper protection on/off? @@ -238,7 +238,7 @@ No. Local admins cannot change or modify tamper protection settings. ### What happens if my device is onboarded with Microsoft Defender for Endpoint and then goes into an off-boarded state? -If a devices is offboarded from In this case, tamper protection status changes, and this feature is no longer applied. +If a devices is offboarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center? From 5f65a77205a0807d0bd8387a27bac7e33ecde737 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:09:22 -0700 Subject: [PATCH 142/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 2617b61873..5b2595f219 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -218,7 +218,7 @@ Some sample Microsoft Defender Antivirus settings: ### For Microsoft Defender for Endpoint E5, is configuring tamper protection in Intune targeted to the entire organization only? -Configuring tamper protection in Intune can be targeted to your entire organization as well as to specific devices and user groups. +Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups. ### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager? From 7c8a20192066133460a9203108dec47c3cd5d688 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:14:38 -0700 Subject: [PATCH 143/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...nges-to-security-settings-with-tamper-protection.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 5b2595f219..6277478709 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -179,7 +179,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili ### To which Windows OS versions is configuring tamper protection is applicable? -Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). +Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy). @@ -195,7 +195,7 @@ Devices that are onboarded to Microsoft Defender for Endpoint will have Microsof If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). -If you are an organization using [Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: +If you are an organization using [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: - [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune) @@ -216,7 +216,7 @@ Some sample Microsoft Defender Antivirus settings: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
      Value `DisableRealtimeMonitoring` = 0 -### For Microsoft Defender for Endpoint E5, is configuring tamper protection in Intune targeted to the entire organization only? +### For Microsoft Defender for Endpoint, is configuring tamper protection in Intune targeted to the entire organization only? Configuring tamper protection in Intune or Microsoft Endpoint Manager can be targeted to your entire organization as well as to specific devices and user groups. @@ -226,7 +226,7 @@ If you are using tenant attach, you can use Microsoft Endpoint Configuration Man ### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune? -Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). +Currently, configuring tamper protection in Intune is only available for customers who have [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). ### What happens if I try to change Microsoft Defender for Endpoint settings in Intune, Microsoft Endpoint Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device? @@ -254,6 +254,6 @@ In addition, your security operations team can use hunting queries, such as the [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) -[Get an overview of Microsoft Defender for Endpoint E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) +[Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) From 34077f216cf4fa667589bb771550ab6a17885249 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:21:59 -0700 Subject: [PATCH 144/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 6277478709..e485608bea 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -240,6 +240,8 @@ No. Local admins cannot change or modify tamper protection settings. If a devices is offboarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. +As an example, suppose that + ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center? Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securitycenter.microsoft.com) under **Alerts**. From 81b6feee1c83c307f9103f27321f2f33eb6d10e4 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:24:22 -0700 Subject: [PATCH 145/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index e485608bea..6277478709 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -240,8 +240,6 @@ No. Local admins cannot change or modify tamper protection settings. If a devices is offboarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. -As an example, suppose that - ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center? Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securitycenter.microsoft.com) under **Alerts**. From 7de8f972dd30a6ba52a4445129f04cab5dfbbd90 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:36:56 -0700 Subject: [PATCH 146/153] adding screenshot --- ... experience policy in Endpoint security.png | Bin 0 -> 199714 bytes ...security-settings-with-tamper-protection.md | 11 ++++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/images/Windows security experience policy in Endpoint security.png diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/Windows security experience policy in Endpoint security.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/Windows security experience policy in Endpoint security.png new file mode 100644 index 0000000000000000000000000000000000000000..e4b306fd92db21a10e779db89b4808b783d35308 GIT binary patch literal 199714 zcmZs?1yCGKv^E?P+zIXh0t9y!C&3fk7iZbv4hb$n7F}3K&|pCW!QEw9d~vtnF2S9^ z&wHird++yG&D2y+wVdug)91`{o)f8|rih14h5hW=Gradoa$3)xp(QPm^1I1lSQRZ3MFwO2$0oD4Q>bqypDq%SHAhf44mWz^s`?F^ZQ~%s3sOdEs&z?Qz zzn6Qb<7Il#is41_{(ISi`{lu$`$*$eru)^>?~IH;shNLV52+_&0H;g7M{#eTueM$- z`Le!!6&FgR_61c2-TSDOE0zCriE+1?$Us+VG>5tg?S*|NCL8`;qh8|9*jQLyS?qD)i0PSIo3Rr=tl|NO5uEyeMQQz7 zBc#Z^JwB}w683#B0vYgO{`=mD;P`14ljCPyVLDQqD%Vyg!9UBghJFvTDT;=d(fQff zlEN51=(oJCpCH3)F%-?Ggi=Pn*vsW&nEsdZlVcFBnUKu7#V>S~8KD24A!FV+s@84~ znmPs85g17s-};F03J8DsgNZa{aZ<4VRV<^fs2o>ThwfYYyp(9KEw-jsFgw@znKF(* z3f11jPQx;uZRhAHVUkst1ODu+V#%36*JTDbAo1cNd%gC#b}Z`pV{-y5uuUgy*|?+w zBbogqO_}uCIeFm3NUzN8oEvwGJESeBtzrpAdHVluL%RjmR%sZ!p!a!M(=T%p`%1+J zV`XrP?Vu?RQQKZrOY^*8MU~r^Qb?OdS#d5FfZUg&;<84takqp!rGv^&AiJn2GI4(< zSLA}MF^-or|m6N4MbOZ`A1rD%m5wq7EjY`}_Fv za^BqV`tDw2FXMTx7%>%k7?9!^)4;Y;B+!QIAj8-kUT;*{+Tv{K?=9_TH0y_Xc>3UV zUQ?BoU5T4KT_LJVwR+k}XO}keO{2`gepYIQXzIR^aI>@+CUmFH_-9o#g=!aj6LEKI zuvWltuedxwW)~iOT%H_#V)nQAI4Dr)VdRV7{iY#qTO(1Vw5e*B^j-3L2#3%?<;zFc ze9YVMa>VGkf)jVOhk{)e)bii@tdv*(rje2rFqiN(O~Z{1=@q)Ev=1vlb>C+$7)v8u zW@$T=IWM%JYgp=`Nbu*lsN3@N%5ttgvL2rf%`D@Fo}YuPtQh5zk8Fmz8RE0NKsP5AD%6|KvqZFqUx?K zyR*M*@jHpDkRt#WpzNMPN!g*Hue=kj$dLACerpU7Y+Ia-E#xojMJpCEdCdzMB`a(ckiflSIiE44% z>s7HJ0ftqxdF)SCnXgf^5CZ@%$~FJ-a9 z#o)m@`6CE8;ff9Ryp9(DX^dnzpAFdDs?IFKUvM%>Vejcw^^%g3G;supUpEW^{Y|FB z+Op$YcuYt^CIZU#4dMpX-lH^QeE}xBm7>$NuAM)(wU2pF5`(kv;hR+Vy@`U?5-#s- zH{Vb#L;X?i?1RXr&(?uT2)l#H<3CSHJ0SWsrH`DAJ;1$@#g;qf96^`tGd z4RW&;wmeFq@JpI%?X15(+Bw%xn&6`JXD-*^qtbp%f!BFyTRfkhlX$E+>x+|D{LcZ- zzq?u*-Ca)Ycis8Bd}PRlRSsctsRHh(mb zX8g{9gM4SmD+iMtG*3_c&`>Fvoxi@bHS^TP!X=7eOa4Dgc=BFKZ=PQ|hP8#Us|*dU zdhT;GGSRJ1>zbud+PzgZA}C9PG4KzP#*t0=ZfLPPFBB0O*=xw;2>edH zzE>)aIqQoT52Jf^J&)DkC=Ce*!3h0A>hrPiXiY?%Lr@Ti!^o7nlvWp=NjI?O`pYf+AqCCL?t5{4!~y2wDLt6;H>1Lh!ecd1Y^m*ZhauAly`b2 zK5d!jU}S~}5Q4{9%6F+E_+bBog5J2O6C;@;Rc^G=m9kWm{(0piZr44|M4;lkYv4WG zD?=wvGpo-Ae*+u!Vp6x6%pE{{IgR(zP|F97E}o3IEDk!mvisVjsU_ZkhqS1qW8_-j z>Ph))VX4*RV!(CJrTy1q<+3&M?D!s8=K=V!SmNP>SGxN@ec)Cox7P2l+s!%Jdf z4PD*H!ak+Ya0tV_D+QgjPiV>xYv0fiyc=iR41x6e%(hTnUk(4R%TZx*qa`9bFKecM z7n6!y+^?t;?Ct;7d$I!er;+v``BS}kyz=00+)NcwYp;iMu_X7{;_US2R7w`O43m*1 z^t-~pJp9eHff_)(#lMXIfatibwRhRKB9xJ(dll-q|JV1*h3A^P&iOYsSoQ_TfvHs5 za9k@5%bysBrj<1IdkF^cqkS}5@BJ(Gf$m5lQ(#4av{p4SC=cAR5v%LIxUwNkAoai& zabbih9&T{lo*L6kUf0p3LEzphscD!3wcOfrxiXD}ewA@ZJ4ENG7EO^{ptP?)kgLu^ z4WAYT$Ih_iZCS2H{A3u!O|P_y=SsKsUfam<3N>AGTv)eK5yN+K>0OkMCZxQf2nYyJ z>Qm{6)%BQlmqJzN_U`QNCi2dqLZvmvg+Y`x-;^qPoV$88H?4OKQJ`iSb?nVD)xN?J zClj}r=2YZ#)eKKg#=!pIUeP^(J6z(VqaQ(yv3}|jxNJu^vw|m&B^9Yg*Y**wo<102iFr56JfVo#Mj9j65Wt-ow816?qtND z0s^u1$uHOHK`DV4Igg}YBSv_Ik5P&dx!*}I=6oLO1JR)MG(=1EUd@QR8_S-mPE^`{ zOxl47#v=`Nb#+YL?d&7Oek-1>y)D-2_C20TR`?1Bw3~jKc7W&1p*d_b)ti)(k`lhy zwX*#l8!t-^DvowU|FA%ni>urN?x)btS{r1Cj0y# z)tlpT@Hd#A?q4q7xoI>ta(}u+LCb=1y2LON3jGAP+0raY+A83+Tz3C$oK8gY=>?$7 zjQTS;HIQ`^ptR5cqNNLmtlmx)AGfd^6Os*PU2z(wDq4@Yxx){Q>Rqme9pS}3+E!BJfF!&@PS`v z0?GYGi+#4XQdEFX9S(_LEA7noZ(gym#*#EqE%{xA_H~>>WapR6awiJ8mb=SU1D*I5 z6tvDqP&`{n@3Jp^nq}NsVxShG64S#XO#hR<$D%lua?#l2SVWw5K>}LogAgW>%k1Rz z)c;6EZeHIk3@vdWOwov}fY9-dPWRL?{fr~_Kq(uJRT|>@vfQtF?8YB@IapLtTmQ~U zQ%ujU7>A98E?<8w0fGgM;d0^TqvyM-Gv6FXn{BfPj0Pyy!&< zMmm*@(5$A_l(>sKWASh*qGM{`T(aQSPJ(P5ql0r)90Y~FKpHu620j8CEg0(3k7d;= zmU)DeE(CQ!J1fC3p6%6;XHF#18w!SVvyp4qia6jM zY6|e-u6ZchL2xY}!9}1u>!AC~B?`fnrcWIFvq7fJ>_Oqtw4Z8g%?CY3383l;2ub~sdjUIK}j4WZUMi6r7>KRO4M$zW|foCp~lWm7jPOjh3EZUKhF)3k@mTX^rS?WN$B84Qy-x3?WLyMmabjEUS za#(ngGag5~fnhE1qOg)+A%2g&dpqc{uj1N;urnmK?6w8Vfrs& zzp$-_TxAUm*thIlLMACS+0aBB>|!8N41FJbBBpNjfUSSX*uOqEcU(tZE>3L-a3j^3 zYcMgU)ijR#f;MlcktO=VO1Q4!m=}$i8BL^ih-zQh`R!*X%#zwkb8}EQF%edS`#e>2 zl9Ym>F-g)0Uw7=^-Z*N?XP%zqp+CDp?a3H)1y%?-MLfMS?udTn9xG*xgIQl3J{0Pe ztv?axEw~Po6QPlbT-=gu-K_@PyrWaybs>uJ^rV6N@ek*TEI1zU{f$)ZLuTKoCE(HWs0&Y!e>oc&>KZDdgBkn5%g zei@A+x+558HZuTP(i?4V^&`qw`zPEZ34ooiRdOsCHed68l((|;v^O!@V&NzYY;3SpH%^Bq=2O#=&zPeDl3-?9a-92b z6Nh-DGrbp-}lKDFQFPZ%%gAgkhGkL%t{KU|*Ez4GFb;L#1}B+ji)FK__->)pe@K=`?i$jUTY zV`emTI9AViz6tf#LGhS)^6fIF=eOvwv8C9JFW`!*3iu|g_Zzhqd~$8c)mK}dZ#OH6qj)DBvXeBd?J@gYe_Ff-i=O;z0+{R%Cp1* zN{pEBlGW3kD|(HBo?K#%X=`zXnD()ucgB&Zho!28rHSuY5?^tzhz#O=`q8-*u>t;8 zFa0qV>B%nLSOZ*maFw?yf(Cu7<+D=DDgY`RR`wjy_4#EI@8;=tJ%NkLHsaY|?zd^`LoouE@!`IoULGT(!DGzGqu zN~?1_9Wn4rPEipfM{OP<6DVdMcx}usU6N2FyW#A08W3KmZ*XbR=$6Iad&kL)X@55N zuytqZ`fOk#?9GLY9k#Hv?2|hPltwJ9wIBbgZfr<2#MQJRTpYyXbKeqN^?Er^+>`xl zM|P>)PvTbOj+b^*G&|+U9DB-EcE7K8SbY+-uAvn0lA{Mf2l-n_5$yu4Qrz^wvczUv z*pQ|=KGp3lUm3$Q6EUQyXv|`xxsyHP3H-LQ@ZjKIcknrP>tDFcxzh(H+#-vaVOk}n zh~71MoX}4cTLmm5Z5XFV%@TGuoj2|c2cGY}xE{--+|tUKmfC6)(T3Bdn4$0HSm}uY z;^aJr5u>9Tjp_o}{sZmnzrdL@G^oanP_QD*qWAJprm-@+&7AuT(>60~eP9zQ;=Lvk z9CC!I*_vBB|NEymEHG52S1S9|r(UhrfB34>~n4Q2EFUF)_3L04}#_Sl%; zT|?yHkkt|ZMwYw{oPNnT<-F8@0?^;qTv#H{7fgboOUdm)5TiP}LCwh+>>L6srA63A z z&Lwt|8vZhJawtMZ1_2v6@*<^4=DaCIYC$h#)?S+17rgLQ6yG4*HWx?}Am;EW>C$EV z6r1J}(n71KhUu6}wb!AMMXT(z)IgXL!-{gpiyR_CV>SRHdmKTI(cwj#4M(e}MmX*? zP1mSco@$7manv3KpHbb3;E)OY4V{hZbuDUz9x}`p{VyH49H`*AVODI>)o2i?geQ-; zva+)G_w`GO*&1v;1#}lzv#@YV@8GM3qf`I9J32@<86YWxFhf7mgqj?DHKyGMJGWk+ z4rLZ6z=;~KOsciC6vffps%toy_oZ;6ie!i!K-}&M$p|~ znC!$>lqbG)W1yz6I5_FO=Fx8ul^A?|S=?p)F5ioSGKvF3nBjblFF}5}H{+YH%laaU zLqNipN2a&0Cw=SijUKb^Irz>dnRcis-iFtg@9dLPBDcw3g33 z3_GnxsL*x~6&)kqbDM?}_re?m#v#YxVCW7>DqvB8s+xl>`#pX%#>E+$jlA_@5&{51 zY9VarwSu4ybo*|#0BR3L!|#;vFNzfQ1KN}+)sZzIarnR@&*h_%{*At4Y8aPgYr28hAoTk|bIQ6EN5lR62k_h|wP@|(&YPy7xnaFiK^%qK zQ(9{aTy0`vkc8g-44yw1h}-J}mMjw!u)=j=Zf?!akAdm~)2hu-PkwKY?LcxW4!HK? z$OXjF+~2PHr0VjzZVq@NZn-xQqy2(OL{zkbSdrRiey=2!Z*Z0xKahCi%%W2bol8}6 z)=?7L6lRFZa~>8Vsqx{r&a&`bI{xihh}p6N(+o%|()J+qYgu z(@6!V%`R2nRMovErp?`LInP0eB+6>X6-&RR>w91o@%;Sa+X&o1tGy~f`1Y;ldHGN* z?Gl+;Z_fZO{9vg3d`Y+AJGG2r7OnNberHy3arPt7ICR9-y|-~Y6{a{f z2mDLo&!5M=(?e;Y4~ioWiOWAUZobzeb0f&PQh4%yQItklE}<{uw=Fv@H*wYY?sNov zw6yFT=u}Ao`_?(<=4N3&9q6}9?vju`%ls1wt>$*Q0Ue4vKj+o{e#zj<1F;1>QBl6* zaUDoZF0l-F+@+&~rg+9o#>Yp3ZjnIIO67GFm|I4@mvAXs{gt#dX|md3a7?XGnZoO} z_e!tS(v5=#4^TrZMWOfvaAN}2661EVZnk>!p%_bdBbr8f2sJCT(&|q5Txdx#Q*Hr5CS- z6L)YL694t3;Vn3Ppn~9HI`T-bIMksy{iYoQFhT6GFJ` zx4`>t2&FbpQ{E&l&Y}2ps+h#E+lm?&_}@VbPLsVDyzpU0sTGoRTI+RF8FsyjD&1z- zE4~5xOZ>71x+JKteKH(q^x`{@sOhIE-5-`VP}s=NRloy6#j;E}QHG>iABghZEtfBa zF8XJYtJinZ7n*9E1&eH*7y&#~$i(ZPU#Orb%Hgru@uO{3M-@gb>>NCrZk48=I{{$h_=pJWfbhbj_16_pNOGbnl24RM&BvU#3G|ROp z_QDb}y1HCZa-?sDV&R4`NP~+wwyp(Ro)%k|rKm`~HwrEuv|@LVHbGBMR!1{zaf7$+ z#o$V%5Bc~R@>OEr{!e*y_|OtfGUDav*bJ;~SU7?F=Zc;&3zebo=<))J<~#I~K~+eh zMq{M}LF$@S&4w8y{2McL_FYc-Pb^<@&xC09__XiQYvUg#XOxM2Ki8Yj?#&I$YN!bB zYxmUUqjp#6O_ECme`{stmfQHDrv+VXVbq!Fd&M>aKe>>=fKo~5AIiHqv3+zX;ZH^N zu6&oWZiD~VJ1ySGG)hs?(cCdFHZNUkgLEUeMkO??0KLmh9Gm>CG-9ZU56?NVVIs=p$+|hoz~hiB$=N z?ufIR+vebygfn|3Xm!-dv%LN?QtTl2+3r<($vJ4Vi2`(zTKId@t z`hwiLI-119#J*_J=NKF&mp$At^l6hOYNGzR!e517LWeX@W0+h7r-Eu1Udk1aRR-i0 zvW-CU$|&>e?^ixrVP+lEc+ey2xyF3Swf^Mx(Yn}i0^p0+8Yz_P*9eiA2QXf{;FK3E7kxjZ>n*2 z`y+wkNNt1)$6L__fNqY(qF8Hct#i=bfk=GR%ejCN*_aX(($v+ILz|$G?O@G?vGAX* zCUJUX7MaN$9+@qn_iOwK`Vp@NVtWkLeQkW46bucR#m(GaS#475^N{A8CyxF3S2WNk zPzXFv!f8}R;mTKeoVgEan5AGq>)O@+Nk~u5n(}ECMvt>r?!4H5->Ny_E3pXN(yT=c z={VI4dw3F`62g)y2Nzc0e#j(l1sf$yGOrP0+{4L99fpo5MV6z*HavZ9vzO2r>Y4Jj z`^IXS&?B3)l7Y)>CfKNHiwg>!bO7p+x4UAu&eq!DspA>|ZL!|7d^EYVmUOzrluho< z*`|b6+6acaWaqYD*|x)Lme-g_MSB|QxVi$u3%g&K#_Rs6sZ{S^lH0Z-Dk@O(!uVu`Gi|?99y6bP%MGZ4kP7MY0|QA+zdnFuE{zwB+7E-$wC}P=YPvYBpS@ zjFyuX+hc;Cf@NeSj!UumscnR~ecE+iJ)(a>MQ4wZ?7|fI4@|u z=Yeh9k7M0$DR9)aLAbx$}zN=G7$#Kn9vO{pTH_gfL$jLa)COL8KbC}=9tAd z2%Wv@nidii)`a$=T7@-rUZz#u4u}d^EwG^)R&7gY%_Nlm9O<#Qv_)sqQ&cv2!QxQX zP;b+}g^0lTcIx46(rtWp@;!wD@mAf4f`h<3G5M^LvdVEy+NW>-n4TFIclMIv^bq9k z1mcDPt=w(8dxn-V28V_~C&WZZpZoSJJk{fN|Fe^zz#(_^O2SsZ{Fioc`N9F!u89P~ z^Due^XFZXZ)!HYn8aFr>o3}hcLf7tZQEH%2#WA31!^;>gHm#X*Sv?Rb9R^KU2=aNJ z{(C~#0H#y+*Gf2I9CE?v+khXrER@6CnV2J`K@D%nIJO($j&M7M`*;*=??!B@QjJb~C466D+=iD|6Z#rbbw%^~@J zVu3A(G#`gzBBb~6^jVF%$dwsBUyFiLiXZlQ&gk@uS{^ zm#}*(vBB??kk!zM4A>nfuksymMHnNQKIz9hysBi>?p%GPOv}DYYA%_eWKFwQH>Mqe4s3RAR}wf#6Q9n zlyQPjGUbt7w?nrz1d?3fA!9+hm?K_to@TySzGJibn$&?9B5hl3w6W)e zKh(PO`7WU+On%NOU!z+*C|RM7kJ+n|D=})MpdMDp&2A*Ko)KI1vEcLJi&*)#u=25A z&Bw#x1YqJA&{;kkOG~W}j-PR$!QptTY)xCo>DHC%i&a?41}B?tPrPEu(-;16nkk*G zf=3vq_2LJ$VjWj+5An>b@#k#rzvxMWsUf|)q;XpkU!qI-xO z+?7agBMm8-f6198L_dbcxMC}cUy>D0>gzvuS+_F2=3Qa#tRWSNR@eu%0J{YbO+QPR znprP93g86RV0VwB>nQ#Sp9p)=XMHxqrP|$d^QV)#m2gPye@GX3SBCfEJOE;V6A%`9 z?ZugX#6^LOz4SP~X#Em#?9z>Qe;qhOwR&BdtE8gh$JBEgO@#aa7Uk_QdqW@d5PEd2 zvM8~6SZ3NNqZAEi^12BmaCdi{=(%WcUH?v4d(SI~YCV$vQe|sw=TZJdxK>aHqIBX5 z_Y7S`=FSlSVjJVV%^w2}=4#IjZjNsfVDF@kBy!Ro8{*P0cc^v@`J&sm~ll?P0LwWF)itQPCg<=TWjF zM=|mdX_9K8lPQ%@J2b6dH-u;QVD@+M)3)Xzi-H0#-=y~zL;_%HnN|YjA@1pz_{qM9 z>0eQoNH;O+Gr)K3ZN6V+DI*@dVL5P^0LvJmOd~fV~+9*F&h#vk0+ zs26o@8ST=;^D>dycD8XFze|@CSU-tY#5~p4vdKh&tgp_q`Sl^_&VxQ8?PG+54T0oT ze~J`XEKSb8WSI))lS+cKsG6Of4{^6mB+Qo%P7D%bQO`nw5d%hbjDnbkxkWr!>DGKG ze_>C!cuhR_8cBoQhAA8v0O;AZS!I+*URG`n+4QwwVsL;%w{^15-xI1_%r;C3xe5sq zkoN1FTlFo8=-zxhrWKH|xS`r=n8(DZ&2A&3S(Mb&Hwuq9ECv-8#BLh>d8elxbmN|J z{Hm2Au^+`D{Z|T~HeQe`S|JY>`FH>-i|&s`Ms&4;`4ll#G~d5kuZsHM4)yMDitWOV z;FhE5Qdo9|WD(p%vgviiWoeh$C1rFc)`#ZyIYH@eY=6*b$O7OMZVfMNO^7|psvr-i zF@#9F6=!R-!~TgM@IY@(DkM7K)i2xLR0LfENn+HmbQ|L+HW}Rj)E19)xk!~T5;ImH zm953tB{3%Ky}Yfr(Cw|S21yMj{+4(gvM1SZ<^{{Gc6Oi`>i8BrjazL>ETjoh)48i6vF^MW2<`(Zo}(TS-s7{h2wvUYk>uVXU2#72V-IgI1u^kWB= z0)ab476a$04T;7P3m`p5W`9MitOaVyw)_<)=)W^n|p(IZq+>UvWE%KtrM!WXHYi$6c04um1v9<(xQHX5v82J{Y(Sa zS~R+Rd+S7Z>WF)MMV^!B{Q)z8_?;7fbG7ISfNPO|uZVYJZK3~+?#@&Mrpu9xb0%i! zj_h7oD^m8TIBfC|(wJRp%yeHdw`Sth9u@)&H#QC-uifaFhjaB5eSMe7U8|GQng{;E zV+``K)O`Hev_ba|e&_+~W-$c!?8npvfl}HLkF{L*?VjhoX0@>$AZrn=HSky*anMRQ z-zdL0;^${#A=)6dBY3XZ?GQ=r6)+9V{c&JXC?#PzxO z-%+Jh63=!9Fr0qmdIOuo!Jr09^e6vdycFh)smabSjsDSFayV$@QVAdqK%;Qtw0>_i z_Wg)Jk>iDp-KmDZs)&zQc2JC{!vr>ky&dSLr@3&mrz)A)scT#I`^Xs}t#fo18#JeD z!yO%3-AelWo4ieY9=I)+6grEKr^2qNYRb8op_lWc1;2jeAQTeMJ?LPS{njvge8W(|5&uvFQ_Up2(rjnqY z6%$B)Ro#Nd_W^7`RM}#8M=CfyvpTxw%{w+8njJ5NYgH~+SwctZi4R6rc>^oV8Im}U zgJXhd)1vKa66iwHN~x?wc;0?C;i4-C;#N~mxCn9+Y^D;WY&$?=^clyN^l;k$idT9q zNpKq05aKKzm^T~{Mo}BaZS?klc+vLuc+vy^{fEZW-41qp5%crI)AvuL#rT?)6-zX! z5vw`iH`S_@+x~P}_dg7jy)IWhGrC$4E#GnuC(h>P#9i1Ey}5bd>TEn>w%(fD z2^|fKXu-MjgH^fYp8Ac$HoIK-434yBd8|zami3uCg2gEA>B-#<#}Ws&YAN6M!jR zZTTnR=wT8eHJ7SE1@>?9D0Xa$5JUu*JzZ)^8!!3BNsD-$tUiqD(Bb%slhZV(Mcw*f zH~ z`Lie|XT?Bek6rnDiuT=@Xd!trLsUiyAKOh~VuCr+&;GKfFq-vd>W%ly*A&R_hVxHw z4=q>BONkbDQWk~VQFG^UH}D)zk#5Y6oz{y*7ySW}`SDlgY;Wb)q4F95Z8!B0t z*l}P=n3yYC4n2gCpN|^vv#v#mc;m5%pa-jx410oBZzBy; z{pe7f;R+K^GWpM?Ze7d3(Kx-blZR%!06ni)am`ik`RkZg8=e-fyv$h-F;t5p)DsW^ zk>4HnxW%8Uo663cLWvr{COE!&3a6)v#ff<OSo{XwmAYZkyi$I=i?vx?B9G<@WVUw5-20~859w8^^yCNRUM7nd?Pk1e{ zW<+e0F&uaqJ@_u<4W&EHtQfm;oZk4CLTY!Co+>|y9=%MjuLiLN-(S}KzQ2w_NRg|j zH&MPQDtTE6lXbazknNIcLRB=CU{1EObt& z`Wrx9hOB!c^`Yi03WhGVhE$|{G)|Ew-#YVTNIqOZm3GomXZ|Ivv)rD-&I(iDU_HsQ!Ugxb;sDx9P6i)*QDnIh+#JWq$ouNq9=iZ4)579lXpA!H6K?a)&##4W zYH%W?1q+eK!LG>{t(Ft$ z3{f|;V~7Z71Yu74@}%&$r4p|wBD~tvPFL={dyTw-IOWW*AsE4@GXphL13Gl42~6x7 z`iat~U@ZfdN&WP|Qz??qv-{an8-KBHav=dE7QJ6HGr0xpZdS5h{5npnX1>l{dhf^Q z@$JXR&3Zz{bSlhIotqgENb(NlSr7qZSQ|Hbq1@4wKv3u1$sEIu=5l$bCW4jV?nKRS%~4eVVMuuGjnMxzJG8XxbU)bi^GR7)GAMm5u0acfpxmPGd#a*iy{hhWIIP2RRhrw{mwG43D`&cS5Z?1d8H>iG3gaoD%IGKwcTx z80nJR2rg+Ivfq+5Q^e`%p>}=flpk~#3M-4H6Q&d4+F&@H+Z^1h^6&I0NeW{*|2%`( zZjny%POI{v0#@v!mZks3G1B(8Sr`f$$&VIk7+2}juiord_Ibx);V+R7F`TU%z4peugKhd?50PYGzIf2fHPhX(6d2;iA><2n*F%3ZE5+$>u3u zCQ>)++O3Xxcf+yjeu7G+A`@*t_FCX*43odI=0yQUNG-X+n zlHY+;Gu(7RrHu@N2ga^TGZ<-(oS+W1QD%FB6`Epau+x{s<~d*fm4OQ z7gq;??=<(9$~L~sbdeC`&ucu=scfg!XIVH0v#ze8*?TIpBL-180VtSFK3HmXWG)%? zFWZvuAz+D>&i7uksj|o=oS)pLop7N#-YHrtjDOK(mjYc0WHQ4&vs`l9dOlM6kOxi;wJ*S;hiQ)SKO9@i65l_F>bb{ebQLY4|?`c@^bxfsq zXUu@Uo0wA>8M=<4ZY)oyWf?g+ktYsfP^pnH1AtXA;v?PRAuack@KK2Kwh~fNdGX+h zcKh!5ce9LLe50v*sKmS)zK2UiJ*ieey0|adDh#o5u<^Fw)R)a8-R{@B<&I~1Nn{n3 zg2Y;X_H1mc-I2x(qWO@>AoI>WyM63OTJs->B>S_+P(W~GCcesz>dUzs7U?6E?4P+< zU@$SrBz-JL3P~q`?e$_+iVw?MAZAb zsVVCHmh<4q{72;Ho7*V7P0u_*b7z|S#!+E<)?&o6O5)%C?%t7}{((&_gtyTt-$~_e zHSOR&UQA+bel~l{R=dJUlTS&yGfc|YU)(5aIE<6ir7DchKCOHN&%r6(u1H!M!>^^2 zhiKlgbJoiwAY3uqtefUEy&Wc6lOBJ+hD=y$Oe5O>M+F9y8V7fMGm z&-{_~W;U?*HtLNdBzMW>2$*UcR9b)fTQW!QtL4X$y1UftlWu80l3rSR0gml<3bx+P z?GPAjX1h17LS2C(yox}IU}Q_%ETHAY<1;X|&W--BInBQu>f73gz@J;_)sgW*$8Xv} zS(R~~jSUSH>N$*xTr(#wCr48)CfrhC@;KXIM3YeGm9wSj6;Q$ODmkJa8Kdj;hV^yV z`l+R~*RY4;r%xoA5|N$o7k3aJ=kbr5j%SUgB7vF5J~i8VY)jln(LX8Xo@lo&AqsSH zJD$5aF2so06bg9Xw$*xCiv4&R`PId_YKbc&FDj&a^Ud)4uBpETz^XOO@v0~dJ-x8W zhPz`oUP#OZ3Q3aw%39eRuP~rD(svirpoyaG3K4Il6;?3M-qqc0e$({1;qEo0)F`U+ z05{!KikyrkN#wKSbMMB+gOP4 z1|CTAY~a$#MHXP{L6!8A$wOfMs^AvHSF9(9q;CIqcVHgpE$ zQ)vP+F_k({H81q*)6q*JFf*g5&snPGf9L1BaVTYF>X8x`Z0GPjnIx^)9H+0S8hnoDh`Zz=b#Zag+Gu75Lz@10zP zTJqF9F3x7vGG}3MS>_!a`!khD3jz%7*heSFLzi~%`hF$6HRK8_DMN{=Wd^RhId=7#YFhx`G(2WkW&uQEhlgpWDd|Rx@l94GS7MQ9>$c`#IeN zY`P<_SeF$Z5GcuRcQkFh_7IsW-fNn^lBFtJIc9wpl&rccLJJdVB5a%p3djZ>gnXvO{dSstHvupl>mpKxf8HuWL(X2WAQ5dIuHC~sh3ezB^nKBI|P<5 zG$Jr6sj9`a>zBK?wXas3!NRNVkjneHE2ERzF*ZN&rg&|_Q6Bo53+mK$HzeGb!`_>3# z#@QCv*m)w?yG|NHPq5*$u%Jw3V*6_-v@)NIyEpRKrI+7kBt5wQ8!Mt4jQ={Z|5$Lk zXR=6pwbhBEi@6B6=kZd$kxgX#5%aye(~6-MGo6=DM;vXqz2~8#Qv*HC;UQ6`ZZK0? z2_N|MinlTaa&E^aT#^o>?R_5qEiuTK{K~wpn(H)*zXCo_IKiU!B_HXaGxHGyfne3l zxn5WtvphO`gWWMy^q0fRSsW1C>-B4Al}4e)1IsqFJu^*;$8%kd*M|FVq_S#cc{6W@ z{z`#wtxkn)D4ZdXm~U&+e*@p}CoTWj(5!lV)h@xt7@WA)Uh}Xw^yy!unjZwj~Mkz-g*xtMGE|rC0zI~%Z8b>`x9_8gdEWWJO%QP}5$NuV7d-|OE{V+H7+K75VuPj3qG|zE%Ip-rAmN5?(5g6^BN_G zi>lDvA=A7r$uE`h3|pMi5q6r)GFy!Z4I^rMj|2Ih+-Mngyxx5A_=L=unvIWn)>doN zkwY#OhB3|AFrv#HzSF92m1F&M)R%V*OdL3D{Y8BPs)&=%YNIoHckv}Cdn;Fk6BAP* zsrjsexYMi6w$!{<1A0)+Wf)JvpN`}SPm93~t`uG{(2!*+QHZs*fkxjE1DzyR3g1U(X2SC!jT%!N%(PYp=zc=ZFlnoM>6=id8;On<-jZaU0sUsVy=2F*&Pi$d-CJp0i56VY3QnXR8RAE!C zgO-c85HM(e={fVaX;s^LmR%-x{#h`ahhoOCguwB#kZbYnx8(f_DKjBz6iVd3jQW2r z(K$g*woaWa6+5+eM*KP4B|J^eM?b$z?A!ljGB0u1LNyfrsXksVPoI)T6(Z*|V+nWf z{}+xpJ08Ir#)OY`Jok;PCh(xrtNp*7szrqZ@zBqa3=*Xp%=V^e4 zhqrTdq)$`zUp3zm9-%Kv=-HW@za@P9b9%n3{mIiax3!g4Qc^N%{+~)G`@vAlad960 zB&>h>db+%3D4f_iVl4BE2AL9@o0>uciMP-N{u%k6iUFK@J{%3T{I9C7mV`_N6T_*I zt*xy)2L~kMx2_?n|MU_N6IZEn+gw;y_5?pOMgFe_R_tdsmYEMZxw*0pSfYTGf5u&# z!K6gy)pI+&Mt30(( zIQaSX%?(x$KMWXP@B#N<>yhj=2Bf1aEfGw*iMgYqrhcOB{WJe-A(Iy!_h_o(kA4%bdN@&wkV*4UQz zmOi@#Fd;r{(6W#zrFcG$({U!QFe?arFg^;Lf>Y6Tic0 zS8G%JwV||Qs&SvHq7iTuR0#4|qz!*xHV=4KNVj?6DDsjm3+Z!d1~2742d7BK+#?1I_8u~?jL zyieh`cdv@g}b~{F&O#n?I?LNW%SqW&uAEW zS-X;wiTM#qPh+Ia^$-Na9yb=AJVmdR5v(Xq=?mcX5bh_4OUJL;oTu{#HXaB_?y4!SOAc2b9hfs zc;WLmQ*6<6`P{fZ_>jt}%OTjh@LN4*bmo1>x=?1JgP$Qe&ZW#hP~Yl`(HGqmK+N6( z6h^$@8zH7-J}Yya*P!_a>oxq?g@Pr&#ABaRMDP6K^?`Mi;9}lTwH=K;l{hVg#5tRjpOQX6#f%2wk>goEtM7*&We26 zJ=xxeI%x}jSGlXkZ%gfbzgE8@i;aCCZY++s#M6xarnlJrcqVvujyG0G-hvoeczXO> zA-46CO!H)fvT{LL>s8~^EIjXta5DhQd%5g7nlN$#r6GsVlw~ z&J;=~uE1l}#M~UCjlrS)hr2L*<-?i5%`y)+#@&S8^8DIR->P>T))WR})eCsIsx^ET zqpkMl4)&>_-um8&v+hKTK+(+wHl1;Y&L~f8twO?_n61;yj~t102+12;V!a& z4y;SKa*v&u2N5p!6Qov?W&oaA85K=g_jR-UPA&Dab^k3KMq%Oa9_0*q5p)NbJaQK$ z&gf-Yj`$;7#=x=|^`!{wF~!Z`2JwbZ8;!l{uF&UI<`kZwq?DA! zq>@4GEWH3S>2;}w;c-Opc?O!&h%I;k6jjHTO)wKSE~619<`O?3&o zJ!J@KrUp+pCwvh%=FXQ===GU>iqe?Ao;p)aUFy;V%%;7En|BGKw-$HZQR2iK>G*-b zPO<)Eq8yeo{h7KON=7)bfv&H6ik+9Y844;ux#7AnjEuZ={b|q6bT~GQkF(|dzN~`-8z!ClM;#rVPRYIV@pKmB zG2Pw}457ZC9J^n@DAjfUM$8TX4emDg^*J7B778{LhHBYd3o9?atH47A3($a9MX0>= zu^CbRTydPKv%cz{QY7XbrOT*0-xzks;SCK99JjP6{|PtN zf%V1!ClYpNBL0_YXJ@PC(x3qku3uFa&gzl@O<7#ZXIvj=zXCHY4}NA+F{QI(Zf$Y% zNT%g~V8MeP$>70TVrlD^^x(lq7?Z16^*-mJWCRA_UP}V>EKT91X1`+dIHF>f@rA5; ze^E3R*Z23vWL0eMPP|wb7S(``udBAXlqc)3HcNQ@RNlvum2LQr@^10mk-29l7)|f2 z7Psive$MXz1-Vo>r0&#}8EdXYByNY#+$je~dyc8s^#k%T<1JTu z=BB*^(&;I@1Q3D!QeCODPoGa>ys%0u=(|v%+1Uw%OBcQHaTWT7h38=tgoh?chr2IC zDH6F|V2#F75tWoMBvW`%&?u#U&X$S>l^wiWGPik4@3$097hHTzvf2E z1AQzpa#5*s#CTopN_1MHAQXn*z!wDF{Rd`V>dm*Qk6_fdVWAyKqTh%DM>Lb2yGxBL zN~h|q5Z36FtJ*zBXX^IAF!D^ckCpgesA9c^4d@~mGGM=Uf1Z-0>a31~@@$v8%cZ)N z>)r0b1O*;YA#HAvmJpp>Rga7sb~`_Dng%^jNU_$`z-|vY?;u?<5p~YEFu|rQ-sO2C z#>VB7QsjIjNYeu2UcoQNQk+sx1U~?&(dw(--me7*W>h`ltB%+#3Pk;fjbtfiw6 zl*(ZQo$w?dI^#1MvlnDjZOpwAsh;_5if*@6VsypXoV+pwj3k-Lm2Vh2k~95v!)ijS zP_|5S&Ieo73~l~p{WQ6lUw43|Sfn#fEc|b-_yEikVQnRXB~`reEg{X7{qTymN9*ZWeHA^iqEX-ufk_QvDsd^R>V9i6_=>)&)q|Gw}U zRl;K;L1Uuk1H9W|YwNRju1|}-pS?QiKWQ{S`Qts+Uc>V~-IbQ7zZ!EjHcXBb49=jeaT7$9-MA!XTQq6mM$ZJJwaa6aKK z*8;ci>a8{g%4hFSj~F(Z?B1%+G)O0xSA+Z1sbTG_qtTz<1=hQ4E?ZOTZ@z|x;0pNR z4Qo&L>lUYDeE1b8zUM$fqYKUdaK(|>e4QyfMMd97qvGJsw)zRr8Zo?CAvrXyd|fY~ zjg1hKgZA5Q?0&w`+Y>{U`K~v7@16>}v7q5dLZ$7hFT2a64DRrx`)auv?}Bxpb)Ssy zd@_X4>9qO0^~PZyi|S@+@HoYxuBc#oCH)uVo};Om88Q)S9v&Xx+v`ggl7TfY*yZc2 z#j^+``JZ}|DH(itaQK4UoYB1=UQ}$fJU^5PppcP`S{ULbgi4 z@rBCpzreL%mZN{e?Il;;<3wYT(y}f1Mul2P7tzgI8>wq{1{=+bx5Z-i9hS+dPqh$l znWRPNRi~2tf!YUTaZ&{*B{V35Hw+r>m~IkEy-4@2==VgTgJ5BQa~BveG|fg5#zQ(r z9Kx6b<9cU;;^JaIMeGCy9n6**I4pYI{joGKIS_(t4fW3&|1C!U6aZUVTPHZff@1Py zM($5A`3Fmzb{4ylduqzK!?=#xpDGm4nUiUMRn9%Kn5Z_9WVd*S7fIb?{hpg+uc-z( zIymH1c)c@(A+CJgl3}c}6BV+hQ&(4?R7?*e)t+XQT8FA<4!{|HBG^G0M)AL77PGsi zbARZ?<}Bw9514bTslDJ=_b=p1r_X8D@Z7$_!ZD%lO*=8d7LY>Y850mhOKF~)Ga}>V z4Q9&lg1$==umqSV@(>HLw%l0tXfFrKys|>sClF$MbM9g0h*uibvTYZmLN%fK-oxA) z3ErV$$NBs1Zr{FNZZPg@n1F5-&{N**!*@IL_3!DELu^^DZSR#SxEDZKsX4c|h(8=1 zvr6`VM~XS1ef$C+=!JMOQ*yOG-k>Y%kUHj)E5m$!7tiWB0!(Pwm) zu;T!dc(-B{_W>9knc3dxW>bshj4BswK{;3aAAMf$>8=)o=q(ADC7^e&u9+2Ds5ww* z+ulAFQ``oj44&CfuT%H=qOILu55t__!vGiE_MF2qvO-@}^e0xQ13l{ml8a$0`-eYe zNU?YHm0T8@r2~`jhG~q-8#n+>52og9&vgsi)fY6Xj@0RTmDg`y#JHdvjpG8*7t_|Yla#F5;7Ti<&L0}n zkEFl2w92`G)lW-I`;2Sk{;E=FlBhc$t-$GWj6BD1;Ro8omYl8a8ig0l@wE(Use{Y# zx<#ldU8%eqP~#0|=n_nTuScTq@M8jI8E*!qJt1wbEGlp|ne(xqEJnILkmBLBZsDh< zmH2?r^7U?~MlI4}7TTRy@bO149`?64>P}L#_rQVT@U$B4VJ}bij$&75Z zT}yoZ(KK=5q;EevJr(yv^g$`)GfGB+-`DZo#ve9pdoT)R(B|!w{ZRCS0;S)icv~5dALBRLbZy*!TzHUzO37N1VK~ zA}ADV)F#3-6PCoStCDjyv zv@f02JKPE86s_bCun8b2klTf=F5g%`~dHOa=M`v<&fG#ihX&Cx(a&axB?iTSnJW)vx zSu4%rWsjoHGbd`ep{y0HwOfI?l7C4{vATJm%l1ba8N(8gdiQA~}F>Zayq((y>~SB#pO(V)qgu4QX`4|6GZGSY~H%v|Z1w z5F_cHeB!!4X~6@3EPR;Epsqt3Ogw*hCFkB2%Je#Y*0=*i{`=## z<8#})7L8S5*Pj2KqA^-AZWbE@GyDjbe0Z9&`NUYjlo=T~+cY|Hy^#rG8bB7d7J?4SSa6Q9r8lVBRUN|mO2 z@2KeBtJP|w;^7@3<$^C{x*v&{ zpAC(pLc0f)Q-Bh!2Bk(|USIXm>BIQ;0Vt;dGddX8lunfX4fa|acbG1(;nYix6El*D zfX~&Bpyb%usEIJiw=R8>X%6>$dPnCF@;VoRNL!79+#?0H;J14%&4wQchP8Cob0QuY z*vG<$IiFK68pFB{`#9JcJQh7|bZSua)RaPgW#p6ipH##^`w`u(eS%p1)OH#v4wH1? z+KWJRY$lA2(q+5y4P(UxIYd0`4rRk0KbiX}IyF5I zLSwFzgX}%zgBoYM0sS*kZw}S=d!rQB4NrIOOA?QbJzgZwNYp5NPlW0;Ct@C2q`L@) z4w!c60m<sEHI>!{zbRu!!lrS&~ONxY~94OrQ(XJ4o za_T&O)D^UCpj@-%Zvne42g-lT#6qR#pNCk;WMin2}L0nP0mbI zVq4$f>*9gwpmo4br5K7osQ-SHz2r{@a$t>Kx zQ@5T{JvGMi(mK|!$SH;;AVJ|?1Uh-}L8(44WFNjC`B4BY4ZuN-VV0vT6Lm1G&0KnP zSvr(>eLx=BoTk62;Y6b!q*C6A8#QhZTNB|zK1xc+uTfGBsndJ$Ybrr z27gPuv!l*Az8vJ2-DG_A%f^*ItiU~@^}SyE!p!cq;eAIRkc%)k7@b@|+T&DsVG+Cg za=5+2VGzaOYcu+HPr@W`I9+BZxO8-+<>XG!AC5ISIVI2)$^M3w?MMVCmL_MX-Bf8G z{=!=?tp5bM78jlGq%y&BpAwiG&J~BIXX*4^w+4i zHf_g?#S-UU?YkkJ_LliC%7I#?G>5EM;vLtJK$pxnYS%@`lWO-Ch?g!%E9-TIhogjv zw^*%D)u9{dYtd3SrxEO|Z1tN(%;T3EKN;h*9xp+y4X=V;M6Szlpb<%E9j_Zc)G2$v z(36a@dESA#9F4-|yB|9*tT;5l?qq9q;N9gJe3)ite$LW%(Rh6dx%2N;2;M8`h!6u2(B4-7wOI%S21 zUo^V<9xv!^yV?!CFGd_jPNfhwRvE8$UmIdjbbsOJH?}|&Tk>hsW_PkcNf53Kr>f#6XPlYyiKSc7kmOlII>v=gkIaFOZAQ0sI-80sob{&xasgHUDm@5nc z9CP#8@|tks?cbgaRUq3I6ufVoN}?61#9V{1J#A;P-7-ITt!NYTQeb|a?3lwDRE^-S zMZc@ImsMB~%7?Cq;PfiYu zu$*SUe37WC6kN)93;PwxFZ6Kc6$$JAEm2<0Y`t@JN}izs|Q{kxRk%6)UXuwT&?7 zGREe0!m3og4&J=}q_^8ov&KQddT#AfAo!-__H#*-w)TWl2wb3}{*j)J1erd1|9bCO zI4#I(Sey4NgJ?!}#?V5^LbE45Yk_3f0@F5=TLdK-*96?R453I#NXr=0ZV6Wa=l5z= z+w2f-37bF330Lb=gD0PpORi9CPT$RyYlhIdMG(`M;I}fca-P>txH}3Q*~2JX zuS6_ICmk5r^QaQ|ZoAC^*OQtHt$!<*zMt6@-`I$#U9fvaAuGG&lK6zwwO2cg919SV zQp1!6-ME(vd=b}xqfZm?&-;!^oKuK;5W6)p$yYg@67m(uA4u$Gt={qj1`)b{yXzum zp~m37PxjOV*R#!O#g~mi57qV;DiPG)m9~x}>|x)NUe!|*AH#m($)#nVTKf@@!93)Q zBX9dU`R_?i&u7+SQ>XoMJGp~A=c#wTCd=Zxpe!S5iHXf#Mc*&JV%ct8BgC@9i|XC|VE@d& zL*rbHIW_;HTu5409GD+7DUJC| z){2{PM%~+PN#ASiHWVe>F{Hy9e{@KUrb7B;`&s_`@Mpb>#s|&xj9^l6VL5qXF+(*d zdi;gRR=3+u1~LRTRGeJHq)&(;B2u*<+4PylG(CcT6`M)WT-lz?s42z<%POb^lwcu( zZf-YvilDosAnFSDvwN16%ooVEnEi;=LBBq@vun2dq0VM@G z&zNsv-p5>gUQopWH(x5{y%xB5FOlls`KrKZyebFoo$-e1uD0|bu6ySDN8$T7E~dj< z(-MH0`;KUY&`mQS%}!MM^^3FQbd8{mStGKNy8GR`y@lT!%@^B@jw7mI$MNnCL8QB1 zA&gVnC#9qPM%Fxqk|`evfZtU$QiL^Tu{#@kFG29Pq}!XK3wWl$fMiVklTy9Xl7QdE z+?;kSh?XG_1iH(&=Udv?rd3Q*Ngog_rHIFC{jV@%=PN^>guE7xWc;$82o)s)FZoqO zQvDnIoDzRK;QKSXkZhC`)a&-$>F6)MR@+>h_gn{WgWOd`b;K`xrF>yj9U zjYNa>yN%0zDi6pSC;2 zTgFAWS09JaK;W%=q#FZnY`9_E8Iy6!hs4Zk;IAPPH_N@kOo4|mc>C;8&@42{rp9TlvtdW}#N z79UV)EVw9@q`-3>O%Lsr-*gccCMc#AEi5b)3@_EbXDl}yCP#g+qi1rXM@z4^1F2G# zSeyK8XhOx<-9=Uk@o$+Jdd$63$Xxe!P`;FY)#G`QhY{RYXE)Usikm!b+OEJ8W%}@Z*XqOp#JIJ0GW2&*HY zrmiMOU?0`Oq0KjaxqLr-_k5aBjv&<3K7x-W9zw>d>l#K!@7Tb>;;u2$?khxYZ8-KZ za(DM4E|JGQv6VOo2&~i@Aa?gkAf0J@;G4^6iZ~3wbdlcVXNqr1+GL0UTyPf1n8-YvEdzc*_UtQ z#OYxuY$K@<>-tu@E00!YOGvl1iO<*}H{(_#Q%_}b zOz}YdkHE%rfj2b640j)SE8Mq>NS~guu|j4xQ7(|1Idx=y00JCagpFY?!&zP0?`y8AurN3GRBlHiU=Lm9X!Fz{T;TcjuAw{J z5E3N5lKDC+zHo~52-t<__d2qZd_Epu@O*$-Y8d2Mh?v!$OEhD`N+LbY!1!f#KP<%W-#ho5BSI0B32ua0)K=BY9+0-lk4suVI=8hyntiEWJT(kmJA78*GpLAx z-;Nr3I|epH_Wwscwk7rDU(z5SG}4>nXFo(P0r*9mz=t(EkeEwV{);3yt{3ZDlso{% z>YC$Mkt9iLgjla?M7ZeT{l&o3>Y42GASKn~Hj&&tI3yozN6HoD2baexUMq)8U|fE} zm@dePnnjDRb`@>mFS+yM^V$tEG^Bwi&@kA?f}>`<_a|3z%9z?y#2%ieiy|pjh-GSm z1q~=duggpenPPCnLst$CqXQ{^lVoYqRODnflA-3ihTso_H&0}5DvQj-eHY&erW^NG zXnWzNv>67s#&Dd~oXN9zI#_W7(ow@K(IP|uCj_3pr+WfkSXiAU~!lA-f* zM635b(q!CR9?vQ+LIAhJ4t^gB%E%xkn@uzQe!^);PVUcVCpg{1y-yEsm(Uw)m$2@G z>{Rt+!U&+cJpR;oNg+va#{p=L{n@uUw);J7x6rrT2h=iq$B%BB4B2#b)-kEe9A-o$ zVhHhs`s)OOXVe;`>-8D8N!u#8tr(PQYs(W>5atV(9%-&`8k^{}G)dd#ATjgxhB4SCH`|LLu5Jwqq#mSta#T>%o(>y_nF z;6bD?AuIx1SniiLc$JVmUt7M+*E1(IDqHyh0wUX-B zWTBIstTP5i?eBRcfp}L(;Cg3;`|hW!0_}im4xK?@MC}>eax8veYAqt9_{p*2#&2%q zYa*)@T$>E6|H?!^M}yuo);e%MPeWp8P{_;<^;eSo^mKG|l7G{fRVFndy%Fxc^z;XR z4AT9jlhI$|fTQsx|DmNUiItFZ7Dfd;j%-lNsToarHJ6S)K%6iNZ+MxWUvSwz(24`G z^hd7m*2SY)>6zfQFx69SgG_*BVo)ZIFGdMg#RZgG}6|_D+K3{4djSp zO_))f;srePNW|VV+}=(sJ@ccm#2Ro$uR54!oOkGN4H6O!?oxHs2(5h9(+LT{8y?y& z6^EDM0Ulq&2wA6mqFqU~xfYv|4T(&^9YF-0m=qwDi61%Fi3?v>tn z`0fyK%#*1#M+h?-ij5tX`7m<)>2j1dFWB(u@2G$n#9xv8mND+I<_aqzQ?I`eLwt;c zfJ%-b0BqV38Mgk4*$B>2s8UiAa~0ykg6~|(P_G>wv+G+4T930Unp-~9ibo2yn4*Q` zOMV$U^J1VnG!_BKOgIUNj$Uy{;R)#h#w$gJz;9VU52Q)WAsSic)a$e!)>~(OVRDk7 z5#{^R8q`t)iL21J!7|Jz+;_?6LKBvB`V_6ef*!m~AL8e`DH%4c6I7aPNuS5-^g7nbA~n-QdX zYOxKBiOg%SfWDZ&6}F#J!EU~V`o{e;D&~l3ce!HIW@geisZ=E9Xv{Ll=&uW(%~X zJcsAyOCaI)SU`edV2huB=};YOul>+uhS@+US4^b`f2+6du42+`A(DK#=P{o54M$MP z3|X?qc%v&^Rutz?X@T5xApAGQJbwT?PPl5|N&&e}*53#g!SB1cH&o8TBq)UZ`vh^Z zpo|+&6CU2=>Xc8!6e@ZOc23tSf#}lG!0Qg0f#*Fj$%1Qz6+qx;(wL$-b0~UlW1FAz#I+TCFUrrKdsqszoBYj3YEVaxk(}EA3 zHv9dhOh&icvZ+Xc0rBCU>0BLq+r#m=4@fhUF&;v?w7xAw+qy2@> zN|b^Y*4yVORFCrk&4jzGC#}*1JqT~Ih*1aHOo3@#ny5HH4EyPY48I*EKu;}2e5U|R z+4FL5fPHtN{ccaD6HP zW_JucZZIxqXJnmDaJhT*e^h#M=gR*WFgPeI{CRzEyCahlFd`#>aai#3dRJi#nD^@( zlty(s2i=`%s zhkkOkeH(E-D3a`|!TED><9ogW!v;Ke7)Rv*Z1Z-a2YD9*(DRh^0m{HRGT?Ls((#WTY?h5M&MU%+rg3HPZHl|=A zGQKVIZY{$7ftB{fwru4Rfx8|8ce+piDx8%!0W2(n0Q-{m?Pt6o+yST1{Y%g4cmZiZ zUzl|dq`0K%O;^Cj-Ep6OXq&Sg`9hg{xYtX6tZZ%lk4XEJ;k)UsBN>L_YRk{E)BL}* z#+RZDJG#fP%^ASAl)1}4Oc0fqSEFPw8GN><*&6F!vmg{ohZl`^3PEEWpG_tZR>(A~ z{s@A+M5lw>Z_w>7`U&>ld#d#E<>-@Q?>gDhf8bY`((s3@)&x;Aq7GH4$i4Dxn6*Pv z<1plwV;={;&Gj-SvZLUtb5H0!^}CKT9oM8lp82~)E0^8B-+ZQNIFRy5&X0()*3c5g zz@z8)5xKtz_>0*`|84aB8BIfC#qG0GFr(Q56D3>iZ#+|ALZp|To{Eu8^tTVB$=D!@ zaBxC2uWZE1>MF~6c>V}p8n z{EWYikBK@VakN6oDJS~IhVj-oAaS_y$R?-w*MtFnI3V>_AznLX=hq-pe}$2dmJ-ja zfoavE8yFuIk+&k}M(2Q3+*3_=qKAsBm7*FPMSdKmrV$Qhws7Qp;VZ;aA))2N0MFq` zj1Gv!)oiNeR-ww763YLoo><7jR`A06cF7zatr8}!=e7gy$VMVS31ONo&QX?JAM{Aziv!*jV}A{IiPcptydQ>agEI&LYTu z42H{H=l`%esMC3(OJ&w1&h8U7?AAj$K{lHEO2FRm^$%@^fpR-3lf$$qv#1gF`=Rp z)yw*1$#;pF?#M2z*mG0~0&SDGOZeTcWuzVlp%$QkR}COL;QP5Z!Y~>3&b#)%FNm z)+>-sbgw073UEsc7MW&9Vb^CxX>*6qtk4K}3AJEyJQnfG-Hk{@+!572+4J~YL-Z_z zM@;|uI^e-gLKD_7L+R6GwxEY?B9y!4bz;jYvK=nY%!z5VS|%owqC!D?Q|jdJ-##~b z;5}3u5wEWiQm=c4HXsRzpleWiO;cRALSy;kINb^YFICPtF(Mv`puADND3^vvE)J~T zIhI}f9QIsPYPeux+z7;JsY&ZR;;1&zceW~udYb?9Ek13X!TygdfHTZ1U^mlX8}wZ7 zB^=+zFHa#Ya!i@=xqlgNYeII0f=tl;jeiOO0p;#@!NA0v*wp<+(Cg|M^2Kg~2`!C$ z&9zkwnk)RCD@$b$2NVKW8^od*SlVH6^)-=Q0gaFrDYLRE*aJrn@C@@<#n5TF>B>7) zDj)loRzmiY`AgD%`lDm@78_RG!}3fD#UkD6MnZWB6xbL9x9F%|pCi3Qje%wjeRZUPea9kle zzHQR1?Dd(=k#;G6|8EQ2f3zE>0I;=r)~m5eZk@jJd?V*^L@oz$T@i3 zd&G%g#O&{_y+Y65o@F-WsJ8Vhx)V{$N+;CRicGx!318rmO0OUP>7KL3=P~1uRZzE$ zNm#Zf6ys%uUH7pi_c0gLRw6SkEq!_buk*s0XJBO{|6`WwLpQiiU`kFlk^HVu`t{#s z`FP>lXJ>3&pilSbo!vWJd; ztQl!}K;Wh%PmmQx(|NUxXUJ=L5FC2Sjtyxa7_%w~=x5||lufe7bJe1tIA>>hL%+SA zeR>&x>*$ze?dfg-4;O3%l28KltDND&sX^};GzUndq@lLI@_)I#}wd^?RQ+* zZa@>a;x}^DB=iUu+pI*QH(BSM%Lun1!(ctmq=XPdm`Js>e$LdGFpT492A%YKYz$N; zTpdPt@>vpeER3wmOk`2fyr`Ku7#BUA-iElZxdY<^qK4sqt%PPO$_f!(*~}7TIYi`i zF+)*t>5(){M^^~R^SMNaQrN@CG{|&~jX`XT9j#t(PAkT)=gsSzuU^m4r=WfbHa1p6 zV_KTOJpk}Cz+cexG0S)pqXyeN&QLdS@^p54VE!{*-cHjR4{9M}g0BV=cF?ka3`Om# z{Je>>S2_PwjrQ5hx-(#ga^V-DZ&$pSg{0eu`hzD`^tS^pV3Ih^{MTY+TURFdo7&9$ zd>G*zwT7hF$e|{&PSx^~60DJ)fX7E;U?FhaMNPpTt$0{;VY?2635UGU+RAA6rm!L= zlje>v0>9b+5_S+NJ2Rtp@Q|OSVlnY>(b?H0Et|eVWms|i5nOaho0K#aLurpSqogQ| zJjO;UEVBO|Jq*VlhHc7|C*$VcdL?=bYF<$^ilina1S2)snSZwj4+v03BYqEh_!JZ&CN0MVJB7AkZzq7M;;-@dhcep&7(^xfj}No=AFP_UHZpWIuYjc^qcpCXq*m@gft~3 z#AEG&tIh5xJ8qxAe83l71E}J>n?f`dV)kq92ts~8VQ7zNZCT=-@AQ(9UB4A5ZI18d zL~=0&0nwj-Pjc<_uJv$bJPk0=3d`TqrSjUsH_NPhH%^N6>|Icqg1t%d*J?l`I0jgL zE4qa4-7o(+t{1OY+~5r#{7;?QE~dSxiutui6&)|6HR%Ewe1oKxd~Rk-A2IDOYlJQnc;qBe#ClD17O}?b zefmx^Dev;~tNx{BLjoD?!|FUoRtc~$6 zEyEVR`yg}LeKg2tArp>CXeZDgzUWD!wDbp*F1N{OlHs-m%Xlto3!-Vu}&|)hb(_ zX79lsCpNaV7?Rfx=dBO&WK|a*kE;ajJlS)rxKnl7F}}dK6k3{okrL%frQ;w?me*@> z_ow;+hS8RtUVLUKWKx5CZ1}tUMvI50d&Z!pWZMz| z(Zw$sfXn4OayBIaRt%&kA|-iJQN#B-QFeju=8N4in}vWQq-m0xgfq4u&U8H~ zc{6tQmb=J$^T&QJxajEk;MIsDlr*`JC2p80Ven;mFZet8>%D8OuT*8RS&ikmNeKy? z&#U4K4Gz%qu%Q!Eec`*XfE)GTqfU+uerq1on5n3=XdkujbEL$y5Z=%ya!S!iMIr&! zB^=vE`uvCL8gg3NP?T3vvA~D3&;Q+l;y;qqZdH1$`3|}r?pq3R;>yoxDoOXG^K4ek z`+41QbUMhMSWL6KoEd38JmfBkSB#%}XO&ELI3|FW;7)-IUFT@5Vr+p>=VsbA0hrHc^!JzK+#_Fh)u#GgLR7!Ud*y+B9w>9pPd5?;Ensnt-nWaJVUq368#) zz=B3R?ksP8vYEKUy$lTj_mDm%<>GcGjBTE0`F?7_3Wf+2j>^D*%m4;fTEBf+2_F+P zG(PMKd!uC>u){@MLO;9G6RSugpk)%J>hm z=$3=IUH4|@hR2QYvly36wKq3HDGtZccykynnq=`Q%PpD|dM`n;qmR+w)C4R%iWC7g z-OEbll=??XA?C!<=iKAg(7#9jH(|I6YkXYszL5o8!it3_n{D-dprx&S0$zX*`sB!X zJZQcp^-e`+{Bb)nr0K>%*a0l7<962+dbo1Ppi`MixZ{{fu!A4+j5QqE?K;BhXSTrk zeG)V-@GnRQ$MqK4|ASVMl6or&qL)abwUz#MWd8{T^#7;hB}wwa_df;_{{1!Z{OO(G z|MDmQ6x{#+{=j-f)##*B>>sE7$EP5V@>axu+zS5t8}2E@8!n}bjeQ4=_|AU+gSPfR zrbDe-E^ZLU;~(UUwz_{8{9pb$%l2AizCC${xPHA7$aw{K^WJ_J6oRD~|9B9s zMJ((~Z;KOUWuy!rR~P<2RGnp1n_aZ6t5Av+DK5n=xO;IZ4#lmwOK_*SI|K_*9Et{a z_u%dl+}-Wc@7#08xPS69<4xW@)}DLqXU_F~T73=taUPuE+9HUGf|5vQ)G;Q^bZLfNn zA#uc2=SDwNLc@tHA@+IwQaZxeJ1Ys4N=nU3hoM0}fv@UrL8}xWKfdz(nbVx)-?zM4 zPNc<`)m23SUA^Lpx09#Ode{OpvwGqGP7}d@@;)lyL5tO1^JTQvwBR*LMW4Z5-)ClL zUvgbruorR5f`Y_VZPf`?^%~>|wO%ytsQJts=8~wiKT$vUh!%dXT-cCCl(_rO5vsRNxggS zC;lU9nP>?kZS>Upe$9VDK;mn%_|UtrG@nLzBK*SG5oJ0Sl79 z)DkrTjO8Nq#cIl+@N5>eZg$d56C+_#&|@z5lcs^!Pl$je`9y3|{0jHK$e`Hrm(K`& z2nN-kPTPi79)4h!|IdFDqK9ugs%|6Hx$LEo&W901NvU3;Ph6S1T=*lr=U5E!tgu2u z@x%=-(>bT6h{)ROd{$%K*Nzp^p0Y+gb*Zqx@$Wr-SV@3r>&?Ci{TTs;XjPD!@f=g8 z_foWlzfOcDm&@>MkOOo1z6QO#CNzB-hjuM)#ty2eY^gW6a-b|nh{;-$;pM6Hw=^IK z)RD$y;szo+Z0F=w;6%zszM4>qxa!B}m;i$ftr;yQ#!g|>M!Lb$MC|+}L6I)Tz! zYU{cNB;8KuX68g4OJnUbZZjFp(Ig^i5~hNy@OwvlNqA6XD<1)4Y&Su1kCQj4O%LOX zFECAP zNDEg7;g`4>7k!d#3LsTP8H7R=m9+ih;*yH%>(vWyxwmM%-1ddF4#W38jdvfQ{uEizdA0buO+RRa0*Lg&`(;i z*A=9paiMKw|9V2Uu;`ZbCI~x((f04-jj2-^U)|oT#0+lkadsyr3VSGV$Ysgb>Qc}Z z|1w73>mQ%ZodfBtkubACGmWyA_Z>}9BZ z-d)zr5n%lARf*Z%d+5&i=?szk?h5v%$?gb?LHq8b6*k>Y@8vhnXo?XSW=5ltLvRrOR|t78zgkc4I_|no!5H6~2N7HSkjtd)$aoN%c04wKK*UCT z+SduRLM7T&2uUZsISqMl>!KM0N2*WOn%BRL=rlxZsRkuyKG@)w>uLjx1b9Lx{rz<@?(Vj z{DAlkBjtmW3CqBB^gL?F&S+*a z)zgFbs7_S*()6sbqBMXI=HuhjwjKH?M!DfdTN=v@=dmE=Q6GQ02`JNU6}9n#?`jm- z7am!|0f~Ew!4+^Exsn4c{eXI$ZfDPY)wSEcYJ5jt{+G40Yo?arH8o#TjIS<{kz!Id zrQO7FoSh+a9%2&VEFy*}v$7)Oi0+Oyu1vZMk&e#IQ1r zzIsn*Pzl|g-7_m?>>OAT?{1LSRVk*Fq#NDBHXT(~A2~_wDf^Z1*Owcvr%O@&2vaUF zCt|cLaTT2~(XE@ZJ0>|n^rs9?yt1W_`?b^VFfjXXOW-K4b)RNfs0IpUIW(L#0u>RK&&f%`YvmQFHv z##(cxTxz}?R7AHmSD{50%4DOTb2T07j4Zli?3wnpqCU3=Hra><+}YdTsM<92Feb_W zdz@ALj2#6W|HikS&=Rh%7Y^vOd?6tr?R|^bdaI)xwzjsf>3Hlww<`sl97D2d&Z$b% zWwFmt3n|B@-mfq3c$yl`k$4}>^);4aB!c0JhCgp@_%mQ8O)DoTN?KaJXK;~6k5iF# z@}hu8(fyWF|1J&j#1I=SE~~?<)+5V8+a{Ed6^wb%(rvPHcG}NC>To~}4b|U)ux=*) z9M?>h)=(zPx-K}CEzWJs3JNcfi%m`nKFYen{JJ?gttslJL-pi8;c-8ClzVtLcYzMd zQ+KCv3JD^~q4@qwTfGxvm*88(4oj0&U$rA`YmIlib4$Kd*Ts6?mUS4Ck!LnkpSMBi zIz*aO1~KhjHdX&ZM@^$NF}X|z)up9PTLLc~E*wpHm6li9cO&L(OjNaAK7_N1HgZp_ zEQFdjBDVE^;PG%=@Gq{`*l6yrLe=w-I6Iy5)0kRjW8^PE9vT@Lk2inGt!OsN&&y95 zpn-n)Ry^?eg0eW1*h=*eDPG$k@9s2U&n6$7v#Hf z&w6vJyTCw4XU7S}^r4jZb<}{O?5x_jU|zuvL558Dq&f@Iv$@?b)6A$1Mufsn<_rZK z+WGZ`pC57-KgrOL_3yJuIjJCpT~hT1?b`J3>^3TIZiB|B6vB4`bGQOb4IDPfz%W*^ z7OlNKeAjI21b!b6o6d7|f>8Wi)AIo*V5D+H*%qX^`g_a~KYHa4+!SU2d}p?lytvGp zx^g{Otu%obhB#;pW8D}!jc8hLfYG&(HmX6uISE+L>rjp6gRn zPTLoi(!q@5PV9jq91y5a${F7}K3;oGf6TZv(e zU20!JvM_`6#6&S55Hj-?=Bi-GkX$@C=r*)S2&hRp5V z>0nL1e+AAn+BHK&U-E$XFt4=0*SAAJ763BD^@-)@Z#_TV#d*@94_I;yPA&oLr)n0_ z(!*x5uE=M9DiC@T^(oK*3LMTitmPvhd~>T39$NHUd5TujXWK$S^qmf!pM$ z<9oi>Fz&)-1)mu7{S^9cH^-(B9|RzRKWq44N%unGw8QXf0LM01VPx z|Et#uyw)-B>#v1JP5mqIjD+MGFt|k2_Mjaz8KQn74Q|=U?NR=(u!QVvL-_dog;uCM4~ zPt;y@sFyHN(2E^Np>F~O8l#!o#ncXdw(w{wDk?R;37+i-&~zSm3cZ`4GqX6zW~vI< zzE&kDy_p=J>A&qJZ}jzUE>Aaxjw~lQUowrYhCgM=e;WNuB1jS7UvNZIX7;C)G`g}^ zvzg(rhYS)CG-ES(A#HYGPRZN=%3t6iEx9(th!xrST^NiG(o5!N)Sqvz4=~;1lGuQw zIbi?uO8@?33$nfYz?wgbbv4w>eb0;k$q|xcZ1+a(;9;q%wqtY@8@0egJK7erPnu+% znHe)lE%w+a>G0SYFT6Q)pwvJU)7ZNjr>R=}-V}uK^>T|#ab}?;5@JPEwqC13klq5z z)itRgi4O?^_I6(v+1yA0EH)?o)n(9jH%Am+Vrn<{(1c{md&t}rq998@p$UZxu0Ht4 z(_-4(o8PrPv98ivhRl`u@qvvyLdJ%p=kKWxfE2fTI#*+0YVQJkh;>iRFE8fl($v#{e%)+ zz8JB-jqoLuj(TrA+!6V*Mnzd;HT(Z99?stL5RP7ZQ3!IMh>wu{YbjF1{`!?3uPeiSn?i3w+i zIXt*8PYk1G;Cb^3bmc2@Gq(b3V>tTP(*k+HBSVWhPk z1Iu3ps2*r5TIJsscJ|c`*jXvMUGwPhmF49t2!ti30f5Q}grCzhFqWev0mAGBaY@fL zo+;c|o~93G7^45Fq}C0-lPsotxJL66o2j7g7z3c5-YRx##Em0QV~3FSyXJzf2lodY z0)k%(1(QKzF&QJpvj=bwd;5pE%E@wJQ=Q`CL3_u?6P@nxa5b(hk<*LF$f1v*S@Q$2 zMt`1gs_T%l=rV>_6BkAvh@2eDToqVXK9jnMTH@v0UTyUcXy-J?F|p;7$4qDCcyoZ- zJQs(XA<}Si4HNf=pi3oPb^gLLWdQxqMyBcypfUYXB!%lk5DODahogjmKrAppWp;8& zsV`*wyOh@-~cPqlUy*(ekT8MdbV(@Y3-N@oGHWrd79P$%$U=O2yQgR{Y=(GM? zZ#ux9MMmD9gsExiT}I&S(mWOI93mf$(>uVp!lK-0``r2Yg`r}CQ^#ZdyKtEAFAIYR zNT~UE=wtrMsfl}&2M+!nrD6G~@@!U)sVJj2qXAp!wN8b$&zAH~$2jolCOo^&;X7Ya zgur;pv;ENI$~a91vv^X{tU;(-mB!RbTJ1xU#Am#q1{Hsb(1VtFz@Z`eOe3J}^z*-{)OZc)KP>}Xhicz};LD!$4ar1VZMmX6q}Lrsm- z3*(o(Rdk~#v{p=vx+_b9+HRd?YM-hwL1YK{^%=}EC(7~HUd-8KHf;Ln<|$(EE~<_T z^tNZ%)uD_s`EE!0_Cf*lAy?vPYR&;$r*M?x+`3=V@4t@z3Y|9_BjVc`hP|C4ClcS; zQIA;}v(MXA7#$uKJm(oxXNfyBm3C0BnkfS9Nv*e6A42#F+yLQn4yqsGfmU*b zm+1hhct}(a4;22=rGdKIk}vv>&cXrOy6)GnW8YagW<-A~kjmCT4RaXrilPxV`}HItFG#Usp2QC?u5Gr1XJsqSzcEW z=^S_J>D*E|$;=+Y=g@CtRR(Tu^g&VsLw|CWrmjAsZQlQeN3n@uXhUUD35FdXf48_e zmySt+vk^1iz|NF$*Cywleh)fjG>SUd5rH^UtLu7S=Nww|lP0%=J^MvQoS_$_nln^b)C zcp%rjCqj)qD^X_}9uxdK%hyPOvD|Ze+c(a8`4P1|6j6UveUIPh^?A$42;8#0SF*ad=6lFm^yS}HY;PBjSz&0*T^k1>N zY%$wknkB^8g!D&Z!%F~Vj13vtgCspafWg=(6FWN%OosnF0i@eqm7T*uV&hm9#7)oW zZ~h!xZ}7!91sgi*7dT)+v{XgbHpSw+<~lAC)pkW@ZWdCYoq+ z8?b7p9yG#i+d-<*Y@j#RLMN0_)KxUu0B49a*=(T26_my@`fiIhrF6e&%tvKEn<$P3 z25#{{k3`+EPGrV4ruis#nCV^AkItCBv-6Rc-NL08 zeDv2vz`Nuxyg#P;zU|wdB~M@PWm7k)gMeFz+{1`YKtB;xW>-_EN~V}WYg1cvTDTgN z#!?rY4ykz%U%}-9B2(2ZyLOpXQ*B*K>$xgp^hKKo08+&6c0@gM`t@>I=_WL;Qxh36kquS{-FL;(hc(la zx~par)HC9d3kXN;wHowllKd<09gsf+eTa#hEopg-Kcdrn(_cA=?N9fboOx-&yJq8) zR4EruWgk|G-S%*$+gwG@C?OvH_$lIZwx=s7rHBUdf?d5Ko3VP{9Jdp%*!pM6fRV`- zbEl3=Jkp^H%(pvm6nu`OJ8@miM=T4Q;|O!moe>KfNcxMOV`Zq%l1@=IcQawBIi(TS z=U_lQXm~G$g@Amyj@tH&u!yRYl`ZRDEfShW*x^Dn!OkPBEJytoI55R`l`nm4c|?GD zw3?0)8Se7IO-UVVCteCVYOmeD;W@A*W)#918)^)lB?LxG2pFQ%*W->UWM*=yRk5g6{Q_EMH?ZYtqtg zY9`6rrqoC}*GN%#u-n5CYQ5=246h5r*)zV6(M|gI#>;R=laF?GiwM_*e6L5dmmy!e zIv}K}?<}48^xgwsiXN2FhH=XyxOSKlZ?#h4OUDo!k(yK(U8UbwL)Uz9hP5PY0BrFI zLcD%kEf?ZPf8}s>Nx{PUqsHFL0d!jB^o_YqwAiED*b?mA*44G9o+{>jk$5bcOEJ#6 zB9UAG&wkY+v#Ha$(TO13Wgmj*xRqfFKo+6gmasUxw(n)+3mQ_lU3s3A^UN8n&T@ji z_xf~>nEi)|FzvwxbH+&-v?k?k{PsLd1^0Nc2H$4tI_yBtlxsdPg`BDvV;@^s*y^1x z#d5U(GhPq+RvsbSPJqGAw#0EIw#BBgB10RKbuwY{`r2FGX5k;z6v**WhSyRbb~N}b zER~l}lU?WVe@sbH&ukGkXujNM$FOin3g0=72dDHDNvoYk4Wp+Yi1B(K`{u8j>0am`9j-kGB=x=N%jb=;MVs5yA5 z_$1sOLQ9W{&-gWsTloQNux(*YalBfWQb}1x?47`r}(kV8|e8f1j3$H zr_qvRGz(E}&wF2-kDXwx3qn7C<7d2uVD>hy?d`}rt$x^36v(CMw(JQxb6KlQ#Atzm zrek5kQkvgrXxwhyUD49we#lzl%daf&6j@9wemN0y{mrF{xB0fUJ6(EZ$t}h#lx4o1 zepGVFUR9QsF4+DDQrF~2#^IriHUr`It&`f{OQxS0@`Y(s12n)n?uB@Dg|0(8h<5ujKZAlqTS|SvNZpwb<;~g3~x%TOf_<(Mft0ZOJGqQ!QDc=*O%X*63SZz}x4XyM{#Us=w^&g+Am3`Eh`lC>kOA>Pfv>ha z{BcIhkLY?kq=bU_jC2_%L$aQ6l1(E@gB>Gzqo{ftc~!Ix`%tY~0nAxvR$f*~eG8;k z-+^wphIM=_>4Nn;LA}>rKDKT`MKkq?*TxVZWebb(U;>TuwWrL=C|g2B$>D?9sIdC; zwqY18rd~$-8^MJI&7`E(v`Y|`z4?oH?Xf_FhbW4nl2vlQ!G>P#M#|5;p3sGB=7%W0 z++{ZZ#S!E~u8kj0w;wXpqR$t27o})y4RaTwootD|@f4(iWNc?zn$mN@n!SG?=T8@i z>o?J%r;>t;Gc8?CHwqDmCf0L#8PB@=T?}W(D^V(l&6G5O0{CIVN3LHIghwv{Nyk0$n8cyQ1;k$?`N>xWg)L+-r6XWA z*0LJLR5>*8K&Lk8NI6GJQywnoOBR|tCsA$>7&e%CVf6PnQ%6?%>{Hp6 zQ?5&0Y!Ed(_|brRC~`+g7~v~fc>*v`FtFv{E%QB0a(*qNe9^S>9Tn?8KVH_J$MTE{-SawsUSLZP$dd}r_(7jFj5 zfbJYw%Fqai;P0)i9q#mDQELM~e)w>LkILHcY~a`+OEA%+Y=vA!lMh6AveMhZnv5HJ z?b-_O3q-(FGg>o0`7YN`IO$38e0H|UR))9ZQiNJiVfId$uDSsYeVHL%EBS|S9o-Fs zy7B@&e?Tyo*RWoVyATzLB;83k^OI6>WRwPz2nz`gXG95}%7Lg^NMg$aO z@|udso;>prJ%^oqk#~lM@u{Z!=VVK)RAW&5)j~kNV`9K&A_nH6cyb$^tj@Cfs$&;@ zg%TeZ7RKhDh<+bt3Mb>5{T@S?IL7_8jLotGMT6s)m+yil&BE;Ev)m$_eK$>OYl^a} zCOF4$g?2^pQ<2<-3BhOQ(FI&|zJ<9)j^R~PMjm$Sjfm{@{G$Ah6oZpV6`MaHI_NnV z%9gF<)57kop{Qq+1-hT1a12f4K+b0IGT#Op8v&$Vfx|NtSe4FO{jgoInZv0u=kQHqX?WS)!jPxHq= z6XVb2UFzNFeXmJZb#{4{Z=xVCY)*-9B}`+!U%4 zg9JAAyJLj=_gkj7)`z#JOdSYLY$o@WJMoJNGlM|gH17L#l1CVwvC^FPIr9y{ zVr;x$+OqY?@iU#E>%q4Hr<~M^=HoEByCMsp7>be2=1H}I7FJ&Fi?Qf)Z~hA?#tMIj5yHsv+vtF;MJi(0jifquFHV!x2Z|y^Dc-^&)wbP zO5h|w27lCf$IKI$*D36MQ{4tpVh%DyInxB{Zwasd(rdYNBm2Frx}S!Z1`vK>ME&0K z?`wdMD`XDdH+QR~8sT;^7!6CU+sGD6z`Q2`U^#=4 zh_Hk-*t2*=PEmAySvnM4H`kXk=IM8!DfJnVgtypt{_iiADzZHd0hF%eRT5Tep~rnP z79KG8oaoFW^l!|Y>lfhrx`J9{V`S>49Zb%-_}Up<5(^#!Hh5EbzD)WQ$~16f^v8?@;$uNp?@<_ z9+%6`p7UE4fIzcXSwcFQqMtA|_btw0Qw?3*Moa4=*rnF~d59*8Xs+j}-RM}S(SNm+ zm-LtxYe7;j>RUsu8X&^q>6p;_;n>-_iR{7ojEO5li;8i>WothN8!mADI`@77z({Xs z)yK&m{0AM%oC({LX|9UCZekfkwKa8dmqCj>qz(l_h0JPe#xrKA-a$h&nwZ% zr#(DwC;6-`HL!yDykq<&Ue$Eg>lFbEdQKW(+!YW@GCt2Km&PPjZv3Ap$v?zReIzx} zQc`5bV- zlq2>i!WMb!asuL-^rO@YZE2Ap)TX+Xyh5eHB6loQj1?Fu=Yx+7Z) zwNPXYO`J`_26{hSH+G}zw24bNW#dSw`Bc))U~M4Rv@S~`n*j!3mbjlm z*oIo=2~JNLXR*S`h<{Yb9cm^&jXwguY^P;B$PB# zM|33Q{i^U%&C401>P{s`zomuk#ms-L@0&Z zG4{=5q<~2$CR06Z-a4uWp?Plu!dUK`xGtU#7Nw#?W;%ttgt@N=c-~D+>?RJH`d|s^ zwqn-G$2#472BM}{yAIVFIP_&E2Z-}!PXNPc#{woOF5dLraOt0@N*S0C_>MD!;1z%Y zruFk{WKq2FT;j`M(%Us+6b15H=rDc9(acBTAA{zxB8q9UsqIRb_V_Of*gUi7Gfm2& zD3|2LswkM1-Cb#AORit?(;+2m*u zh0iIypcr6uhS0@iUw^0r``7Qr)_`l5Y@z@MX}6h8otySe-2%;G{Z9qG>KwJ}nHkcO zMPll5*LIX61Ec^oQTL6VV`&lTuj9Byvq?FLmDK#Juy*T zn#D|2$dS!)>xmyf9gG?6_hFqmg>CE);{cH}zp-zU03jIwq@)jCokc-Enm)}|YVK$zGCX~5PzggZzp1NukmKhD7{ITA4eo{i>TJ7u=Dr~*KI z%4R!}f_wJ6KxY1eqh)5`wru0{l*8ltXzOr(!^-o4eZ;MRg_cJqgA)a^o^u6mehuyQ zxo3Z1@R(o~jNEB`&joL4*=ZlRK`58$E~%3#roPg&N3K6`#byj|XIJ+%ZyHPg?sA(o z0DxM&-t0h!q8m#N-&A>(BfC^lNiueZ?z3bco3Nmd2Ro_SD-*nXiZ1_nKjP_p(6 z*uefSbwM3DFe18@%X}J8aDndICy#MRFa!n?6jv>B9pmIhK3SgN%gU@&{$9!yvva12 zRK^g!zg0}OcBA=a^NECm$FCNRKXhdFEG)!Wn}9C8COskw70vOA1wjY`6EaSIpc2@Q zvm~#|#_%3tCTcrmP`B#pUGPt?<^h)Kb&oTK?H+D1|LObuX?QS4rd5H-$>E_xRsblM zcZJ|$Jm6<0!h7r%#LQ=F@|PdA%a!x107HOl&_o*mpvQ~tC$El7MmVp&45TWz2smq$ zjPkC>FHh!?$v#3knjg~1bd7M}(IzbYBukI^&=C$+T{+dP_xE_9bvN7ViKOY=NW&2ps zy&t%IJa5>5P{wcj6WR06XFPt&mDR@g_6Qe}5AyNoU~j~mSSaa8N?rGmmI{c;!vRTJH)piE6Jq^-k$UMA5vEbHc1O>R zb#F=0(*x)u46PmX4qxnmNb>00jv4%%OXlcQvU0!6=Vs*`4~BQ0WM%d?bHU*Oy%HFh zNr4)N;c=3@R^1R4K~h)*G81_QFIHsw?L++rKG}%k6Q&nNeDeWQ%w;%34OfG0fCi;9^LB4PVi949RprMC1_B*ylA8e&*F3rH0P`v5`+hgE>zJGg; zcb!KxB`iqm3*z~cjvJUbc_W7Ny7=r6O{54`H57?9IkezRGfyOYrjOq020kV41e@>g znYtwkXWgQ|HeCM$9N}fEOlaSwCH`xHSg!v3cZs5xz5>!jHzfOnf=tO?9s$7(FWBDv zMOOqw>o&zwB*2#!l6pTGPKj6PP-wj;Vqww6zJde(-|MQ!%AJz9 zD{icbftianw!lvspT|L#__q-YDTwCpxpHWfbXHwM!cgaD9torfXO$Su@$TQR<3V{G zwu_uO%3i)KwsQ@~pJ^E4pgGA>XXkimm}?|cvht=~6NOVTNl&uV^iyzad0E6(WtcDJL)%Ml_7!qA_ z4z~c8C)4)b%?3q>5UZoCxF)JPmkS*oeQ$3PG9!tD6I^I%mgQsA^VK=_dE1=@wjnvl zAjV12QkrR`yDD$&&BILNhPh>`G|T=wLS=bQsP8wykxFj%Nsibiw++k0%3SxaRr_0Y zy4Qgo5%}E#Dfk8TOwqf$W)l~5IB0#5z{+SC0YrW>oTh&uKd%aPvXeBBJ)P}JN?#UK z9#I`Y?G7JoZg!AWwK^d_ggo}j`c|kWe)MF}BM~6i#Tdyj8DaWitcU^}S0vv_$V%g2 zT~U&-6rpoJdZUqDU6B~HO>#CVqozYc!>o__lRZXFf$It_f-qDqo*Uu^5eYBoNJM zQebm?d9`J!g@uwV7f@V+Or0u*(XiGaVf%0>j{3@0FU02a1)})@Zq0|G%gLE3KokPT zlZvt9w0clO2cMLzaX6PMm6-DIxTc!8r{jk$_UT*`4rOJkMZ1iwGV#hun3z{wk@ca@ zwJw%5ySjvm2>tQ`37?dP)Z44la~!OriJwBkqPcStd6!Xq%wye#ChmJy*10}I_RB)r zhK-sBq0y1#P4$}ES^`hMEpbk=NI7HsH?@C+hZouI8Axv0W~Aj6{S65yq(+ZF-`j_L zVl#ZwG0M-K7#pXH%gif|AQvi`8 zhz6~Ti}R$J+n9AyXL#W4(;|G1#5_upkTQO+DcU0H@hl@km&@ePgK3}tX-l9YI zl`s@oZLI)Y=wa42Q^yEqs)M#LMzQ7l9;~`sw5K|L-5QXr@^z`e=F8 zBw4r4>e|(gaT(rxTIlPD=b_4T6X)?eajt7xZa4`q*lPT-gTX@9%l5Z}sS@jc(~IHk zq+SmaVmLy@Z#zG?)@I!_Hp-S=)*gUyk!B1!0eDBtFN!8v9+Vf^mzk^mWw?)6L^ z@$r6Aamc9ZS2Yn!ve@Shfp7|b`hkKA%@)A(Xm~Ko9wFVLFbMb@xHMbsr{Qg(K6qcB z4Bbj<+kEMx%h1N^i?%}L&aZQ}Dzm`ht`5fhw%Ks5Q6gt4q^%6-3!aJw zxdo;HLsReEd1=jv9$5?-aR+4OHV+eHwzf>6Fu&O66{7uA0AsCgeyR9H&VSP(KVW_H_ojpdw+ATH&7?d$W$#QOC_Ct0@I`VVw zNe;)n|L+7-e*HRE6Q+o91#}5*Dx0Y#0>> zLo7J1uWvfZFti9_x@^MvGSe+*9@ax~8Ya0O$!0%pk&QY|_BN`6ac)3hMUS)VR=KH2-(m;9>h8tso!& zRUg^_ou#%t^dTpuX>F_CB)7X*cs*PvQ6;*{?KXXuq%AMlL%e_aPuqJwypq~m6b(y0 zyV=7ZJK{3H)LPC~E#1Gb&Ddlu+;FM*4a{kgNUDHtCJUoIk|x?n578csjDozIh|_~$ zvylv*?!0f@z5EeQ>}Y%I;!-ys=I719&DfRKv+8=WO9|QnkGr)TMb*6%m^2^F4;}R~ zI1T<{L>KqXHLbF=wzRgT2mC?>lYW+J@vyx+$YK1xD(wV*Zv%;hz8wt`^N$)T`BIkW zWWW}|Jf|Ck%;j*w5MSjW6BRYCz4*s#_s{G2)Ng9D}z>SSOM?{wz z{T{IqRWq|BumApa3+F#>B&>jWcyD~vyQWX8#|66zDCanMHTp#12PRN-_RJJ3Q2kFN z*|vJ=<7(2r^1nMQiSFvVj3nEgf)1CR2op`%`puznj+_Qslqr+)e_lfvN79m0#x1wl z1{hN!uzZEQ^EfP-LQiSpy1KYLd-Z}Uf3cY9`Smjf%Q#d4EcBFyH2Ku9w^K6HW?Esf z)=Z2OAU*K#@ZdU$=zTub$EcYoqIXaHA#!0G^-171{ZP>M=jJC7c19H)9ZC{TmkFk8 z_37!>sfpGwjj`58=3(eM?NBxf>p~LgIbB(zKCcl$*CAN7FQOik!>aj4T^-A9E7t_# zwy0xNbnh|PaN8jdTy*=6vE`A5cjj&;U9i$#J*QWhanY+`(p{B*ofvjo>UBwRee?K8 z;E?}O#_$L;Xc3k;R^q0M|B8G((>?g;;wyDB(f0*ZPIWOE-dSUfve?I|S7{{ZRmWP< z`R|?i_leq43}ko|5xF1gGxQMMsf6n0nxY?li)Pdy;GXsO9{IK)ek@N`B`&=N8^APLgf^ILb`RKR?$&r^7nG91;RiE~+ZepyUdiCo??mtg$-q2gfu`MV zl@(mlUMA#%FL&m(Ru>xA5xNG|#bMHIcOOkx+|%?SM=-xo4M_BsnoSk!BrF-E*Edie zcd3~MEziDhvOGJzoEXegXtt8{brs-EOSxGw+;(X*yjN>8xbG7*xt9>UuYP*mk$KtX z9BRJC3(~4n$DE}ElBmn=N#)vHKR=wr$HisqtY+r7wPkh%qsAvC6{P#i=L8rVuX-r| z4;JyCb-^{o6*pk(E(Ugf>=K#Jm3aC{m5x1N7gg-@Fc}EFDx~B$jHexPKqJ; z`a7p4cn+RYlTOL*EF{0Q7U$uj;LdF0Nu`qoY07BB$DE3AV{!`H)Zu83-XfkziHT3z z((A2F)bpjr;ta;ZHz3?o(w;x6jzuI=Q9@`%S@I<`|MTCA=93cbFQTVB;q*#oTKzWluE{4yLXIDft<6*~0zLC17?6-@{&O<}; z3UT|R6gQn)?9t4TwQ(4BLBEH7{J3B_wfFo!ACeMvt$IzwBl#n0jtb%nZaetx<{j4j z0h>YBCBLmWV=2T z$OOVj;%~U_cny@5Rf;DHY0)BeqDYxr7--%A+@83}d*gB;eB zD>U-~LJl4e$8%&}o^PUiHZvc)NxzjF3qGV!yf*RqE;`_G-oKl<)CJvSz2e6s8T{b| z1yog4AZ(4ekrBBl0&ZbDy9#Gp&F~~)bs}6M1J_797)I+c`%z}F_K|)y>*E_>zGcOOgo(mrykDU8akE}A+f3y21M>=u`n{9Sc^Cur- z&V9Pc5bhfUFL$zwd?|E4e=ZmHgnbYZ!<>W}5tMR+?JTr`pm|N&NtbIK(!-XJbb8Og zNYtG$F|H(BUx1pTF<{m7t8e#~ikVwWTCQxPsCCTT__8*PJ>gF!@Q1_QfhCY zhj@`q&zqL^>AGg;@XSzs^(;I4Zwmj;QVM%2jukbgQTGpuVO;nOdsW z%4i6Ls51LqgH1YMA=|gKz>EE4y=Zj@z zk-84@kuEV4N1h2UzrtHTWw|WZ*ktHn^4+arzR&%ngz%YZDrQ1nDN6j})2@WfYYHe% zNvTGvr)Rphtezh6t6#ToSx1}9)RbM(?RA!RcTZ30-avDwGzsA5@?e*Es8e8h4_oiy4rkl7eP3xr3PGYo3&Iei*U=_|AX-GC zm*_;D(R&iTM~OB{bfWh*h&mWd^iCMPo6*hiO|JWXo_G7U_x%gbb34v+9mm?&+Sl*c zHjk;x?e z`h5yU{j1Hs1u6h{N0s|`o#dQWNfJQ4j{Wym)|ltb>Kt?icy1sXedsy>ZIHHFklFa=ZlVg;2W8N+@^+L>kRn1U?<+KF2+Aa3-1N{Eb zf|7X;@uN8h63d@S4R5U&*Xl-RH2Way2Fp^ueH<^)n6l#c#D=;0ZNJ8xM3>5_8y(G5 z-7aSkAtn{yt(nvvJYUCKA2V7x=$c>;Zk#erQBZ2XlGhjY_PJNnfTe6%DY%19crU*Z zVEbO#abHovXcqcZU*C3buC9HQH|%2Orq2oe#n@Z&@o{@QFg3t$P$P-5^Lw$Mx@xYd zx{;CezOkCFkx{k?I0z5$wb@`oHyEcxZTHkRzIn?k_`Z)yP1{_zf51 zc4ytWj|zw$8cGpyf$X4%F_8k|;_MEs%clpS>>OoXOyq3}T_TwJNY;8f+DahV!?2pf zP6Et=+v3}1OmwJ_g*exCU}+#XZwyZX^Qdu438Ad~H~al}PyRb}9hM}old)mjx!c3I z*DPiJ2FR;+^2otE_?D<)QLJ8v6I+ptb{OyzE2#OKeH|5ZRrSyCk7T@`^q^ra^&ule z{Oqr151eb(#=gIOYCGHDH=SN~NZu1H5vHiRN3qEZ0R1tvn;SA(GYxjmPvDkxoDV#Lqr!+ZzG>(bV=uZXGN4Jp!W|O}@l5K)mfB z#Rio1Hk69KaFG`E>$5DEth^!$J&hbuoYc90xE&*YNXt6Vh(AJymgUr61 zfrUG@d4rxq4?m^}YRrxFxwWk_b0rRpB~W9rr4woH>SmC>T+bU!Qp@t%R)Bda-x)cd`R^c) zy{Xd#Yv7jAaBpY2+stiWbc?E-SXy3*`^!76B=#A0IsxO)-x@jk`@-} zD%7c;a4S|Vp!?CRZ=fSCUK5cOy?sEquB^#8VlCTbwTra*eQ{ZPPRWhO9x&bI;3s=}Ro*e+Ndb`j9L@-V{I>rV%lW z)lQN<%9U%X+#iu0NZctTexBeSr~9^ty#5`xmbxK>iII^CZ)y=Q$^w7sShYT- zp{7d=J-57lf9=jwWEH6H_!M3XVLD}b!3PW#M;*oeL4W=Zqo?!C$cEn?n!h`OdC?d7 z=XlcCY`qoz{E4gY8@M?nd~OcNL!=mEp;32-^26qh68~diHG`)1gO#nYlq8z{pFN)z zVRm4TPzkrPGrie&^WwiilP=sn@3n8;;a7VA;=*H_fCeSY=}A~JW^YEk;qf_De8 zaS1zUalUzZK%xBWy#%chb>pA(0&X{Ii$Bemk0@CU9~X!%8(Y|1_UAhcNpy$$+GlgL z$AIA{M2HiI=gd<UiFp*AUN${BQs|3mheB#A>GxrQ`gnLa<@TF zLU1~4a`Yc0!V{f-Dh4^`$*GPBf;BF^zRAh@1Rl7aP!To{%w$@;UISuRdI@P{UMU)hs`jWS+ zMBaSo*lI3xFZJk~v8m!@l)GYsh>VH4E4jOfBh@B%_IBaQ$b{&W|BhJMxjg-`qM1vf z>`utG-U75C`b&lv91gFwe-iE(pO->=WHqD%k7-kUpP13>e|F1RR~Ojptsrwlvkkv% zMFwN;UY#^DlSV;z_3j5OA=O>33Gs6)K(^*&V`FDjs_eS^~Z6=53|o0SX9CX z1Da~Spa^1 zuGu575a%VH`l+GSnHnbQuvX{&*pQ{XEdSog?sWUbG2L_>Uf?{cRA|Byiu=q38qT1f zX^TH*^6lywoSkwV4=D+~+?j0*imA6-|Dn!U8#O4|0FU9;7jd4EHsWeKvNLMN^&8dv z6%8Jhc6awyuRSZjTu%9upx|)C)A3v9hna!6z{$YP6n1@hU+T;BJ zc2=SQi)nbp8AofM^>6xicJ_i~W6f!Oid`Yz5w9JKdTSAW5y_6R0kqO3BXhq)8slgW z^8{UFvRrdN#KmeIICNXtv_*GJHM{|8JfITIFT&p!xbS?&KT7GRobOsx^*{>aq(!@A zK~zc!cUTo|x1YWqg=<=7r*&OJ%O}^g>M@8+g7yRi3Vmg3g@(#guQN^JHBhd@108b@ zvNu<6vd3OU4!lX2Mi+ls>eM#5a`jQo>QemMf&Sk}%g&mUCk?op zK6-5|@A}N-{dT3IO@`iyfV8kBn}^b|8QaS{k39RZGQqqyyX<7lx@|?n%uU{2Mg6LX z^D*feK$qX6^`R0I&_ff9&i7u-Q%lR5qqX&;jfd$Ac}WvYo)+=FjW zR#rEiXKD!cCw*Ci7?sUU75tiLCRip@h*SJNOv*W!4KjyB`)B{$!UkD1Mk#9hA8{xf z%e=e-8WmOmrQ%lkp5$@gvLm%#-`^9(WI6~RII2w^I;xEy`p-G6FqNi?QI0CvqMqfj z>=ld*2RG2skri8>(xj@);rh^GEj)9aMH1=2yds6Hezc{66rFnC| zwHCI5^I_b(PR{i8_%=$-b2yag*Y_dh_KOI?^Hr38*It0a+4gpu72=LDW+dPY&$X_k z9@*8i_0+KigR&F%3u|5=$!*wOig9f1o<@pRhWDfQPU=0k0|wKYeF*Ut>*8|EWpd6Y z@bA=GBFV7EZ&lcE7+`TfG7M8DiTiI-Ch2Iz_%{SZHUJ0?-=jG zbxYk}l;!>m6UlUDh>d03*Qt;2Tew3fXT&^b;Fmst??^!ppidQLfvKD*d+Wmm4BNgQ zSZJZrILE@juQoAV)8KoelAD{7pPWX@LyS{6c&~j-bW;sZFBb)qQh$<6F9tdSfwrcH zNfqO-GU=5Y8$3U|!}ZQ#ny$D(k_bHFzAJsy&W}dhx0FA$9kIQML8};gupb7s-DtBa zXDK86eR>#oRqx+^IRdk5TT-(36(%EVMYSZ~tdfkWUaw*eD$2rL)R&Wg(2(`_C%amA z#|%x#u2^(oij8rBf=Ol7uIS4&XQdy{xI!0kNAy9$_D61$5D1 zJXwXC3u|>Y$!W{}A;A;4yg@A^t6wi7jolIl&r|gqmHhuJ4}^~QA%4a4w3#|(6yEc2 zAZ5Mvor5L0v4a&~xP6jTZl*GzY&ssKAsq`Cad_|oUB>OYQ~mZ>bhm0VwRj%@Da31%NPi3O(@t~#ns9LmDj z^_pB~3Ld_DWME6U?x!T@#bS*A`87UpvGsy_Py98drFW{aee378?K?*JZb0q_p>O0~ zG1?+?%Nxc1zqkbgFeQ9`Cor()@88jWUSDa7Z^4`K&(5b0aX7&B0Ltk6j()WCkET*s zYR4nL^LXdS+=wyRtDlZP*?PIcf2FjT-JR zm^NXQUYMEMwQo^r#SDZ!6nt>xGCVW$N?(B*EokfW^!TB!9zk^GM)oNolePY<7zlH{ zmwkfNiHn{H7NGypF!b2~?Z+Rk!9{&{ERU7@6Qr~S2lS#rojWtznL&M$D|dmfhZ!bS zR_e9j1*%-L{UXQ{7tm^z*3}1-{)86mQFR(xcNfzw>b8o=a(E&K(B3nBY0oecjeb7| zS0W4oh6JUQl;BKFbf*$@z~}8DG_NfufXJlULmA2smGjn^8p*~hq<_H%s>$}A#XUKmr zBlc?rC9JG2d7VEi_xFfx%I9J4K}_(pRZ%+-3>ZcNbR<4bU&t1{0-|7|m`V2q%TXJJ zncxW;#5P@p&}e6^W* zJo$R1$J)o}Vb`hfezFDNiN+GB+%DTg=M2bv5c=H5Zdn zfWQzKMuvECHF@_xiIcMW`_IOA1JWY4yLhT27G&mU&|J#;REb=eS01}$qDA)GdDW7M z_173?lI}dAu}P@oK2`MM!|clZg!#5JHn4$v{MOJ7cEIbx{<~;j@{@Qbd|*1l@!ian zvY7>GdD{sw^o?yFY0YvujEp?#PdA-^lf05Ib<-CrhkYOF#jiv}uY);BBzww@&Y8jI ztNUkI8EVEoeFT#~{vP-med*D&D)58OL{9Rb5?wzF-nrJ43b>qVFL&L(gsK-LKuo=d zcF%UHe@|8NK*ikJC$;fBXqC)zV8iMmu$Q>Yli(>992`4(fVHgjvyt%@6BrESmE~l(Ln32s*`z8||FDOxrcs>$05LTl)<4(kqp{N{O z9OL%CLVTYH^-d=-K0Yc zCDB#+wfh6xgjM7WZV}gvI8D1gU=q^syjsLdyk?;PM%m&=Zmg`6DDs0YyUF+EC0N9? za^VZ}C-IBg3Kac4vuPsY3v0)HleY!3qQ8~(y#bwOW~m3FzeiQI2^@&|XY=;EHLfRF zl(W4sOm9W>P$D}4gSD}u&Mm=wo{D@Sy^!}afuDOZ*B4m zzJ@j7LR<1rqe=~rTxx!E_>0!tSR|PN!G=Z_iy6KIA8h-;pf9XpKWSj#=kpn~1N0BZ zcZYX(CC-sC;DSxX9zqZD&TLAwr0}r=xq5&v-FMr0o&|jwdgEqih&s+`2JJt3os4`) zYK$##Ct%t~yEf6(eO$e!m$C6whw2<(||+&R3*y?~uvDk>&ES0 zX}O$SYY!$~;TKJ>X0PvKjYkHq_xvqok~jUYM3b*4+blHf+O#D96QY9y&j+5BjcQ(F zcr&?yNM=62bLF*?QvL{UdGC+UnwYM>g)!knha}vA9Z>lo3yvrz+{axZEtPvnmX?KU z{PmYZf8Ayk;~tf3WSj4DtKe}P-f^t$n2I$$JrOoWeNY=@VFOisV8ewRQ9h5jz4|2n z>%rMs;TdmY_dWrKq%a#D8O<*)o;@Fk=t0mjQ64hd*VD7x*|~rW0&Ox1m#+^(*-FV% z*4|vO3>8vYl1GLpyskYh~X!InIU(F;eWAN8qO^=h~o|G`uL``VaXk zgg`VNWNCpbdYpaBTEs`E)b?m6QtpL0;fK;^ek@rAe5q5H9)`yk71Lii&&x*MMbmau57<=7bnB7pTDVWE?8H#eZQ!vqm{oSKP8IM zF%mL!cA=Z3XQ2@WhJ=mg3|w;n_QZ$hhkN@O?vJkt>622#OT-_iWAs)Oic||0fNJ$H=n=8IKPj2i?H9TC*eK+XrTfrY6K)2W~QA8gvX43Byeei3OO23?V zR7z4+A%l0n6#P;P(h>?*b2J8I3fWTZ(hfq_QQGJy-y^YJ!uczDfjEB9ZYN?yI=3t+X7x`mq%HJSZ- z=jq}q+EC#jg4cA0!}sRLrh?Du`jbmEhMzSglewP)LZQurL%W$3-iszUN@d!upO&+U z4->{}tY;M?b5u(fo5Cm=i&Rh%504q_W@?ju_GqmEnjx*8sp`_xJzvo49M*JWbtHZs z;S9u%BchVs9ura%ZOs8=Gk*5z|7AWBtg8+O%YmyV6jF>;&Q_o6-cxU*8XsON+U&4{ zeg#xanJ=?YCX1j(-z9XlY$sJhkFv_F!ml!jNO#VX7q3kj7RX6*SFO;LH0?WYBiMn9 zr<`NKq&v2ph~p*u9jTi|+l-pBN1Ozv02Xe}R0Vg?#yjo|m)? zODR%%z%?5tY1wsal`F-><7a_Z2#+i-Vv?@9ndC(#TLbBzU;H?~+3 zy2^>s4%=E(t8bq!vivpVjLZs>|L-PE5E!(FgzwB>C0llwbA5PkzxA4NmdyBh88omp z+-JycF3{Z)kl)8HnOw6FyxV=e{ob6eBxweW#uzvIsDZ+{xT-`_gNhQV?o$b2w(aC#4)>3 zE&`gp?km0UvGdyowd&A-snOSyuPS9bbMnwxdYYL-D13mZ7#Q0YR+;$9!2pbk+Od2y z$^vTWmQm*Hzm(Q@W0C=nL@&;dPMzhFGyVA`vA>sP`|(k_8scC>%yPBz@57AgsvF2^ zj9U5|=tRMpIy!NHDcIy>?{i?Ap9*9)~=+8185U6Zu)YK3FO>KN=>E>e`N}!{hKZ=+cKBe zvvPC0!0{(m>hSvDDEtcG!POt)2ZT4aEi>ll)QZ6`Q@cz}S)XP&(h;g8-kYi<$p51| zEtUz;SE44m;=X}TJ{?^4Z$w{us*y^eU)y`O+x=*%OWp{*8z+F-WE{3#x;4+RVl`p& zO2MjH5m4}`+9W)&pXH~1a82JO(ag`VsJpB@Y!QhBDyhWZv&_d=WjW*R`rgn%xnIzg zb8wB0{fM*Y$#-q(Nljg~yJE~E#fwefv!bI{=UNT_4e5U^WdD;^B!v-pk@}bs_G_c4 z0pk_!E2%HK2__~V=Ei5s5+*VF4wqsJUp{vV$wm!p|wOxp23mWoByU@tEY37_P4Z6lL41bCursa6h+ z610y4gW5BvTJeLToTOxkBMKXHVo?Pa4VEO|x1T1)qOHZi&M@YhP z{~Zc24lWude^+K~w&C7pabX3v(3(N{=aclgq-&CJ2Mk%2t>u zA({tBg_8enSj)}7A|5BM{-(+gVvDr=-HFnW_F>7}TMjKkZzASOrCgYU+C7x9?_ z$D^47T=w#IMiv*DSAmd9hqD53&Us9EtjFd(ZeiDrb!vX@aG}ZGZQGQFdZ3@ILOm~m z&Wl2~$}l*1N{N}D{zGLTR9*I>%H)6x*S`owvFeA~HcbA#@E2C~03mNSN6!g9Z? zlT5579o9r2`!)d+>7pPtN$puC50=-kc{+OLZf;tznm_UtO>~hWjs)xh!C%d3G zQv@nnh~*l|&(uFgLwDV)6dH>ECYAlIW+MG~I7yks1IScyprLnZ!^PI?cYf#MQs8U0 z0Pyvlrp%V?=^qt0Dh*Ei9S_b1CFp(k`6L|VA<|{>5{+halyz>5#`AmTQP!u4XFZ%p z?@F&yeK<`#O-W z;A_6$>yQu{BUVGg8$}lJCq4;Z4=~A%A2Fcpp8R|;%|k-P{e9B(I3$3=zVm9e%q;HZ&I+V`BBvFCJ=8H7OI?M=JX17 z15d}V+Z(IyK#@2Fr$2C|X}|bIf-|kE$y>-@Q?QrT-s+E*i0%r9okw(C?XmGlx|n@* z1O4Ip!4RT!9rf^gV_z~tyMhS8q`m&AK|JZgdN!n3DYPdAQ$#pV+U{$Wq?A;+g%~~Ht zxBN2FVbG;5Y&V?#5BiVMh`v>ql>K=R_Q`o%2jaVffOco6q!f{`=Ud827cXSibYIj?PGo80p8QCzGTgH zt%!vPHzCrEB+&{!$FxyNS8jQoN9UnU1H2Ute7swNF-k7Ct@7FVlM|&%0afQK>CR_? zTG^Q?rfv@M(E5);1AIKi+DOM1RI-4RNnv8amzd{OB(W4qg{to7>wt^#!n#Aszy+vzBgu3l2uQ zG~E!FXzuo(Pu>3R>#ssMLc6ghHYSld+l!sz9BSCNW#LZdsH-U4=yrW?8BK8IO_BXM z1v?EcO3$Q*)#cZtVk_qvD;e(pkd-=AEa6?x*b@19CA8N-arn~nvrc!2Yc+aa)%z}r zhny2eTR6BfbGVB;EhT_a#?-j~(?8Gvv0;?&`cDb!c(Q5AnV)y9Imkx}sfU9ycyU70h3+ciGpeofA%<&O9KWP>3|h-2#6t$yh>@{X@z? zUpf=yERk2=Z5Lhg{XW_>^NvBoXaDy?H?pFA&e}sfdZ^9xbjJOU*vk`lSUTe#s&>x3=yI`b43 z_GwrXB%r?eZ8KKMarNsB){qW>C(0tymC>w(`lNN6hOVW@df%6zYSb+Z9jSH85Khr| z0c=v~XD{8|(&4X+d?h+_%$CYJvW3$~d-aa9yv)o8I_^XcrHKSlvVtajYED^5Tt}ZbGOk3nFfq&= zkUGyzwUN+edH@9~?)Y!V+kvfAOVt*HY{ia--3&VWH_Fw`JLw#qQOuvWc0Sg@n`vVL z-z2ICXT$d)%Rg`Bd6L-qxl55k&Vk9^jjnt2?)0}fxfMF28hyw$FRgc6+o#JhK2xtM=~kfJ&zJiO7&ub};k_ZtvB_TIgP z*4bl-)Bx{jbka9flQ+*`^>%DxMWI1;kD|ljXyj!|KM1u}?}vJrbQ`lguUo%lmOUE5 zKhRq@-<~(S@PIbI!O4Y8LCx?-VRrCOOUPoP>3=SMSTrI0xpwj39sug4juGcJGTKgd zI+3fSruy%Xogo$P9FbbFgLxIW$`esRzaXYuG^8^8OERcq<(gt%64b(e5~6w#jpT5= zAAh|FWwZ!b-zW%NZO9Hx32o`9lFsA&Di~+wt;>++E`A2 z=ad)H$)EfM^jqE$J+*uJKIUa=r%1G(_lRUmuc__r?RqAbq95P5F5M3Jo<)No(cFVV zRj#uNL0Iz&eFHI#Qei+wQx4N@9~GBC(w282bWSRx{9lv=68y5JX@MeWAY zQOVENO2IIDI+04(YYW^h_*DH~jKSexHaniNV2JT~*_+&Yp}_@pX{yWT;W}Xb6NWZf z&yb@ZRQAq?g;SZ)Dm*k!po%1kp)Zk0ViIRSf!hv(OENmX;1oLFFF%{Pthh8Yq~5Um zwCAldO@TVoBMZ8Z0_X=Js7#j1>8`kh{)FZc&j9Xl2#h$0sc{Vhv!$MZF(f1&4^zp^rWQG6ciLCv-*1kV8Wl?6YOa4IlGM@P48|OO~w796bmjG zEvCyau1qs@vCU&*FZX8KKx?j4)R=1-cU3q{C%m3 z7p7(D;Qm-M1jv?2O+md4V{jEcRZWpt5Eb!$W1y>shQuK)r_i5qexQRgvybcX^_C8e zIckEzVDXeRsYKHHX>y+E9`Mx1K(~JLS(efrMNk8;={BngXxxO3dah$LLH5e6y8?2_ zOyTS-R_9GeYVz*=V-?Yg)p!OusswV^RgQJunbF$0f}haEfl8Q&klN6a`}uRmJ+kRN zedU@{`>$W;#LoI|2w)=QtW3XzWq94(EywH`i^l4_#TH>*S@yHofrv@9*d^a^e0^FW z6D1dww-|T-Dq|vQt61UNJjgAhI!opra_t_eUk$@)?>$wWh1NZyzUeA--LHUoCg?nK zMx_!b(D>Q2CYjj82FrNl;+K~)X zqGI+6YMh`Eahz&Dv~^fnu^^|We62BiJKaVb@<#uaA7U zF1XF!&b4?1=F}4$8u&|(jVICh2-u8Rt1WmT7Lq2`7_lwFICDkK)xdqSZ&?2u5V#t4 zB$(Ff8dbtbE?;wgWjI?o8vVtjY)34t+A+HB7(V<`UW;Bqv~@5G$sSSP3k>q z11(Yt9-9Pw{Yn@C0k9a%p{&4CgnObT)n#O)Nk~YL%*K(Ai-?JdlaeyPRr8-deJU(1 z9qn4_=(xEirz0zS>&`isv)jM*Aze&I(CYPmi{;HvR(<=%&k7JKb$sXGa+Hc*L72Tv z4z5oIkxB0gXWt<^5nq51E~yagI(ymyHBjaD?aYaciWwQz>MUKnj)m{ok)}1Py;0){ zn&vdXp&b=f57!em(nM?B-Won4%rN=9psNP?FMLVGnA)j1Wam~WVzu_{99cz&(p^tG z6;Zs|9D}g<0>@a2onOL><^uQoZT9!Z*%`f>GWw0wys0{%rzlBxuF$=PJY;9)xa!u>i$nNjHha@6E!C|*JI(A|+CyQ0!KV)RKx<$Gw9qt7dOL%@AAsiRua(Rr<3hcR`_ zwDE}1(Mi=6$v^YER$)Ks<+T|H7Z?zCqmTvS7dMDei!5zQ_4K2!{0gOJ>lj%DO5;w( zF5!5rHYBVpt4$=Bd*6_mS@uOPc5eEFM|;PVHoe61)Z6MXs&KUKbgC}>GCQ5Urx@hy z#8f}Wva!LG%fqTM$F=R@WD2(80sa0xi<%x}s=${>$p$m;InGAdhCYrQoRh2wh?q>@ z6i80)uV3xFe|op{JA)d7gu5LAG{Q18`P$p*BXSn*^*c6u4Z>{~#HI-@IB{6&=l0fX zx-2RLn%T|t%1zvfP6xk!gU=1kvpSuKX(W(p^wpjd*Eu4%SibiSTawy)!&;IEJQ<-S zR~KTY-9{x#Bu8GXn%!(|CVcDl@@`qRFN&5T0=7}|#%yv({ca@6EK4{c2XSgGYod~y zvC>tmoU5$B;tXi6vu|hDanl1dRA2wI?&$Gb%Ki~U7rEEvMQB}H&lP@>v*ZbJ+^fSD z%h;4YPIjxK#eT}34me4Ui5g|z<3)=5*kzjJ-|Q+Me87Z|S&cq%>*(yL@mc9=E0#*M z0GYQ|sbDO8jf{98ki_$+=JbtwHsoHGmanITh{zY-8mr661yWhDsfLx5m&}fhB_tv~ znZv)=ecQH>P+Soixur{(@MgVMS5=h`X9XOozj>2eR;H#8z<%HCU4_pXa7U|HL7`C9 zLxaD4A*z+*x~i(UD?er9E38LW2h?ox+4ZiUAZgxcmk3>$ozPv_=#_%#Ao)8{q}L+3 zpP59j;|}q8X@&931B_KtJE5IKxwS=04>O0FMn=!PQfu*y?076{bdBHl+^q#;dyI|N z)!WX6iyGy{GNdE@-|%OM)@zKgi#Pgq8#H`W@YDh_wR%Seukl!RtJ;`)e0x@m$L)+y zdhYT%V%A{g*sIp!u}Lj*FD#)6bWJo28h;QDeL&{lRMu}KO(j?s^I=eT2QyD-k$^`ecUi8+6vo zI_s~I%UlmwY>jsOgvWSR^afEjPkBuw4iT;rv2`4f9s<|oI6M}ZCv%#Y2UHA1iuih5>)iDQ%6%A zR`0;VU#_Bm((3%#5U@WgS=0MY|FLLv3A)rByjJG@7$4uGo?Z|yujT_iBC3Rrw8;w| zZ{FCsIOCq!ZBTSm<-M;S_Tqkz32rZKrQFf)rFj}F!kr25tTnj3$DGumS=}oGem-R8 zzCyX@oy#Zv0o7+OdN-=xNBpVN%H3$cK9%se2NU_uhrhKJywLV#5{N9A@Th)lZ&v9x z$Z3>hn|s#7X%g1nNKPM<)*(8xoM%A4+M(chl>uu%KYDyoxu3zx9|e8BVG_+G5w8CA z$c{?oL*;4CDQNR4YUOECN=g~UUgmVC@q$N$pqBKJDmTBr4@|k9Cw3f&$jMk;$&%8! z46ZcKD0n^-q`Hq!aUNQtm-dY-b~94prg4&T`4&QY+F<7Wg-m)%UPr6ex?X4VJ1G{DUxlVIt=xjMB(YR~1X+)$nmcXda{E-cna=K!ZG6L=f8>Gf8ZR>g-;7+3mUlgXpNa5+*B6nDZ<&A zspdYWuPDd!*%7s##FkNuJKHgyX!=nWZq9$Ux~oeiJ5;m57Ret>&yr-q3rAX2O&Xhv zBPxDBYHDiA+~DoQb#!(%xF|`ISy z*W`K2n2Cue!hZF>XA4|MyIn41+HK008WaZFyMhJn_-V2~W8$jG7%7^MGu49^AV-#^aFZ z<_vC8NX9u<64TDlsco)3Op^9HsmRPE2rGZPaTF8%h0XU4Od(sTf*Ejj7XZ%@DwIM97Z~lZSPy3(Wpq)N{ul+$&bFu5CKW}Xq>5ha~R1CQ3wYC*89)F%DZKdF< zBr+*IBWq)Fr{&fymk3vzE3(Ev-&Gux*v99PAoG9zxjs^olX*Y>L8z|(%-2OkTO*ma za{_DHJfUW9+E%drb7!^MksZhjDR&BAJSRO=-e>k>y;>Z~d=58BJneYx(XEW&l{*9Q z=Nzf}A9kK+LjqrV>*LJcaR514d+ue<1DkUYg zr{>L$;J{XjFikCgA6o=_C6IA%wZ(Fw5b;q+cY-@r4q>BZXA3e?4W{jRjp*_kCdqiR zghj58k9_SlOCzrwYPbllwVr^RnOmut3T+HW_|$UTuj-UwucJj�_ZzQ`VD*=@^rI zAsIzs{5=JhOyBW;3!jk@YGY}A99uTOtOcqGY$3m%1I2^1QBt(T zchFGA2;d;n@w>XR(mznL z)+O~F_$sEb;_4uiM&=u|Fjrm8@>3&icKOV)xIDkEGU~khj_M;_6NpTYF^H0iKg`)> zaC>|t+YSF)@}F*DDBB&+7J+iVBJK%TUPzVLsa9MOrUH%Yxs_X|YQr1OXo!?Iu$ghx zDEki837kOiPOm0oss@yy`s7w@qRPJDZ6MXE&rf=;UUA#(W))3k{V`>n5#9%|&39c? zd6ZOhl49JdplFV_(9QING<3u@lv{gp*T)W^;(DOmaxL+%;0-RjL=5pG@uL*LeFfX^ z^T4vcM5wa*!1!+KkG#vXL`!lS;aJrbn+%46yjH?>UkC`!m*<98jMeI{llXFX+ zT+q4cZfxXWV}K9tkQleh>%SaTzi5VUclNN-54K6AJ~o_ptFljWug=4%Yro+G4+pf( z%hx&1_7CGFKz`GyYfGF^R-A{^I8o=%pD!j}@7dZw+mL4GvyT!j7D`J?8=4!*si;n@ zOI9NzAB>ESZfjbiaD6yAejD>fV6Z*c=)|tworOMSsrE7Ct`1jSif?QGP=B) znuMNUBJOA$xBR0Nt9S3>L`Z9Z?r+|Nd-Noa26u400OsljUS6Jm>NHPCNU-koE8$5Z z>{2*e1?lTv@AfaZh-;`rF#wcvdEh1-F- zPv`@ciSPDftqCo$X7O0vx3WrZKnEVRsTrw1ar$Dr^S+T`LuaF|?@ut(qJ&bwx{deF z-RtEUl=>X;SqkEx0>K{7w_<&nI9J@1{mc7FiL=-{3$)Aa;PWMNmgQ=il$235z0M;s zMp52xI`2`r9=&l4B+7H15ogaanXq9&VNg)J`Q~Hp@S$1wMzRvW{iiqOQha3uK#AJm z00&yH;qIf&fgu$^5I?tg{&M>VJ1Z)ie(uDzC>l8*p}0g;ql_SlKYeaoS>!4t8LDPqN;x%Qp#t$5ZiAHu)kRaXN&CD2df zJPIi4CmQfE5SqN)&{SOIPK}5 zQs6NUkdrGy>6P=FzMotfZ* zF zV;m}=N~V!a6%|oUslnO!0M%daZOO^o#|i>PkCgZbXuc^d9AK@j(U`S#F#QbA<&*Ti z$ywqsdJ+$Lmrof6g8?@0d{_>LKNTcdAe|F)Pq)FRiIlw7_LM|KGc70E-Y}!oR6z~> z)-(KEULd&eCH8%Nj5WgAUljy8+)St!qFmm6{a%j|4Mmh?*Gs030_sd)r8%sCU~IGd za?1D%e3AgzRMy$YHB$wi$w%2)ZP|&B2lKOg4{^8-&Z@^9gK|vvYt?*ja zs3^$>|ID2d;H$3zVUeM~yYx4G;i-FjW$ICV!0nm&`BF~?=VU}yDVyjfiUK6`^{woW zUnWSv{``2RN}q)1|C{>!nD<{1KJSfXjR`dOG>&_PUFr;}wLR5?JDGU8c-X_}8M56! zhMr0`pO@E5oEH!q;yNZUm&PScLc^Z&I(5l}o*a+3goN<+qlwX3RA>YF!-(TszVj|F zIuowtPstjaTcV`X&$yQ#h7sG^r|U2>K7Az0r7UhJD9P3%lDB)pjQ&T!G=BqmbDth33^ zo0Sgk4eKj1xsN}oXRsHbplWVU}gue}|V_>bdiL3jlUA8B! z>;k<uM8< zXTeLn`wpww`oOSF-6;dHt~_rwNw`-aI?3@JKm1}^#m_P`I;Wb8#~oE^g1zwyOPsRL zy*d=eZ8zr|NJqx_PH$1g*^-5L;r#w~{cZ<8Fy;Rv>#d{OUb=AM)6$kwDDK)~!M(V& zxVyVciw5_$xI=(o0gAf?hXBRh-Q7L7e>vyAYu#_HoBwCBXMQt#wmwhg85??;e~6ma zspDN23-_^rlMH3sN{NbT1>j&)2O}MH^Ih z8bi8P?>;Il=pEra2-Vd@4biy^-#e0& z8zN}lcE;M8WC|9ls-e4}&P|y?wB@(@O+L|bCdUgv3th}+9^bA;k{dp64?y!ZS&pM| zcyKZT(*8taL>SgPEC-mcF`=3fmQm8*9X4a;U2gn)UPAt+iO=bA?yaoXcEA>8*7G+~ z;mx8}w!7Dc?@V-dTHw=3m$%GxbYpMK_U{-){K4Cm9_*vmW=sGY8WG|oo$&FAEwBA~ zd>ovdX|p`xMw5iv1{$|hl7UEN|@*$Orej?%EXi3pv1s+NqrUVSMk zWIsPYT~d0|L3qCt#A1Pr3;~_a^x!i;Kc9MwV1CXcxCrlsmd2BsQqj`tmc%pF+pbPq zAXt6F{mc5im0VmdQ&;+d>7=awHz&)fJ@=Qc7eT0lnHH-0Cq#sZK6eZ$swO_X>EZ2L z@@OeHXYTy8;OK95ya)6|WFz8= za%69BE{DyNGs$VoibppYuKui;vSfu&Abva^KVRUL@om+I8>h$3p?0ZR&ZZf&J`cB} zgX=HTbrD-LqZDtQ+Hn*cYZliNR{Kb+wwxwFxV6qzjJ!(adLvW<1{&7bl*+?@H;?oYy6w?D5)+iS(|9= z)W1-)^l6B#eu#0Jt|bKLH+tXk5|Hz92<6NMC&qPR)&N#_juLSKx%*i|FFlN!y2>8f zFS&w%hf99h-+Sm|YBqWd^c03_8(l*$PGlkxk0iYu(|7tXE?Bsir=<-Xh5Lrw8bubV>;CwoY_BL$0{z&8~$&glA4 zvrQsJCsjc`|7S7#xwo;2@u5*^NW#=ACAeLHrnM?yhuv0z$-0xAn5tKL z-+*#pFxc)PW{mY(&!LqkN%8bAz4yCLhzu#I49u}Xu zWSi3ei-<^60il!#(DO8&^gpGpKl@YW0f9!oQlD=iq?HUFf}V%!-Yf(x8S6mtB<;fP z=X>&zd1M>Af>WH{sah(?N9h9Ei2$?1>v&43L_=R+TvC$u2?#Uu_gDCvxIQ7EJtBmQhgYPK00>&WuH#nF25&M}usq}z zDt(s?2U}@q&}d?iTd(vn%F9RMkdo%2{6!SyW()%fqsz-#$^@Zhx&5DcUn9M)d93E( ztYuHwo`p;>>Y(?29;6OA(>~W`VPu{jAR#9&_Y@mE7CxP{N7yB|vw<-Clch$rX2tR# zm{fno*W6twY^HoC4-2d%@5OwBz6U-&KmE3E0h9Fkw@%L&$3#c?=s22e>&0w(WB+v4{U(ffGgW~Un<;5r8@1I8-HJEE{=RwSDd(Xm|1BN! zc#x5PB~^?NTn^$RiUN1tE_J5c*OJamnmB?E4Tyc#*-A3Ev$k-0d!LCu^UlVN3J6L(PaX~pwIWd(SaW#dJD z;UVBhfDSJS@mDZbKj4p8c$>Ak32Ql>a@AaY!V4qyJ*2-*ciMfdT835nvg%O9VsG>u zo}PU3D_u=G?FC!;^^Bml4}h_gAT53Lee3XUU)vSWK5(oBVS(AH<2Y4v>Th+!<(eRl zD7%;YFsP&Au}9Dr{N3wi(mCIDJ*VEKh_p$p=(h!9_!NIHRv)mWmY?3kFM7uN!ywtJ z;L=HIWW)6oM0g)1#?f+y43lpj91>B_7?(b~G!wdw6P6vPFtz5frokeyH7}^e^@g9q zqCn|G6v{VJFFTRCX5_|at-03yH-|<2;nEK1FyEh+gRf`y(FIvaO$(e$HW7*0 zPZ;db4AKm;K5f-9<)E=nCV9&GdyZ}CHd>@Is23_{b<}MK9m$EHL0Q31%|~*xn`%-_ zjCy8!N6>4%$D~EQB{~>G@lyB_dKHt3h~;{-aKK}G3i;AhB-G%~T3d3eTJ=xlw$vc)#BJ1KB&H57Mpu_dAGF^rf2aDZE{82BB zIa3K*92^`2bGL8u?@CSIVT#6|uK$T+Aqiu)%PC>Ns1KwYA-K-rTrGY4Z(X86;d&j=lz)0VVb}NQ zsvj8W%IK(WFBMmOTu~dZ?8JG=EH6$tYZMN;3Ck=NpdHrdcy-6VB(oDl`1nz8$b>pj zkXdOOVTGT#h3*Xum;J+Xb#MPVaTn|IN2Q_9a5&P+h_t_65YSIj?B%5cSPPwd|7rS+k0sOX9(&b z_+a$KW-ZSuWi2!biyg2}nriNGvXIe|LnBN&cl~-qrv+`=0=k_ib%qvEz$OGDFj^M3 zpJWRzV#hDV57J(FIN%1R(Ub|q+;p44o<~gH<)c|Qhx1il8H_a1GI%R19oE+Dgj9M? zk}KX#S6Zh?2;{eKj@i2%3yjtd_iGk~x@pwmhLvM^DjZbGqi^m5K~ZV$Y;0VT#jEsw zPX_|#(O)_?X!Rx#Eu1(~PvMDox-Wk}NiMT}D=+Z8pB{E0$tSd7F@6}t za9ZI^E~*2f+b{HO_lc?ikYrkuJgqKR_>sSO7zqzVbCTCl4!dsptpDTvG?7vkwYx{6 z8S9kZVC3QS8qyd!u$tXV^{ zAH>rzEnt-qJQ#*1OUA~P96_7S+?#4sqE@Q^R6LndeIBlskNFbu(3Xz0`&2=-T(a5X zaZ}5@^^qjykahE@y`FE+V)2HXo&hp^N^W_*S;l%wB0Zrt0FYs-SZ@(;C(eB!PI)ja zP4pKM?mKR2h)WABEfK7Ah{A0p5-wb#2*xOh|A2=$p|{qzQ&@w=g+QJyw=jz^!XW9B zU8ND%bAo80$L&1w=g}bh=ZT^uh5pS*k_wTrt$<3?>3E`(5G!Ls6(^M2H~euL%fa1# zvJF`RA+s6YY2o-$z-6P%;4~{bES0d_ysaFb)O}W^&lN`Au2A~}MqJcl_o5?mP2pct znqC`m+I`9Pse6uEuU`kq$jWBHni4$^IZD9zikX6P8oP9iU=;+4sJx8xsB5NDv2vDZ z5JG5SVK6d~&({$-$*i~>fzu4h(|1?UkT>AjuhaNELwa}FscP3ipX->1Ko(8u!cUy;^L(A|;fK)$SF^F7? zU2StD(OECl#t^ezs=>z#L(4}Lx9vACk0QTeZh0BrjakL{QOPNSv5;DC#WyV(#t{sn z;;Z%)$)lpIzWX+E?4O+T;CBj12w(~%8|l)f!~VQWt)N~T(xhvnv?exr|JpeN31 zs5lt^s;iM=bH0Flw_l4pUPo2Q-Gmr@5kqy(vbr?osJwH#k2}NnM8?p=iHhJ+m3@d+ zRV%JNgG`iXab>+m3RfWtFW38cBi&A59_q`gLPRrr{0b&0BI9)?k>L-=%J8vARoTbm z(y}G1}bSia=H|O^~QLyuC%@JO&i7Ao6 zrLW9MZf!l2qb(gyA)TK&EH7*6NCwz9J)I$>gmkWINRP zPubUeVV`A1r#TS=+!0v`D1ieE8dtwE9~|J!JDh5QKwtB4AJnXKz_A+^L0RUHuqeg3 z)o&ci;+$pLj6%YL2ygz~_wdwSU|4ANf}q>&qyRG4x|580`96_XC&zR5yn#Luv~3j* zzU6Lv#@4&e%z{ce$aSF~PGLHc13V6=cRiga506AP6%RvYrW{g3$JnlUEsLB7)4qbz zR8NGfN_T4s?}C29sCYnEw`@0GV6#danj1@WkzHThCznW(o}QTWtrTFwBf4`}_SlEZ z!bdk=rFTWy;S7kI^@Gyssn*FaW!6+m-Bc%Ww0;T2R7aTN3l+XwZp;PJ>Z{hx1<*r0y+8i~fOZ zpGkYvtgaNi_~Ar6Ju)ruPD(vXcv$h!AoWIS!ss~ukv%r;#cvS!2yN@liQ84qfA>ed zP&*{=?GP;v>S35L`wok?d@>VviE4=jdVpbwNe^8|zmtEWXEj#mR3t~V-tKPVQxab2 z-OqVm#tp*!ZuL#Y>U;1#Su(uI$ zHgP?W4W>C9w6I&x z@gnM=1_rRX%kP*bXdID3N+oo=Lp4*wX!ux4bb+3eHK3Q$KC|&>RevEc0YP#KwkMG| z(QY?PW~4K4rJzd)lsT8yr7u4oR+wqyrkiW0K2X(U+s#XL$Q?9pEw^Z$oZZ|K^4#jD zD+`*h^+YA`t+pi!b3w4O^GT&+HPt9QbUkGfIJee%v+TH|4%8}O0H1jn56l?bbnZUb zDHL#4XMZ%9z9QDNk^b0yJm=(PX=^iZ-}hjz<8HJ?J`a@pU1T$VVjGN&_l=y?#}he` zHm6LH)=3F3^RSBgWOyjyTiA~uX(eb0y_>G*?c+ zS1y)PHb(Oi1`6utkpJF;|D$8wrf4Lpx8tNdAJP>BuLhClflE>4u8aOlsHIHAp`oE$ zr4HrG+cU~I>%B$Hy^YTv-FiPY+C@S)`OxgSXrNlw0uo9ZX8O z1pK1=9QQ-@g&sFAQY~`@{=e(tN*ZPZq5Pve+WG3qLvybxoLwqfsE&PaCJTG8*ymtd z5qt1|mejujE}^0J*xU=G7FARf z3d+M;cyXfFzDx<8ok)!EPO%qn$*ACSKf|f8|7%^=6S z3lQS6|GVc)PAMrynsr@J-LipX+J8sh>4(WOmHgk~SsRmq&EJ?Rl+^Mqz~1Q*HUC<` z2uraU<*)9zhkE&{-3c|)Mx3`h$Y2?&ER7)GA#d_+8q^m6c>Ut zcrF=j1{8dt(;TEo(awNOWmiW$KD8dYnryw0 znSl{9BTjhc)Pzu>#gBvxtEZ1JQu8%!Xoi?f-RdYZ;T+MAPxYRl`i_r+n^tRy#sQ+j za*UR)dT1KL<%M0)|KFxC2rFpoIj%CB>YTXKZ~D)KTIhrbpr#rAw`twWzexRaYoU*_ zlF>%)G1@cpq1#%bE`mozyR*Xl*FF1lSUEUtSC12Nz4?x0DIawW-%nlq3CRHXxaLmz z@>Z43l87(F^IWP);L#)G6-CTv;mbgz;WsJ-5MF{Y2 zm8Ll+Jm&XXc9j$z9ZTKI^T~~u4Q6@$6ZcYGuy%T?m8;jcM*>rgUa9}=I_iHnX|W5c zzvqt$#xK(zLcK2ep{-+Ry28PVjkgWetz=pDHFdLTADUAZ!NG}lOS&<3eR~KS>rc>r ziMU!GDve7^{NB$nL3(87VtSu%;t)99?U{dxBR|BvU?5BkPQp(ixH-=;)>vu_@5Q{v|&@*NqL0jc0s(c2skL6Tl)4Pk5 z&*uY4{kJ%o+CYuXh%Pg5#y4gMDS3F{D)s2w171k3h5zqIq5k-1{*|Z<>H?X;A6fB& zCj$Ku-}pI*Z68?L5S&2faOwagUo`X>dXw@SEeX7||GuI-@@PKy*~3VR&p2nys(XL7 zqqf6MqmVR6L%15~ohE$uC+9=%NA_+@TJfK?l&JhC7Ny}!HOsr# zmF9`AhN>>NDwnr9Kkpprn^xUB&LosB+fF+~l}na)-71R(wLrKkp;1bzR*cY>*qaf* zvVZkTrfMm3g9x9gXV5)N8{JM=uFdu7&0kqpNn9%>FQ_?DHm6AJhGM|-g?+ocoyj}& zB?FD?Iu)yLA%@2Lq%2=a?8mx2SIKTMh_>4e#G6U{s9|>_MsomMDYYHSrxg#wrGU zx6Tsnw!#8FHUbb|HMSj#IWAH6F}(IoqP0x%G)UX*;h2>=Usg`70$d5yOI}lD{i9P@Ed6BYjgGL{n-q*wRBh=zwN^nT-YaKW&= z{OIDc0|lcTkAKnUr&C(`?_L0c<6yHrZipE$0O^9|%8h~q++{vSxv&iBf5dXBlUCP$ zM^8kvXIYR8X>{g)DAXRu9oJ0@>bdo!SuoUIE-BFe&t)S0fqJ48t!#}&Ct;eoZ9 z%iT;e^yA@N7@F9!i>P&~<=~v@o~s!y_H=dCp`U$x{0+x;a&--&u|bsd;FU7bKcmjL zRtMMeW*hzxIy-=BI8`rnmJvS4gu&Mw9n;?ziocXg=&d|uY#X4Isnah3};g8sj0H|cW#AQw=+G?Y6b&$07ltzjCy>l zx){}toaptjg!{jp?}!JR8J4G- zi~DYoy6H@HlB=?#YfoNn{4T7vMxE75ub9v@=>PTfEjbd0EC1ecA?NF!hMbHH7BUQq zi|Sz0*h;sfdU0K>BcZF>HlZ}0UOK8#YMPp!)s`2x|3!l(qV}hSVS9&QVBogiPHJkBKntac1Gl+s;(=a!jLX!=``J zYx^N_ZzFUXQW6duQ*0tdcLJLseMQQMV40PZhAnS;-@9HeZioz}^P1OWcvkjT(vkGd zqwWg`#z>x(C=(YG?at7}hNq4uZ9aUSJq)E_%L{QpT}OC(8>vR9w-QwiG(zk>wB=VM zc&q+^7Nz=3WQ5~Ebdc)Muo_=g29ZpCU0rqB2~^Yw(+vSud`3#4xMx@cIM$Oy0=CIw zvNaRh9sb@7H-fn&IRPUf5GOfVG3lH9SWxqj!;|TbqS=EmEBE7WX4U$Q-$3xkRa*Ym zxf8Qa7iUUCKYM*gSg5=8>r@n#7*9^gs(O?`wxF_# zBWfxJa*KXCe0Etrai2WWjhj+we;XC1Lh%LFwg})iMq1npsE_l`4Rg&2HH(tX9qaPd zhay;3HMsBwbMOiaaK_hy1IX(A6KE@G)n&RY7-D0n=(g2Tx8G|EI3+0CSQ#Zc<8Me> zN>*Ozy>!8lr_0P8a6}bl1+G)~zABQ+@%*+ozVa?{G;BASz$+2;JD*`60RyybkiC;> zV++uQm7Y49+hBwmPCgvo3hw%?zM?cJPts3hlfeC59G0fkA&f4+DE>@BI_A(2YTs$I zvrLT8bP4)`!`nQoI};Xw-y60CzqtAAISL z4VZSeYa;;!1rrm7bwZ7mnvW8h#`cj2EXz#IPF-^NJm!suqL?I*i7)6QWyT)Wj)f8R z1Lk;i;seXT=L~?SKvGiaz!mZOdDt2f?Yet`h7V>g&3*RRi_~O*54$DS4Y2IAr5V$1 zu&E1{zICTAT4Oa|P<|Cu5B;kf;ImUodD7By%5Z`=gTItXS_PB#_Qn!0T$W9UA>q#1 z#`9`U<-I-O&Zc4wWw#5ix;Aa19m*EcwJvArS{_ckt&zVEak=E42C3=D0(HU35kr$I zi4kcf0#*Gf@_l@R1C&o?cnyt>@v#}5HP*v}_()%Z=o=cnV?S-AFh%S&qw>{lYZ&rw ziK$DnBq`Zh9r{Vh9xNt;WTj2{J|BJfrZ8Ivwk|K(0LlFmvB8%{d_prb7$3Xm!7r7c zOjx)%HogpVn@Tz$XO^qRNyrUc!@*XN2>~Zs;2=GfiCb#Kt)0lK`v_7=o+&ZsLVtz7_3c0dmlE>3XWaxEshF=2f=J~pi^tKrPkUB%9g z?c)^ve1bm_UP4qJ(ZMFrnVTP%J46XrgBG4-QZhH{_M1)H8s|2L8%}aK2eWf*ygvUB zPF=mDd#B0lH6ROZ)aIc2@I^*V@)NlVw}E@zWtE*3=4LelzN1@B6I0>)E*kCAd;0NL zZ-RTr*mxt{WC1(T*96#LdfErZ!b75LT7h&Yb_s2${3M7XO39e;u9i$b`cfH`QS^pK z{-95BM0COWFr>FHro!CAI^k2yKaxkMbO=-a|EOZ3s-^OjwO27%&*zV9FYCM=a#=Zo z6oMUEtWjqO>|D<-@4(wsr`A*cju!!*q1klF&|)aoV3TVXRMEk>umUH>okvxB{O2kk za)&HGqJklhbNx-U7L2#nN<^T}wwHz}1GCKD;ZGD~;4E-O-R_0(qYP+n!qbZ_{)mvf= z;p-pdx7%id&s%CP?(U0b2!-vxX4wUF$mdL=RJA7C+Z|RoX-IdcnmZH>AuS)9o9RRE zrE{a;@2PUm;Bs?`#Xf4635gJV=pqL>SD&>WNt%UoX3-Zxc%5*iM%fUB?OlP-99FCX z7d>x9zBk#%Z+)m>R>!q8C35&X%NqY?_9EBv)_G;0`sA|=+D8}c4JVY42y(&N#URjv z?f@z_U(Q4l~I!WXiiBp@(+R`9)&H!Y3gsTxmdd!qguh z21g0>g+|6xj+`Vj^6!fPA1s<@|R19np zLPjX4TU&#Z1K%i;FGNVmqX(U1d1NewD5(=7U)%4_vbHepu-xJ12cKQ%`{pKUfwne> zw+#eBfqVmctSx;qz0&NbjRK4%X;_0q$Zpu)11aOJ*svBDpL09KtQs;OMY6c0_?z|< zmLn0bK)I~2OZmuHvi1I;cz_2yB}cZo)Vg>L5|B1FPov07`iYA>DlCgd)PTkDbbGyChKEA_RM{H3CPf>%te#bQ0amcZesqdPav=^v%}Kn<7j{r|a!K%9HK-+`1Zd zE;T5FRLVv|KuD)Nf#!Z@#3X@T0`%ntlTnP0P?2xW&UW(yfv3@Cc8g z<-<4k57??GEx-id0^k0@P=W|^RyPXasDJ=YzV1Za@H&`T@3(>CirL|oK)1p)_yWIV z)NG&5@E#@-Ro%6lL*-XPFAkfkw;T1t4Cnj-^(3Z=&oi${l}JB-uHPre%tpNhBskI@ zq;_vC|Ej6c!$r-DVb6pdQVDT{@3~ZI5>2TZ@R;8;@af9RhDAlLQ~7C>Z*cyueR~6t zV$!quPTxDdjy+$r9yp_?{pEY%NccvnH(?6R4Nhc0w=OR!Ot?9~mY%D;UEi?MDRx!Wz4JlDAiE1_(SrtB_rjxDb8e#X0D+0w>G1d5jTPq?3SG7{0LpifG z5qwnwVHQzaUdNV>hAvc_0l5+qv8t*Fgks5ev^|B2=O!^~OsJHKYES<(*FR8+2&`B5hnreqw&?2V>e#8(?56%)`qZ(84BTmP$e3Bb$tUQ4H^R&C;DX zHfz|o?|wbWVS&J!lL+tigG#(i>*;;EbPq2^FnN%xP2YEO;Z;xaUzx!e_N}? z-F7{+A+xHVan`>rKoEa7%Zc)MQKa2^KXu5(#l2wW>(V#cz6Iz7a#*wLNwiWto-xbG zF=L&au+AW|fsRX&+9#uKo2u5YX)NwYFGtpTl^|3sWq}*w6xcxE?ffqn)slxW7YypY z{mZeo@&ks!emXJn}lEGb+M`^!d*uG)|h~pVlLhQEF9eiKNoLyX+!p-{j~{~-7OC{Z`Kj-bK?tw zz7AG25wf(-&K zkHewcM^q1?e6C>wztxvUPj(uevBbgdSbIs`MfGl&nCbGq4kA|ZgC6dSCfEU@h~ABz zBX*-lL47(r)cXJd)>x3iUk`u$AR3}00UQN!d2~xPj72eEqrT;035Q5~S`EabDS}i6 zjgKBbN#nLD7&C2x3IA>~m(PfLVln7qcezhiIh=Qp40qJUNr%KhhM*5!Fl2^n z^wI5Qo+Za+HRls|J`Y0UX z@vhm!!V6a_ua~q26@a`>E+>*SX7c)yno?A>>&S##?v7eabr}OGQhKN|~Gj-T@a4==ZBTnJSXvexf z-IHBnh`= zwN>&AmnwKeNnDct?OheA?4j1g_fu;E=RRj#FdlTaUerl%;s!)`5-nvzFg)DYkY5+! z%`TCcOeJ|6>iOM5Ag%5#s)8ZLg$IU{VS(f5zNH&1Y6A8N2E9j=X~dI|NQS}TbMjiQ zf-CFYgi;5E@BP)Pcr%D>37p92$-bzpYX9BdVtMz4`Hf_dF==r&#~PnkucWm!#*V3R z6vznCxVBh-%YgrvQH_`w9?(ZZSisU5K~=7@=lX7Er@W;y18cjGK2)4&8=PMhEi@WK z;Sso-xi}Q2#y2pll^U(O6wS|QrmXbxUSQ;w4MCQnK2#6K@$Em}%ck6+M%hm10)s0z zwcnYw*u5bW`D(KGX?}gT>(KzvvuntnALKm4mwFFmzj2_*2K2ug9s4SnjcQ#y`l(oI z%ak;qeO9f8ebI38-`a|!uhAkmf!g3jMQcgg_skUCCDw1+Kq?zQq{2#wH2l0#>q7@r zh`oDISgM20S;_JY^((ryo)0hgXeH@Tmq+XUZ*lzKlbPr76uwCg!f=k`bTStjavHko z$a5Q<`*Cugl}8rOx7`h=Zl7{YeiBuujE}Qtcs=6M)Vhj$^PZJz%hPJia6a^wJD z_s6Lj;IQ*dhThEF_P2pvw)N5d&&k-gsns2Qr)2dCZ|q-{L;zWtN|LP?$kYoP#2OHu zRMP&CXB%61Y6!bt60eJ3a%irpBtWv8x;o8@RJAMDC6$_02{L-Jscni!cJEnE>P|&3 zkjQ97RuslBAua(30Nd!3E;}v28S>JvlJVtvZv$1n*S8ir`Ufl}SO-(991%*~&Tp!_ z$(qiG${D{W@4boDoDW5)f=Tl6K(F*p9{zNAsyt+ZI26vWB>f#fY`mQsjH@id)m~~3 zYIe0=R$vB~bcRVQ<-mT3GO^XZ$>ft$v}M2%b*HuavXbFfbA1`_b@tEsqQ9bt?1%Jt zXKD}fyk>^9_$-SzjmMuqvBZ^Q33=ByUv#uR2a3n_TpqnazG=eDv|QA4&*DMpjirWe zAoVjaW~?>s=u=#*J&UX3XFdp4_`OXk^iq&Co1r`m!c6GEnA&vm~CgxLg|!YN0O}Ke2TVOE|MO=DT>5OBb8FrcriGvc93MUB43bL%jmp}uu@sn3^lVBY?nyi zbE#IBy2rr<%brd#?RGeOUhOkezX{^7glunNQNRo;ly!}UejO9^u@oD7<_8Wv;;!&w zDyl=Y3rB7$1(*nSfh1Lsv^@nw8QP}QL0sw#GuzUT(4X4qu)6e#Tu0UArLe1}q5TVc zTnoGj;w^=)FazF)AQ0n%VM;yH{0eed{}7E3Gm?MSXyGx&gfh8A#L@>d&sPE8q_(=_ zsUOH_xP;?=bKTv!l3EElCpdHWNMx=bP>AZMM}I#Z49sl&X(`LP5XFf{6ei0jg0e-k z1@wBLE$^aL=C`Io%2vgBPcWL)^*gyTjj4{=dW+D1`C)Gw&jR&xb@Cjew_8MGk8>LG0T}prKF#;Vt zl@ZEQT{Iarl)dQ@m_sMj7EnBn0Vy^2{o7@+I6LFoc~nd@L- zHf0}tGO-|y7+dy!XuylBIMc)2p033{K9q746>zS$ynKfs1a@O9o@!eHTf0iEP*p=E z5=ujsuzMIjjHxS2dnglvB;%b`J*D$YA3&w?)D*i%Z-$B+GATtGkBh@c(f^IhQCI03 zC55#4v+Tri%TitA7$%FWn}|>uY*PoOoBGuyf#rE9u`l|g(LOocE}&BRDj^f8WVhkj zxjN90t&f070@50sAiPRWaIv3p`a432i>amB9i)cZ@c)9|449twFmx#UIpJC z=4w$O>asL^p|tWVjk?7IJRaIz>F5~dR#kx;65i;Bhx1{$-&cse%aw@nexqC2x@G!JJ@}8x@F zdB-0Z=7oG?FI;EzHM`{iGr8TPGB}I{DN+RMqHh3q^?wGNLVlQiKcFbP{eVIb@N65F|OiaLB+#WaR z2ewy4)YKRnANk@JX~9UUo?L&_KPP5}mlC{?+{U@HW1I>PrlD)`9+7maRkU@M3wbBP z?86gf9?|X0D*RCvJQu~d4NnH{DsA71KlohF8me>qo)whWo}c8ppq+nH>$>S!B9`;9 ze7i93ZNitk;n#sMw}1Iiz~bS1RU}}vX>+Ik^?x2lJth_xhum)TKk%dFzP*i0h>xn+ zrHRf2Zq&{yf($@06%oiE!;)kQk4?tR|4w!%{SMUjS!QwSA5KhC^i-X(q`Ja?=j_Pu z9E)m&?mR)CLcOb&o68H_x@3n@RufITtofeToT07_t9>)44spIaA|h=ebCNF2DHp_; zReL~@9qL-0jW7_Xi%-#_!9S3NyOZ+NYL`b)wdCVREwfqI)GALQfSIHDCni+I&CMf| zw{GIr9V4NA${XFLrjU z`v#dQr#88eNm=5Lw|_QwVnsXnCRGl-hG0N)z7!;{!<8vT#rDTn$Rt)Gwad}?WOcq5 zLY3oDTduRkN642(ua}3NNsbF3?`Q_j(&oxZYkgxjTP#kIw-7EnRWg^|WO( zfy$7aOtPtNij{#yFV3I2y_A9@=tLLT2UVfD+DO(Ow;${hot3rM|0J-wEMqN;ZsX(x zS!qE@+C!6dj&JlhCmpduU-z2%C05ZYfxwDiDgQQ=yB(pf8Hx_&W}821=zGcUIX+10sTm zp@vZPrD&tSH%D0Lp%0h@8!-`j|5)77)Px{o9_~m0bvXzW$+qX3Sydq$3fW`p{Wwy* z4ZFNW0GU*vUw@PGm#BC<8MiNA_ypAP;4K4`M~NR zG<5DPyhQ*8ksS93EV{?*xzv{#ixAGMq;!eXfFRhS;*N!)?*Qi1Scw_E0~5R|VQ~#T zTdEM^h%|Rzjpf4~3RJV(5M-wzAqZC4uaWx?8)9O8{j7LT*0?As=`K^#nE1G|ehM@# zn`T^jJy@qZa&7R+p|upX03{89#QAKIs6JC!wQ!?YfpwbY$WSY08vf|Lgb&bz=0dVY zw}ag&b4EpBa(y%gWBc!c2nusS-)tK?`Okf$a+i1fmU>iSjw|xwx}2Rk@4V%cPi6m} z!Yx?|TGT$_eb&9v^UY<;s&t@$mEnsjP@9>AzR3fPGUH<57D@M$>ri zaf_^+KrW^&{g2(|Y+n?g0psVBq=pUrm~q?eIt~hel@&t?1IqaYEdxJlzgdNeA1r8S zOFA3A5QGk!t2+LtsL>!hhJGW`3?)FwF7OUH4sf~3&h~f6k*G>IqyaZo&RdM!FncwU z;UK341_}N1enrk{JeRcLRRVa`7fHDMH;Db!;Lwuk$O8sc!yPu z_R@j@vrX-~c-E*`c zfrwTc)&873+88+iY)l)>jy@H)w(-@zEoFY6NK$eO;sP$NMIJcakqUnGJEylW>1@I5!`f-%}vopw}XU_ zr8OFvua&zx%FT0U>OrPyWnCP)s~@-|*%v&Yg%5o~k5`|Pmq|?ypj*xl%IIaw^|VR(mDqm^6byDMORHT>t$x*Ns@fDf6@mV4wyNiz`x3K?XmBos~XUAe46*06k! z|B(vIYW*(S4b$mhTL^i%+ccj+4|C%it{JgZ5Y8dl99SoVxL#;3teE=)egQBhc};TZ zzJyQOcZ;r8Q$Bv$q>ZyQLv;|L+lkBz7)q(V>r%;F7KR0S^09$UOOzvO;)K66 z6m$WdUw9Ga8fmKnbN#0jhZ}$lU!T>Mm{pO5ZhxVv?l!{%ni`)#5rO65Q_{UHjA-|D zEe@Y3ZTx^@LjlE>WQgzu7>DeMD*H^*GGE+E8{DDh?bCOKjk=P94gtDsOr>l#1X@f^ zPR2Z3+aZ9Hu%y=g9@Ck-@YTl+A%EWzXjSz&n?7Jsq&A0)9lG)`wJ~HGG){KGD>@Eu zvz*_t@fvn3v5c?zD!{Y5%GlHxR_A{0j3oK|_$(*?aaj)?p?FI-Jg;kaumj-Hx@ zW#};>#WZAx11ZtgQAejuP5+`wye%ucTPey^!7`675+7m}CZ)-TqN7VbUrC8C5}~c2 zHbfZI%)zQ>Il@(-%_1G~DXjaBFS44G@@Qe5En5u}M~A2fT1m(Mx?3eE{NH#Vd|(4+ z7eVk)I}xprJqkWnVamwehSa#kYia>s<&u_L;T}&~TRI`IjJy6&WBjgSVP*ux41OD+ zqs@QvZK=_qaas{b$X}@~W6b2H9NL1SW(6NdHjx*kBVRlePPUDgWL!8(dqI??p@wL@m zm=?o4W+ePSWALk&@&>JxA4ugE?MW>KSfsSwGH1TBVW+)Fw9)QvsS$d~M#Dcx3*D7s z&&C^#5>$55yyT0>#u^Y~+0DHw9lQHIKSRKbmbih3EA8kPQ-_otudHOPD`U(# z$9SH5xTuus z$T}&f3nPSBVm#O?hS2X%>M%U!UUXbTgob?~yG#8a5>Re61nADRys!iFy6A2q8ov+G z^DQP9`fBJ*NzBdbY_u`NDC25%CNCS2LF7Rl{f^VYqdKZ1tFq8*s zM*b`Sm#nkE@PijUE^zat7;m~v?x8mvTKNuSPw(Eu#L(nBW+^%Vz%|q|^eHRK3>nkI zr1WHpbUzxwR{U~-+T38Q?cuAkV-`kX`t(&izc1Xer7B?hb&*$fq#$DC?3X)dTI#xF z=Uld1s-c3C3PKVbYlH9`Qq?VSY>Px(?}QNY?CGKrsQ`2#k8i7RgM8`kbi9IZeS%5> zwhYBMXS+duZ`hw5lB`~7@>t|GF~l}se28MHf~R*=Fs3a0pr2`J>4WiXn?KLaxijk) ztQ92Dtuzj0%wtb4eP-*QV(u4VJ(x3)q54`_!b1g;kf^=FkZmbCw6insUO!7=*Q$@; zZ^;GW9twr#tDF21te_WRj*9zj6RET!1F8w~(2=*)Vfp*pH;cVJUI6Fga-Y7h$T72H zqNzhAFzr1xH%CUT?}`sDK5L3?hO*4#H|kfAW+d}U1yUnV#;%(}I^&K`>>cS2FR53mpCW1kWg^gx5>%tT#p`hGkK6&!=;*Q03zA zQ`NMMUpEvqx|EuVwwb-W^cGui^ELGTod0OhcVp*J} zKjp|~<46AUtC7=U{cu!ZM8D?B%MHx=^xnrfWLHq!+z<~z(n1Zh7S#?1)7_R zKtc5c(CNIplbUjEarV=>C@zlGg;fS5Tfoz6>U|3usD%Vrg&J-3@06lg4+{C}x|o!v zK5sy959alCWHSL$;0Nil`1kM4Dl$r~JH3~z;Zvv3`2GUPT~VT$?nDh$xL|e4xv(|N z;0v*cTkB$q#IL%NY`Fi%YrZDupKA4nA8rB+B55dW-jjdE=9&y-s%e*!H^)v@7jpKV z&{v~elJ#F;BHmn2r3!L~C9731GCB!Y~IjcV|crws6mpeX1W`&w57;s2~7W1A#jm<^{W~f5M;`lF8 znBav1sUzH=}nvrvHp4$#FHt&=BpY?U^*QgB%o=IxRxKYXJtdaH71K7MZu{`J> z7C$Go*s)~+H_F*jeVR9E14ho zah&OD1TK=Pi}zcZS#8cS(rt}+6saK|LsGUnOiob0tdK3oR@eMqcyF}$kD073*RSXt zmKC1B76p|E-x5c*e6`LILt{zWz_v3#bP^|1)GBk{o5Ez0#Lsy@>Ucu0>pxk7)W8|- zY(YStlAmu1sBdNGOkJ3(vOI5Ap>zz-*r8tx}k|Y?KGVx}#FsCe~ z5gbfRD*ZbsF;a+PL&`LOpLtWfnaFc%2kT9RQo(>1Zib(VH3p> z?aOrb&*$;UhT;b9(CN1{^vd-Y@HZy>c1<}*Qj=T8c!Psp{n%!q59K18x0o;bB6Jf@!zzgx;XBq0~GiRIbC7oEmLrEtqBIx?tG zhW<>-`zMn$DMW)t3@_~dl}`T2CXH-!?<;z$^bOZ?F_23KDW2n%?l6l?7&rzfu2RT2 zf{VutQ>cA{@bw}dCUFf-rf4|*p692Nd^qL9BK@UhR}bzUMnqH1EyyelTxf9cI7FxS zIC_}QYLwPfE}T=gL&TE=1)hzGN<=iq%Y5|-@O0Kw?S$J*5Ug8w{(7X!TfVYM=Ik$} zab+G61TN+>%ZSRR37m`l{naqCB6@PISmmcDk=y}h6 zOg&>@iWA@Ip7{8wQg%)DxdLVq76QJWUp*C$(r3+Wmap}PHL*#%r{$kNTr@l}!6FED z>%x;=QnzGUfI*YSi_&L-jDE)Ap$RFdV`C9$b1xSqpYniMcTsxt>R%5jD6QS>sc;@{ zF7!U)wBbK3QEn8&QyiUSZsM2ty6f^f;H$;q*3!Pr_7ob8MS4)N(E8>$zdhsqA^;aZ zw~Bl>cRq|ISsk&nE+58>(nF3V{xp%WvO2MI9Tj2skrCAmvd=vKYZ)0_3({j$4j2QQ;$TOQ)oQ5O<3VqQ77D{AfzYu&9+%)_1+^>-}H*S zs0Y^9LENn$G{psf$wW&?P6=V&3DiBs;Sk-34Wl?UvV9`lRkC-X&(8S!2#B25kSVPh zLh_@5=o&kUSw|%|;7GA=t(#GjO&LSRwuO})_Xp7xnxsLdg7TWW-P5y7gk_$Ht(m9@ z5^7%XxHN#gaHQkY505sNaaU!6AL{SK(Sb`vybpc<+W6%*_BXZW#|bIt*1B4T6yp*m z{EVwAgJ4*M$zH6<=P=f{hrQ%;X~H>qSoZ3)W_o%b+Y<2|X!D5Do-QG3ed-C{^GQ@j z75n&^@Kr$)!NIhnq+`PiA5c%3C@c?mv==_IXlMh_Bb68!86#E3NX>Vd zjRbwZ%^F~RLl1qAut-&eQ zp^X$vF;4k<>_=&{5YR*j?z8QEN9{MLbrJW;xE~eh4yg0?@~Y*LQ$6fIs2rz=8<1-RifCU6LKh-}h*}fCoM$K@gZT5e7kCpG;L*!!=xTmq& zVSdP08unK%{~vpfK#eHZuOr@xU!dozi%`yAPKaB160&oz6PJyrCk!ZU;0glNMfu{@ zd%p2(yaJ++5^JZ~y7NUexbHM38=J9c4!_G$;Kp!LalEGxFgm~9HQhmIZTzzXt@8H+oaJ?|lM!rsIrCM1;zg?9) zcE$**YN-e{RNilTApqjDR9fo!W!;78Q>mM<3dbK-gf@ihn|7AD?3_1Tcmn!Njj9%k z@$Z^`0|3?V+>^6hx%iv=>C|6+vTS^_FFK)-H*w}mV$>-=6d=FzrqEI47?OgK_)KP4 zllwbD=m0~#&3tzR;b7aBjI4G1(HrO=bT*G2dfmp+&T<#JN?FrBx^B+s zb2P@@-fRhoh2COI1a8R&!tUMLH}OWsg91&)&bCXE#tmswp0sda({8bsqi&ovm!a18 zUFuXtm0H1_;(ra`d`Ky7({dR_l4TJYZ364j*Og|%JhxYm%CVQ-{eZ>mM>)#-2TB8B zw3ZWskA}MZlmoF$^N;iMTtUDq8#cuqhYfsROgofKmT&So*4q&E%g0Qo%VoD%*Ht0# zW}c%c_L=22FNw|39OzNuFQQy>f0|y{{;S+KHE^L`WDJAmFBNe|Sj2^4+jU^%#OJSb zZGxZs;%T2+5d_9j^y+B|jE9?U#+y2JFNp;E)J&3A zpcheZcR#VESR2wXD|RZRDvm8IbIqz0$QEJK`JqMZ$12hR9%qcd_x1D4!>^GnD~+B{8CfBQg5IJI)tv zC>vp?*Eo(WJ&#R*9_%;-Px@y>BBO$^x1=!yee$AS&NOeKH*Y2+nlh`?h|38qcS0z> ztXyJ=M zl>XFU1Z#Y#4rOl+u(VWE4@+EE)Z~zZG5RQtqN*v@??$Uct3=u-_?CJr2bB!utg0iz z`IdYbFIB}33=7b4A+u{}{CkL1L zq#0j2H-wKQB}E_KEwsUPu%oKjItqx*9Xli#tX8G9N3dY7y=1!5s#BCKt5S#R-pV{m zY$)t{e)B_i;Hqrrf*4MD1v&lHjez!V*d=0$h8EIc#FcKW@fG?Co zk~?Nj{X#|rYyBJjQ))7-)A4r!=uJN?S(Rzn%Y2N5c5+tTX7bBjH_T@|WNLb0(=`1{ zhh^5E_4fB=^xcPbKL9c;hvAk6uID~23yAzlu>ap*(oKPi2Oo3r3IGwlqZoHDDm*~W zxM}f}bd^57TK)<#;&hvkVbPuyqc zr?*e+>n>iVQ}s?y>LtKPfl=I_T#fXIYwVi*aSY(Q);7^>DaRiUA_{0}-$%0VG$iTd zD4%Z*6=Db0AbRffOtKs;bM08f2o@ri=MLqvXs$|>yt-IRLa6aTGyPwVmMhtDbyD}i zFcC;*DnLVVC`+h1@jiu`xEIJiwh;Vl5_gLrVd$9e3*N-ZmNWNxdqe7044$Qi#n(3s zq9qYvTVB;eGw<+MxWoj?8pa|$#tq&+zPRMXYD!8pVy!~U$^?p#*bnOqp&>!2R>Y3$ zct4vZE;S-{A6l48A=BvBSG@qigvb=}(cIE#opW~aw>9lt*551X5|a=+Kve4;E%PsA3xJ@%=fS%~Dvx+dA>-{GYi}?i1)b&> zowMmk)$Y416rY_R-kQEwyx*(3xhAFWcUgNGEPy&xBNKFv;d;cZ-ir;&)U7F0fqD=B zeC%wEucF>@f+)-|;iP6|_kEa-uQEa60+Lta=5^lHz>7g||Fdp;d;(i)i{H5-9n8@m z?he+sDZ6Ql{k<<#KHy|s?=n_(K&7RN9{`jld{qou}6=9klrm+12V#FPJ> z;l}SWQv~)v$JS)V8FKoC4%l*Afq=0|d;-w<=;VLrx3TZH@kow%nRBY!;11#5_O$%f&|;vr`H`Ty%l&PBbfXa)i-^n zZ?m7n^Xr^2vI9>2aJEP@##bpQwX}aWZ&2??Ky+$wpWduZ4NoVe^`!Utt7%fQh(nqk zfJ=@wqqMP$6b`n-*A@mmSS^Fl&6m+XIyxI0C*3~`0P(+EPg=x)`k3wp9h4Pa-y>Oa zDdQb98^_vY*bFOl)N;gos&c$F2em{QUYu4srPJ?`z8L6l9pqT##IORVj$fvr2Tq@Z z)1Dn&f%qM_uw2kn?!yZ7Sp<%MRlOeW#OVk|hR7bQrs-h-`tla)?E=u(uCRFhem`{s z4u$WUf++SE6Q0(UPIV$IkM&+NZUja_;SlI%iA533{5tiHH@<+WumID}d=ZiY1N5cP@q<3GZgp=YAUt&w32I<;& z06wHbKWAA$+f!0h8i&PNAB1r7Q$d zrekAnflqfM^cc3q)&He(?`&0R!m6&WU7l?3zdTcN!Q} z;*XS3Pyn!tBU$cB25a__)dK0SEN*R{WQ9Q?K_m(<2Ni7_;YE zCHmtAf1&^|ri|U6EDb{852midEkQTeH9j9=b#vg4 zMHNGzaNtm?PF2s{XSdcnRq*Z{URG@9Fcsnu(2TG3)vG>_9*|Mod3OhYo@h+etDqz< z`eXKQ3ckUBwaKy}2OQ5uR+r}p$^b_WVQy+e;zTy&9%fa4 zHA%10y=H%R;Jyy}2yp$HaT4P>8Vj2*Q@{Gb8TcBp!?XJ->Ioe{pORXC;=OO#c^?i6 zR`*9==pZ*d_mJ%TeuQWTd+pv%6U(dSg0-WFT=W=fJG&KT$7k^oY2WAbo&9 zzwEG@B0r&S)c*pXNJms`XbJ~zD|68M|6S8gWo>E5 z+FZ=8z5w(RAN0rw>P;Rr8ui?NdX1D;>P9=XKkb>rFR5OF(oO{0j>)f^Pkck6FB_n6 z>pee({U=Q1Rr{IJOOJ~ZFr3&Z^R#m&b$MdHKQg5rR;*QK|jE&yK`YAn`l`$OZ;-`R>_m1n=%{yf`Rz zbdVh#O0FyngxrHz^G{DDH>?S=;}l&23Y<%S!s2D>yT0vN6?NW;>BtT^JzvIhyL*=Y z!IpUajr@(O?0N0*1He6UC;RdQwj8xzs*jg=PL$9A@4mwwffV%F`y5&$pHocA-ZOm7 z1Iw!YwsU9$F#+vSrB9Ja(#shX884G~k$$-WuMv8+hwJ5h-J4vAy6DkMNk$I~mta-iv$!kK1WXF6fW9rG{W+!~ZLWER_Nqf+CMw@&E5fi%78@ zx3#6m73SzXFG>24k>^AitiONLj^0}K>{{=wG#4MGyxK;vhV&QYaPKh)AVv4Oi znu9sIf&IBJW6<~n{V!h6@NML)ac^;8jRN`XIKVPcPb&rV_~=gpZvK9m(Cw7hJMp`H zt@|IshzcFKaY5z{EF@V+`}2cy3vF+0W!bSb*mA8fnk}Yc+Jz+`syI08VY&Sz5H4x-WSdq6%>KNF6d2-C|Ix5nh5{icYgD+|KgMPmsBvXk5{ zoDkh(x3Q_b;T?34aGX0fRjMK&2Iqf)**W260xZ0=|L3XEa`|fP@on`+8C2{RiiAdq zujZb9jLQYr@~GT9qv_RlH1QZOzv6lb+kdTI>2qTIDHB-Xw(`YIbMOv3}r#F^vo%vBwCK!E?SRL$1S%r&DlT?5G79q7h# z{bmU0x)v;GfY&=C@l5jaGSu_=T7AX%oC>)bScSUzHC-&2K1#2PA5RRnc1WSZp1mLC z5x<}k7sT4^=S!u(#e4oNWBTJ%z7UD$o+{^Q#+z1l-N^j4hasqcC{?FhdTIQVbrSN$ zkCsw4&161IBOcN6>fHBE$MI!da^M$Kh@^0@=1;|K4|E#;lj*s{6@mKr-ZNSP!K~?x z?E;aI6XBQQyd(1;dzI&iGc7P7-D6&45{5os^hfY0kWvbX~$@ix+;3o z@12Yih7EB~H9G!ANYZQ%RcOiT?}=N|L6PvP{NeBsAmqkj@IC@{Z1T-E&BW!@reDV0lMMb~ zf;S*y2u!GWrUZBZjj2AaC~mZ|{CAuX>xngIT|)9}ut+qQoLS6N!=$%X-(NaLA z8Q=cfcOclE|AQTrp|o0KD%;1Aytu~+8ESCQ;&IAo$juAG9fzvz!`hj!K)o*Oj_Zye z*zy}Dj(p&C6KEVj6_B`k{HC;eW;ZK{YiJ!~>jHpJ9)!0zF#mxxQ{{gCL1Ei3WT*4^;dKgl-^S=WkR#(~{} zynRs`MLre&jTf*-14=u`1(-gDTZNk41FO!)are@eGAKTFa(Av)`T1?rZYZ-7@6}?! zhrbhLA6I%RAx>>1fa%mRhYq!Qn2*!Le#KRk2Oqxg8DEVDElt!Z<;rw>5pNw^fx?6i zproh46=FwiC#*efq-W9G_AM!HdsxVbXVl~LW74L9PgS3BH3t{lFuvyl?pUj>;qon? zgzf*P@8Vt<@85~={!UMUlMXpH(B)?U^djwds)+&R?QG-*5HMdI zx_7xDuaHVkCYDkuUV#`B?5upA=~lhrjMp{pnZ!iz$&P-x3=mvc~e2R zXL;YI$W``d8+3<>!|?ek)NROr(-qZJFjuN^@3|Lt1Y@Hv-q`X(zybbG@;Dc849?5Z zD$1RAh}#L#_PO}SE`7hjCyX}i$BR(J%LmhYC+P1c=miRpK>0-cxVrsg+BWiFSB3Zm z2)y`fLJYw(@pdiXstnOvwIM1M0F~62S)XuDpN2{JlHW^Nvzs22((a)mD@yP;jsqK8 z8;H&G2V_-y??);C*2@X%ha$ES+tEFh*W{HeHal)OGuYhXh+ErhQ)j8WP`6P(fn{XS zP8D`ZADtjx#3bNLJ?(7nxA(LX+Z!*Nx!&6mi~%#sw{ggmG4jN?y_HCpvR|Pb#lMHU zS)YBMVTQM)Wa7^x0s5``ir6zUiOoXpsqVR=iF7t*W?B5-CAzI~HEsa=!cyYs==ky* ztwg+;a!GwB05J*P(UDBmT%_#%7`eSE7V>Dq%h|0s?Ky7}re9N;lM^rVGdd}a=rX!) zMkRv3fbA-y;TSgk57C46`{hlUfdi)C=QYfm243r0yiC-!SBW(6ldSCCqzAP_na=Iu zWp8$e^b{44=koXFG4RIpS3jll5q?_p&rJ~?c1|cIQ0T-j{RQx`56-ndy?@5$0p2SQ#KsHvWm(_zHDgMTz$nHiljc0TH1Ik z)X1C>@bH*zXiB?xqdW&7M_*3Q016AasfGJ*Qv~{ZKMLfN;riGl2|hoQYxFDnwzm1) z{q|8h&Lktretv{ukH8|TdDwlt^E~~N0$tWvuiiH$J86ng!%m2NBArosqA;;|M1>ve zx`{pBk-j(c_YaDXrw$9v9rY@NYEdVnJ+{6Pd1h*uqmPP;<`xuX*@|$NUA;7mA7IyW z1F^-ws+rYQ$7yXAEQ+Bpzg@CUe}0%qe;!ijdK-_hrt8ZfsYpWdB z$UQ*m$+Nc-A%etQi(#G<3ArR9`S8fYKGsyWc~<$sp1(&G3<{bD-nCFd`nffwvV9&d zbFbE%0)tIOVT6p8uciP3W6zH}J0$$BXPQYg*w)gA2d$SW#1OY_3)$AIqeL9^wSeqg z@oQFW=sa+gg>a)rvB%QWEHNq#k?lycPInR{&ZohC`TKxmBF<6G z!S7ELyP#DEs=8ExcZCvPm*qj)y}dZl_P_Zgb(en55hWRw-5^XEGnbL=t6rlwEKgry zE+ssE&cn`#?6EB${M9!WUO$b>R+}|bFq=yEd+#uIhF%@MmOaJB$t^amsFnms%`yh7 zjaaKO&aXSrCpBW#aq+5I$};1%oDPfDRJ8k;DIHR2NejT=+}r&PSVAidG<3$dK7<0>vL=!{4@v44DAR$y~toV?=c z{MI#lqgLDeMM`8+u{{^YrB-5^V>%uUW_7U;de^T?e2;@L`n|lf?@GUlYWN_!GlGF zP@B|8h`^T|(~k?rs+|*oO072s1CPDWSVeW>XsN7@uLkyc=si}Kq`Q;9z-9^tnVkB$ z=2ac*3z)qAdbp{uX+0WJRI?5=%h9h0i-8f=4u36Sk1{hz3izrb?I?p=$+2E&J)d`Y z%*Y@b3KqiHCZB4=51Psxi^7in^!bydmlwM&B^oJ@LW046b%MGN$n(YgaXn_NYAvr- zf`s7w7)WBe4fbHw_I@L`7c8UAocnR8`ZZ2r+b=oVmjY#FV`;k+T|?jz(N z7J!L~!@IaJ8X8VTGx&gshD~X)uwGY>iODN2tWY?^?0LS{QyJ{H2;ZtYba47E?9OX# zZ0xe=^>4OF<0f7r#L7MBsN3Q__Nm2F3`KkU75)#b?0jDK-JNli`h|tfr|y|%BjJfo z6tu+}OHO`=Y#F1@L1eLyE7OazxY|4py+e|^kH2D9Fh_9oOw7;c*!j(AKycE2h>QJ% zRvyrZHy`JIRa(Q%b`1gDJfP$<5& z<2y)5Ob^^8ijsg+_n-TtZ38;LT^^f4Yy6*9NTG-TE6M=Ej#!-KMuB(ea7vn&#$9ZJ z5m(oF_GK?EEdq9S_60?Gd6Co8Q$9Yv$<@{J6Zs;kzUL52ZUwf=@>)8X7eqC;xuuVW z{;UEdOus;nkZpZq18=a?(pHg!W_QaeJsC%1{b)F$wp!EUE^v^9K)IFzneim-muuOG zi(IMcNe<;~f7JP3DUR>sZ|M`^lz+;?eK0iv{Z%-=W8tD|4H>yRF8lBY^V)oMF9WuW zUxy`t6Sn+0T0?o(O;uGJSrm(Dd|-lFP5a@%y*WqcMqzXXR){@<6@tD&?4Iy$fk~dI+TByL(p`(+_-<<+XC$v zD~a?IDO(&*i>_Jndpik_{IpD-8h7=N6;oA_!zk#e==BrcBr*Ny=R(~^wN!rbemRdL zfu_Sn)vmCik#ymz4PAAJaq)ppm|KFv#-VFqlg5_bve)NalJ(5ZqmjBzSxw+@Pd@vZwTO{LAHk?>KfrMDftj_Py0|Qn%?(+Yu(rvn` zM_Bs2$*rHi;hcw^#{|QleXtPTW^o{V*up;AeFcgGeD8($WxtF31=;c2H-5Ht{8|V_ zMu{Jq`Vpo|40b|*4=vRHgqqU-1l>f`HFSPYN$utLKvMGOshKs!gC#L5#-kJ4^yn?)}X9)z^QYiiVHvjbgB8D)&4nFOE=ULX2 zqEgITXlH23k&+RmPu%1VP}r|^2wh|#w4CF}&~M4(UX=buHA;Qhfi*-WYBJ6fOfjCf zlRB4AMrl@E72}0NK@0t!Ryr-(C~=`R?Fw;r7F6;v=0^#Z&X+!=U$W)Jj(?4*0QC7D zJJ8tnX?ZeoV2VN}Wo~AzDo?EITV2i&Uqd5-%Nh64*O5s~8^Mm}59z8D*LMw<*IL%h zrKd7Z5^0-_meHRb?aUw7yc|Mc0H`f((k{X&U_|c2hC*R3CgZN(hWXxMar)>)(+?lU zq20ERY-smSZkuqStSpYr18*>dgd!O+#LQe+Sj6HK5*!?KaC)fG4Qi~8)K(GJJ^P?v zZ6g2ymn!)qm3sddKrVT20p8We>sNA$jg=*ZMKB{1L`2HWOzfLlAYtx@TAb+s=}I zV(g2+_~eWZ`1mqd&_p4xJuiKY(fAPG?x1qmz81+GRvqp+oecacKdQIiM{cd5tZj^~ zww^8}QFg6egzM)@+hKfT5t8#us6p1o0o)xa*Jv7v3_L|of2N^;GPbWs{ksdJU_(&Y zs=eCzbvM&AAEY71!#Az)TE@hA{1fJqQe8+4hcIueO@0kav~hS0ZsK}~?1s9AB2Op( zOk{kYv!56@b>%BY5|{h*4!&!wX>C&}8JiC;hr4{e?-`5A)d_7gvhF{dfOvyi$8~N^ zJ&T;aq{R%Y)JmzvB^WAPr*H3gLOeelEiUHt&?5+0@Sg<_6DstCI62v;*OxRH!nQMsOA22aa*Mnnpi*QHbk$PE8fyo#sVFeUbN<;!%vn=ohMsO}Rx?Lr#d=Fi~wk=g6=dx%9oE zhrRP9J1J-6p^jwll66lG*&<1nmNp|i_ui?#bS2N$=6)rcYL-Ku*C3ReG_Lqx5q=_K zl>n$8S#OYn27B%`kEqI`{OvT3ebKa!dOy4rC~)Gm?{&9Ox4`}H)i|ZMPxJQnX*3iH zt&I+OkGU}2VpRjL1lFvsuf$qeyi)ZN+o!yL%|2$VWI}dUEJ$IZG94N|SXnW^Wi2T( z4c?B~Kd>z+qWMh(pB_m|<1To2wtMZ>DXEl2@}%bTos8Uk9cbZR4<=Fb(bCH4j&Ew5 z(bNik+Kx>yTn}>`{umAa%#g1*YZn!4y=p@?8PT;Ow>8WY`?dALWpzwz0;=NTfD)Wc z4gZboRu@Y=3E_xce~@^5)CH?ze%a{40DdR!WF(qeus-nZcW5Q6i5_Ek7mfg?s5xbkHVBQF#p- z=qC){+^9IL+SEy<&|RX%4^2M@4_dWZUX2Fh@Q}SLv%kwL3@8wlKw|%aKItJzd`OKl zSW$^qh(DW<+4j(4esrwea|cFMHToCQ#X=W0yN#KWO}RlkeY-wc{rdF4v@BlJM5Z1t~$k~?S;a;ij! zc-Ai1ip6w*eq?W-ZAwE&C9O(CKS3|>kRH{FM3%w<+1=G6!Kt55@P05>yC2vlPmwb9 z!X_brT}F?79^7WuSSYWTX>{C>vxG`6rRt|>FQqQo<9Qes7SkkthPs95Hq<^v;RJ7Q zN5x|Dlu#8HRpZA>$J8H=vFWL>85Wn={`{@|SK<)u$UEf1KU(URvw3`Vx$yAX7YS0YM4{ThKeUG1WB0ewe5n6=3dPE9SJ{2 z-|X3Yx73a!p~Zy_KhTR=)!eb8d8lDz@8S*rJql5a23A<*H56t*s&dUoYlGzQN5l=e zN5>$|b@e*d_`eSnl>_nQK>=wcp_aZPc9$MY!E#8!xtQ=`tfOlXtli!uFc3h59%IoE z!@X#tnsu(0VK;o?b3?DR5}r=_&dk{+O)@(t<_xuwQdn9}?v=LoSk~jzh)l~#akE{9 z(Ar-E$#YoesXNAIwRW#?HCPkCunRGrndhlaHJq9%1j3>==9?vKWTl-#t!Yt>y#At=SP z!#^X$pV_EkckXTA z_jqVOvHuOgsbRDc({x340M8b|INpyu`Y`DT~(W^!N34 ztj5M_f1#v`+{tbWJ2&ZMVN=I1-55%wKg`?&A`7ZcCBzO-~V0JDQ9Zl z_WbBsqcX@FtCeFI+R2Df6@njzsneGG|D*vHI%FE~aU36owWkDCV<4fh#8SuBGH)UE zDScP-80s$cwI)W#B|nF{dCQ|Z=l_}R#x^IyDAQNvKisrNA9kceF0T~Wsp&c7jC1Ea zhF)0~zb2`>g|`Sz$4>MB+<4!z-j191iOR{A6SUo#<~y#c=&MpXWwj|-y2VOm%+E*M z)D3cO!6@GfGo%B?n0H(^2AO=Y9MY`aldNRj9)@4HE+1VA2Sn^_VKWRolD@;Yo9p7> z`6s*OeR{B2K2?t%f#r|T_b!5J3u!sCxYp}|4g@G-SUdfuzpDK8s8b-N8A|~|Z?`RQ z6fdc>l+L?qzgQZT?`Gqi?bLhWCR(|u6VgmYc(}x5lz&!hclq~>o4toN_}WhRkZq** zeDQB3rD62eEfsBDDs()x_UiM0TEQBTT0zafH^(fT*qKvr33O(IJl#p7tw^7pQN|Rl z2kn~hMq0p!?KSkos`9)!@)Qc?M}%g=Q#Z-eE1%R?`(~1Ci1ix3+Mcj&DapJRlgdq< z5c(uhYHhEnZfX1)&ynOZrkwDR^h-W8EFNsDl8=3*!zvwZ*-N=0`Lsi`ecERv1ZRB@ zc_cgiN;kSI`qIK)Pn_bqb(na-1|bb=1K)OZC-)jys_(^DzI`kTX)F30YOG#kekIgD zrkp=I*NY@+`sZgRMAR8Yvd93$hvVdW7N`FSUK7h&0bwHUy;aQF3q{&Tr+Qw1r!3Rt zUyFIxHIi(HE6?B6ulce4Z>KU!FNNlgf|8ix99+-c>Ds8iWcL8dKG z0t(GMz1P*uI6Sc5n@u^*5(0f=)y-PGK2pA}2WXz%(PUy%?4I-~XNk1rVocFvV#aEw z5&n7!U=;GY6=lR8M0pUF8PFTObnvsODC^qqvt};0N2c+N)lb+m5Yfl5OA)s?+Wl3g zb8@LN0Fx6(=5%oLj&CT&KBvotJEnu!b76SohILl+&WYMb6*BU8Yg=EYr`xRGCq9go zA;~lPy1%-f+XO)`@5KXSMB8uP5{<3B@)4O@Tq(dE$+jhNflYkEz9>_3?e04KM+ixg zwi$Q>yF*E<_SAt3e8qhQ(gqt@rjirC*j&2OK=@)&{> zMa!N_dM|j)e_#>=9+_i^CGS{*;*=C~hd7sO;B{t+F6)SEtLYzWdlW`uRCi+cIMh;m0 z+U_nr+q^8de*FWxp=u+VhrWt<1qN`E-;5}6>axamSCZ0B>5HKPcXTj}&h$ZO#-K$f zodD&w!F3$(y8oTK_5zr1FKH%e!Tu-7Xsrqji2KlJWPxRM&&pCLG*fe2o6QPO-JR}g zxU-5iL<~V_*^;bBVl_23_}r$$1p%kas>CG6SewlDFrgJHUw;WVJBx3kTO30RKfTqA)2vMFIuV`Imtd=aC%NdONYcR|HX5q z%suGQ)%`wTjeW;r-`v2!;(G`9I!!OE*oy4fmSKGjC3jL`x^zYM!M<=UNRRXS&I6C| zHy9erIfZ`cu12cIHO9TTCS&wdeqRY@GG&=o`LBdQ{EIg!uUR)-B7L8arb2&rnuH9{ecG6p3~=DSOzs$+P@C4!QqXY}-X*flQY@ie-3UKeboZ5A zsz?zEdlHFwgZ|+IS48{t*U?AnunZ*qa~|xm$d?_>PU9b4i*{Z8)7n2G{HOFQG9u#x zc|Jbkok?CZd^0S}7*EYlGXw2YALWhFb4*NR2Kr_=Vbj>22}HD8zTt6cdR_HwZRO!Z zLHaAIT9r68vc{P1I*B`-@nQL|;3(3HoTZjJ=Q<^u>auz6@iFR^eB zceQ!h=R>b}x9j-{@l!S`>(_?j#gCK;(i_tzW3eOPJ(pKkjAE=fi8iUc%Npd7yv$z@ z2802MAZz9+A9kgugP)^4SJfypb#fYN|8q78TGc|HO;(G5HlIgIqPSmRMx2OKJrcx~ z3{Iw$-z63%L2wXGXlUrG*RMC}g?l;TZ!;QT{OMop^?H8&`j>`$>_dUMIp)nBuejq% zqK~^?pe9dOh$p_PX>P6Q)xUDVR?ZPF+>3;MVi0*v%F_;MOzdl39<#d0lw6zZn;X{6 zrzgHfID>skFH&WI38^-}746^Me^0xu646X6P5y|+7q$Fc7=?xN7N9Q|{RU8!Bzx91 zyCCts*$!1csd@QQ!!L)X9Ij#s{3m+Q`s3j5?_uK6OmzxgGPAa;o%{9hBug8;Fe0d| z(4*{w#X8RfX=+cePUAApso~7h0HNaSuxNI6`t!?O6-DozNqk7{^;0b3*L?w1&8JVl zB5hQpIXFlIFHrV&Zb_&J)$dgu)}wS*?JCmXtJUwDSiI8oQeHU^{rhcjPouWY0~3tC zP#xC@M*SM5g(d7Oi`CToA(;nLRnwF6heB;mae0b69?aQ1E!W|2JLkPDkbv-v)ff< z7r5H)WM+)CBKLo+!LJ{hmIAnP%$+C-3TsTMZQ0Fl-oN1>NaU_dh*^D0d(faebRiUb zm5gyB?we8DNFAy$j`L>kI*-;~%sFc7)@+J<6z}|`t3-N0@O(E`P0ige^TM^`7dUw3 zQk4U^-1_lac|tSZG`f=ab?U)Cr~_Ch;_o6xN|cR+JmSQ3yU7I7^wX&bZf>{gdo*H1 z9%cYSJyAudru%hSg6(J%qiWYzx4{3MANq&-FVtQ9O;2ZVWr-|`SBpk5Gn4L(m35Ir zpl+4*$!1|2ru7p$4reMF=ET@yBY###!hAJNxpSgU4X^JCx$3<6x~R3XdW4E8HI^m0 z7HZU16I-yPNM%+RFTWk(p$TgNW>qes-89$*6BUJ_Zbac!@oKB)y6z!>vG@B-q^s)UFuey0 zEJY5Wl#V1{WGH3JtZUW20#&V`7MnP-sg^*{SE8SgrD?vVS6w;~xJHQC}6-W*cnV7K%F*cXw@Zr&x3z(#|xT(c~4hq7||gyHm>J zHd>x5u*CoJkCe~hpdZXX<9Dux(o!a`5PkQAf+SjF<~kko^C=P0kkpuyeSCZnQBl>y zc8Q88SW<8EHzLBiRnVHfrYIDb!qpDh1o~tv#(Y>#W^b6W3t*Byw<}oKed%4YEG_~g zSVxw$rBq_*cu}J6-c$3_po11cKA@!~SAE*r&q0-47$hb~(CAc~#x zKjbrI{L)o&ePHR#rsqoXI0oT0B5M~@ z+!ZwcvuaXJqX;Fc^-dQpH>_Bit2Zfa!Sd<3bmDGL$tBnW7dd=_{&#Vard&NVsi$3h z7_l^-+3k*h_245dv~AA5&@?FK1ZRY&&?~?d&Ipw6-p)@X>d)pwr)GrECpi|x{3kwA zZetxzq9|n_#h4#{$P0~$i_cP+xIifO)FD#&e{5&o)^&&?d<`?AlC18y9u2~7Mpyfp z_N6AmS0Y)9NONbMpPB=y@IC4B)<#uDR28~kt{#03^^l!!n-)!en(I9@@S5eJKbmeo z)ebu?tk`-Qpn_AXR^?NcHH2m1map0>U$)-0bEbVH52`zA5_|-juoI`k7L7Gt)|fa? z{&6xKhF>kre9dG@bA?gU*vFi)Qn~X^F>S_O*SJ5vp_-|FX0p_)NbJa|MZ2s1;d@tY zeGeRa^%7bINLw52rk1GAaG|)&LARoj_h_Z1UY;HLIhaHnLXA{7iU-d!=qoKZba!n|Q~MXSI{5>@GmLdQ`u<+Id;!OEUszoN2#6adR|;(uWNY?etrOEw5(k!d6R71 znDq9Mm$UI=r%%XPG|!})`+Cm5tN%c4ztiC_|H%Pm&Q@B2vI;xrz>&sDCB~E>+JHpEcn)^+Wz)*+g3RE) zz*q^DtiT+e*>&y55&7u#PEW<~ebVmGqfUg=e-qhQ&sB-aKJSPni zV%lb98!!FtFiHc_B^c)PUg`I^MJwgRhd#@5mSh{+d8D-r!0kmuq%pCXS2ks~TykWt zLp#f|1VrDU9punn^k#44|NK=jlgK+@xl#ZZ1lDXX73^L}kXtTpmog5S7kHd9%)E zy?SFqr917n=3Q`aUoAB^^7GBf_{oNxGTT{lAo0ZUuIQ60vBG=qiOdt5Al_Z3AZfin zT@cDd{UUG;q0IP0Ej!ro3;L2EbeX1F6dHE>J3Asn@J)EPa?TwSIvlf`h^UPM)O~5m zA?=b5LWmvE@++mODx-sJJp-`+ z)O+g>!Z?b*rnFtMy=jhTrU!K1 zJyHueiTHf}ymlML-dKHitoV`ES)kO9Cg|^A#~4aYdTQm~kB;_v++1 zHn!|aC1!IVVU)5m{{2b!!_5pnna781MZbtkI+2>;3EvQ9LF57XOm_X2QC*+aZvk2Z zVCAPK`u`;%+=Bo)C&$1Q8;zmeSjHtHUB&V7{4bxi&wWcI_paC4MbPuJb6U7=6Q1xm z^|ePvC;VbAtqs~ZC~Q*W?R_FCFTp27>%Y$h*1MJTE8|+of}v>mHmHgX+xY4$1>7c4 z%CQ;cQp^jOoDSgr3!ty7Pf_lebdci6+2&H{rhv6x++Sk>F91~nod~hpm>1)=-gV!4 zM>*963++8aHK2EYD53a@QS?bYY@QN@yII8qcWbx5v?GRxk#q22zLv+ELNNSE*I=LE zF-h?9ZMqY%cY7o?6)E$nc$=;*8MU?3jz_4e3w|6xq?pfr>Ec=|9W^Qfvlbmm73T%b zMj@ltwF|ADB9hru=M+iIK{j3_xj$q2`UbbRc4U;7>1llg_S?lT(4xqvw?7EzsUDot zQ;SgLl$L&If8CxsME%+)jeW4MsHRIyP?QW^l}_FM%Kxq3RnCoi3nzZC>!2_!S3)m$ z%(#VeCAu~KqglxDCF%tgy`ajhz~>Ijl>7q};{Yl|lpFHjzrS?sI`?dOE5zd|g}ldD zh@;bDR5OLt*j20!h9uLJ)yBnx>W9q_HI#Mq73aG!s0y}?Dc>9oSj&|(wMEsf(X%U1 zlXgw92~>ajS(nkz;QY+(F5bOXfMt7obJKs`B3;o(73Z;7CNvjH!QD$1x-X92b9L1% z)(J{}jlNK>>#c$CDXqZ;f`tIlhKQf5vb}(>z5VFKzbz&?E zhR!w5CI_fr8D#OVV@{yI2!ctA=AKwnd`lzRDmVqO+hM6BDM4Z-H6ScJIbSkls8hLhTH)&Z?`l+WFw?{l0dG>!^i9ttD zC;F{5g3M+D98xbeYw&l4HIRRhjP`!kb&D{wm~BiR_*TwH$GCh|6LvLhD`#^?Th~#Z z!Y6mF0o4gkQcWMr&w@%k<_BVQ2W6_@X}NJAreuex7dB8s>TOK*gAz?spJ~_@?_E>+ zQcvrwm8G=oY0z~#@J6rmne%SAzHg?uruO{)!Jh;u^nHG)-f4b?R=8T{13`o_26a^i}ODxX+ z8oA6dE>*7dddEl(cU7`7g@%o4l^-|$*6OCjHRh`0hP;2iWQHz5sfqAc(aym)lS49M zg_tLVR-~CMH}p%ADHQS+hlR?Lu%V_8ZLSL7;YaW}~TvxY8#Q5q4 z5G#Y!u($n!Pfl=JTbB^R*|6W>%CE)E@A!v7z%<+^j0r23W^~Eq{vWLa#WL-Jt3&pL zUn~id6~*x+C6Vh!=oOH607`@mUtqRc@FvJl1A5}mRD0g)ukW) zu|8GSg#-qf71PNeUFYT32OJ&HUtv#kL^NZW)lut7`baLPVfvi?yQj++lJyx;G$<0* z()&(2!bMeyhiglfAc$cuC5X&4o$o7Fe|bnCmoLv2ewUPmtEjIW&dJb5Kn}kBtnXOLu!z+D zO5@Pi&L>#~vq$8vOo9gg4si`JWPageuZe&|&ni{b>F)XV4>j#EVI4!SQrS~HLBe+E z6Ach571=@o{TIM4Ej#F}o|`8RG(+nGzDW?khz238@ZgUt;$!8$)t9i^bJ-Fy6C73} z-FtX%^cn5(1(d(M6_wxQ*PN98HMzHW;k#3@v&A~}#U*n|LKh!_-)Uz6YBi_5zOKW( z-@musD!zYj4K;b)Wi#3|7}_30fA9B6w~-6*e|fp)v110Ayv*dXU-Xi#z0`c2J%bm) z=zM562c!E)56Tlkh;z^aiD2wd5vo=MotkZiFh6g6pVEv=KVCp|CL$@)>FQ@4vFrrJ zsV$)q37KL8!!T;vsZsXlrM6FM%cxQWRM56X9f%33jYnUf@F@eS9IVcfyxZQ$wU;t# zp1vaqXA0q!HIhkWPXD?JD@c34Re|OVl+=4BUFPpbYW>9G-e!!Q**s(dv7w^C$?f)e zer7-uYVJ8-=CctU!Gw1dt}Aou?%W#3Y@tPyj(=b1MbCYY%FMM zN-?98k59mJFdR83D`S508LIcf6ymP2xn(C+=o!D1cF`(n+daV!JF zoBw0YetQiU<>wh%-+=aJoP&(%%~aiAzq_)-R_{N)Y)?CMzkf{`PY>>z{ZXGkp zyU3XpIKIPeK1fJm{Fs|c`Q*PC(Bf^{=QKPlNgsnQDk{!@XOkUjkH;z@B}h~j$O?4^+!g0j63{xvDgXgtZ^oxr%o}R z-To_`%sY6u?IkV?KeC~2eW2}JUeZ-P8I(7eMk8qKxhf}E4UE6=g8th4dj(k1dl(UH zHNJf%jl}TMAthpiThu)^?cj|l@t~9C@akS^jO4hG*)&n&u%Rvx7p~!>6kAd_%Vd)Y zaFvH_JCj9N2K8RrMfcNR?c-`D`p;rC(WMoP{u7N7VFF;}NDbDmyqS0hq)HhwPO2EA zr<>Rszd`=;7cWMA&vWO#ERm?0%zeYT3<(6Y{gwO){ocsj^4{fRN=(RIZZk7cxThy{ z?fBr*#QNY}@4jK7%@0_ymF^WgVETPG*_Hf>QLc32CD?*8{>B31so}#FWJs@*i#z7 z??NY<%!6YiFB9)kM>8dP#yr3RzBGF{J6eI~^BuZ*F_*eqO?ov4kNh13<8u6A0B#X! z|5T~V*RPtu!#9g|PE+`V+7TuE^Vpzr6gllL!KEu+u*AZVhTzu)!klQ%ctm(^5;1Qt ztQZfH?~)I!4<(wv>x)P`rF|Ujj*$x0a3rQG2A;OxhRQ7Q_L5tTgcAbA^LQG!ch;ze zP=q6dlxgTKEPtJI7~s(L8{K9A9#}xgUy{QYT)T)YC0k0vZ>8Kk5!~PhD8Qv?violN zjg?9VTm$p)bmNlw^2I%O_H$d}N|ZONf>sH7yz+23Sy|C1C%p@eA|HZ1O~bDAW2Vcg z^G;7Uo(5`hJ44Y5N_VC|2uey)BIexCl%#LZg|?sX>4rd;kR=;QYhpi2B_GFKs-U6 ziBg{FEV|Egrg^lr45 z)E4K?zdH$-=waafk{LeROmCu*w0-QFhk)`!+R=%fQsp|&r3U_4|E{__HokNQAqJ&O zT6zXEZaF4@g9-s%AT)V-VpH6K5GmjjhO>=;hMhocP@$8Dtq9_}vm-Ay;jhwWkImu} zH}-^@EEfx&@!T7DMg06>f!K&vX4uC^@{KUIAIO{-aS74M5I5u1n&mTw3>|!J?m)pQ#d|L2#iBqOE;_VWx8V1J@`-h)+N-p*2;JajG?X+re&X>gouC2nFKli{1wz_8#x1u1<}m&imbI0S2Q3 zO{b|#6|D36~`EjgAv!?ps4D$zHT6aU+ARBQvt8 z1iuV83|v`wklT(C_W4|VG+y_?t5GeEJLC9L!)Af~EWS52wEh^-nPN8$X!O$0Ov73j zQyvAKqqYeaV2R*DYp#QPW9Uu=i_FBc_e_GjAH-JBpjOgvIaqDfgr@*YCtiNscjOwn zx$8qXEPGk{r>YBH2RrWHO87z|-DU^yb7Q}TsEOm&MM^=KynI*Q>a#LwD-2#l28DB) zqX`)OZu}i5m__}-ak1vq1>?$k1*R@|^qrW2g5yNoEM$GHmp)n`T4K@otILrC1vyIe zqa~n;6^#zBGv+G74xw|b8X2azOzvOLmWyDf}PL6D1eC1(^16eUJPE!R#gX%F6L;;p$6>5Sg zfR;zwbIE=J`z++KU(m759x5%~TF}P?)y2kAwt*Zjqley^NKE1ss&Z8w$4^@c#+cR5 zT;B&^yCM73NFytlkU&&1nIF)00T;%tL@bBR4J>LC8pFXenZ8_sFp_wNhm98ZI6~s^ zxfOO|1lhoe&0PyiIWeFWIojDmL>=a3SS*`_rP$}%o*2q55fqhwU(knveHN4{Ke0Y- z_^=ZGDN>)r(HB(_V{XU3#v~yLTFrE$@P2NRVH=jrZovy=r@Hus7g39Z(P569?}JXs zN%N&G#TQl98S}306>L_(lYj+OR$2GgcYCKEj*(K^;L8$jMjd=bGaeZh|Nc)$iEKX< zDvvg*m(Q>?H4r zHaFQaTOXCgbYRK_G!nYwf1Em50JNhm3V_8{GBo4kQi6kqJgCi0fs@KHr3WAS<}>}@ z^kuZI94)r_`)W@eXjw@Q4=;xz=`#oF!jIN8k3zkRXb|)tV3A>?xi%SW4gM5uk{;X;ETY&!T zDv99bwb_v!EJX0Pl%D=8A-&zkLu%&Oq?rlAzRtU%?&}m!T@j0`8PYM26HKviBJ~PD9jK_2<3wS+orhtjZ>AH} z>EDo5+&JRv0$mn%TR$=^ewG-t>w6IM6(NGaI<`UMXNpPoKzOOz*Q3=IRVL$!&5Jc3 zUQB%C^m7&G#c#VG1`uCTDkuCw03O%OK*WY1ng#f|?ZCQH;ciYK3GiJ~su@hXf= zWg<7o-jF?jEvs8o2c4=!f$_$+GEyS$-SL4~0QS9<*yZbPFJ0Z|Xek!TfPyKtq-YWW z6^v#(!oSwj8>b-LZ?xzgyKROEuVgxO*Tb(Q%_LqFU93E+#ZfiOI_ zFue1TFo--5%s(k?KNL^IkI!9(88B<>e4!U?Lj2YeF220neH(2mI~HaD+iBNI9=YY{=0MS z6C~Ne$GYW7?OYV|rl_%N`a3egsGS$u@1`j|?+>i7Igvqfy`&NLFjNGPWdCF3bkYb_ z%;BNRa{uD5Sn0dr3%;y`bPB}XXSN`vEUdtT((8qWL85-wTLiwtu{%EmG#0(k`ZQ`B z+ySH2k&05AS&1aP*n+mE?P>#F!hS|0Qh7xG@=@fqHlA&76(lzj)czU?--RYO3WbpG zlr$Wq=4dv(3}D``sYP2mhX9;p>rIdeyaIeE1=Tk+b45~r@qN-8mvVw(z?m`*)xm?p z$wDV8QR9iYQ3XO#o;ijm1tFs>3|hb0){NG1yju@)H|A7WERyju8}?MPRH1Yq1^b3z z4={hz`2Yj0`gWWdub`3_tF7a8Qb{vtCiK2rBo8y%^H632()+6e=`uV|#=hZ$8%e~q z%0`0`YJ!SNTt>#PI=VZf`@QUoEB+W%B5%wu$x(enGbi{c#>;2Wt(mty!j0=MfmHE; znE-6~Ch`Ye1U0zUJ8W3TeJ6ov)5^S3(=~MaiNS`A*UOKu9$rxtm*zBBhafxw)@W!; z;pfjS9sW#|$t}5t(2isL7?N#x{-*^`V{_YPV$#LMOWTUlUyqObRWUAmxw+n0+1GpB zr7A7^JS$EpR4@Xu{K!Z_*R~raBEc<%uu|M?RM{eh&q@;WXud3)^Eke?oAdbh0NswB zhA4v>yCJ|_T?}fu>a-B8Tik`Fqy>E|twNA%Q1>(I5pJ|;f5x}T5fkoCx-o$`AB*Z_!gLB>CgJhq4+A+o>hi}8b z>?W$vXk$;)WorvR-VW@#twF|aqrbhm>6xzM(GWS%*^KcZ&R zor6O=?yg3U~-yuZSnz|FIww7dQ1Mc{Na+g4vMhTwl6*9ZiO%>{iF zTx{F}lipvsnn3K%Pl3xR70`9Eeei28>o^EE0>PoGow-5$<;Fs+*8qdo0$ja=u1E(*4A}NNn-M~bLhFd`TB2%HQvWY(_J?=VeQisV&HPP zy*a#y=ECLB#2?ZUP?wOe&87d_!{zXPFTC)M&(%4MaI`)0y=awpoK_<`!0+sB5p<`u zVBWLA$GzFS3;mZ*?cimXFicpnD8wcRfb=Nweh`ctT4~!Z;+xy|Oo$b0MjL;IP_sQd zy%1J8A?yr7(tP;55_{l%`Ynx;G6>iq#DMrQRwSm&aoZtAew+V!Co#;lN^e3Kbjg+v zrs5vsH2O3;7}MP|4o|UuXddzm}m7x zZCg>>BSb}a*p6{Qk67)pNavrPnR{RS`8Wk z(1tDdLJ#h=%hF~b=F2tvi~@E`wntxo&oV&#=v}uxF^chjGUT=o`yhu8`>v9ecY%-N z$GB=+n zUq73$i%zeg{7Yh}Uin?KqOL*fy$Mms!q2XG8RcS+CX1chF)3Z}eng$EhPYr;0@KOu z(APt21bHXnf2I<^0qJz_GVOzZN6hMzR-%&>TZ7=I1S_`|)Enn|9EdrhzNbOm73(bln8f zAI?$h`TSTSW8Gfn8TY=4slR_C2b>Hf0xy85ie-ZnI#50m8*HY>>Pyn5rJByg2wb$8 zEzm3O-VW8ic;h4JMA9^*oykHdmI=Oigj7TNgeQz=is2!bE0<{X)s1G`7e0x01q<>~ zbB3Zn9XV$0!7S8mWOtB9PRGQBo}>v@giASBx%pAYo%rN`9CiG+Cjr0J%Gma#NSWem z*B}Q0=d4WOvvMlYutY0?lqs`2 zp{qrb#f6A|MXAzF*EH9MiVm{;O5q_Ep9ACEv6zo8wexngR3J7pt8ZN)UdmOH@9z;I`8@uVJDCZf1rxaV z4;Y-3-KL(rTe`Pj8Ij#~KV0)21J+T1zzbm?eV@mQxeXvN^GCJ%_12(mZ1?>Z{EO_R z>-7iaswtu2VCC)lyAJ@ok)Px7Nsr7oY<$mbp|y1~CnI7*HgV(qq>g^64&KeJ(&6d& zX!7+6GS8E0;PG*8kTmex{@rb1x8=vn%2OFwoJ?Sz8C?V=RBBs+XPYlnw(wc6X#|x3 z0$yK-OJAgUX~iC`j85c|f8doutr+9F6722oW9izq@v?N!#rU_v*ftHA6R(I9%Tp5{ zrcV5kr)15RDeR^~uRdvIuek0WjRIHC^DWPF0HvFqRQ?Bw9sc!;)O@tsUX`Ke1_2cQgYYYAPUt|kERGAthOwTEE)cEq-3F~baGwD z6T;zibaKH4#_1Py>Gzxk-%|97-A=TwQAzzy5Z%rcx*{ipqDyl8U`h&Rrsk#hS)tyb zg8fF+murC2FG{m+KdUF1$>?zted^uaPnvSI;mBzE^`_*2RKyps{tMDw=y9i&<*|iG z>~|%rRx{!KTUZFx87K7mm2ke?F;|fmyZm}jPvq$_7;kcHX%Sk^4Asjqy1n;9pUQm; zx6vIeurT{+X!Pu703pg$zJ!t=uQ)d%yB_G7&V05`f`#rZ3SYgcc{Z5#g z`;h$H$ylKfYb;fg`C7)bLOddChG_#2FSPy!C2OJOW1BcKx$>bAcP1=V{Ld=)CJqAB zvr;o!>_kwDVEi~KfnW$N+jjgUlm<<*LcM#EtbK$Sab7wplAXN1;`EQ&o7LNNFmZBC zeRX9VRTTQX+|XGl&0xoCyw}QL`q6YwHO~cSUN$@4dwqU+wBGdqYgI4S8{*p`9M>fzAuo2V_dIL}*1T<%_ zMAVFK-Yeopem)wIDm^-uEo@UcDyEfTVw`LThJtj9tshWUL=KE+zQqcD8Y_s+PXu9= zN1<<+KVIkN`Mmq2sWCQ}YaFuh)QKW7;Sg;(8D{;`R z$k2nF6R254QMpqkgDq?jV`;J=EvaURyWswxk?XhC-1M&zBnS5IwvWq;eQQJWKaTkQx3d>xrCQ&rD|G zMZP9n&Pvj+Ei|sq&XAfcA8*W_$e)w5(@~=cWHyLHV%9oDJ!t3M84cFeX4|+X$qm2t zmPz}1MhBlJMs^};m0$wOf$J|9uE;r(CP0i|2Z?G%nm?hYwdn3LO4=@-pxPXv=)Pl0aEUGN=F4kkAY! zSOlB}z87nGyl8^^LN-1D1dE7&{-o^mIQM)xnNo}goRJ0vHVZ=;fLzUkl1>WbU^UPbC%CWEkrz!;NPA@X>!)<{KYt=1|*FijRO_OZ1 zMC6U+1^Y)3{fDimC=+IP?n2|cS;U87wsk3QuY!`b(x8r2Ccx9@~q_xZ_ zXnn1$=5%@ZAy%X#aASoQnjif9$&c%O#rbyZzKxj-*!b_nrvPW=182eK&?RsWf~)p@$KWpN5Jjd zvJ8Wz8Dtu{Ks%`JI!8k82lu$mT5wtf8h&eQu>bR(ov^=G_$NK7Z&%o{+cU8xTNf?V zGU|c>_jiQ(?tdS~P!&-rRq2&v@r*6|o^g<_kt=Xw+ak(h1F6UaD zh?#L>Sp!_n@yXS;kUi5WV1T!cy(ZYanaWa59% z86UpW$@mWr<6Mk1!!=Ri=2JTf zAu@2WNt_jbxUS%+TDao#^)}(cKB1hTPQ+j=o}sly8^%9xA2=lv5SCGmBRyl;cQdK4 zZL-9@BC=#IM$4`2v#tjlod2kP15j4!o&H#r8UN<6loI-t(YS#TLyIS2bc=&=&jJk^ zF?;OZk892kw?MZ1lOI3=H|Dfw8s9f;&J<~g%z%^W6+t`Crs6~YGEv-;L%%yj6sD0i zEr9I(vf_CSaK^k8X}|Ws_jWTbzB9`tSVY>IQN6hwds$%c_SVUra!cc%_C7~;F^IP= zX51<8>3~wm=|uPX+uNbF#L7$svbMXcV(a! z*0a+(ZeskSu;ck|^8i!CF)wbvXQXab79MzF)von{Zs~xK?-ifBuR8(LlCjZGJHS!nBV$9s;h;6D+J@ zPkCj;5$|(ys6fi(TCV1(`;wW4OUJz>xxS@L0Dj2G@43kpdRw3xmViz`cjYJUM5UuL_w;+zS(S!r2|wTDA_gnaa_vs?C_{ z^HRX67Qxw}@`J{OV6oH{l%6Apn#VQ~^cy~9q7EYUX!UB|XZFc;x|P1GOidko@Uji* z3El{Eirr1?f*?}thKCiR+KKjx^>IkYV0ib(wQ%r9szRZF)G8XTB%$mg@bII@28>91Clz7^)@Nqg*M2Wu&HJKYZHmB%hWW!A z@k(H@8cLBia=Hv`4FDzlJL8U+-Kj)k=h?}<0|7hDMn4-!4uk+etR!iN9^=)Fw#{L`urYS9@G*h z)EL?6T1kImXI3-+LCg)F-#ESAO~X+NF;~Df0x1j*LF>b>VQY10C5qB{db_0lDO{5@ z5^`O#Cu=odGVdPqC6ppP>lhD6d)-cFZ`OeE8OU0i~ z0D`EIDXijZV%Yq~j?ck*;gX7(`xxZ1Iz&CUhbmdkHfjd|~jQBYzpz>5nfx z?p6IQg_LS|=Em#(9ShY)0#~L#CaXj4;h~P{wN`HQ=|cTwD}G-|TW_D?mVNS2Huw@q zj5>iO6-Zk-0rgJSX6(iC-o)?FF>;l^l`_FbOamc&i5I!CKEDGhGhn7>ox^b zI^NlR1uW4xtxTXnuT`b|?TO@NC)Mw}$B8?_yi_MUWJ#qzqk<2qm#*3v&mibP=z_ zo2Zx>NK~>Vn=fwfGcQiV>FeoNrBtAD?WLBi(&j$IjUWTjL>UNcpMv*mKVs6HY@WSr z*Ov2RX|k3P!G^3(dkOlWtE60JRO^^qdqp&R0=}= zi)n-%KZ4tfeg+=^m%ojgvf5ED3%2IujrK=d)C*nYZP<^B{itoK(NtQ)c-sCA zhKx<%7usq^wyNECpl3BQJoiNJ#QS#B!f9@Vz9L5nC&hQog=LO3I&S}lax$nNKPENClb?y&EdloUQXk8Pf4|3g)L#Hf(l;#GLYU}Q z$)ISCuR%VRCOjIUT*c5#jRlwbtFe72f==D?#Z|h>cWw)4{6?voATM`=Cq6No+C37J zoOQ%0!$Huk`#9yuhrxiO^k?>VXxz74=p=T;jp2DE`uAs5 zWi@TIpQ_9X{kWpGn`l+Y27a4?({MB=5pv9^qtby14W_CpiX@Ue)~K9iW#RB*{Wtwj21ai(<^|H zYycD8fj6!%a8s^eG>Zs}8~z)-@`vI~ONu+i|8E-5>e8rExAu=%r{trj+rFh}`!ZbY3Tl zYXRELj{hotRBt=Jg73?@+q;%Om6Yhrm;ay(X>hbJIzDE;Kf<_uF6zBotr`JEKubze zVxtUlUN3$ZJ46Ol@jg|^%R{t-mt)SCneT7*Hhcu11hQM97nBE@eZq1GzTAncs0P+9 z))`$D_BZRF?QBvPj&7Xhcp*j1>q`vR0IRhvZ#)B57pcJ2|geNb6 zj;aG|3(k^VQ%(Dpj-Ohi75hPw(fqW~1z&O`Ek&czJGQ-j?$b*RQrOaI6`y_o4MyrAWMc=#5_;?A^LrQ}@ zzDvVWT^tzgG|``VZbvvIo@stq|4f0P`vnm!nWxlXC8WyAVW`>z8cX#!K?e_%o%{G# zwA~qxH5qI?(vc2ClCesO6-=up;)i1!z#A>C`$e+7nIfY3`QmyVCJ%6KD5)9upZs|k zvnTDFCAh9OufpqmJ<$`qn+$xgIW_vazCATUd|5+G{jw_lUHF2Ak~Hn3r{N#-5gOeP zuM>kuMAE0%^UJ&X#f6S{a;TNWl)T-LujRH8d`n=06KNj=#1V$WYxw!YH;&`!-=~;( z73=1M>tLjLMtgd}IM>@WfyXtma(cpgtvB3ri;8dO!AN7vcVTaGXEUk#~Y6MPQI z%v5ePL&d3T4`5Zisf{KY(@Yym{TZgTr#xQXnd4LWzJsmyU8?7-`TpD=am#KuCCU`* z@c+UyK0)})w@;Y*==8nV!oeQHRrtqT+IeTBwjO8X<=pUXvh}@2O*N63Gq29f&l6|W zZIH#!Rk^FWPF{fY>{X>J%O2E{neL^!2{-+y>L)W-=+jvnvn#9Uaseg>IZMbKg>1*}mQYW1mk!!g!DWi$7fb9YX(Ajwb7r%CiL#>~(b3*7-H{*+N zSTTfxJGtV#pH@s4jBnbZB~E7<9I3&r2XA|Om$PsdFtdfO1rSWnm$mMUb>FI))wpU(wGz!7rBh-`aPfRx_b6xqa*OKTz(?fOW z>1WZgYWJhHVhSXXop}vt;?7(m3qah$6Ph}daMfvZR(S;93SfCMDfI!^=I^IN`z`WK z_4a$RiH)TUjT8}*LNsu6JYd4s(chn__hzDi-j?!@Fr3D( zTG6H1kc5{rgZ=kfO?jW*2n~ov z4&j0WQ02FO1umxf>EG|bk47FfS^fG}0=^9o zKt~}-!5yWlK>S8d>pp?7_t$Mx|1a0F>Q>n+tV#VWuiIrMOTo$*I1(9SHmpG&SpmHM zKMw@F*ROB(ONS1ydo^oTV#>-`fLzMoyY}&n0-4*Y!aPGp0?wse96~h9A_UKjNpI<$ z6jRbyeX2Kj{Ep!US(rE$plOE+w=mkGxl(>}9g^6K9a)tDcCRtRMO>n$%$R%J-`=*<1f&meT9!tWQY%#2=XR6S#Q zpGnPVB>?1~TTb=!G5^U+38iVd|NJ6MoK)oU4`GShVWCtcr!dTyxqzqh!H zys=sSc@k&TRhf=yg*}upp{Y@ByXM+jdGQDFzrVMwvXdXE3H@3!wvJ5f}(i4@D? z!cdMA-9M}UwFG_pIKLa4DUrmv!#DR&D!^57)WuupOpQ$4!%1Im!#7v18W`u{`h?O* z@`d%Cx^hK-DVez~ITcne;>WuQ4Syl1yUngc{&?dc{ma4%m3A-iC%>6&8Pfpqy{$dz zmPg_L`H=sNT%RQNs3>_RpKJ6`L=sMg%A~GX{74WmT2Yjzf=j7)Qq0Axj#UIH^YRs=d!Y8tfGV>3nUqnAI?eJ3 z*!(3|7uq+(+lbNP{Kf^;Dn!|+*(VaP}H24 zb{P<4iM-4lkkuL%y}b#VF3Abr>pH^0qRxt$yF~gNX1~>ks;YuJYH>9o@y%d!FULV1 z%yo?PRTTwLuw<{ zSM5lbXKCg#i;H0X!|WC~h|_DI|2N0drLreVtDG(#UKBQaFPVvhv{!bik^|XohFcTC z1YK z-RXn}E>?vOe$V;gD(+0{jZ5^8>GfrN_{VYDf&+XqZp<>4WVKJ-Rq`VDnyJv8hJScw zTKi#Xs%Eyf;2FJ+QwEOP5~)SwGDFjUJ)xy6#tc?=G6Xbc^H3Whx-L_VbUrU%qvro4$mXcBN)@TY5G_hv;C|5o5D#NT%YdDCC=EoFR$7~z zJN-%d0oz;7Nz3}2=rwrMfBm6A1m-^mybT#?NQc(SkcyCpB|;Tvr3j!%qdyil^BM>A zw|qZ1EYqh9=|U}R{`{<+{jKye{$E=H=%(=hz606-Q|L|7d3N1sLMD^_rj3T6_(+#KQ0Z4sn&d_%h?TmZz+;46g zB5o;S{pCC3q$kf=+8}|GkZI#>jiFQ8qSUlNG=wJ@O!JcN;Af@@Xs7 z_d7EF(nj6$)Q1oW*g?N4rR)Yx*rX1GpSShJ71Z4gReU`UeypwWtQ@NL`#JAJ$XuDXD-I$kz!PpqBnQaKn{;znt`uC*3<&$P&QCQ>BQKv15zievt9iKdG9p86rXV8nkusb*S~vR8`gBqx`yn zts~l1-njn48PCNfM??}uTS%WD)rr~*%F}cy5sjfXzENi*LSTWb3eS$c#hNE_PHZeR zyW{(>9JkfC(>lKYc{Vno|9&<*v75%^cH7PvZI0*7_vL@~$kHWf1N&FQFuq`B*K{Br zcfP}wgw;kPZN1ft5a+{G{yAyJju2lm~?`%|;o`g)RebA*n}MrbZ4SKaP?>n#%{ zF0))^9qTTLVt^d^g?VfAV^(fk2PTCRUH@vodA0REr-auvi$Nk=4iOjn#@G|=aijI% z-i$lrWx*V!xm+FxAM~}ccW9(~qyFvHE~SN>pNHXgltC9v+T8or+UN`xD?BIQ5M(WQ zjaaPJ!|HCmV}T89{4vq5JR_-w47b(6wY*sAl^tb!t{k4@T6ddHrW}7$?N2Y$|K`qb zwZZ$fqfJk6IxdSS0{CiNzHCCwa12jD;E2l;R<7f;HTXMDmFB>bw6%NH$(`0LSWWeHmO&^f`>%=-)~vZW=g1mR`T+$W(PfZsyEpn#L__Bou8gAN_J`CfLTN z^SH%7)N+7F@)pFlAASFcXH5|Lu0t~OZdwofTSu|tjis&KDrfPHBwVyGjEqx5H01$H zXEzc=A+0`MFiPVOIKfCKJ%d?41x=JvVvKsG(nF*-T%m&X!WbQdjUi9EA7}P+ngsSf z+x}Dj2k{ysohZRckbkk@+2BFaXh(ENm1L+fy&EkoIC(~$pyv&c5aGjHGdj2-ziHv# z=XTezUu@CU+W_CIwA!jdXyJ-vNaox+au!oUy1DI{HpJXJJaB|DO!rboqRD7m{lG=- zyzoyo)a3YYP)=h`Y!0QFKZq%0AQrX~jGBfnC`wNo6XkKAVAcTW(xQ%R*rTgYN9Xo1 zY;gu!D9*Sw`D^#TjuVEgErK?}J|;I(f52CAB1KZOF_{`n2Awf4OFRt`bZyOP>#qON zN5%y(O`gRBjN~uBzu!OLbxoa)GCV}GF<7s8)lo_IIQSPs7X7a5t@};B6WLg#Gh8TC zd^icS|DB30F$qtw191qJE5bVQOjI*1R`O8D(hGIo`w?T^RUef%vl*F|34c6mF)|@d zn!nUuw`(adVn|+v`8Tx(_o=+a1t&~N2X3VmnV__r?mX7a#d>Sp7QQ+d2?YD!IKwFV z?^0pYrNK>UDrsxUgPUMozW6W$C&7z~HfxcpTIK&ka^F!*pU!?JMl8H1UX5-l8dO~`-4507q->1 zjfI}phCNf%=I7k8c@vN8VFQ|5SpL@OcVC4NPa33LtTlsF!|w#m zY;uOIAv#i9KWuT-o0yOHp8PJ-aaZA;jymrRKKJsqKg3{2y)8~)*Qs{HO#Ek+VZO0} z05i9mRM|rr=DzKBEdi5WP`h}ff_qV!3w%q;H4WU+~vgcuG#r-?^Z4)M~UDV{2g&Y9wtg!mOWbQB(!JGhtss zdRLP4)?uwF4PeVvFE|L?ZW!A*9`Gex_i4Fbf9WT?lEOXM4ql!t4yG~!?XAzwBjV0&_g-^mx<7^|t(o5&eF+ubu2JdA)Z*6OX%sa-5%plW zoN&484^4i$Q%`=HC*^)zB)oW-w?}qFfIVbD9Qy;ECSA0-5*S|XH1WBZMtMJebKq(a z7}4rq8qzSx9f$I5-`6Pf{;F-Yi?Vy82x-eeKqg#nv!1dvZG7O0BE~< zO!D5{=L6kI^C^XtfZG+17%iF5s3<4qIprNe0XPGy3Y*KhVnvzK*~vqMNziZDW<08T zQSqeiB%!i7t&{6%_jM(x1VOMsK^Xt3PdEK}g$d;n;|{J|)A%%2RJF>roqXv4dGqNa zxQp)@EmZhV=PUfvnR8dArq6Ij=e^O#6E^*s2xmsuVcqzUh%>^?2vPJb6`xRg?|_R{ zM4~@UjAl^lX^$Vhp6?Al^ke9=e_tV|@7|Z+=xfXHGMP!qDVFL!ao!l1&$eLKfILyT zfY~cw3`|9&jSyvQ7<)wDu;7L*(0`};XuNp{0Tol!8V{RSn1^=M_k4ffK77HM1RvQA z?W#`Z=6-Uq-T+^VdG0T0-2G5-eR&t}8e+VFRJ#NZDo)`UaulRs6Rgl#ppArmIp*zy zt9AaA*L$X__P5vyQ3tTQw{K0Mc%$6Gc4^;&RYml;anz$X0HVQg6XZ#0JaO6Az>QPO zfsHEjzD{fNft2?tI`6d!Ko$(C*~o0&*8K{<5|sGOPXdPZ-L!GWI z&5m)({=|w&)ZHBtAuZCX0a2h9b?{_1q=<9COf~yUOo#?UU|uC4Jr|WUIFN*!8NT1~ zR4{8h=$o)`01-3y`$*zY9VPi+S8r2d?@!G~SgHLC>yO0kqeadYD(vTP>I38b*ob{` zi$P#wg_+g{|D{MeP}<_I{|4jz05Q$I2NNPB01V||GtBC|l$T)tz7&lQ9XsPx?uy)< z;C*~|+>sKPP|G)n>v7RB2Q^t~vw)RAs&}1R#qdzUcDctT&tShq7td-Q@L+_W63w=d z$sY;^=zI8Zz&U3JA+0ZL_&3=HUp&k@U+(39O}?9JG>J7qv2nmntmK0XjpFH2U9r*I zr;>0zMrga8UrA=QW=Y+}3DKw5nKGVXxQ&y(INbjNY_lPl6N>!*t07juS+=0JXP&NY zaxxMQhl_5g)keW|Fn_?REi=D|uzkg*Wj0_KOs?(MOjr#oO9U24;w{5RN0X|tft5Jr z>`GPm+NF@YJ-7Izq?~fC07MYBeUfKnR}=9NnO?lsVgRkN+|=T9R6wm(@;-iKSfQE3 z238n32-Pj&!xbrG<#6BVvb(F;7jH8OXWUC|`L&pxi_#To|_g zPVR=~5HY^{Q}SpbJ{QCN>$CU4b2kz)n=z}@$x>uotMk@uWd`ZA=Vz~{thG9nmaLa} zPj|j|gHP6z#vKpEyWL(%7uh>4R22h2mI-&l(@xOqip*-x)>6)M&>6%=o!@i+%QK*# zw6`ZQ^fko9o}EYjqd&OKVoM;iIHW(y+FfS2QA61vB;4ber?#>+60qg+=g-<9>z~K; zYKPQ76SKJH@091KfacYaducVRQ?le)h`D@`Nb$_Xk;9dMZltJ#TKPfVhkwxI2%>*M zF9d*g+>VGEiKsn$bU7$TLO{i)>lln-h>68(dDKI=w6DE?coANUnoh~GrL0xqqN51T z3vUsuz!8twt52hBuoc;;oZF$=L)QSHGN=l_$n=i}#N%h{b=OOO7F!(q&^sgXV-8;ou4BJ<*C5YrDp=y`vTt0h&sxV&76~PHqWTRh~=K_>cATvar$2ACe$jz&| z*R2b4i_1|VYauXe!Dum5T`ZR%(C6!SR=_DH>EZ;}W-G`-uWHW&&n*H1nR^Xtp9O zGPn|g>$}toaSp*ILn>Oeq6~>pUN2s6N6g(PM*@TsTtFPN-piRV zxbevF?p&NpNaiqx+^z}ZCi|!M{7v`o)Kf+pW|FApOzG*yLU)Fm574K0_1`@9VM>f9 zZ6m?Z3NF3&vF$7{{&blw`bhs+r{^b)%L{D+P}1Q5&=Wp$L#0g6QS=k0^{t?lDv!Yr zMBtE_opyvRO4EZbKOu@Ks@U%ABmUV!2zG)WzJ>FwzXGzl%&MSgnd|iCdkn>gsKpd@ z-*>n@(*9Cb%;oi>=T$!n{Lw-_n^>fGmozFPGv_z(2d8dUnP|-#%@3}WXa;9Ur6Z0d z0<@~C2$uJgShxe|#;u5O!*;i@i6rD>9bj_D#-YBf!%@1M{N=zIoZ+P%_Lj4Rxc`g( z0CQfmlpU;6&|P*}f8QSn`y_2skgd)5%-Q#xd5nccb=ew2bwXn%mZkxo@(nIj4(?RZ z^GKK3WO6k;ZT2i0ztA9SRWglC)ntC%y&H6#6${aaS&l)#0p!Z>l~@_`-|BP70qgLkN?K5$q**`IzNS5UEI zL&Jd!E*{&=oU>h?;-G-VC;0NHy0P;9ML&MS{=Zpn*Mf>v3LfHQ?2s($P5-6lk+D6G zH$lB%q13^iN3g30F(!)7$zwEh;fWI<@JyKRV^d~AQwls1ilhge~p`}cR0e9Mu zsuVr(ShM?S&9?;s7=8nv=9v#@aax~)rHE0rBv%dg4k3mN$kz~X!1Y}jKEwC}{eVyB zuLw`K+HqDzFMHNL-uF;Cr)phhwq(C!E_e!RB0TH-h7a zal;?b+yRX~`u)Aj-COufPEjj%!~}c&)CBv(NTY)}SY|T(zRLrRA!bpahQvbn6@L0z z?%{0Gk|7ZR2jhkcf*IH|x;G-Y0{Sr(;V}8-mEruAXe9_M@qrfOL(IrsfxGH2?4~~^ z8_ug?8sm;xuF9R6q`lM(o7q$AVbR5@O!(jhMRC!vpy#w!+njDe1JxS}tfT z)5@nP3v-zh4Q)$L#4~?|yu%ZU_r4406ndKZ>$6tB{F^%eP6nVnG3J4RnzrJ1jzA;- z-s_XJ!_%Sk0k0b#9q2<)WZKkAFkkj=5ueB*AoAoYx(v{3CgxU6W47;?KQ5vq!^AE} zSfQm2kVGxjRZ5}Ja2tO)_7@|fRy&@|nXcYtAhvu}>MO()vOH-)KOH-ANQpEVLlow> zB3V{6Qu*m7EnMe&Yl!}*h246>o#1(Ff5wniCjMGm&4Uo$wCS)>-Xard%_m`*lNVoA z;(dzwclM$Ftt0`{T?@rA*Kck@R+Q$B8sK|DNyX=yBuVPsb;zZrM;e(co4RP-$l2t3 zMXQOpL5VQ5!aUBYh#2rCSx@F2#l5|?taeP(nWf5^E6Lde|K?N&7dt2#`CfHDdPmR+ zCKW@CawRnLA=K8*cPZs9<|@Ppgst1C0}oG>kHg11n9XQiyPWpYVFk7X$RvmkGab9sXdiOVoG0 zpZ6!JQ+V9_3Ce&QL)3YJ<);9V-J%J9pO-Z$rUJ3etDeGKLazmgKi(OVf|vw!nHHFQ zd#R9*u8>W{1%F*AIgtNZ9z^#E7v-@nCRGu7Lto3pyi%+&@Mjq>jM#H-4901A$TVvR zizGBcWZ=ZS>!K6u2SV?9LWqLfYPD7wOn1~A*V~v<$BU&-h%da4AI#aHaw{}_t*k5% zYsd1{Cu4HPB0UT6$WuO$+d@f*1Tq-s_r|9o$eVwWu=^|l`%%K<-B1o|?=2hVAA(53 z@j?guFayL13Oxl4T^cS8aCS9=zSk4;-mEq*87gP%i6Kb1buJ1q2cZQ|-F2=d&PwrV z=wrz@Oxu~{AFmGVZRK;x>YLD9-=L6ZKpIxHMf}Km#k-B8=#`OsAFhUA>A`)Z<&94U zc#s-GFKjB-XsP4+eWLuv$wvK!9C^x$QW3`^(~~eNf$$!mC}w&ZmBYaFTrHtWbgyVwR@i8Z^vl0dEgNUsHc8au@LyA|Sb zJwxcSE+S`irQxW~!zQ>x?M}htobu!|>Uo z5_i6&l8II!>X!EN`fvdI;9MxW7c4jrIETp`SbwcY-XK>$Dv&_kdRy|r?r4sB; zXNVAaFoHV5Fryv`Zf7?6V@}_%cb}(M)>h(h#~o7%#-Qc5RYFnPGsXAJ8QCY1DBNuv zt1XXkblnl}nm4OgCXcsMvaBP3W`ivv*YXN0E1HQ&r7c0pq#^?cctk`E4QnxJ`ae)- zo@kkG1?HFkTI@R^hLy{6Wit1GTe^4d6j~Y2kP#Nn)?Me0=Y3(n^7$g1|8xxG*`g?0K_S0-*UAM`!JXHi}I;MmMrQ2hRyM_1R!y3?8 zaJHW*^m|4+?{S!7>UmZ^=_Y^wcFB0^xd+Z~*y4^CT3)}smC)-6fh{X-?zaWaM7S(T zuYSNfG>;Qk={GoJ{EuOiaJrOOrc=i$PI>I7?FaU^?!1~=VcQk~P*6n7?5MjHayRT% zQ&QSdy}`t?OT}XDy5!5LTnt9@R~Q3V>Eak|a1k*n8H-6}V$IvFD4R!TydK!3z0IZL z$EnSh%_$)W+`*HRGWkXc-IIq+M$cCf!Y=2(1+6TD8HzU}WxW0%%jwT_N2N0c;*M?% zl%mMF>jP1Qi14efFSPM7{*QRLP^$=%OsGGLH3-n3zyC$I-Tuo<6@bPJnfMj8!*d(g z1qV8xx$IsZJ7XV@wMib0`Ghc!TWtWb!DF+@r8N!@cXFaD)vCU&W^EECRy3x1OdLb5 z_xs*KO#u$G`FLHK7ZS|Fi*{)U_eL{}=n8W=+Z6ysILEN_BD zq@tem_@O@zuhq75ZB|MfwIFUjrAUj|wQExc_`4Kj2OD}peJ0(y72So;vSqco*W?*1 zJ{Y`1Un{RXS_q_05a30WTzO8MNE&DsL+%3vC+est(e)O_KgG`<%HVlG?gs8+XE^e} z21V?KFfh0H=!=jObutBuks)E(rcu{y8HB=2OU>)3K%#(j@nL)P7F(8LU5?(34;J<^ zlz%+x8PI2B&r<5%bKb#iznGLF4WL+K9I(6MphqtX>g|p$$ke)twC%HtF2$3@s3>N2 zh5b8yIR7<$^#BtFE_Ucg1hWC(Z@eE~_d=wvov*?1KnC%P`;jJ|tpA`*%F2+AprTxH zUU&RY9A&9x;My`ocnYntCVNzH5fPgmJ>sB2o+?A)txCf&bC@~qWV$1mdoP^qN{+zx zd;)Yhz0dR_grVstBQJIs6w`hNXI0=R^!F4@M^lBR{@(oTscHSyY7QYAFC2ckxl{8> zL6Tp1eUxp$aO8xDtSWumSTV}j9eJ>=QSmE*O!C@wxx z2`PQz<3i17Pm+++TAQ-e9dyAek0Q|R;%x1Q{I1Lfh#XBGI}FY(FEOXJLn)OhitjKm zEQXWRIuo;!LbWw^gJD@H;kGO}gs=H_oaa~D=s|HM!5)kB6fM_k=aQ13YmRF_t0vQb2)_(l}*58ZK!IYRmzF<_uO|-U$m<+v{U(6z3jf!0vi{=`P6MI4A?_5 zv_-|CkU{T|DAh*lceL3M^A;uMvrmG`Rl=$gH5Xsg(L%cJEkY{%4-Or>dJ=z58)6XH zOj-9{J#RseSm^xxGiBMBQ?>$0p&ko{wSsvf(Ac^%GUB#*gln+dZjq*z(z0|%z<+qz z9s(QYx4I6+#U*y{f2CqmJ7D*;lufKv#_S>v}(erCQDaoOLfaZMwE(F*b1l$N=i8$ihfbcW+7y9 z*o%KsZtUVQ6#2>Jvu7-PM3)0tOHkF?QBNyQCrjr9*A3cBF&yVGiYqHcb0=_}vrH-g%<%UT9B`Hp zs>H9pdV86~_#P!LbT2HusY#;26xuXow5)I~ON_g71QC%uFxiy_ViqDe&$VxOTql76 z5qRRT)03%Qs1)O5IhFpnIsO-%7=f!b(z+Hhbvm6J|F!W;R4r7#u8i!daZ5H$B8Er$#huXK-1IOzd-HiylwV z?|)oFD{fGBF;^t3@EsUdPmBVUfZ~$~QwlCq59WyR!ae$7!nGw+V6hL11Pw5JwuR39%!{oMp%@hgjBSa4eyWY6^x#PO>4uOz#RuC^dC&GPiR=d@&q_0FA= z!}#lfB^8n}YOV50>v^v60^QAEe-0llLgg1@oh-f$o{)|D+@vfISk3cJD0y98iA3`v zwU70S9WURpM-wx_48ko!N*g~lfN*UkzS6EGJBS8Zrnu$TF9q0DiYtjZRm3Csi+ViX zT9Fpcxxv!K))+AgKIiG49S7HaLjLONik!B{YWBVN?0H{St4Oe@KkWWM#zONR1=9^G zFRu*CH@rO-M?MJbW_#7QcW9K-=$1yDyBeW;N|iz5=KZ5>mphhHxdu!XxH}4V0zz#E zhAbmYad8|dxYKJ6MCPf?WPemtRk7B`+%|E+$`?YVBgQ zWrOMFqicvTLQyDe*_pr{kE~3-#UZDs`-(cX-L$%)oMHJy^jHXIU5R|N$&E2znKSpP zS|ExyLf_tefyU!W>vr0BXHg@lL0KwRk}39gFQKpgKl`-PDg;cCikv*?65M(}(nffj znNGxG1xu!2Q8KvwT$}DlryU(z0jsszbQ?1uvc5t{t?5PhvCkUbxiYbP+jL1i+pMRR zba&{m`R?88%~xRo1>C8HxKS<*m(mpG#u#w%7qW>0Im3q)vlLS$c zt>z7;%ei`Zo);Lq{U2ke@5*!Cs6e~{=ltYEy>d`w{TuWqgscS$s2U5ydthXSW zuUPi;;rGT{>x42TL#Wo)z;y1jGt(`&U|8tAhEpH0rDMl*%q8koia=xJp!^xuJ0)bL z&*5_WUbni%XH(~wqLSNDbIDf(Q5P=+Iy?>k(l%jMsD=tWryFO7E?(a5Y+!>2S zqbx2JycpPBqoF5!d+0A7CJ|KK@0Mo641!msW#jcB2_|H#fTY+1 z?S!O_ZuAvjnufgpj>de_R0Dg+C`#PzjWxnV92o5K!Z7jiKvw6qfoyRL7m<49=kl~c z-@Y>c7RP}ey)bd(Cy2+!EJ0zJ%GMamUYV-);*jq_&L%M91#Hj-JYmEE@%7uBnSX&- z=zoJhz@0!6AxbifWG@Bj2Nyzxa>CiE&E97ye|fQ2N0T#C95Pp^Q4U1z9*f*RzsX_i zGT8RU@%k$2|H9?iVVxo|P?qTKau_%Z*(BTIHN*gw zq^cSkr0@+C!qnQPuzc6><%Hhw4i3=T$$tvT`y{iXx{9(yFFQP|ogH;!cqG`P2po$B zHcc6W4ttrrxW_(!Z6v6Fi{VueZ12BtS&b>wu?_Ax2-Cpgpr5#BW~|__v@H26KOOZC zMSR5?Q?(R9f1kT8v-k-R3iYilgG#-kO#k{#s6Z{cMaH`P?n*3g-FIkCD}*D9_?J-> zcN3H?3XC9bs4!Ug>6N$|MMD;Xh?iyB{ulkpfb44laY=grSkFPq@Npt45~%F~ZoEZY zzc5iAKcz7tJq1|1#TVGn?;>fbnsAFuD|k}y4h`GM6QA4K*pXfPPx-Y9k?XB8*rzfG zb_O0SQPa>6+s$)+9Nf0CuP_E|t zV@P-_j++8itEk7;WWg+7NTp)Y-krY=cmm~Jq{T<6-%1eEwlfW3wYrdb*#9rO^jPv7z&|m^C+Dp-nn`tJOq ztiGe#l9;;|2A$%r*k0LUQx;;qQ7Y2@{Oo8RY}SHD-It=OttIJ3lE$U>4Eu?4(O+k$ zGUJ+%P<&S04|Rcr7)|%K%=tNlIEybwUN5dU?N_Mp3u%I^RmkG+yoi{d>|FBgG77QI zKMVz+qbwL9Gp;mb6Z8Ij25mrgTDr$%#QN9O4qhIX(QmiA9?LA1qLW)+ONv^gd|*iI z=Ay%LW%`}%&m%=Uex?%HnB|F6+aCAn^jzpBmeyr|$@tS6WfMz2l#?vIH?ORqTEz^2^Vs}c9lBFM?fZ5@CZByl6tRZtyZ(hA+Y&Vg#lPjE$@rCgnOc3zQL3UDqwtx_(x~+0yd@Rfq{W(z7|a z^3*PUXjX_?$~qO16~dLsFv?k7qnCc%N@+CKj6Zc{_x$soQ&^7Z%FSfyzU9c#O#B!P zIYtdJHr)~`&p6XVQ-!DAFRl0N0rr@x&atYtx+3W4YFGa_KmNjZ8Gf>O4*HfO@<)S{ z36D{2>si6+WrkrpjQz7ahPqJ)&)epJQVKi+mBGQ&)u=g6&z*6W$Qjr9rx;J^eu&Sndhc?43uix(LyfwEhd#Mjx(dInn!SO%a(|MLLvPp?NFB8WSyeo@Wn8cOWQ!EoWq@V0R78)a|mT@RPw}4m*Kj5fA#q6 zz!CJ@V(0SKz)~a0vWTD|5`mL;Y@UFKHq_rzy2DapUhATLa$^M?%Y0{D>bb{jbLG%z zQ+Akj->14#>23t-_zUQ_CZJTUF|2&nxpi>7`xvlBabaFi63$bszNs@9UR?;zbD;ZJ z#X=2M(r;*TbmAvvE=ZrYfK2DKdU>jUQU?tVZ5MF5)8dfMZgJA2zf!fIin8-&#@$us z|FL7B?<<=(K?$k~6JLvJZgUA0A(L8Zt3;4&omMedGS7dmSWGe)=e4#7hHqslpkPXG zXm&Y#k10v5AfUJcrrx!v`mW1WVV+eeXId~%fj>v4Nm5B#vwaGhj9QtB#ZO>FQr~Kk z3f+z}-fU~@$HL6f&1AKgt9xW-+6<0ENDXL%4O6n>$9Za5xi?1HAPJBYH-;Xv`mxBA zDVmtZZRZWE$0{$35b#P`w6h3ys_8bbo-3-|W!{z~&VM2!!(~c&&s|ifHJT&|#*#J; zr6S*u^r^iZ#*Ssf>#X71ofcW#C$j~d^oe4D;4oTx_iC&Nn?O{Y3QRSY6-+yhve5>7 z_YkEJbCCClJLP9e|5RFgD>*70K)7h>j`5=lR|79B2E1q^*f>eCYgW(GVgvqirgI>G z1IMMZakT95$8(kD&Zq>tgN|1!svmiEYy1hJ{_p3w|H$rpR zor}3))E}%jz$#^~`-xF%n^Im+teWi21Q91!mG>IBpQ$dY@J!t++qzZI7eWnR3~*p{ zgvoSK2W#>v@(8XUxudj}5sHOH+|wxdR^=%QnkBe0QjLWv=(_%ZjBH86MZfqKU+{5= zvMO-k`X34@)PGC^aB=C(j2Pl9E)>!cd=!maTYZ?^8OveMEKE63dGhqhIY{^>14v5q zJKgO+P2$W0dJ`~;c5i0X`AR|UJ&E)JzTk&Tsu@LK|`nJt7}soDp$ zRvJEp93moU-lVAIC-#%{XCkGOOA!TGIN`ZN3*Lv2Xej|r>SJo2AX;xq0Bl~mlg}kS z#@mZ>hZjS9$gWZJd%B@v9$jQ*! zzX&~UMkNlaG+c!2c0Q}a0}_AP)L+2K1L60gSWyq>$;^UPsYLfX+7G;3doG$|d1^EZ z!*^HNJ&tK_*jQj<(`nb&Wq`v`_4RqiP^T_NS$+V>eY{;$ zrrVJ_W1_3@AyV!Jkse0S`RDkOV#|L6)8BG-NX}cNEN9s2v=|zyNeL|Y0aET z&z=7;brs7CsG$W|7Hv<>&qtxZo?b+i30mqyv5u*R-i&Y>1f2{(X^)A@scWeK=b|ZyV^$0hqM|9iv%mCr0VMXdcNae!K!9v57OOYVs2y=BK|orzJp?7v4t|a zT5d31^N=V)QkIJn==xFRZXB1As*+z`3OVtdJ0b|s6%je<3E0OZsm&$m;M&*gez8%Q zZ`6CKQ&q8FgaQsHVZYhkr=+V2$fd>Sa>5hUmxOWZ_(P>c7%HY24jrsSCv2xkyKF85 z;-kT3Q6*BTdqAf$PnE^T@oOmL46xLMe4SMbS!6YbR*mW}i_UJ#0asH+lPap+r7rQ= zsA*orP4_RH$8l-D!wI|omNR=`WATjniMzqNk(DBWpc&8)ZQvmqcvxG5Ym@wfkj@(C770x{EJXT%Y36 z+8Yjz?ZpLgm3pjGw?9%4AlBNiCB&0@gyN8*7V|x$Yc7N-5um08zaV-09KSwy>LwY^ zZtr)${?YDn)z$7Kcs|K7oLvRf;5(;rQT@(BtD1j5Cp;#kji6EVfUNK#ad5gaNqsBn zZVHNeUw*O)TJ3HDk~=Fi(mDHU!~Bi~#!_z~NMM!rKlP^$&2@S>P9fR|od>18Ug=oi zy%ZKzi)M0>gKp_;C_U9rmrDccm-7Kg?&?yo^9)O@+@zmL1>H900L#h;zXMckP1*C( ze7$5&J^Sq=@g4oZO9)>62g3f6RZdC=H}Nw4YO^KQy2kLy*;(I*TE2d`ox!a&dd$4K z;&=2D*MJBdyjuc%(E`1Ql-L&owfQRT_riJwF&oJf>JxwDLRMn%9r50pl%)Ay!~zO- zYgxHa6c^v|wBC=dtT0%PI2kC;cAsBhqO&$s@5*%>4=|@k()(%@2;ap9iWgIfiRq)V zTCPU7loA8;$_Wcwn!|R4;%$P~M*Lky9`9XM42^nl*8HeA5x4D0<4kJ`<^<;V#Pml_J}?+MLp&gezQgAXG^m41 ze%ifTQ{zhM^{DRfyb0AyH;QlwP>h1SUyM!i^0u~hv-1KYc5#g+w|qQ@e{5YF*Xs9N zZHLxY<11#v9yX$`@%8Ex%cRM-~b`YNngx1hg=N&u&uE% zKz?sUdN8+x6)COAGwMFsQE|254zC$XLp+d=$x$u~ontoZZQ;Mpc#ox{+if_hNXMQt*p zF;*CL8gi>S+4z2)V9rzynZ@T^`|wYSrZT9W@apg7WtC<^{NPrq=c&nyn9%z`&RnIsSh65JuUyL)hl;O_43mW1FQ z+!}XxhagSkjk`DQ4vlV4X7+z}_niF(-S54(?yaY)evjx#E^2lM5Lh84otG%9j zWz?FZm}n`cS14Gsd2h?V`}}XcV?G%F9|kS>-6{_0*~*v?5YWO8K+)^9E6M8!qo z9?e+7NF&~^7WGtu!DGnyeah%thY$jRrk$vR%R7UYL(B*|g17(=exdC4cfepMtcBKF zt(iVYa|o@*9oa>^@>8izja{}d9f3}8&*M8&Z7N_@@YQCvN<`bRfZyZ5$1qv2MA55| zoq!v*yTVwB%pJ&FmZtng;_>N9(LA@Vl!%%;Al!U;JU`r?d|lg-oSRyy#MNp{(u`{+zm(;JZgZBn zvI558h)PYs0o9D!ESb?bP8hf$oKP2yMD=^Qc!;u>c4ZouwAiOFfWofx79a_ zEr2=yO_)`X@N6#sBKq{M;uuvPLnWPb*2{XpC`%l^#Q28%6GlQ-LR$e2W& zJaqwr8cc@aL3;_L2_wpyabZ!|yfeop6?XKJ8)-&iIs|CGW`c9o+TX9@jn4%SVh5IN z>@LT?M5?{d(g|+(XsJw@B2ucnHTZp1>&PFDEbVWqgzz!VkILF)bM@Z#OI;sjic|9I zN)cp(k4y>fFScTQWOd~eUsJzTX3QBwhmpf*DuQG!ztwTQ zJ>qicy`AuzDSXT=DMFFesKTCwOoS+CHQM2Ai7An?)cu8?hHlSmSsQ$VmTed;{rXug zynh0(fhJP$cN2(>VYvad5V>-~mQz}=gG54|aRN7L-)a~*l*rdG)L@srA~?W?(~ZVn zPf+*h+`+PSYs%{irw=1HofZSymW~O~GjkpAi8WXkETs zX`g3Lg~A{Sdyuy{M-X3#3+y;Mey);pG$w6Z4v zxr!}XarD|W`q=!(Sb;T`3!2$5?pktf%C_RxSXwYWq?L~(=acIhZO(fEhCVV0F}bTCNlSrU5K;@cKc;8HysW5&R`t>AN+ zHXay$Y@L3GEsTOqL+Z$3#B9Qr)c6Wrj$)#0ry>j6CrEkljKSntHc^KrsX};8veM$& zcj=mDEFpix!-ZX3-h;D&nfhS=$H6pxV~k_cI2&1Bw+{40O*cHU$qbe(iW}i#PgI~ zjbi49BiriMn};J&z98H5k&2be1=E^-pz(3cHi2av!HAL|CGJR2Pfzb>*8Z|-W+z|?PzK1aKeAe;oaLk*d@@hm-5V?@SVEsxa0Oi2_M2X7&9R+K}D~$1YqQ(8RbIRi7ne?DQMet^7dt;x=2_*FTf}cVzkFwWA6$;j+ljzPex`E;!8OT?lxCkv8T zHTS|IADg$G6))d(kgXbV%|Jz;JsgnhLO(pt8@5jq=`F?x}ztM$?x_!icTy@AvHSzjy$CNTsT%i_U^82w}B%l8+(u^6{IBa`bBf8Dy#+Br(- z64)$U6cPb9Vg!%1M)cd>Sw4ZuK5sDm{S1!#7nKx*_1k?8^+nz?Z9MZLID6gt9v~Dw zU97k{BSS(c=%VFSSz3jCiu|XO$-s1GfGtJ&EXIIXrmvAQ-a!M#fxsC)_ByIS>Rw*{ zZizZ{-b0H_MXbK1^a#AK_k>5;C3pvc-m-?hK}_f(-}IHJb0oP23&Jlay*-Cb(fEqI z@o8`0Y|z@+s$R)#T&_kZ$vM#(U{i|y4dX7U9Re=y#7X#3%wf{Y)%p{1CaM67O>5PJ zllv*Bb{Ye!P}nJsA)!aM0WCeh1_!-nFBx{#0>N=Pv67pG%04E`YV{ad37m>`Q=8Qz*8Q!Z9^T2oY)J?D^77o5 zb1^MI3#) zK-y=^c^g)8kfl}-JvgdHEoak+Rbo!(QU3JGkcg~$*L27?LSt2Mz+Lhq#W3X8N%Q9I zfm0o;Oq$pD&ZwrL1nKgCMN?%D{KdtM1kAN~o`m8OmIA;a!v4o1Nq)JmhNZK$PU0OyC>f(1BLL@s3EboU*V>u&!r45EZPj9&A6NQ*GuVF_+M=S_vfqx zT%Q6qA2WrI&j*i23&g{8bvMjV`TK^TcIav~4)BhjJ1W~>g9lC? zGJv2W@Ice1qO!8w-iAM?BqVYNiG`uMFk)fOl8}j>-G8&3EL84ap`&Im6>MfScel5Q zMQpDh3lu#_faEEyJ%8vxcVvI~aH}?SNb#kp;B2d&R|CU{_2cqBlFp3t$G6e<^Y-qk z7=^vQduBA6JS;B1Pya$h0gGz6U?*lhfma!7xI%jQ+df4oQZwko@jR~VR;~swK}eV$7vsGxYffVTIqA(;#aU}Ss0@&j=f=@06#RiJwc8F=8@LUu)#cFs0WA2Sh%ws6&C4JN!%;iVaU$ZFD zzf)Dp^}aMK85ubnbfe*gdVjT<0VrwqrL^R<;ELqtTG?5Pxcc&s>$iM+C@LC>89LiK zwghGLy~!v)OLun&A@*RnGc1-Wo_+(*9|p1k2-*c|Co_uO^`ROzI)<8U3QL}UhZZS_ z-O*QnfV-NwF!A3fwes`ZFk08=s>RJR^ruV(_1%!~$4ePqUWqaD7gvYQ+63j_p*&x~ z|C!5;{cp1TpEAgM7|LSt^zdik4a%rO>QANKwLaZF3&`_FLn93}iZ#Sf0gwW!5{#*R zr0+XACH%f$@ed+9AGdNQ4UgY26~Doms~*Ty5)v~LLH2ookITXhFPq}2Flc;7;(#n3 z`kj#=Be1yW{gDPEkb1gkQ`F(@;YYSORl{&BTTRp3QBE2w&X#D-V!Y+2`Z$uK=$}92 zkF}Z*>x-16WVHpa6)v=Hcg#92Z`J%<>i$wFWR)JF3(jrNW^6~x;I06|ycqjMx+!ui zz)N9avUnb6i_yHZSM)-Cb|B&97zzfi;acG3I=bhNYmv6G9lLymV+ zCh@T-QzJdeco((5(rm+)R8?I)I4TNhQ($}VGtR3BB^w($dU(I8ZJ5Y4AHxR}fuQIk z4byg|PyOk&Bh;x0#E7LOlUD~eWm`e<26~}P;Jw-$+Y#(k691WJ@*b8)t-crxTOU5S z#URtzSX2fWp7PWgvI0$9Y%pj#;o1F#jw}51b+FIRTv+VTZ`;@n1T-!nrxapBkZ?x^ zDE(2T{0#q7rT&Glz~J~Fe$G_)g=9+A@*R0`+%shAV3T*84V7=gVeSkGNLLN>KH)jbD!LeO_*v%*r z^h8-b&fQWpr!eJZWksv3tOO{fNGm9GE@^ojIvq;WL_}o#Eb$4Jgm2H6N}X9>rxq~N zCoTc!U;6s`FiS3?)`iyfyh%C#!lia*Ld3<$ctA*T!nyCtyLs6CAix;O6Iswfx99oNgzZLZMxwmgU>G}#JoizwWbS|Y{Jh{sHtgJLTVqzwFBNM8wXxUo4)n&@mtTw_^bRRIdK5Vb*UuM65>RsZQ_ktI%NaG@_Es_XBtt@39W_6RFVSBX-^y$@no#;FWr_HS65cXGF_n4Md2pQI z7-gHiZJGHIUc->gf&u-dqg?yUkM#FNn1Mevq>VR8GSLYIToBQ%;YFM5MO94+8YrbU zGE_cf6)VjA;2j*S64Cd;HL-OU<=4E?z7Ms`>Ec0)9LLIC+&AF0l)~pajS^Sa#vg}~ zr9Yj9GV;Kj-1^-aMYDXPg>H=|H1wl~3*~ZQwmVt?A6b^?D*0IF!j?B<3Sz{CcDTaC zFl)$MCek-tw?@v?FbjD?5|UWhSSGkw?wrO#s2A#4GrV}=iQQ_>cr4%A|7|)Zy^O7( zkRq>50Y&QdFSy6Cl5!>q3m^R93<{^36DB%(2~`<5L|X!*8lDN;`TUNCzeorcy>!8WF$^P!qiRV8~+`y?p&QJZ;8P+ujxJ2^-5DHDDo?XQtU`%WseT-a0 z!to6|Hbsr`7l7yVb!^sA_CLnef&TWNXDMzagpK(9dS9NK*nZ`7v@DyeB9k*u`&IiF zsL2z1X@-wfUqRlC5b@}U6sP{Az~zkJGUab~Mw5L;f2Uiw{M@2?9=@O%Pu8Jm8WGoLTe#=?bz9j>ws=;4WUfv3)aLxG_# z7@@)2B0Vx5laV{6HcWkU%&8t}YC=;wyeIAVQPt<8t-UA0c$H}V0d_l2IG@+gqFYwU zvS}FyT_fQ8m^G~}@h3=UBVlA&o}sD6dwx^HH=1uFagWQX3U!aLlIO#DT+$bNSj{)( z!pTJN-S`e6TeyC(4wv;Os&a!#Ej0MCt+N2t-no9CKJKob8Rh_y=dp~@nCMcnn}l&{ zgb`STgY~zUx%!+L*J{m_vRGJJc9I%+td6>wIj?eORzw)gN$`H<)2-y~nQ`MXZ6X+w zmMQi%L5S>%+yN>_(X;ncP_WjrD5=LWqajEz=w!B3=$Jr$?e7y|5V0eN+}O*iJR!(P zTh49gaB+t`wV}-2(f0cX)80!_vFEM+Zdwsb9GtGqiiXiVS@}#cb&uoXG?hjM-#Yp> zyG9>3Aldj1Xt7u3doIxq$>!yBz~!$Fd{M<-?S4ck>V94VjptXUvX!vVU4EH$3=j)6 zA&Vp;8l9V)!o!t*Q3~kIx$Nl@-Yl(11&uu0ig);A4mc~Nfj`6))HWqt>~LZ?@M-Mw zw*XX>Kpjb!ztH($7Lm*mmJRtbt7{z-qACuY5V;J@qGDy0)$xZzin}eg{e#EzM9P0* zw8ZaKw37eimWU%$fWIH}dM{&^gMnSZa~1lu6VDH2UMW8Zt~jDCCpfx$U$^)b9)AGa zZ?gLod}oX=ZPT^Z8glVUcRRWB53xuQJ38LBO4o2=jH~%3KruV(2^w&M>1OI&HnYrcbU9$ zhIfB)?fs3B0Ox~PUy{MOf|INu=H21GLBX3ZcZm6RBs!qO>6(Ek|KkE@BjJZJOL1EZ z`+`Jvyh7jD5Zi^y{bIhbpqEterEytByceh`a(Qj1vuqR8#=Lq_<+k1Nl z3w%15=_6`RKV`wLvA-8=)Z|uzm;`EkIh@=I&U=_TFB(D?NQO0HCO=y9`Q^X%;&X$FiV8$4mkBu3(CU zCvjYZBa_-WwhL7`S-wx2SQO9&e;c9pK3QdN0Lv$w1qMCT`P?jl-LZeoaSZ0EYhSL! z9{v)Sl=7XmEk9ADtS|Th-#-rQrwK9DUTT^^L8s4|X)biH6Vv%=g&3Kn`DDULUdfU(fFXRdCntm*%z9;c&Zd z7`eJ0_2(qkSp2UtDxOx?OOJ#cVs-`VUryGi?r!-p;SCCNa#5oL;^VfMbczyD-T16% zyFrZEp3vuyT^x56Uv-p4_7*-gLY1SM=F1OO46IbvZT9g_$+~UBn$i@MskLdOBP~ms zrB)^XaG!_rB@jpc>_NXb#)~v|>I=hNHP1yqt0O}9vvrsimWmsh=@`yHt&rcR4I562 z;^a=DO_T($BUv)(dqQIZE$w!UV0Lc)v8P^vkG)Zn^7;kgTCHThAVtV zT`qX0VmwHb7*_urCq8yc1J9i|BmYST!x)%dm^)Omn{H~?V$}@O*;~9m%U&5EpK)k= zzI-&oz&IKX0oOQSBhTG%a@mbPl03OMMms&qrNnixwNYVDGRfE18DETA z(^vIeuL!V@=q_+YS5(==Bz zxVVUfikd%tFw-q2CT8+T*$BBtON2&s3VVw44$4aB7uLrRT_s(eAt%FxxKDKkwMN6i}M78{` z4?6ix#ujkHwY>fS@BVTeixG;osdZtc(Yb&{stu)YQt#_n_RFMQW~A593vqRiJI+I# z!pJ|!$m-waQqfXYbbaO6ji#*1lFM)N{=Rj|wj@ctUlnOyQ7xjdyDKl~oR)Nr;`wWO zPGM{VJ;PQKTY{+3{$=8t|Gzkf@LwF;{`g@;4lb6q_aYQ%YQ9KAoFm64=uNznnx{vOj>=0)Np+@HK&WIBzT6c!Xnh|w zKBnTroIEvvJ=Zj5bq%NIfuZbqs-nIgZ14Kxi=l8jh>GUJbzy$hEXMpLk8&xVTg<3Y z;~}eq4h@66alimM1Hl9PAZ@wX`1NN&e~Hp};#90<`h9HclJXA7&vL_3HySeGF_4oC z2_ze0;x9{!xTO5#DNUQ+O8aI1anj5vZAvGGt$u~i(t z+2&IBQFhYNZe2J#`T&24YIpJJx~+Aaz8{1z5>euJwk9|$rhUNRuj9c$KQpTq2S^j~ zkQ554=WDcUJ;v5aw;39i&Tn&%Qz$2R9Ok((Z^dlBR+*omxjbfjcAp(pI2~I)wy-sa zRS?OhRIXBIDp>g@V~6(Bg1l@?Q(h)n<(E+pg9~$s`IggZDruK4o$?7nTS$lJ6%4AK!A`2=Le z*RonP@_Be>HgL=*{7RSAmE%PAPuQQ=&ttdE>8$;Mgk~_$Kh*YYP5kgjP~IN;pCF84 zy!d&P!cL`obQwbMWaSk^d@}rO%{r&4xu31Q-Of6DpXga%GF`4}avW=F4h$PI^BL5L z&errZ=%KlNZE;E%qKUcLJdbV0f*j&V_kq%+=MN7-Kjj`PZd-zPm_J5*wr~{?km#xM z4JCrfPi!Cdeo290OS7}H6BQlpPo=CaVRz=XP^-h(YlrH6+%8T%VpD5`19fHAG1sN+ z_8D#h$r&7^3jW5(2AW_Tt&j=D$9D3co%%GbW{cl2zA^StMoC1qDm(HZOr77835zzh z^6IVMlyWLJ2jvwk`aWe5rT7qgmD&Ob$<3vB zbHjgbv|pf~n8|-$RZyhfI=14vfg1Vo%=q`6)C@*T{qt~KE!>W3Dcl;Gsd_U`EY;D5 z6m#q>?bo#?m5S~CiEM@kGaT&G(}!n^@1yB-0=<@%ID%q;Y1-F5ePWwFod*4#VW(o7 zfx~X;@3A@Bz$qdA7HmHKc0nTGt*0ONj|VZY9O-14^vH#=x_2}Ru&Z?lvI+TVUdVo( zCb2`ESlKFhx^_`m;i`sJ+)Wc9&o9g`HxIoU4SZa-qY=GWf9<5h&3N4;Azl!EfryO^ zH{fKz-rHvfB(JG46JL??P7}NO{~T6->?=yu%FknpZgoUr#aG;lD{{So}wcl()0b_LZi|FO54 z=M~=C%ZY*V*mU}qy1JWMuNBZn8O;|8tB?y&CG^&bUwXkHjw1QmmrVW$&io5pj=n-# z(6Fz0Y#C#2iOExb8-KN(1!hM(`UN!xK1t2NKJmh*ri15lhHC%kBRjt%-O<-$OSLS) z5i3h-uFyV=v_Jk7zls5|UfA2ct*StI! zc*t^j7W~X_+3#!ha) zP1c-XV9e#loq?~p^mTTQH_xAE*Z4_r>yPAQ?j8(GBX)S%YL>r7&0*i4JVdUj#!DkS z-dkSpkRSPtX`6AxaKu?=2`~m?q&S;vGcY4e8&5Dz0GuNt(~zS^t;8Q1ObB9)$_m7) zFABsgzusPjm6u0&RTMeO^jn+FS{d27eOrg_O|kR!4Ntu*Tx=Z$kNMte&y|Cwt&k7h zwUvJ^V+Exb6;eh^XTRjyHmqa5(d4a;)h(9a%$>EGxwe)di~!xd*t)Ho>OASAfmEkD z3MPGkn^@o`pR9D0=sDMMz}4-_NAS&^U3q`*hjDyo|77f4nKqYHhxEoY~7 zZ~tY?asP3L`2aI8BkA3QZG^47=g-^|2u&z!@BIpM!+nz7~%C?sjB7 zR~n1#&|LzL=4oVELLs;7^+{M51V!c?eFu8cOco9zpyRJN3Y~)6ySr?Bg0N0x)Y1cM z3d&-YRn~7B<)#(+;UQhT>Kn5M*fjQb#x@-Z{M|1^mB0hD9kXA`YK7xR0-OSacipbh zO+D7}r;!%lW7$0zN%jS{5Z_{t|b8{M1&ct&#wNR#yWk1*%dH4wUIWMx+gaqCMXIEw*pkLNdV9#3acrO4l^;5qsdpGr z&+|NGn|T$P)8VPHf|2i|e>-*iUl27m^GaO<5D!R775ZZn5SW_yW!8oxg!Er-Y~++c z2uhh~b9tyUenh#+y1JGy(&x8#X7%Kfh5&^iCXdeM-KZdHh4erB!57i~=Oh|1L?T00 z;3yOh51-J;s3!XbmPbaSi1oQT*eGGn5h!e!38nxK`^hai^!h9=GjFr56L}&L=wFO;$aOPUTT_zy2#V?~L+#0($wAK6R zGf;o{t#7KSqp+NTJHbw^XKNb&?~Z^ZAW#`a57j8A`um9RJz5F|K5kYz>DHX`X#v;d zI{$B_0H=hxHDx-LGZ)&bM4^js!Y{XuLlss%XFpJro`XgYEYeZ|Ijje`!T}d=bspf- z>|=Ht76Qy%ekJ}^eYfYyLN|rw`@-TmU50mPza7MlGPSfga%_iFye=rC52ne7^gUfm z!mZ{{?-%Lt+zmWNg~3T&%Ym<|l-@n}nQlWnMF2dfGj80LOlx_rRzG`U1OlLAuad_0 z)bv#5#7tm!6@gNagc#*>8?(%87LvStDf!wkpTxDnob|qpz!w#7PRK`BH;$%h?Sy{# zq0Xpr0_{m9XW$-9zF22Nh)`dALh}J3ps1cKEhQFinw4cpIh+06yB#)OF2%VU?l6Wb zW0SfR`cOsX$yLzk6N8k2u(W|bwL7f{;ccq|_?!oB4BgqXI!>Fp>iab;hyY~Olnjbh zm-aYQ_8>vSN7YQmipCzbb~u|T7n<4{LIcHKG-sW}kF^)l2~>Y}1Axz!kBEl|g%E{* z7!+jBRsL{ccu>pm&nu!DJzGv|jROxaOM4rXoAe~ijD0RleRJ+OTnsg&x9}=5PF9Y7 z!RX(4?sY*+NSL0XGTieRV)>{eh>^6Z7eQxaV;zi~pIqxA?AOaSgw!@1-667jLzSF7 z;01GH_wS5efu3A#ozWZ-P*J6`dp!qzTEbuU-j(W_@j!9jsX`SL%V)5~Igl1oaB?9{ ziS7Df=)ez|#=lPIU1A@1qRNfJt3(^yVgLh>3JP1l5fuNxBhE54o$fz2V=RtY&7;}H zekl|i-JjPoocxLwn1qUcbU=)^r|J0-51`x6GTVQFV`y1ZpRkV;Ag5@K;{&1VY`h?p zwJW5#R`@X$k;-0C+rcu>=opX{QRZ=7Xdk>dQ^xt6M*;k;1`@q7!1F; z;|C>#DgUBXFw=bTlH`>BASq#L8GTS|5#Y_9)sdRNB28=RHd*46d}prro0%_k zrAGI@fP*!c)mVo$Zre4X_m-8ToNVmBjOE`r&bm$bN6UcHU8Vgrm!Q$uRRriwoJXGH zzr==4L-$C`oCKN^f*9GKmh+Tf)Ym?AR{#nu4ax(~&mddgpBboKdF$eahVbyGM5PZ5 z&18yATlP_KOyyE1tLn_zSX42hl)R{d!#!IvXGijkqk|U>*3MfMs>v8$cfAKfsDW>N zv(lR6*LaDgd{yCvA2%5f`5t*aFIe6Kfej4}6DpdD;E8vxs^n_PIIf$mnuC?rMU;;M zny%@ov*}th`(C#tBnrsd_n9Be?M&X(duIV#sT4^%Wdi!uPc;--x;utKl$8{w+);q@ zldL?wV8=aHf#&{8HFoNk`w%(?P{%z((pV6#h9;if(8kHW#+Lt!v{?X=TzN)?6;K14V>QKBo#;ANDeuOIfxgJDSU0sWH}`vuYjNvliiEB{@!5bo zTU*U=ghwJfH7d)>x`gh&(qMI^gyj-8h+t<)DNsgNj32)G=QJ1FP*ID=6~;*ihK{(w zy|F`qI%}1_sjYqRX6DGf#7@}x@=r}A7E>)y$$Y%mDL&NR)T*%NpL6za;@Kri^W!p9 z!rXj(rxTit1)Jx0FLZ1s3pW3!>BP?(Di3?eub=H_hT!BK-V2k+?{)i92L~Rhepx55Yibi#>^&V^sktGu zbFuwgFAdtB_na_D8jUP=oLpX)@*hABxIQ)a@yTep?;}Z2SsA#Wp}2dBap5jcds!0+ zc<9sRa7Rtp_QmQhK!*#FN;@nybF=vV{nUXf#K&5?Lt0jy{N`YG<;9# z-Q?W57psiOxrC?+-GL3=PA7!h>fq4Qrz|65Z(Mbjcl`PqvpazL=KuhW zBVjBv0LrMY72|(!m&lD$((4jvN(Z0NW?iZPSqc8k_aN2Jwez%3@)GlO7!z95`*l}~ zE8NzAAmIx%bWaO=6Rr~wKg>oI0>4iexz`KyZJ5`*toKw@U7L~cG#BW;e?B_I{9H*Y zy!FiySHDlyEqNVs2O_sV%iccEa70fv7~kKfNt;(fH=OF1R>Hzj(#zM$T%Wmq$BjZl zU0sxvzWs%)4CsA0ug$qX*mWufGu4L30b)so{9;M6Wd2P_{!LJ1{?7y@ik^XP%h`|o zwYXUodS)QEyKYF6Q|76Il{w%4(BsX>oQ!hLY^r;Y!^-%S+mg*&8(VkQcTs7iH&@G{ zET^OW(be_i^*oj;e^;1?w|c*&QA1~Dy``e-){J(9PTOQPsa6?_rS%j~UOkvOTxB~QDP9N-|;ubg3AlO^REi!=u9t%Xt-QtU z1&LZQGv~{3F?UsMg)YVOu={v6O1^7ORzci{B1tJ4)DAJJ*Pjo@UEweId1at9?TM*W zV(?BRPOBenGV03_cZv1BiFbBQhviZsWdkh7G^VGQ)Ij2Et7F=7efU7F^nQ{{fPC)2 zT9$V#m|Y5?D@D%CjiO#PzajW3Y&+F9Q}C=0N)Uh)1?WFuz`*6VNz$p| zCrSGME~2kMtR~G#`bHp6`q(Q?MV=-4^x<2_S~<9QTSq zajn~Qkywplkdf9v&U`LLV3O0$rmY?;3qN~b1Iu%rGDCIACfryDepd;5$+Rdg5}X@8 z@=`FKMWR!s$f}3-Pi98z*_P;X$y(UE^1#|c{2|dlxnrc>Rp%xZt`ob`AW+yIzcNhs ziIeWfLxrU-r$eouuzx+7|1|r4zq@j8;`4RnM>7AbeQ`aV_^Qt91EApz&oJ*1GOpWI z6cW$9dV7GZEeyGcu z&lwc2|7MQ%!aKH;tSK!!0}FJaSB_eIqMY`hM)BvNneab~MTILvHADH|))IFVz!S)! zBSeT1- zPahB11v7NNEWopl#8QY54zEowh`iRWp>5!&O~4RU-vhsR%n2lCaf8a!oB z3C#CxwYi_0xAmsmN7TCS)`m{ZzEcm*6wa;%z8+u1n?q*{p8KJHnz z1qPI*TnBt#ZXXky-(gL4iIRe)&_1uS|J?(yN4MqwC}EPu+N=^wcd6{Cs(NMIV9a&c9C~EUQzaVk9ri^-y3T^^1_8tnngkUYf4^ zBp<|RZohZa=NIL!{^S?;NVxL*owc6Ir++&+|4~o^-3$J`i-z_-C1a^d>^uX?NlYVJ zo_K<%iq|z*(&n^uF`B^i_s)wE7m(OoAE&_H&L`XDeDvf>MeYljWu(mNMv^Z2?Z&5LV5 z+#~z_{CKe~pXUJ4&h}(bW~&q4dd>%T#AJR=7u-z!TZfDNg~gfk6-Uzpe73J7o>_Uf zw4-&w%uu;4597r(75Huqg(IGq(Z7bP{IgE0P_9SvI+i4)Y!vLOJIK!QoOzE^$CgpO z_xX=C7(C#!>r!Q3WNB2XZ*Fc%v-Uy3%R9g88gms78k&rE!O;i28j`r#gacNKJ++Ng zd^Z+CwlOQtON)Bk#yZPJrmLInr26+XAQpaFgQ82_DCv@xw(B>71EK_&8 z*j@f8*1*bTnH%?j#L{ng8#!J8f#zf(JRD(QV4#CE_Pai}V#ei@I$+UutMx!Fh+D(` z8WlBn@xkpTd87&G707Qd_||UGT>ow_4yFtJv%s*gd5gJ#gOTicpi^@tnI2CPN^n03 z2=;yn5bpmSd8dIp#k&CQZ>rDO&6yvnvin_A>PA*+Bjy6E`98MU%ZQ)A?|_q$kwN^% zVSZ?Cm+y!m!(?55a-li=2H>z)HS)uE-c`|I@-O!Yr{?M5-H-Tfb-n-3UjCl3%p@$2yu^8vDyLJDp!#RUpdes&W z2vgrj$+IOTB~1;A?#Ho@+g!JiY+DE;IM7#daVkixQgx!ANJXB|_07$WBaE~i78|R{ zKl`XGxPFU_?PuUdR7&V`0P=fYUf;Q6?v~O}h%Ipxet{aPH*ZU>0Gd<8QBfmlE_ZA{_Wdx$GHO1c?82an)Uj9zfU)@|0 z6AKFqgUzt=X29#?dN~P!=3&1eu{K~O{qxcIvfl|wH&7|?!j=h+%A{cl_o!lfdna;R zX`zEaC~AahDf`Hlr$eS>Bxf$t<>RPBP+<~(4^|?1l2zao(i=A1YQxD)Q_+pf_ScP zBY&D}l&IDn^AOo(B(Xsb2-`Iuyibz$XiKeo%ooj!mHV2;^0!(&GquF`hKoEJ2p{=o z946nW!nqT>)##qRKfelm@a?+VLVhR~+|u{?&AN8m4mwZQT5vY5w-eqb+IMOZuh}15 ztl;Tz7>h`$XWMYiUL`u#sLkf-+MdjF%j@gyZE=Rcg@=cCz(^GZMMZ0OnCdSmuzKeF z(d-U$uZjW-7|=4fS|&qfgWAR@DDqX)P8ZIV&55_)GkAifJ$kl4#FS+% zTT%K#e2vR7vcvRlJ6q86ULQv>eyx+|c$vWJhQ49lH?)3lowCs3L*?KyfiCLhdW@=F zHPWXDfqiV~v~{!bjSu2!Zh`%>NvE(DnYUk5RMaP8;_)NwSn|6QQhC?m9%B`IJgYzayUxQp99r1foaG_$ zY}Rw?w6WwI$yQH3Rg9z&xt^Dmi?q^mYe`(&ZNALVv~CD$t<_<$v-NHDy60;Cd%1(2 zB2XdGPeW6)crO0^`}c%`K8ZOwpERlz3{`f;O$Z>6l#meIlc?souWhI}%C#C9@1<7qO^u?UJ@_baiON|%q5U0H8XB5m0{eZN6MWZs&e>_W zeH9jOR=3Hn*sn&fx6$x3`?mUVnFVl||JmBHP<#U(w;ydU+U}EkgBh8q3KHbQ=H8M> zIN(e&fll<*q6GcvPmWzLWIM=NcJdr?35Mf&%5E$tx-&b}&Nscj1rlPFDS&UaKPj-eBr zx#l2ya$2s8yiB{T{HL(N3ek2R1qabj+&>ahXY3;svk9K1F>1eaw_s%sZme8BH^WmH zW}copq-SK{;p3BWb8BXyh@q+6{zNZy%}PuZ*VIgDdy>#9L*8vIM>8vZSVam&A)?@D z#y;8=NSpNJb-g9i#v)49cifhI2@70ZY|Ni=6r%&n=i$B5HejdVRfm7Z?$NI4kD{s}&?CV{>tF z&D?Nua++CMmT!S^Kni-&G~7&p?c{Z$A0}5bzNap!2c;vBHZWeE>ycLNV%k|b^~Rz1 z6M22=e6@;8fFqnZhZxFb>db|{d>bsX&r5Xxh#G6 zuZ{(sh}{G@2y#qj4!|OmiW}|}C&-e*uY_J+=LOW)2^1xC%0P8Y<=VzZ^_#r2<6{bD zW~D5Y{Cr5yv$d_Q>d`p!s0~T(izN@>7*9<){CX$2StzHi>lXwEtjcrJ-y}eNIBeus zwNj8{95$B3x~25`!|{1_p7(@6(ZdD(?B!7EY1*?(D!l~8*3;lCcWv=I#eCTuiaM-3 zUW$gzeSX3ql+zWXU7Te!+bc>i&{G_&JSs?bujLVxpUI;CS&V7w=I4DRK+7Qa=e7CI zh4I~=G}io%NjP@?eBCg08>bs}dn`K}GA8_RF@BWWan) z*#=hSA6#gSSCxphH-&pI)A6}733<^+R5>#S?I3JlGu1LSWzu*34kl=pkq46tvxl!g zGo`+KSNt{Yl6G9StGGzR+(`nIcEqbicyEQx(U7Exju#l)&tn*q-P&_(MG|=Lp9f10 z0tI(%y)K^nw$(gqnwoyYJ9f*Mxgd7UkGsC4lk6nz=m|a{YKpOIr=LQ8^E0bX&h)9+ zzr(41&(2m(K6b|=6+=v&U-R>J4eio_XhTbjI6p53$$Wk1Y0OHJL$>r{B6A;fk#Ed_ zY2mux&l|yKK^xZ9-;;wmpn!5{Ycn)BPTjxv*BJoG*v;YlM=6wx+frCt6~*~sWH)5B z8LX0=Jrd9T`nz#kR`Ri|)#DleO>LU^D&M$q_Fr%oSa+5~`Crm3z8t90|81b7lTMdI zlXcYTqkEu7Z;<~OoCqFK(We0$wutGageRT;y(a9Fe0}ZZpm)1@-zYsSH^qCsn?aG} zUca(Cvij}Hjp6JoNokmqcB-9EuS4e6c`E@XW(sR*7UU@{U+-fWu=9xOc^A(FeVR3J zFl|=L75nvfeS?*;ZA0Q6iates077%__akn{uX@_R%B!=hl?*B1nTtcVcWB={1TPEl znRGbzV;9;s1>EI8JBYUA;BJ7^YlW0KwMoHwKv-!2^3qAetMhqoF5l4r=u&{`BmJ zgA>yY=6&^5Q!lt2u3q2p@WQBnzR2{s!_kwgAfvzJJL`7+SqAW4y4>P%KNnOk#&$WF zAr-}7r(u?b1kD?K7ATC%^bL601;KxaIKC)Sxttd-B}jTIhEW{E0|L4pe3|7%@a_kP zhha6)HyV!!clY z81t~hmF;z?62`sbD`4#v8d!AV3ub|~&*R=#ze=yaJ~*B~&IgWk3u%DIG}txvvQ-^c zIpDiRlvSJgf`cP`LxZZNCU}dCb2zffO3l@^xMtQra~1!9nxhrZ_70c5-;2pui2Li8 z$ur*KN)GMqC%opD!Oj6?3+i?+-n#IrMb0@3+g7&&Y}FwBrCZN=r(DCqkqzH z*kH_|_Z86aa_sB{R&Tk8)eB=XY2l402cfFY??C^G&+Umt9XHHtt<5BdH@N#S!fAZ3 z_c6D=6L4q1|3y)zea~IzyLVN5%36nv!XAZkb9G#*VXS+0*nFl}D0%1)yo~i6hI>NI zpfl&^Dd(7AOV%cnqVlS^Plkp<_Yh`SQb4^=fWJH1LoQyV9yz|kHUD~#_StBwIXI|@H)bC2NW6Z3;RuD07*G|}WEEYr>!BbPDCY}Mdz8iqj_(X|9J)Bd0J$Pq z$+msWpVHElbiHZ1G{MTk7r!Z6`46}}9o|nbPxrcKmzyQ~xj8He8n+r75cb(`4PU%1 z*iM{E!~<3G$B$a!@C0tVpGvNXLC?2UT)C)Gf=O=qN+wf$dht--su-s&>^}NRCR&+dM_A5DA=39+$n8jf-S|Q59we0$OEM1 zOYyznbqeC|nKFgSMNA05G+-}TYAi@DD>%w;oBzjn2>gU z@+nTGTBtADKlojCVB~$T&DPVn%P2K&c^}Zp_dR?p32Ehegef2DE4%Qf&1P!JBj-

      }^c=5x%y;&cid|eQ9^zJw7Y8imM2xprX*=j4=6Rao zXP8Gvc=Ow$;9?Sm68ta1-ZChTEnFMjF(AP`IKkar6WrZ3xVsLTgy0r*(81kpa7b`> zA0)UAHn@JX?S8e-J$3KD>8h#fw^w(sUhA>9W0$?0xvo_wY@7&alWEY`!ahjk)H^xZ zDPvYE8meSy>0|nX*GRFzYT={V2D6+%(PDB}?G|e|NB?;%;$X3LU%sEoYEAc*4jLj_ zyEp*$ML-m)uxO!V&>|*nM~%1!NIma!OtuwkcIHmG0{g7`UOG&{4rgzZNYIM*zAQGu zo*-Lq$hv7SNGmAyPJRh-^{(xl-h07S&vjfA8pUbLQ(X)iymvM1nqR`zJAzXhLnhi8o5U+gN^QB$c5(QzAuHi`mkhrt#C5 zLI^k}x~bEi$~sy?DM`)tN%TlKzna_I4GoLny3fljL<@!}tMOHeT-_iW2l32J-?mfY zBBzx?*C7T07*B*4x+^0~!W@P1w{K%pl}N)TyWs-^c_mce4n>Meh}nus0xf=yI}p%N z(R{7z7a^yk20A`U!$NBAxV(-*g^qok@-UTSk6Pqzes}(_`Q-?nx|}5OL0xnOGrW0nsB(q{#In0>qNk+M{}k2sI$!;~C)=BeQQd@&Zew$5 zDn1SUx^O_{K#n>#z)|ZS2`1bJ`3lH|+IJm2;{8&QXD18Wb+>fDUVov@mnIOFQ3LJzm849SZfN?waxh*K39$I;0lRvvYGRBY>;>fQ zjqukvR@P8I9p7#^yuV}$_r{m(HyPbf5nb9^GP062QxSE4$%D58tSKfFcQG?a!5?;G zB64T4xjc|owzSfgM4TN=R;7)x^W8Fz1R~scO(n(6`XV(VUxb|8Np84*j9Rac---h;iFY8FC$P z*_eSk+GFkSU7yd*|0O|M{C&!@25^@M`*t(7vk%q*K=EL#f^-a}9tJE6T%wJO1SbEA z`@llnDruX;5m-g?%)3Tg(xkP*%lW{uyYX&szhd_$hnFv)H#X(x;rAULHr9KuSmJ_8 ztsQ->1BW*St6CyD1q!io85tvk3AAwJK~+@a5->Rv3hO6QHCGhzj$Ur(?hRH)1l&&W zzdSbDP10V?E(V~u%^SWHXPIoM6&Jt2rBJWab#uhB_xd zdnh8qFrIs;xjeGXME{f{!ZikvG#SR>9c%AXUh5DW|EBqx$!&eF>|xqzm7I#>M-b~X zXgE&NUT+?$)guD9in~in&{Yv;za%R3wQj2>d&Epo$|Mq(xQT5682fNIq|e1aC!s* zL5Pe;Pn zZ}(3tZUq9?fmO~`-tWcb`9lNF%|wu7%uGzuE{fBM`F%AtDh2Ctf?-p2tgeTS82BRI znP&K66D+J)WX_>wPt>*#d6}9SZSG&iG<8^LuKHl#XXv`l8ERg9&FHv5D!la;i~A1< z3&+eAbAw9Y&9&zjdtIH#LXI6#NT4Z+Ro$(mz0!UnLzPPt4;NMbj1YM$WfXk@!X<%; zav`Sgi;Yq4jWcQ)S<3R`Na;NId~-H7jvvi*EcAJ$l-H0BEooUGc)|{sIJkHdbE3b% z{=iJA(yGrR+aNVr<|}uAZCDK0M1d$`nbtXd->x#h(kq_1HK7J%IaErx2R+JfF38fH zW>|qfDvT2K_6ef!fY};;pM_--Ky%FOV;q1)E9Rn_7Qu;HGaLo%fX)zBKq6hH9sCi0 zI?i#=$NjZ+X#6Z-H4f4gzUUaxcn@h&J&;&U(+#{yt!@^QmN(>oBWZCFJzC~e$_KoE zPk8*x8Y0QNI=nZ762WB8%{-}PtQ27KmJ&wlH2YNUjMf>L*77SBzulpQG(@^((g_gL zdI)yA8W7BABRBvg^yIA1AUe4o&N0XFrk6PGeFk(FI<{J*6g7YoyEfE(q$C40b{KyM zc_#XSMXTrmZnm}&uMp8r;qpiE%xj3PCc+yLGRWQArIwZyJ^vs0P{suJ3)BfdF3Mv7 z0rfU_6f;Ym&BTrw1`r_|jbL1Q|I)^H<-|>uc zM#Ws!lt<<0prTwivNuQPb|!}w9S~Vw zd3i=Mn59Ku@O`>2?rndUh7)$dtfIBH!id7f^xQr`=Z@5u;r>-u3YezQ{kDa$L-t{pzwo+A?uXZHcPH+$Ad5kkNw)O4wTjV+mJkfbshu_I8YI$GcE6x0 zaCr~Hy+3{qg}rPAq1!gEK$w&~e!E>@G@7}ww}|lUgvPWw800pPM>UEz$x2nsr>}u~ z!o{mF39?GjFc_SQg}z^V2U2(r8e>>2y|74&Vx{{1Hu3&J1$3S}Qd99ROwPZ~>Gd#l z^%wp5Pf}mNRE>#wabv<=A>KRFN|&Px-E#q<=?_9-Yw6F&ta$-KI=3Is0%pFFoSZyD ze=iF@Wl|-$hT|0dOmXV5RO|n$VnE!bk{<)ODa3etce}LJP|CPvvPkQx5KmV=i z&tU*j{d@G+!s5>g|Kg_LT8VS25C0s&{{p3F`xBvxMQjkK5)f}~{Y%06msm|CvUx?Y z6nfO;+?>Ie3D>MiYJf}0Lb%f#b@Vw)9#bnu6`c;{|Kz*kS@Hj*yn52%wZ-=b&6=9n znUTPDLjKXiDyG$sf0iSXs~Ls6s^%2Rt14>2w&ord1e>)lf{cbYx`^HCrpwb6R_B0! zm1xZJXIaYh}-Lcw}P# z(eL~@8nmnbUjN^t@sCm~?r%`w-_icFdS$GCkN$oY6T50hxBKk9>MURn4JSuF^Z%-b z;B0Zx|G*YBbUaVGz}?Z7-Gjjq79e@H)3PRufb{HLsZoYBMOuB&Npc+2?*3qXF0Q1I zUE@~;HHS}(B=;`0hpV?`hU)*^l0j{v|DuGdCV+s^u|ooc4wBOK{&j=^LaPm{B+CH8 z&Y{>Ylm~LL;p<#H0z)w1`ewT62yZ0Uq?ik>aRg#3ex9&sLe7|ZtIM2ad5Cya%S@Q3 zR5aZBaQhx=Zzk3mGTr(hvrx3F#|&xm?9d?;MZe3j#G40_K>_~{DV+84|5ePu=S?8H z&lCH{adi0U1)PGc`ZI(QI{MJRp*|#3KW{Wj#O@>nZ;v(QWe9nOx#3qikBTPZPPcfC zW|;w_w2ku{YGTLT@dPa?&^yL||4iZioo9_NElGJbUerp*lTn+)&$POY&dKKRdH70q zOP3crGr`_zake0%9*G9uYIZG9HpK1aUJBWL!Y(x+e(~3_dre-O(kcEHs~_K>HiD$i z>64$iPz>LnHjHz+|FHtVNX`nMJiC6<>mbS9g_bG?q;?EB1^e?FjL*Mnc-R$;ykOF8 z_kEyW=0a>&^0asr!iigZj6jFqTgtqHfQ;H`GRwQ+&y8m|4UWqm$c;+62PjTyZysXPb9 z8>$*Hd%BE@p37jE#A z-=ioFQbsQ|Rd+<5{lN}Qb?qj1_ODW}T_Rhi0ndQb{e@mzmoSctvsZ~|E~vz-Ry{z} z)?(OE%;PSYG1+h<^=6hiFTRshNtJ!+2pvQqmsuQ^?t2u*Q>-pzWsn;sC}Kg-7`D6L z;w>ejw47_SW~R-B#VgtBYNub{-)3Tr(>gnnT&#V)S)abRYVg$6|DV}^ArB+DldNRh z$&vLu=)LeWPR_2~6JbEQ#TEop;HmBe>v?BR$S_Mx$MLOy`tkuy@~D>PsV3o1eqOVZ z!FOAGagBh(6}sdL(#g4rtp1uHr_-r)C+ADSwZbz0?>Q0nLxfA-&jT)?`<1GaqxYJ< z7S}P+g?kBY_x)?;FiM7Zbp?m z$EpG^i8b@4?;DjQ{+szu5$@B9){BJ&C2RbDd%N_CJt#P21_zwdx+W^)D!pG{QGIi;d%Kd{x>+&*0Gy4`akTi}Okt{&0=Yoz2x+ z!{QFrPM>R&dtYn_NVh(LBtwv9>i)3IJ(?*}DJip~);gx`k)o3yueWJc4xou3tjTU5 z;PJz_ZC84Hq*Ndfmh2LNY!w45Gk%CK{$|PJwY-3rR+6Q+Rd~W}^l%B$xEPIS+qX1h zBg=xr;KTD{6M{un^A-hEH)u|ePmKoA%wmn(K6@Ei3{l+~*nrv!$YxRpf5zxKcE1ft ziW-n4uQ`7^F%Ac7^!M`XtfOnz1(IDyBjil=*p|A3KHF7_+vT^%61#bt4I736?;iFK zDy62iCH!2`x+Cuey;!=`r>#%O&R7C@E>>_g+?8|g{aP->73Q?vwvSrfV=uy~IXf_O zkLsg+wcgQ0yle)>cSY^*la}95l*cBy97wUf$&_EkK%e_XEM|snt?$mUkRs_6nCCTW zW?m2;F=TKcxl)2eIRyLN?JgPYeA6$weJd(7UbQMDC9BS>G@lh9Zth2T+A7_E%;GHRq&`@}{p zG5LqGm!qZOa~j5_(pHNT9@xN){?jOg=^-wW&igmqijVFV60Y@O~SC zO3HS!e>6B$?DaN}U20(w`=CRogc`FRxecMO+^Jr>up40ZXzA>SZyVWQ!$K6NOvl5e z0K8y-7#l=eijOEx`F?`9ObRu?YW&AMXZH@AKy`UjkE*~vnby5{2tbKua+wkh3hAIf zib37*7s>9ZAsw9}_Nw|m!6_`QKF9oS$X17~JXf8tuWWkxX44|g4j0`XpWS5sJt*D0 z<4T}6ser<;?7d}6v;P@Q9jCl`hTtc6wHJ|PcJ3CdIcCNm*h6z}xeL?Pnv!+8qm-mIJTXTf)yvbgn!RpOOQn1ls&*A|R=12ys5e`f zd1!{3NisgV&GX6Uy?IRyWSdEhbrQq86jry!N2PddrCJr150JziCORAe?_edU^+-6O zcF6YDm(DvUU1UQN>toGQ%73ew6J7>wbi~ZN-YRkAnQ>-B($RG0;J2H+fy6{!B_iYC z;d12ZQivYV@Q;d@i!#iocXAyoeiP-Ba}rO7?;hU|lLcIJyzw_HU05Uai%YD>vINdo z3nZ>bk{so7S~TcYhoL2nHf%z-S|po-9fo<5qeULv()Lr?BR|vP)j+|$-xf{P+kcYe ziWhqCG3rP*t*m2i7?=k3iZ84?f5u!-cBpBe7hmp1;D2#OWhgMzo`$z0dC{6|;}^tf zy|1rz;bJ|3h%Ij_Zw3U8mF{@^1jljTB@|ios9*%%JKe>mBn=m8@gZxMISbPP0jah zlP!`W+UKd#5}woPM4#Nn1oDVLn{+`2LwCX__lDcE$Z;o$ewGc4reMPI+D)~#5C`{O zvI36%7&=ta8Cad~Dp+Nz;=wHfrhUF1S~unFh^8I*#B`QAo6^SUm1Gv_PB*W57NSwL zKE_~S(K|DT9=0Zkaxua#l#6}X!+mvBcvQ^7Ix=3JZHO^EMA+D`uVx^ExUvqg0fV#!wb~hkvuwJiHHu*FI^kcYpYx1`Ry9bR z7w?Y^lb>$!*UMej*wKDi2wiKtVsRTndN_VZuNrR997lQ3Z850@>(Hec0;@?M30qw| zM+!{XdZ|Eklpo-iMK$DQZ1QFli zov+aKa-@WLa*4^(n9up~9Y?WlL76}_ynp>dyGIYH9OPpO+0}-6Oi8}DjXa$bDbxvz z&Z(2$L^v9-C1r3C;*)a1Sjcdj!ob9MS*oVwkgKFQbXEzG3-sdF9V|efVm>e|oAr54 z%_i0Y6w*O)L)8h)|J}d0{JnpN&z@R$>!Qj!Tb&Ilx030pS>`OTO&noSCC*cr67rfg z4@@~cawJ`3U(+zQ-_=u6c&R~gWT^jM;uY`R1oP6J5JiX$d1lI$B;mB*K>3OJG=y9! z;1-}q=(|4>MNwq7{&a!bIJQ>M(irrE(`r&_+*iD@+4mX`HXU@+eoAae0-rDu64r#) zSDc7DXMFII9dN7+`|E{@LXK-Dl0TWluozdt&H?6Z1>(q2Ng0$}TRgJ5w_DV~r+xP? zMp!D>vGqs8`l#-@U$uGOP&}=_#lhWix%*APAOPV%yRx~v7hWwP1)uuP#?}PH_J20$ z@sQfR3j;vk_~`r2uuX2!-0s{nDWb-Eie%h@Wx3tms1o*)>G4il!;Vae9jGWdqk0m3 zi37H&P|e(|(}MO14$izgS-e~y6cF0C-{N?p=fI5GzFt7;M^Qz&aQnRD$TG2m=!!&A zFnfB5zV;OCswU!(+jYpIpj;+^FvQ&Lxv=X9Cto-xq~Hu}jexusu}o^3w-AjfEBq0H zt_jDqLfix!Q;)$|a)`7OWxA5$KYPofu42_vu_ZstU}$D03^4!SH2&|Im)DsLXGoYI@%!as2wtBsaIR ziQY@Yphw#xt_ScyWA3yKZhOF^;OEL zMtXs&1l;8zn*!Y$%u*r}o;#c)YMI{DI6ZW3q6$+}>5XoV*yxsz; z-bf)(g3?8_Sx+QiG7nkhH1V`W{+1?(h)9I83VUzn@B(eb+wkFBY1KE&k*{~PRCvp; zkI!Z$rd4HRe>qg{&Q5Y}o(-;mY$%IFqOWrq_lXV70AS#)q;h5*m`z49fUw4fpUD<) zA2g$`rKe~IZ|un}i1+xuftsKv{BT)VC{|v`&i)Wqud$1bpD>!e5HJtLxU}Vbb9R=G zo5-GH*xg`PAaLM6M&g^a)yDA6$>{e|gWC+MqS>mK9j-~Uka-rJ8S#d#7`3kOP^d1v z<<0yLVy{>h)sw{v!rI5!)2FX_TOQ+Pb@~J+cGS%55eHYFMp*D$DtY=2hit6NH;m*& z)ZIW2zZYhv_0*ZpRWJwfK}8JA5;M`Q_WMO8^kWn>c~QTDJvBCII%<0bU z#mO%?me>b_zUY?WobGPFh>GECXNxp*z}qxnR8%CXhbL=shz$3XN+%MMrhj&~L<2U_ z7&15X^h=fn2`gWbM-&S_r~&SGs}hniq^B>^kT~7o(yFr5?gR3L2Ww#QxM|pES&o&F zLEv}{)}YxhAyx5!8QfADrlw?R8&+7iXlK;74sK8F5XpPi$a;}ihaomJmxu51iwKGt z@~Y^wM!Fajs&bDQ`gDR|WZD6C^x%g_0}rG)pfQ-BHF(3^OG-)k4&w zGKusiwT>*kHS3Rfc2bG#tfZVwt1Du@-{>3=5xE>O{!v)sB4u|@$I40}$YPAjSasC3 zt5kUh$${qO3MCN+wG`JLg4wvIq~u&V3b-$=M_BC3IITn8y(c-K;^t16`zq^!(Ql(` zQC$-j^^L-m;&C9lV?DfQSS*m9yQIjO4ypph>0Ok~kMybW@*#oUy)+51;&-12z4|4q zstrjcv?k|gk3Ikgc$8+p=_b70R;-_$HER>La1G`4It=S>7FZ z6R)S&U%Q9Ph-&h@_MFxdLfXQS7gj~swY6X}Z?n0yt4CWc(>)>?&Ys^A$Zb++HMCOMj|aUV<8(`Edc zA=saji6>NbapC7w8bMj_$Uz#%I4C{uiQirM(8MnOnsqJD!}>+!ECXQ|QLagw*r_0J z5Bgra=t$+b`#2_CFtBatbCI-t%-hzXfd_JaY2%`XO3lk1XF=Yuj)27A5>>TviK%7& zib5BEs>stm`km{gxnqxStANO>5WJCeyVsx=xyJz#f&zZyGUG4j-SC$fV4=aJu8-P9aiR!ea)Wth68&J^@$l;^l{Fy=15<)+X8(hS8Aywd zA1Be?zS9TRhA)*JZ(JV1liY|2Mj8sbmQ3^>;!F+|YCy7{iW>^NKHui|#?qReNVk%@ zTo>JuZoYZl*gmqMCtDh@+i;#yyQTxFbF5m%6urjc`#Xd}m8rIIaXl3xOc^;nb^+D3U{b&6hp3mBw$vYl5@S~1@}!AN z&$=1S0cq9`dAaJ%8e${guGK1+dkR z#MJ&TCg}xNFa5d`Yz&=EOFI=@`W!49?cFsCrk>J^^3KIk4tAj&Y(|4JOrT)nVn)rmIf#nN~oDZKQ zaO=I>LfT8zsukwdAO`(yD{y@=2Q@WlpV5}`8=u?OOaB%{pU7N#R>q$PwW?|<(vq54 zcLq%WcHqDbA%k569kY|_wLE$xIcG&;SA^OSkzLKG<`3suT7k~iCO76}$k*Qbq$CW?%wL6e$ZOx<`9&6{>{rq- z@q~XmE6-$7+B8ymFTQb09Vf)IEOl`3PNs~&yr$^;aT_^*tR$ZA9{%w^Ay&=AN&RDTRmD~>>5h0! zCQ&d+0%KD$Or?C!=?Uwq8z%Z@v8BVtvMf95f-=G|B8C`b&*aS^wci0H>6iXWla2+# z`(VxmBSj;75TVwD@Zjw-+9j{Pn}!!xJkL|MR72IM8F86~uAuxUqjxUNqkKCIZ(+Bn zaSf5yeR^TxvDvypbPzk+w-KfI9=UNnKZXt3yr+pG5jAy`1S3}*EY&%GHW?|4D`Cmb zJB45UMiYi^=l9^|jG!AE8V;2Ru9sKX4k$;i8wDU%WJ24Zn^oZ6*%PLJd6eM4c@)y% z>T*A}eW(HRGkTWG)8ZogQ`K(&&F;p@^J5oZ=(~FRB@x93$E7^<1nt=`bM+NGcuCrx z*h(Q2g5|1>Y-rm*CJH1w8^TU{Keiwi=}vmWc1{A6;O&jtbtl^bAB4mc>dL{?&b-YS zqb;}&+IWZ?2Yczflc^XA@Dw2_7|kcv=dY{BA6nEYOO8P5#*0BV-)hrzCY+|@Nk0wW zAVChwzK||kGKaK!plAvZ_kI>oLUm4k3y=|U}gva%n9N&Z?mxnfz+J*={Y2W&~`y&D{q zh&GaY5@zadJ3&cEUR-7RPw;stzSfuV?YD0SSxu(~)MS{pVu` z82FWIh3#HCnGv5qZBeg$X07Y9m}9of5K5G}&yI=u;l)oH*SAocl#z}v!)%YWYfaI! zOF_b%xk1Y6%EPR&yl zj|rC=%y55C(qwKZKjs_kaF1JGxTd$aGjX&7f)iy3LqmHS zNVA&?g9$Dvpcpq}g6=aK&iu_8J0?}y9lnXba~%)P#lmFA%``L*-n6LY_MU%sBI4b! z8$`V_v1tRHmb)^^dh!!0M^S5Z?|{E$^eKhcwtVJXYYDUIqW z)^IHob}JP93^ZLUGrtQhdFA7=D4T1KXNuEX#z7aJ|3k5QtfSSMJONqrR-G+)8<;7x#vFu`SM8zbGH^ULIOK5A&M5#H0Xb8}JO&pE`6`^(q&SjXt zbG%XKZTVvSslZ#y%jL59x&#>=(_@xtJr{LG-AHC)5Hi9KwND)-wcdZpMQrzOJg&b)kaE9S<{L3+T5gJ?<(ZHlxZ3=MYJH@|(n+l;VNuBhjZg zGD6!hMninqcD$Bo3W zqIv6rUi~q}hGh)LA;J2<4zUMZa?qgu4=waB)*LIQqqR_dd}`DY^ZYc$_Z*r)`CvR2 z>)JB%vvhm9uYDNo^0l{@KRKDp+QTQ2pFx|O(LPcM{B5`;Wb#NOcoa2=baaD45Bg4C zoio?PCXbgoCGkL{FFAQ~biBq9TnejS_srIvsBWsJ+nB4V@aEd=V>?`Q^7RNFb!csT zVb@)4snxmXu*Q)yX}h2%LRDM|tG1cR*46u1#}w0E-4h}SSVW(@BuvKJ)t$1|ZKQKE zh;RV*y5MuCKyyFYuVCyp^lVIFh0LPP(3^Te_qYXWMk!j7xHAMdnrK{}C`jvObH<2l z-RQpcu^?CoUK01PSFmum(~NRh#(BO0Iv5&|5p7%?o2}_c7Gb(X*0V&|eFh6Ur$rz5 z)yt)MWkNQH=c^Z2bmrV`@3?(lwe-GmSp|oVLBJ*Xy>(gfplHokO9hf#Y1A%{<$M+T zd#HMs56O!9rCuIlwW66TitnQtN0`IxoM6lH!!4@$cCtr;u|@{Sy_}x&9laqiTWg4q0w5+ zIh)wpJ-P<3M#*jahY#QHaz1%xJSM^u0SmOZ=n=mC!%9z)H9H|r&+RU-Ii+nUC#%>C+g@w>dH;N?iQt<|H^{jA(BOu`JQ{YsVJg4X z9K0BiTY1aABwS8)VuIq4=m`&st6YxIWif~@tal6>jb=XXD-7F&KC5IQKc`ri66&+3 zH!jpJgm++zDOmCsDstWyt!C#|hwb>rN%U=V)Yp#A_0d>8y3s*F-3$5(u9Apm6tVMb zm(+p<7}0#diV6=uv{mw|{B+Pastt}I0$#^Ru9PN_j*R9>(7pxuZc0{Jxxh@JY|hK> z5Md0_LUo2e(xWi$Fz)FgbecaAwcPvq<{;N*Ft@rQ8n-d?V&f$Xsi35XKKfiHcl^+S zwN~)93S0r$2?+mo+T>4`=nHRvl;tcj8FNKC;`M$(mwCXFB+XpB{Z}yw zglmk6-vMKT1yJ(xwybX(_IeEJ1QU$Zs+h^jY6&DtijKI0Z&OkBv~&$8YpQDpuf%A> zQ-g6XnaUu?>#LwmJ!h<^l4uGNBBl#`w@W!BT&O&k#P$yY%~DXhe__N-i)TyHgOR3~ zc*3q8LszYnHDYUw%W=5t#-Urr*Ez0+N~SS+&EW0m8q*Lx4t9FMy(Of90ctxL0D8Zq znjXzy@Akp+F&RYM-z-1BxG;YO`wh<^j>>pHeu2N;>yXizSV{^HxfPeR zVPFQOdc0P$mAwDGv8_{{E;Tg#?ybC>xS*z_bRVY2Z+XmQWY}~Q*86^Q%|E7%NE$oo zW235vL2p=*{i(UOjjN`v-|8!W9Y+wWW8*7(cB$l zEphCI^Q4m)3#4-sI++CGiK$j4drU%}ig)`e1$w(_C2lciVhj8X#3WKU+Pgzlr!Gzr z$6wnLqX(2#(fQzCt4xDgPnAiuZ;^(q+Dqkx$l6H*Us^zv+iPf#A8(}<*E+VpU#RTt zBsG5(O|u>E$nxVMi*ZAz&Y~kLzT^0Oh_VyS*`dLRP4}+61#cA|-uA9cNL`>lzjsoA zXDG%krL+&t5}5SsHDX+U?1a&LU!mi-;&k3qez$~;5f#TUG)UOk*pLdU*MpPG)48UY zsTzU4fhG)8Nb`m9tQRH4bMc_+_W`%@U7`EX_xXH@<=+R}hZ6Z3+3fx!W!sF*GZ$!V zMLvvBj%jsSoeAbKl6EB{0KVmk^yO7pY*TOQCYkf@m11STmYQ~oC69f?QEU)JH3 zvwlbe6GuSwCnMI>qX8LwF3ESR1U2RqHRYeSelhDsboUCEnfm5{if{OA5xMNk>D5ij zow;ki`ZkcVt~Zoeb_FFA@9T86O)2`hGewU+S~Dx5%sI$yn)doT<~MMpCvF*pL|bwh zQcLt(Of+tp*4+}$zWHix$TqF^QP&@r@VzEVA3A2y7b z$_rO!{cPcuV6zQP#*Gxfm9o{s9L~kSSw^Lu5`EDp(H{Bx_cxfpwQn93Bv~-puz`wC zjkUcGT|Cp5;rRu99Bp@0RzCPo^JdMikWB}A22n!w$D19_6Kta*leW5V)qCbr^CKf# z76}Bn!vhh!qi@5vTxwcHWJh|h0V}lMBnxhi996SCQ?=IwB!i^h>g4COf6sjaND)QQ zBPps}>syzTce93#?E}sw{IP(XrAon=8(v=-YXD6iMc-cJ0>1kY{2kP+T_op(%|)YbG51r^L@%#JKDzz+^t@~(2tI)h>>jM z3kBwBE!B@28o6HN#wMXHM>vikeN;`)@f7+e} zM6XzMo338;Yl%X8F;twT@e60KL3(ypl^IdcXw-JaErhlG54^IGP0LDik-z zY$0;4=wg6Rg4waPt5y9OZ~c(S_JMTS_HMorYP*zFb;#&KZ6Gga!%KCr2%%Z{wHQkmnjHJfX|DgmY6!gCPjdMaG>f%Jp&w2e9U zAFA5+4_xE@PB8FDrPQR}nsE+a!(zmb)U`pPr5$SPMZMk?&`u#dDs0M*N3}5VioR{e4B@7^nC?d5_9%sv zE5=Uh8%F-xxAYJAvP@?@bsjK)&>UAVcZ|Jx55T3~>{ zPF7rHxsdHrNIThDq95i=Bi#F`Hy(fIb<%i_7tWEA-9b+tP!_i4Im`nY@@vm6FC+WV zF1nHZyUT>TuEC*I6eGuPOFb1&k^tU^6zW>~>JPlCg{ta9Ed&+Pww3j2NcG}1Y7CNR zFS~LvQ)s!D~QJV7vrAhfG)c*uNE zt;CXqnNMLW?N&Q1Xz7x|9o>T2>x)(=NTi+yAU6P#)58Ix?zPa-Y@@T#zWP)t5^Y3( z?YU+DW20cALt?#8@(gtL{zI3hleJS*ZE!qK*-F8?fde9u4IiD}TLv=ihhn75t(t|0DUsII5nWZA8MBWJAlym&qOb1cq41VpTS-rB?GwS$eS>bv|@PMxtIhp zURU*(usxm@`#;j^|26sUZ*Q%_zaDnD2VhH9?BAom9PR(g)&Cdq`u~q{AilrbC{*U} zTw=JQe#wecQst?-_{f=0Lv_)%!IURmS6^TKp7ZZB3<7cC<@#>?oholKp5A9#^KX)E zzU)0pVSNsc`fGDZzSZSrb2Bq>+yq6MgoBcDcyvuxmUj1F?uAz`4^Y?|8aQ>n^?(S!HYeC5l}kh zzf(T{Ea05}f9Pkik`0dy!6c4gd&f(sMh_qg=T^9<(I}5je$)TW2Nn5mcO+k&uJeV6 z%NEnW+rN7b7F^=B=_JR=Z1 zgWO;DK+BU1oKMeg>kj4eAj_@Cguna*=i3thxv6jf=SjTwt5fLStxFGwC<=FRV4zkr zJR6o)mT1EM&Arvc&%%2`g6Yc51&EawV(aJ!!er1Np|de|yVH@)bK54X3S^(%dyi28 zua5+Z2g28-KH_jP9zf8))r5H_PwafmJy+J z1ZGx@dRz|g*cB=gk12bp*VhG=JCu6^MF=2ZUH3lXEd7{O4?%V(htC|T)dHf^GI0{; z&CUx@dq)TVjX%;T1pJoRd4MZjJB4(}mE*kRO`Fvl?hD)1F+dWRSYjT*z?yYUz&f=t zg#imK+9c2Y@VPbeWDFl-(c?O}*teg4DPxY+kLo`!hwwX-TcC@;(^X8!Nyy%fV=;)# zyyC2V3N;|Jqw69qavbZv(kwYly&nKm;$LDu0VT^G2XC28IFv^2>zl7%Pp5JQaFPO-FD50NSC`(qU;TTh`iXzp7*9 zpc^`CX}R*S-?IUZ5m4ipYLkxzK}S8nBfj6th(bM(Gqobesz*Y$C%OKR78s^iYT7hB zujbN_G`phy)6J1Lvm01hx%ywj%%4xWO?h&lm)+OS*0S|<-7>$j&(WR8v*+E;s7uk~ zJBxgJq;gUg+`Ma@UrYjIQ6aiyG%Xs9m~PlywA4=J zT%ztuLTJ|HGKca>TCFv!DODnwJBadQpLJOKo=N=1DXaB1BBzJ04b z#I{@i7t53#K12`~U9c$VZb3(`l}1N<%*8j@!G$@oop{4<7MkJ7q~+p}=-%ARz06a# z->A#Ha9tU?703Al_oIi?E5b>BJ$w@FZBj^vpb`3rAu&auugI5XxX((fojH?*m-_AQ z9*M1na8M%0(V~Gp>v2*``(Bgoh~;F-GTz}zIScb=J;>>5e|uApK$TKn52fpm0bWRo zWaxC=$}60cyow6c**bxpEthx5cDM5Py0WCKc6kNF-uu!$mdQfy&*=|Ur&sAfn`!8T zcDk6habL5i+XUzER!eOgde1va@ALv?x2O;4U0F~^j^AR!m>>in%Eal^4Ia4svTF|q6 zs1+EPvQ$c8OIX$}9|&lncq!9C5H>&&m=~f^ksE?mPCBbpz$OyDe9n-zls@U`2p{y&p^y)g ziWsP8qq?hd$L8*UwEFaUc$52lyGaRSI{|#h*D5PKQG;xX*B=o*P%jN&Z!J}bt=ufa z%Dl`57%OPX$}?vhxR+pgbX5#_Wdgy~^)HjPuDP2l@+1sUsVJ+W-sT0bPD!}FtFUNCb1>b54<^BH&D>i!B|ny6!C`+4yhiATFxIC7z>_h2q!Rw)3rR$a8dvb(MmbxCL zv#|S}sOm4UG=;>nVl|Z+W1h50e)UIoIm`q&&lXVw1iu>^O6S|z;uL$KfqFIti&3@h z9MYymib!GtjysuP-xAq9Y27`-N7^M^pX!Hq9^ZI3vp@mbwRS7L>(|<9`Koi=pwE@1 z?4Q9E+Wv_f@-ZHzEKQ7)mewp?6m=HFZw4TNjA5@h1!yF_o^P!df{CFSpONKL8cHwfNUM`8# zOE(|r&>G9BPAcTr3DJ)~81DyRQ~dXTI+mK#7)E^JCem%gix8&{iugmEh7m-2m3$9kQpCS{zKaYz zx|@l_N0O*$;vgdRu>IbAyEbnhop(d%%tE$d?@2X)d~dC7*KGEVR zdDDJHb0DuoVyq$otYyIMbDk5|O#tW$;*C010pkU?mzazfN1AM_D9el1eVDG2RO7r= zueDb&Wzb2{>hlqcX^5-f%XwF^2F1wfP5?bg(xE-k-GT*PQMrsu{-r{sXVPZmZN8BPK zb(_2Jm*!h^kpHh;2qB;A8O8SWv2A$8v;OGW7;tO47GkKc)fyu=N}OL%q-6K8nLFQ; zyD8|^G5+`2*94@QJ>+#xWt^Ca>c4B;Ns=t@$`w6glVXMt1AGHFMli<5g$AVq>KT;b zScAL%2gGvPi8=ltCyD4&F5xEVjsUXq9O>G~u(D(yo>N%xQwJkkJokrCJG8B!bn~zN z$wc*&mM1ByL{r6aZcpr038c^1Y#4>|3Pe+ugnn6&oW}2oPrTspMfG$2^Iz`a=rUry z0yu(`w&78?qJQ|Y)srR-(-g$LK1>$NZZ1ojY$#wBdlT3X(iYW4%T%`8)rJshNi5I^ zkZ#3F4N8mrWi;N_ou410x6ofTAgvK0oZ%;!OO>lSKNn)(61g_#sf%DSr=4m(Yztjm zF$;z^?aT8?$;iB-$>TB4+)!9GwtmnZ7^Md{`lVkd&@VM}v$JO8N_PwMFNugclL~Hn zb6-K;N{Ns0<(Ubb(s@w6*`KwW)W;NY^cS2=dz1^$_!DeBVT>i+Z)fCxuhhE5;H5iW zv#m0z-#HK}3p?nYt_WN31T-0+GoECd*v5^(JQw(jr+GeGqo^XIBYmPfA+6@X`nj#? zyl#$E%SB@8rc3Bj6^e>NdvHPm#&Q`ia~M~RRg(VtF~;Ai=32p|azqtB>x=eRVxta^ zMy;g?BbUI1xi{$#Yi1i9a!5^1nT$!J%F8?*E2uIkdH>*P&tH`1^|zYPUV+gIo}zsNk(Jyrz8?MEr9vBa>=x_^Dd`tsFPAn?I0c%u_p*e!gklj6hx zcNElw;O_2`Vp&MZE%37;0-L4%8kOEDrommWMq?Kfi%8;IJF8bhWWx-!At|%lY}FFr z9Wp;>=*vw@XMJqp=pH+f?h3O;m|AOUz&^?3lk!#p)U)V8a@s)iK?WmPfX;o!b;~3? zq;{Z$u{?T$o0&RSRN*7n%KL0i%7mi}*@K1D%8^;sxDzQ+S*}PgnYTD_#C)F~!Y5&d z&CQvUVN1!w7VlH}{h%?-`b7x1KrdS*F&~B8%flHyBXlm$NJrI{O;T(Xp1Y+7^NHM} zO$|f2rTn6IOX2k5Okv!A?sEl~LYP!0JnYCCpKPnCtB-7?e(!yGk137%~{dqf)LMojcY|)`h!R_Y?Iu$iD9BUr|xjS$-^P4{~R3lx1 z$hjGQhE7oc0E`4h$k{gUm_YgztB-L@Rz@~0K?hgLu(Tewz(ASs8z}g5N~9mGYNOJY zt9)W!UD5t;v~5nH`@UQE`u1djifh<-`6y5pW;esGoh9pQ`j>}TAl>ndNk%EP@Dh){IBobX->snuukU$QMwZfYcTToMxt+~{bZ(aPmHq~uGD8m-_l@IOW7R&n^h`{h5k z_caiOBQkcgvWRxGGDtRG+`VGSrphK;8p{(N>G#3}hbp^HoexSr;EiPM+^)U|Wdz2p zrBgmA;xZyAg|Mw_e-bp26`PdEf58BQ7TN373Evml@b~=3H-Mc=v`@K-H zX1q7`JcqD;=9kC%iTLQerT3Py$<6wd7@F&^>^HpHDl~G*HjH}EI}oZUQeAO0Zv{yx zh+t2Q07gu8V>)tx_=aiTd5ngm`@Z2pCzjyn+Md^}U{e`BUAg=ArfOIrVW?y=X9SPued}h6&)(0u8-NhhZ%-$E^BBl?CGT_N#B_U}maN$1R^8og z{<;3EdY6sE%lF_N8dXsW`u!9?%c38N-9A&%2kNY9cI&Ugtr-gy(W&#y4*neWU`co& z_dDcNS0)$f2ukLSR&vOVZKp*<%lmN03aBEu{IJ5eHkmh85u{B}t*$07^BUvwjbqSu zIhtSs#Gv_+d{`c>5+@6$Y2KIRQ?RmnWdn;!Bv?`YxjpVw^@Bo2y5HE=OXK>_z!jgY zj1HEUm(>;OwI>CJ=})O&v)qzmCpwZ%;ZvK7H18V-B0`t>$r3|I~>i zxU7?Kz00^uk0$@rq(?GFR5XxV3PFL)57q6RL20QcX0&0Yb9yIK*pNvAm3-DBdDI*> zVZ-YOE(b*n9858dO->u;S$bH*@KIu989c5L2ov6@e8Mn-hh&kBegfnKKOMYQy)4$& z)1%rr^D&iNhO|;e{@k*?iXwS>6W2(PI5@E(@Xo2;>Yy~AW)EG4=k=I&X~`8{oc6rp zthR9J^nDGgrN-zH>`;n6BEmSgI;!AK9EO0WlU%-OphC|a$<_U{FGg<+BzDewl`m@q zW(tNKX(!Ik^eco@Nu*a_Y%#w_qFUg24VnItPnp#6fIySJsE)m>sxl1~%3{rsrKJOB z658aC8I`A^jH{Fg?GnDah ze?6a*Gh}sb>u1@Nc6BBCL^08Qt((oY3DDSfVq$VtNyHjue)+1KdRUn%RY)h3)8Z%F zY6z1OAWQ12LaZ-X4EH>q(^$x_k)NVc#SQ@G+QekGymhOfkXo8dB^CxiIg`2Tg|~v3 zV+3TE)I)DH)crA9af0H-sV2wA#Ig+uNm|jipi*J%wX!}opa%8q&Zdx)-CgM^- z&+nc(9BgfQn*NEGB4Or%0bJGx8Q-6;nImNwC3PpTENx(A!gEz}Ca)KJj`Ye@RmnGb zys2f-)10X>L3QKC$V`?tHK4cIG>h+R8_1mw_R2|$A2RI>KS()(>8qFFnYspQ@`VpP=8Y5V|kY_cRXm!1RCU z0p9j~xFIWzk{XY6@Nj|7I&G$AS$`M);(TOd2U>O^0PDm7&2fbAG_#nk9h1`;GueS| z2;1TgpWE4MKS5?pdsRkb`$TX|sV0ubCGpVGG zW3(1J;Tev5oJ=Mje2tzo-$cjf41hq39OkgBw=-jck8<{iNk@15x3NwB|=^SSpIf(*;fH zv0HLJVqp)!8~}C7#sQ!Now>5DkI$VYw5LbssXRC?WAR`aCLvi-&@R_BchV%LVDuM) z)3=;py$3`g02!2mDJeuCIm^|;B(<6#1Dt6?v(x*k?K059^LRSRYv*y5hO0iJt%|AY z0`@t)CEyU|^=CazcxzhAU_(pzo}>`XPCevN4HGw-T`d?mD`Gkg7rz=!;RbOu9q>sy zZ0HbHLFnm+*0(JJddvM^qzt^*XIq@fBWCKn*)Qej_Ak-DoK)ISpWT@KIR~z;_XxNA zE)TdM@%I~wjxxhTTi@T9-$J#~CA`aK$)YK^!H5&@0eGd@l;Z}GbL-20P z96B+k4U2!n0GgmHD>gT2`T2cEey01T>|XLo^|GJjc8bAj{ysNRecgFZ2DP>46kQMO z`{giYbXCsS^{>^Jn|iP9grxiBQGdxV&Ilv={QA`6dhbyzCTzR7aFv{TNf2%$!`!71 zWAc#(A4x5uV+&#UvEV1|kJmuEZnVtjkoMg?EyMMD!{>O9a*5BTRcZ-Izd!ijqE`lG z9H>*kQ+&b2l?na)vq-RFnigy1OHXDlWGGU5lA^3}%$#x1O`S2y;|@U?BZV-p$g)FW z<&UH09Mc3Xm5jrHfL{%HwUSe8$nkl2j#tXbJlKE>)qysQFTh1k|J^4m(xVM`NBp?$ zBrC!UiduK<+YtmlwtBDof)Cr9G^h3WH=DWT+u!?~RqXIA#NJP@o+OAc6m!t0uP$2Q z*(tpesgG6>LVVT-qbtaW@n|Uc^r|R5b_*ytso?I~FX!>R{M4nv3GTT!57Ikl@>Kb` z-Bbcf=Gl>nZW%fLVNdLm!MPpoZAfh6TM_d#L{piUnO^bX?jbr0KAr|!9;2;aY(>K# zG&cq+7?e!^RS|6!552Uv-ugyuN#9;ysl0s4Rf-iQr>6=MefSh4iZOw=>_e5|Ga{(9 zOI&8yv`n2O$G_#+a?61qNbvRZ*^18x&ap3DKBuj>`Qwo{ZI3FNZYJN>os+hl8$jz@ zU7mdUIvP4DK|}TI0SO84*c7Y26@$czk_xMHWj-_Wd3;+tZwa4T>6*(#><&4!`^kp7 z#fFse&I^NryrMOOO;uYy4kG@k{G|<0oM9D(KT)&u-Nxpv3>Mm9TaoxkmS^-Ly@Xz~ zM^@0V8&fl*UaMtM{(KGJKwd@e)nN*L#!vk|;#(FEc5_9mwtKMz_WI zP+7`(Luq%A-^k->i&R~HeEoz^%0dd13Gyp4P^CAYbVBw(XLfNu&1$Q&an$osRp55i zU-5bDHBCrZ3x~yh7pwn3kA>G!YRSXIbg1z^<;RFM_*D0lh$nKR4UT9p9$szhAl<6|-nPK9)g>hbpovW5N- zq%PQVCk8jT@N2r(B|4TyRGEENNp*{^+!uOHR4bluK2dLK-t>Sg%zyujMg?K$(T8`5 zo4wr7JU`$U>@3aFdST9hWMd_RcL7n;v9um5D|WcQDk1EkcqrO>nv-w0xG_sta`lJK zvSxA$fw7N`!tt1dK{Nzhwrc~Ziq%S~jd~5^Ur;f~n#M~y>*ymJXBUwD3#(8gvPS8x z6q5(q!5$+LlwB}UBaQ%mG!RxASR4jW73;hRrHMbK zCn5{VZ&SQW^d#f}P2q(nK3i>=s2187_AYoK+6_>0w}7K+5(_93hhd@x)<+^mtQk2} zOqg*EZR|hl^5_sE%MhYR6|F>A?t=ihNr~FabDcXEpVd>v%?m^j zmE9wm$fqM8>ECUuqqfm8rS0;2rUDgIUbqq9m7`P4R>*B(F^&^$d>o!uo)Be*i*6MW zfS{t$vaC2)a0)cCPrgHnQm;oG< zw#+!xVN1RrW#aCDd^Zn;vs=piHNgY69oy#T-`L4xf{AY)%d7mI`9k!hY2r8 zCBetoqt`H0gsVqz)E+&vEF}eBl9d9V3@u9~<3U1Cm7JG5x{`@?1=Drx-8^fkOreEn zjf0d;SAQAI#C7uf=%KNLMckhSQ-+B$$1Nw4&aSV`!Qh|9ZZ=!(knn$Yeu($z~Ej~%>4{S6=@cZ2NF$4YQJJ(_x=L7R<0{e`5}Fi-XvS?dTzUO5Afs*NzpNvzTYi)9(`708R7O z9)*x10Tv>fIGJ3Hnjbxt=95D1Nug7_nC+3tc8W)e<1reV5vn8A$r+1y-puiYU5X()E(}o&(UqS1|U_-EQda+N_)^Kd%0*!gm1Nw zrOX}QyqlbG8kb9-Vyt{A&@bWB%9 zrvp{f?J~|fBZPE^Z_&LMz7KqqXi9jeKIOyewVyl--P^YW7dECO?vUow_U)zUny(W4 zw$L`Vbx!qD`Ea8J-LrQPpXL5t*3+|dK^Oc?Qp=IqH+zr1-X0E<Jl#GD<`;1skP&-Dn@B!u1Cs z&3cbLX-och-=x;Z<1GPWz#qjb`@79Dq5j=@MD?Mpw#L&a9BzEriPm%2QNuN#B@}%* zJ?vLMF+hIeRD-@J_f64Q6hbZq(w?biZ^kOOO>$ae5obrSa1%u4EZTD@gmIGk#60|7 ztw-Ct?2e$NHa$pCr%;!-;2w{YxBfT@$7Zl$-~~LMTG}BDAJ=YCPpPJ`oIsIWn7LJ! zX1bF5MVrf#)wCQyP24h9VrWX6fsm$MAbSHTuHv)lnalUoB8nQj;pE+e1W7tGcnH2eL7U<#JN+F?GYQq`I`Zr5#{Zi}7j zYIZsKoM5oB?hB@7DhJ)5cW+69m(VSDE#JPLut(sT#Q-YP9-HD}zu(h49+qWF!Rlaz zLmp0Us@T)O)h{xglq{<zWFK5HV}ru8BzpuKP@~g2p~uMzMRmmww6xH%W=TI4Vm6&p zYXPpF0likN{I;o#g9+!uCocO{KXC&Yxjj%m#1sG6Dw|!6K!*7sdh&}_WPvc==-DTV zpv3dFOCjlRr2~qw_E|IxLNSPJmECaOvwBKCV1Iip)ND{-dV8L#zNCU}VdPmY>ztP+ z=F!N=v|Fm6lDL9fQwbjBAiqOWGw`9&`?2!Oq@Hdl)L8DwF!f;fAi*V`=lbhv3aF2+g{U-I4?9e6uC5l>h{;rQJ>&bMrH61|+74g|{$*#m-4h4|hDD4}% z!DV8wYXSNeS^1uC(~?167PaypyalYY;!85djNz}+e`RTP?_(Ps)FENe(&H|m^yams zBV#OiG`yV6eLUcbcR`opll9lTYdu->O@vAQE-srROK0yXk5ar2f4y_vAigVfM_w=G z)nUeNqG>P_c9{;gZHj7fJOdnSD?E-$)idxCqhC|!OrNN4syXr{eCEK#80`S@NhIGi zWOU#;z9Mr^LxbD7n0$J?G%=FcDRlW}-PCn3_C4lGty>OiyIHcNn}PA`V>pg{M+b5u zW>i%duP1k1i@a3TwzV!OE||DqQ?zq~*x47OmaSC|Q-5G)U0|w(iRmzD%0SucFGNVu z9h=1sx+|rSS8R9`p;AX5WYqo7flE@`b#%A$wm7$9QzqN^P!7+RCj&h97{u+yqUVG$+lgli~Aaf=U-@7G89Jmf7mh0c)T2Q*5elz^B&umShQ`geySMi=)>M zHb8t#A4?2tj8w=lcts0(286XbGP-mzLgEtkJ-W{ooeUEW8H_ZyTa<|dko{xO>j&?j z4w35b9+SmMmI;T$EjO#<$&8tG&JH|)9QN@xW^hojkRO0(m7>J(6o>uY0@UAoa zgK}nv?6R_0!YY`BF0+F+vo+BV0$9*0Ok;6s^NuKBHSftn3D`#sqQ6!R8zu18WE?d# zQ}lUPeim)M{({}U<=npKg04K7eV6~yKa2gd*qve88M2|E#Q8ls=;1m<;m(R$-+x^z z{yUQOiuwzU?+?dtYd^fUWiT=01Y~L)LbvO+)RE+Ca9$ouEAduyM2n^P0byN=ST+O4 z?tPN}9d`BEbP+4=ZfKJo-Xr<~^S{X5VFY|zn#AYP2I-$*ak!rL?+%_F{3P~21mWKx zDa!v+06YCR8_4+ezuCY((0&A^q_a6BF@CNzH9-<^La$=ut5~KEBJ%&JM0C3=R&) z$H&iZZ_ip;F<4k!)Bx)1qt&+k2P<@fD~#b~+TU;S^qF|*9o;{A;J+W|xOtu@Qd=n5 zP$vq08@RJKngBiw{5Svm9b;VJdO$c@>GpSTG^+J~j}5lSeKEL-J@)?V+v;I+A0ca< ze_@ZxzhTDz-1VOy22Nl`Vg1jL!!Km;%4fc_YLMvnI`SI!f2YiP{7=g4-!l>8S5`6Y zo6t!daxYuBsD_5f(3)v!N+)IRqF|jg%Mw30D&c>w4xgw({?o;!_#S`}ivG?p5?&Nu!{_Q`L}6)T{8*OK*t`&y;PpHLV`xRYSee_)F7gcvdZI2w4cv zeUqN=OZxu|4tyAW-W{1C4MMGN?gOfC@9I;$|0E@I{b4anco8&;42a9wCA&m@s&kBH zzN~NWUHbYyj_9#LY%zfOwLhzUR#sBs;X7Y@0WkTK{s!uupr<$>UQHlh;{iJRd9k%4 zBbJOLF_PZ9S=Z9uE-$Y!%MQX^vs)elUmIJQCP(Gd5FP?`R@h;){N?1~?Nxkw4efx0 znAJ$2>y{u`*;CJbywW4c{ps7=mJ+6sF|N-M9UDmR+CpddyQ|ux$1S@n96IxSg)S|S z?gUCkqbKHhdS}{bu^*N{Goe>D^7a_I*WraM2B|g1tfv0OU5wTId|1Bc%;yxw8xX;p z;Z6)*BEkHGyJl)uPrF(ie%sc*cerw%n=P*f@W4ML#vJw)t(;e_<^QeY#;HgmX9`fa zT6>Y7Ul(rV@5?*j!mU^E)obYtz-jA$Nog7;n&&S`Ytz4EU(@|`(y8PBQjv&uX{aU7 zRqhtcRWo=qYl9zvakFmAu=p@n8{lI$U%Mi{d`E#Wp5t^P_;s^z<6KDW`HaA zsGfD_(=2W=@GK~)`X}%09!qq7c4ZP8l<4_eRAUeI5q#A(i@51Ykd@x7Xg{b&M-^Hr z7}>l&Y6-l7dleN{zld3me(2XlTWF$qm_52%=3dGazWIKv)Oojc`iE@ge%ayfK7^Kj zjI)3;{RO)@P=g95aiVhP0o0C)KhPY^a!a2-cH_~}KHa-q(cC@VM%Veo_Ug!;ND+Er zdxQDhkeVCuXRWM!OxrN5tX8PzdXwVjT;D(72K^9`RrAfGz=-vy7FUV}=9nj(LI&Hl zo8gjOR{hHf@cmgg!H>)VB{d_`LLS!7Y>Sck0s3gqH1IQ?(xW4&cC7;ONtW($F=aOZ z-G!nbMh0-{v|GCGi$!{abJC4jG2tJ-l%vudfqMf>#{PqX#GR+XCwR$8TK}f_ezBhY zKhtOI?0@E#8}^^utBEHUtAhIL!fos_mo=nInj8Gw_eu^5m%@Ezm$z0#CBB2>MsZx@ zTQ+V#{k#)O^QM*QcuCxA$qP9p{lMS%@z6}ux(ZR8+>?}CyAn)@57_MMv6_KD!@g`! z`j_(>^so{_U>1Lj7wHKh=+KM#cHq;Yrj*m(u3L9ad4(xTugAAllfInpQhALv*R`|I zLy%)MuaebVlLVz!hmlLT9R`%Q_e4FP^UUNRiWZumGOhfFggeALqRSp{AH|?&x2D)i zYvS0|hizC>WrAa*sRxR};6u|4P^ulxOJ^*joiM6iKrXny0P&Vme2{GjouwSPAH2dG zSPhN&A>D)>K29brlYf@anH63^&~0eNM-L3~H(wJl^DpC11R>K-nLLO|WMqK_FHzEEk9b5!3U zo*N8LHV~LA7cZ5>p7+h0&fO_p>JBrSE`&v;SKl23=n44&3={iFZ?>{|5y~5HB^))S zFi`o`N4cvu?gejP`@RAFN&0tJ9Ffv}eY=n7Y?Vwryt%7sVwt663;e88a*#v-4h?N@ zr3>ifK^zQHVn(EiQ-~i8M0y6J&WR^$+>LzYyJQp^w(X>V0ng}!i`{1Fh8ssq#wFX! ze%+umYpU2sB__+x5WO9v85`Xkxj?&qxrrpNA)>$VvnrFSR=rMIG^3sY@ z%T!WSF~k;rnVwiq(h!+zf1ys1sI?8+xCz602A2UyG@TTn1wQaC@cF!|stCYxc0)NS z_e`X%{YmlYLEuBMl7Pui0#u))w41=uz;9Z)@HJgRxdD2V#=Dd;7XvTFWciI#x|3~@ zlPFpta2M8n`Ab?BR$M9N9W9qLhe%gsI>t4Ugg~{9eDZPUE%E7)wEx?PM4VraC+v){ zPY>TR;``;EE**r;HODQUfu_AwE*vGgQ*4Nm#d4)_vdfy1Y>da#VgVn2A7WoGn@i2A ziphG*((!(SpX2iH&7U#ML%%~eC=_Vr8`Ae)`=Efo*F&NwyLyAvVrc7D1^+kzF57#Tc#jkVUlh7 z5v4dEILhn`o|ZLqL8d9kFa5z8$YqSs?h&=YHVdg_;jR=fz^r;?t~B;{B+-5`F>SDS#e$RCh8x)Yj!cvQDu8`?r z<_GJGFlh#GTVX;;zJ~h@R9aqE1h^{g;Y07S$*8?lr%IaCy#~{*c+;w`U~R^jwg?jU ze|RUum*@Jy?Q+cuMeVX0?3CVB>xz~d|PoLt4@l`=yGl! zt7!`wSYuN5kFexIN`nug=v{GS#J9000hJvqrf9e9L^^YolZi>9k_K#cf~DdHKK*Ay z4F0F6A6PSKncIIv&FHf9&ayX>6U~-mLV8qcBHStul?|jD&YNc%ow;IWPSy&>PnPIl zsZw+7L&YRxM-#f5s9+8)YM7W4hQhN6*#D=>G~18Cs)7AGPVi+>3bFn6`7&Ko2;Mob z1w9iTL~>SPrCM57BE?PkbQ>Yro?+u;_7VL^@bW2Y3olm6V;?;j|WhN}; zVqSn4tgIbOWbU%NM(Va4hP^%Bak-5)XiSKX)`*~SC~_*VBn}Ql&^+YJ51~!7@ds#Ta-jC+J zm%vwOy}a{d$%lbFogd`Nq^Q_G*9Xo*X>Z3LTP}-VewQMuq(44U3VEK|u^%?G5qs%b zm1RP?0aS1iY`#ueuU6c2Wn`ZXJpC;YWN7eZQ7~fhv+TyShu5ZIfMP`chqyr*B{9C) z(EvDT|K2>NuCYk<;UaEeP;R3$0qH?1Y1&ipQI2AGw88O_oXzkFYxrH|oW#JgAt^Z} zO+=hWtYykl*Xhbfw}P|+DW`Z1&Z{6ef3BK!zG+NnElIrl!q!N~hIp zA@1w035)royW;Z*ZMi--3yy!(Wecy%O>A2yMX+$6x=aMf;#-%C%})27ZQ!P?=4&QH&B-ZM}s%VFs+NiU)NF<|BvNBLBAAiC_GYdHr)jR*2J4T?M%s3 zIbTM%q~mg#S;SorpdVNd(#g`Rb#Y#|>P6CN1U%MB6%-HVX%=ddzkWsZ<`_qh*C(-H zi^*Kx!1l0<$yERXEe$V*?^e}Gw?DjIuvyM6JtNRM72a8CwNa;9{ve5IY^E(HHsU1! zwyO{l{<3wS&Y_O_COrD&?=sUs>z_hzaqwf}=fDa&|?b|j~|SD3Y^2q;v~rw zG&EUdIXG_W(N-nj_9BdXB_Hm#jHu1vTL+ZUl7n&mw#3wrJG*<~>^h6n9MivghFdg) z-O&$Q0k=oVi6#8)8|JQ2}{EE{M?c1YyY&Pjs>X}?!?CIJQrQmSI=jNHl@G(&!h{wfcYi=IB zam+Y7PN`7@j`J+%3ed{OOE4~T@zvC*o2VGH{G2GtMjA|ohDmjnqzfj98Ji2&HW^QV zismK{y<88;y?PW-H7tImC-#MRDVRAkAtUeaT{oN3EW-q6vCT z{{XQmN_`o6jcdQ;AzaK6|1ZX-0*^!{6lLPDCiA(YLCSWjEP9n06EH-EX2dS$0s9@I)Fuos2pfHY2 z9phG4R+$86CNWH8s!hn7*}a<{-Z*6|Cudz}yM{b!@1}ajYe}A~pNU;9ZJ@w(3HO=g zq|#!BqKvebl1NHe(VYd%J-uA{Q$kdxBRHoqv66;^-LlRi0Hhj2;TDcq^n6}SN2k?G z1~T@#06#`m?O1rJJH#0ZNLQI1G`67D_uAlF7V7D`1K{R2(a}qHZLLDuo5PF7xe$u0 z8<-bTZQR#+7>h#vVmlMzeS9l|`|Hc(VGvdC%C3kg@=5{=XQ5H&ZOUgmh1k?Y1z&eI zh!~+Pff*ra^k}{7eYDPUWjJ>fapm88Td}i$rz-K^{9T-VN27hA@d|ob z->1N{=9WHOUI)S4{y;6{p2*JShW6T*J4K%dvRouN(^(B#J0flHye?Ot1qHh}Oa;Ti z_NK=bacz@Bo4F|52{NH#@dl3(3n%kq7C*+W&h)Kyo27lRN7o+m33sxXKjl|s)<*If zkM>k^lM&x*JYF%F>ARFL-~M8&>C=kiH#{TKeQXv5A$x}f9Fp{U2h+b-%J*~CXf?N( zDkmTmOn+0&ddTwT@Dg9Ln%-f*YwvsI6P8}v6W{E~PYm~6zz2w2N{JHqtL3X_48P$< zRgk%Dj335Ma_N?+9@^%n8x?m%MLsGzj;A}qoy5Uk&uYi$)J;8ZOms zgzV5Q+0ar5DY?$*@}|rO+Oy!dO(e^in+R*IK9KCL_<;#~EIIg&5&SSn z$2bCRuTIzkBY5LU(plST1#Q=bTY5_!6nZ(v#ae_BE6SYiE|k8;eE&FAns|ZqusE32 zo?AQ$%P*9WQnkliSE3-u)a^N5p}zLVoDRy!f#_{XNQ|p;d@Fsyh)jq%3PtJ#$`O!S zy(e+$Cwo7Lz_Lui>Vav<^To`K{CI&$vOZ9;N%;A-g2eeA>@d_X@r&KdTQxBa z@okOq1#Kx!U2?P1kV)Qm$jVn|+)6A47MA9jCD0F^zv4%Wc)qbPq#Y$YyJ2VBv_&oT zqDzvH0#a*SU55%RR$G###KC8;x-?9;G(NNQi0Qa6lGqp=6kitD7WE0}NJ#nN7H|09 zYb_v+GUj;#_7E>*8R+e8jdP0Ax9*_vXw21S6{L#APE7D2rm_#RIrF*Rg3_oM6t4T* zBPzjw`&Q*DLARgmV{HgSi!~%C&Xi?pdb3}=?7#CG zC!LhZGKiB9IWR%aWMaKntcw$U#}i9G9#3#9u-E-Ev9&3uET;<`+0Z@7itssMZI-Q~ zZ+%Qoti@h2I$6l4b`Tcc`ncqm;#8~Z!ie_S0 zsfCri4O!*KRIpbK zJoxcKK_g#XO%<29=Os29&tB2vC@>ZE*`6P5(Ym6^t0g4J%JhX=x)P-@06MzjMQ7@9 z!-PosE{5v7k5g&!=#SIQ>>9J6P4vBWM+Z;#h;VFBQ>U_tZv9X1Te5(Q&`2~S_gg%ntb{*!Ix@tz?NK+yCf(g+BnzF zA)xQJ$t8(qiq2`vy)>Y)mDRhzp6~uenGq-N z^2OjrHHYv=C9JzuVfh?C$*G=oOqD+8G4vsjOXA#o{l;x+EJkL}S1o02_l03wyOJ?_ zzzA2Mnqdmdmy3GSR>-gL5k>dcq!&dDyf5?ggw2TOcaf&*JmW$+NQ0w$1clJ`a}tn9-mrdIA-F8>e#pB?B)3;2 zYju>~cX(^WbFztT=3l^+Qu0IAUEkk+mlLBjLv{C^){cz3&oXDQK9n7x^PIa>y`msL z{7D1OOwMkzRp7>tEn+D_hNJTuYrcbh(FW1YMqF6klZbB3g$v<`5c*p~UD7p<5l8;I zZ>Gl)4P*xCM6Ewp!@&7wnTg%TC>zDoPt7}r1NKMxt2^Mrvhe)Gwbm9V@+3qR{f$3N zF&V1e!*OJ63z?;DQzdi*;HpZ}Np&0(lKUfi+M}zFDTd;I`r8@`?NzIt`wI%thMP~o zR2+$i>oG%QHYB}+foaHk&A<|SyJ+rT33u@UK4tNH3-;dpwdz_P?*=0+g{d^AW7LI9 zNEu_Elx@-6V!iiopU73G3RPIYmnyoRpPtPpKuxunLn*oU4@z=<9mB%%QDB(}&;uQ- zvYfSXH5l;GvUuQk_K3u`)U2|IqzJ;BJU4-73K~v{gsdpAe0Wz}3fa;6KCQzqEufVC zE?qH6bm1ZH9}iQl27x>w{xR%)my;o@s{qc;^pK7l!f-6PsnUmV_c8++t=&ML(OYG; z6p_`->qosQ>;&h1T?F@HjMDrF3#&$3q^zlo0M#R$WD9!M!JV6GRCCvH`IC2o&H-u| z^C|%Xea^snG=wIAbd!6~yR?M7G6on2StZ2 zQev|Omfs#6iSiqt=b?)GAXeDXgmT+g66Vof1Iukfs; zA!E0fGotk#@GYH8YbTUe@oWWZIKftz%_6Sx%o|izsWI+~cc&MTu)4D)<#18_VRU>- zSmaA%d7FNw-pdb=hwA(S7n_cM0teYks>f=p?ClQS>v`4cHPMxYS^1t{zw@~r0EO$W zkyR8~&f>D3BSM@SnU49+fp~XJm6?X=4V`2w4_c)8S|I0*uH8Bn61)NEY1=TOg#&wK zL%sojC}^X({%$QY>wIR>0W(bpRyPe{Y2ndx50T4yjyHThU{?@3)aGuYKLQ$`c)c)x z83?>IwQ@Tuem3PXVb0UT-M-gqe@NIPW-uF<7O^FVfTQTK%>}lfJpwwzu$1uAmvH&u zqDSr~x$!I4oS{F>_sQ6To*(%+8U%b?B?Z33{VI#44gbO?l94#fM!KzVs9w`Mq-~ZL8X2k}YMx4-bLy7qMF!sKT2FFA%h9W z)TQR)0iEwtL`*F+N-VoqEZtMEQ|#Fyv>_9YI((KiGe^CD_LX9GQTp&FS?Kx_DCEa19*mb;_nwh1emo$ZlHv8N+0b; z!!&fca0H?l)SneU3YYfii0cJ}k2Z=w#Kr0PY7U&JQnpI$1{&rk?-no(Q&ifE=ZbZ; zO6gt~$8Cic>$TvN^*aBCH`bzxeB^IjG2TgRmU|3$lm_bqw0>l*`2%13^Poqc zMhk6MF9cqyKP;iUz0L3Viisw-o&A?)9CBCY`n|D5MqowPc=9V-m=i)EAf%EV zTD)2wp^SAN-1g>%mxQ>))s78hGRzvKt+}IZe{B8L&w*^SZNIT%-M!(A^geO!w8|JB zmdX*%Ns3@n&p=rbm_`4fkLxs)nfl?jm-!;;P#Br21eTR;` z_VFBFLO_-ON~ex1y4} z`&YBvr7KVU*u;FK%3W<(o<43J`i}Owi8d*;y%t^HhUb#Vdp+$*UP(!{d~%$F_xs9* zs^7~*H!t%wV8Q2Meu<-4Xtj|GwsSz`t^)sOVTrvFL>($yCG1=0|6Dy6k zYqPxKJ>MsnoaoXl202y{Z&lOcp}``P2t=u+g>RA_vY_Y}^|h4nn4H)+KPTmUT|3r0 zwylKrhF^Ddn^a40;Z-TT<6Efz!qv)JcUnYTaT!~L%S(0#mhy(Gp1lcDTbJD(VUT%T zo}G|H?3aZofDS+Z?98mW&F84Ff+ZsEsRhqqI!i5VYkJ!v*Dj5~2-mJ3-^WVqc^629ZnUVK2gwRvY&Q;m2TsvfBSbr|V2eKd{283r5|EO|1-H3( zEw8EVoA4=rU}GB`nHR}_;4WqxE4&#JO{`@uMEKx{NZg|ooo4aB%^VNj2h64J1U+Vm zJNPSyUCdz(V%3aJigYcleQ=R2LheB$eL}D4KVm%AHVVQ9YoFCwC%svo7w|$Q!N1l@ zCDB~v{bd0+^7hoyF9&)XMQ<=BDDfik6gqS0hC)wq+ zu|5J1)rZ3HoI8HFig2$6;deCyX2xb>vA;mmd8{&CU#LIOXMdUY7e~Qq6QbVxh_9i% zg3(>Dbm}=tM9tQNJrK%6+q%iN6a7lbfSNxeWE%IFB249#k|8hSW?{Qw1Ndau2zrP& zjdP938V>Y`WOMa3+@dvge2nlpPk$Ew>b#X=7I?+^Gn^ht!2@?=6tUl&;NP5o5`Wqz zm3BhC^;)fgYQWcx0!?6;{&Ii!#MdL{8MTOl;K_@GH7zGC%9xt~BEMUBz0l%FY{)X| z!`b^aKs+ygtol7gAq;ju4O(Fm5IP`21vG#B1pza;zBqrBWXjT^LpF2-`78UjHRc6V ztXugB*Lz;QGb6(M!nqe^)eb-vq8xk@?lh+YLTARcTZ6S%fNN z4YBYWs960=qoLFMSA0CdKk@PZ;9bZqx7EP^MJxTGB>sH(e}Pi}t#ad2Ku$z|+wA^v z-@W+lzU#;C6#Z{go%?T7U19#7Ta&u-EHeJGMu(j=%Etdc7M}kCv+my0)7T)7`ybET zq18aBSvUR@ZJg*K3r-}OP7sHMyvwV2nwkbABoF}C{;+i-68}^^{@`uFWn{iI|HG7} z$^U`L!jRH7B<1zLPoA70IVK$H9Q{xFeDm+$GFS0Wc>Vv=QQ5mihYmEjr4ckuew*J` z8nWRwCcqNRdqe-{s{9^4#0%tx=RbTL5>qSt;%jK^X=4*!Ma1T`a|bYqQ<0K^tz}$_ zEbSxiqKAftMwF2NTs_{=?GY+cA~65&+4?j6=c@gK2446Etv@{YDQxas)te;80mpq9 z_BOA5@9x}~cjue3a#~rQG-tPO5n@Ty&Euip+S6l=tV;h?w-9aEGTk0rDejCPvJgDJ zt`VdkGtRn`$5T%eD7&Y*)BEH}8&T7I#I(OwBAj)TD&x|QUBSJ)z9R4$)yohu*QEz; z)wP)+3q1u*tKIciNBoYV3i;D?y9*%6EAU8Jnb@rR$mpZ(l3P>7oVflKXOe0l3c$=U ztntY1sGgi!0X4I&ocRjAqF1*ITZD*&cwq;Kv~l?#WIl2|Qu@n39UxNtO4R0c65(^R z7NYc{4M&E{yQ0vy=70f}p3O4hv6aH0%<2?fT1=5Fk*Pj!f?h&ya5f}Td>aaSs2m|MG|*BOUjPh#yY9?q{N-X(`d z)OY7pJ6`}AwxCV2st!c8n}9BfwQZN`$-1E0_J%2F!5!;dB1P6Kdg<2QGb!Y#HB}Tw zW%=gf6*&YTd+Og=@_h1sNWJQB@C=$t?HRd%whQZjGFGRJn-_6KeVFXA(*w77e+iOz zK_Xt3w!yKZPPN5P+@`=Yi`rQG*UQLFKs7>$6Ax=fO2SZ?uW_Xi_a{jp77NSJhiW&D zre<*XOMi3_Fk&Fx5*|Km?m9$?es3SShR7{=9ZYmMQrA_}ebo0p&h|FziwNN3kmS*N zG-$aU(DSY?psBTE;DnlKmno}+3Olhxdn3_;J@|~ROdWPMz=+&d-Rn*fKk?Pph8r1K z30J?ssETuSJ$D?DSfA8>tyxE%;MF}%PRyS6WXDF-`x`L?JD0y^=0{`^W51FswaNXzoL9e?E&kYZNHPdHB9P zdwfc%JT0U(L*hj7W-K9roJ+YCTnbDml|}n zlXk^PD?yOBoWGlEG6%p2kW@$GOtZ_bLN@YH85{!J-cSCk!19EA?nslVD%Jv%cD$IZ)V~OKW@0+7=?hR*-D{d17>u zE5|;M?!$N057`e7jQb_$)#v1`jyDxc^J#DMq-2$0nT^YWyJRcY%p@QB>T z&wMH&-OwZXNh|X8;Fv45h{N+0&b1!?qi`fpLxtR12>JK(%n!dQR`t(rZA>BE{h9sq zP4&I}zYoGP9^^yWZExQk9SY)MJx;WU<{1EAseACBk_qqv4j1-MPlx8pK^OT5)!8{B z(!A~7e9-!MAgM*|;FYgEIcwcb|If~SEIX!8YVS=TC)QQH{STQ>${6*o%OfNpvV4+v zMUftk0{b>%6YH+|+c!2p;4jm77sGm4&*JDLr-q%R~I%|{Sv;(U`;L02m(@1nvkx6`(}cNTtT z=YHF`(~|MtOsS)v##Bm6P&_su7{|X7Dn3J|fOk1u_bO6b zrEx9uM8&DkOI?Lw_?*S~E1ERCOrxKWp|JOHjk$bWrt-jbiU1_^l=-`d zRV$rO*^9efUWT-QW5c7|=IDZjpC75-v&9<3b(S3xjd7I{wGO?#Gf-l6WO&fJqFpy^ zGsM{sD#I7vHX9hHQaxub&)tLG;bdkC5bYQ?TxD;83mQRFx9@X^FlaK##e zRj>AzHut_Ror^E}7)lrYfL(RG>~P3{sHsXlN^HFd{i;y$a zb{%)Llx5591@yn$cop@huvh_k1i{M;3GGA#xRZ!L^l@%Q`SaQGJNV`o zMvau_xurv-=_-=bTGA#Gjid*s;j2L~HE^}coSy+Gzlt*CCQ=>Ts&bdB%5XC90k6Zo zA?Wce^nHymhJemVl8&odkbd^h=E%DV6|Q3G@lIsPbw`%#)Q6~s!1|10)Fi>y10bN& zP%4?L@0-GOmpg8cBP@|?m@6wC@NH#vU!zIq@Fq2!A+)I^n5vwkIP1+Ox!dxK1fPa( zp`-j(!{ayw6z>`{I?a4LkGA^EPJ4A<2yWYn$q3U8Ew{O-j2xgXC>v9w_rZidslIPDRW!4M4JBVyEwY)sFL?% z22%FscoZ!Qfpi3%lbS>KTeuo^->BY-G?6GCDv>#1)6D2;_X_8&Tid*w+i;t+{h$@q zWR@$gq?ZTKOpsLb!nrkPk{H?o6NrEM<;N~6(0PV(~z_Rsq1HP=-%UwJMOn+ z##GEc^pr97<@D;LR4?(J_)z`bb)Pf{i)M?5?)nH09K$Fiwi{R#RpDk5c-P$Xbdwcan%vUt_`maq1sx}e#6oikLhAUy2%jpe)-|Dh?j>`Hy@OjV@7M`EAr)knigZExrbE;;s*=tGd;QO*NSnJ>+LXq1|}GS?&kU&qwYX=iP@w#-8^tJFi_6$JlAY& zv}fQy-wJ;l*wN9@)U5YrdZsUn8q}{?P+F|fd4N#JYIP5r`lgGYWLaTSX}lFq^M*$= zLuGk_$XFa~^?rX_Iws<$i_}C@D={e}XRJrOV* z3cu9g2R<1U(2o?7-m_YqX`FL$mvh12Skm(Z-(kaHx(ch**$OWt*=J>KO8_hkzsW?K zt2}VoJ)q&|(HjJ+t7d}aywehs19|5lM9Fe7n+Kbl47=png3CBHQKagx4+`@Mr(t>S z)gii|hsfj^-ev=)$vo|~1ltiafQo@~xVng>iVgL0L0+-_;ff$N9OW#>s_`ZTu9E|% zPfBg{<7(!kO(27?DUUD68=RS@x?&Mi6mr>=@n3n*phb#7oi zMpNgzj-Q$wpP3DI$@}`F{&r0rlLMhDuV&4nUe%608o^|n|Jha(lvYCx>-5z@2|=9^ z+UWFexiQvhO7mpSJYQeAZYuyusw#_$4!!Q)o>j9F7%h7_^0Qw;U_{ao@v4Zd!&Bz1 z$X`!xspV7U!sil46uCGGBXX;~)B8FMFe9Gf6RvYw&zZWGXWsNp!7;JKifxxbBc z_gDKnn{sPO-bcIr916`YR2IC=#wFR#H)*aSUyZG;nqKcR=j51CSG0Ck(qcVKU6D~Z zvW@#a$uqVfx^or9gCeP%vH>WY65D{;2Sw&R#SoX+hxopIEoYw|tbxFqC z1^gUd#GCazqcfnAq z-`soEmF+c5=P#A*?GsSBXEhfLDUUcMpCafm;n3Dgqq#keD=cqb@JgFFA?22*yuh4~ z$0vFPJQwT0<)YqSxVw-*%ZL*|Hfm)`2pM@9N2V81MM$_e@#893E9p+%HhhPFyzSz@ z$#_ADXdJqWy^}Jaxag7LbJ=8f2bn9y`^315w8+(6HLdKut0_#$szs+>Jta=|bYdS| z3SIXq6sH^f%#FbrOXw6f8zxLjrMEuZ5Rpri_ygn$0!i{@kLN1uml*r8@!H62=TBO6 z#i@cj$^S0brV^W%qT@c~*bZZegcXkvdS{jrj(#QFB-G$3H?AC=P*SvUd-Hg-qA?|=uo|%nJWpdK=h8+ zlPim8N(-Dr(ntH0*`IuMR4{IG=5AdREv>j=_a zcCtbCxVK3;t-hT*`C9^IXR^w!li}^g8hcg!KuVv@iNH72@U1a%h;MaLybDMv&hI@e zFEfHDo4&wLxzC?M>ySCy%{9KT`T2lz)$Eu<9C@0Aq&qEuMaWf7$BHE;+oe2nx!IBN zhpAQ-uTpEal0=4nQ~D>hN(G8AK{b%HWeAFkRhP4q1b;?J4csTOqchj!;_P-skWL+~ z;zPXEw;ZMYqPHSZIa$`Es+PoDfEX<&50VLjk;#(Ib#Ev9BP1rpJ)FVtnxP?er-xC- zMqqR|!Lo-4pU!MNr=O0gES^H~i)0ue&~m%$LBBdh(VF6O?!h*Va|iXToA(T;m{xmU zzSoF|;+*zOZhLan6DvkhHG#BO$ri65#nY8J%yL_UM|-lSnrk`^H%&%iGMV4`!b%7A z6r`M%5ZP}7h)a`kvwlHMG9e)zho3pnIzMz^L;{Fnk@F_svSGBcB3GAWHWUHLn(1Nt zmUOQrs+pWNNa4boe=N%H6rL7X<#+OHf34*RVvi%6*2BZDl%-F{WbB;{TF2+v-C~e= z%flM{;uu~R-UdB>9H9NE3SbBMdd4lT>%aR@phhcE-qO??$eolsh#Su2l0O)eYc3Jf zZ_?{t9AYeMVE1%uj$ewA6j1QFBOP-?2F0Bl zCgkYBCW8-bZM6jXrAFZK`Jb}JxD>GuPpBl_p(c`dh&V)l*ZnSSrp!{6p?$`zJt62i zxe@32Xe+_Inc0hTv^-;&ha}Wdr`cXzp1qOqiM-hDgN}sX*!+~vW!K~U=I2hNZ_Mwh zh-YO_yfhw%HuK5wO&`ubEzX`9f0}|3x>^T^n|j8ahY2x9r`g7S%J0Q@$0!xbVtQT( zh27gCZ!H&55rNNx)_0;sU-pQ2?KSB|kG~h1`c)v})6u|5A@y=aiSH^j&4M4d#ntTu+g&4U2@r;Z{aw0P9}|$9wi4iXz$p!wStwKhcK?0M>F2 z zt1^5ZHh_)Z*hEpYpu&xN7oMw=F}qlhw;pDM32+y%tbBsLbg6;^%v?N>0A?DS+awew z&*RqtmvJ*XdPhC=9B4*H#B#QWF$Ilk#l z8Df`P9Ko}sD>e6+2U??-7A~6#==X6b=RQHDgRagpuFU&s74s!XpNk-qow(Wbm=G2I zPb$NH@%b4!uRSq-Qk_Ydvp!UZQUd(`0}*+Jo@S|e{p+BCR5!QD&tL63(dUBIbEPy94_J6JlY#rtH(`ev($Lr$S=)iP^Jskg!cA=^Rb3V`W21c{zc zDJ!k^T0_#=JRO4~Obya^%)i0svV%jL`sO@&8V#UTy0>kP)RZ`BlZ3@k{dvJ*dd(M3AkZ84md3 z=4RyL{5t_K>QY#6C?^EF{-_(xl|=|seKXdu*jV!}<51XZknAw?_1&^>X?lxH=giwi zOYG4ua3Sn9!UFpkn1fG5JF1q^CBEgv@!c;L-0|E73gx?>?M-h2f^OYQUD)!zRkU-T z$P^V&!qF&wKK|-jJ#zHBxsVK8Xo9ZC9UeDf#B6K1jgT6CG&ZSWL~kGhu5kl7>33{( z#aMn5zS}%(>!-Z6R0w-E>4tSPNcZ@t#&BajPYpqX8rSxFc}>na^%u+NQ3o6Hb&oY+cPE%vZa%ZUw0Q_@=e$S4^k zX%=(WBp?ujM)GK?JTS`(In>l7X48%0Pw|Xs9mfYi+$13$lmxjs(4w`m&Cx8SEry{i z`aOpG1yw;l|EQh^)@;?Pz-P4DOgzAW-#{5jZFPsC@U#&J!u}p=M`F8sei^cmV-;iyLL+R91c|iU~YK zR=H)YvagPZWzcgRUhsTE(vvR7SZ+L)ePNCAI`hmM+is*0)ZOEPzb2$G@~%r(Ds`D|eU_07qAh>R)N-)>)-igVtjv}0Ld zW@D>rY>1fOr8Cmsh`{c+Zh91m3?mrby=24lyTFBxtLin82Z8N~b4EjFKX+SGE{p2W z+WE%Wkf$}>?ljw>GS?;?6=x?E)CfhQ&?rp5W2mD-($|c&SbOqncnLb)D{HUYu**!X zq;Xc=!Ws#>PwrAldwbiWa%^3r2I3uM_)%s*>{sz18p$~uhI=}_F_$Nr$>k4;`O%;={%+j z>gXEE*1r8*;Pp|Sywey3Sn~FW^d?kp;HRh6OXw8%W_#zs6|E*JsyI2`xeay=JN%KJ z(`i*>T;Z)%Ot9|WOw{C_kY0@`(UUaE+iB9lcTS%spM#CC;DM;@jwq1iOSeIjHgl4- zc=rZ9r%^p{uakpIpQK0Y*Ty$i!$tLspWR1@J`vz&j%kc$APkX3W?p8wcSpb5eM05q zX&8TQ=gjIW?IMq7x;{HG;hv>gw9UxCm4V5&J^D^4M@~0naX;7F2cu<3!OrCQ`gzS> zqyAa6L%A*5hyh;ro`>TbF{l)ZHK2QtrOb)8AZ#qt$f1#eDGvPASnq~=1why6XBIG9 zD!6#louoDqRn*(8Pz=OZS{#k8+*8xFMx*jMK`WubGqDB57fQ_0eWFRc-Ax%0N2b3) z_Y!edTcuqu?DXU(Vo7lmAv+lP(+O4eZM~UCn;b67qewn6gf>F1INEDLB7z7^O@ADSr*5V0SEj|^O+>hzy?mC6noDTO(X!jMSzA@r(k|tTJ{QRp zxVS*s{zpDX4YVy56@#A_4U%0Ze`d=AFFl#s#KIt&%YHhX86oOWtE`{c*@D{enPp-$ z;WlUoj~%9@lP>C^({SWZ5`R%v!8X^Bpj{#O>i$a(eZ*x=f`MgyU0i*HB?+P3gtR^@ zgE2%|XAn;;3fa+PRCPE8SBD0`-Ij}zwDb{O%TB8E?CrnhbFcpt<(e1&z^aE#%uHBK z>3g3K;EmlwX*`~6+R(n*AowU&PgmPOJn^OOhW4F=G0BaJ!tukr$ojNH8iQ<4jN%$km_lH7=BD0MX}f(?uuXhp ziDCsdVJNF@n(ofG1Vh@_{0U^YZl4dt3hewHboB?73&c zx~BfAXlMB7x6NKNxVejJ!vPB6x{LSv>74H}Mmz?_h1*5N4APnPvbNS;8^LXqoWHE? z!ydp%jTLNHOr4=nrR<8oU$}%~kC|Py>xe3@|32b_LuExnm_b*O9No{r{qS-i?VwdV zlR{q2l({Vtz7cgI4?m8N zak9g``s`k^dTm|SrKjW6qE8uOR1oJ~1+%9PRE~-GtsHVSa zX-@`hN26P>&ZTUfo^o-S2cldR3~p79*4Ro%l;knyD6njncE1as_aY_$R2pjjYNGO$ zF;(Poim~-1MHFP#O{75Y^Pi_~elw-CEes#2i~0ER_<^F_q7b!Z@bm6S{gIZ%__F4br<4 ztW(?Q)C!MyBA%qu8kg>~R$na`R9t~4knPk+lA&KO89oFdK&=XXyXiOQu!ui~yDF6h z6`#sVx4saE2Tn@|04G>vjuqQTpX|;0REUq;_RBgv=RQV8OYee|hcRe78yd^0T9Re# z1as!Ti@xC99^`I$g3ErCyG+Qex`&|dL@r_lB67>8NhzKq=&W-KZpfS?kNh_$)N|9IM9`j26fZkjEWO<1T@#KYdtV|bt5R=D!i!V^T z`rFWF+6! zbmk&|+C6!Q7;vWm(bs3!!x^*7Hud@Lo&cHO<)`)Cj#jMjpAbWmPLrDOVc#r%|NZL1krsoi7Nn1AwRExj%hoR@3Qu4s zn@^(VRoxdxxL3Cmx^Uf5K?jI5@^;7N7lThS)WrjFM=3yLi~3cz27o^^?>ua`A%vmi zXlLkbd~CkBg=@uIhKF{(8CKs3n%~FS=B@wqs!j?*=Q{kP-J9hgu( zIBa&a9Gte+Q+dS^KrXLidr8k7Hk^eY2N5&}RVo^ow-(2jI559s!J2~z!R^a##8SR1 z8&bqZ4;)$XezVDD46I0#|J#>b}qR_8bBN(7U_l|Kc@`TwGiV8SDyDQb@oMNJ?s|iHXU#<6|cYNy+WQLrr;W z7wO-W **Antivirus**, and choose **+ Create Policy**. +2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.
      -3. Configure tamper protection as part of the new policy. + - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. + - In the **Profile** list, select **Windows Security experience (preview)**.
      + + The following screenshot illustrates how to create your policy: -4. Deploy the policy to your device collection. + + +3. Deploy the policy to your device collection. Need help? See the following resources: From 2408afa93bfd45fa3b301681409ff67f10fc1dc8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:37:51 -0700 Subject: [PATCH 147/153] screenshot --- ...dows-security- exp-policy-Endpoint-security.png} | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-antivirus/images/{Windows security experience policy in Endpoint security.png => Windows-security- exp-policy-Endpoint-security.png} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/Windows security experience policy in Endpoint security.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/Windows-security- exp-policy-Endpoint-security.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/images/Windows security experience policy in Endpoint security.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/Windows-security- exp-policy-Endpoint-security.png From bb72ca61983b1fb5ba5671017714a8127a43b28a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:38:35 -0700 Subject: [PATCH 148/153] screenshot --- ... win-security- exp-policy-Endpoint-security.png} | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-antivirus/images/{Windows-security- exp-policy-Endpoint-security.png => win-security- exp-policy-Endpoint-security.png} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/Windows-security- exp-policy-Endpoint-security.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-Endpoint-security.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/images/Windows-security- exp-policy-Endpoint-security.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-Endpoint-security.png From 84edb965784da73a0cb4e3bfc3f15582291d7409 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:39:16 -0700 Subject: [PATCH 149/153] endpoint --- ... => win-security- exp-policy-endpt-security.png} | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/security/threat-protection/microsoft-defender-antivirus/images/{win-security- exp-policy-Endpoint-security.png => win-security- exp-policy-endpt-security.png} (100%) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-Endpoint-security.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-endpt-security.png similarity index 100% rename from windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-Endpoint-security.png rename to windows/security/threat-protection/microsoft-defender-antivirus/images/win-security- exp-policy-endpt-security.png From 3db7d294ba33fbec45d5a6f4216624ad2de810ca Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:40:11 -0700 Subject: [PATCH 150/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...nt-changes-to-security-settings-with-tamper-protection.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index e3239afab7..891b169717 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -138,12 +138,13 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c 2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.
      - - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. + - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. + - In the **Profile** list, select **Windows Security experience (preview)**.
      The following screenshot illustrates how to create your policy: - + :::image type="content" source="images/win-security- exp-policy-endpt-security.png" alt-text="Windows security experience in Endpoint Manager"::: 3. Deploy the policy to your device collection. From 9eea6c6c8fae339abd7968820b9da96a05d03dcd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 14 Oct 2020 09:43:04 -0700 Subject: [PATCH 151/153] Update prevent-changes-to-security-settings-with-tamper-protection.md --- ...ent-changes-to-security-settings-with-tamper-protection.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 891b169717..44171dcc93 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -150,14 +150,10 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c Need help? See the following resources: -- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy) - - [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings) - [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) -- [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy) - ## View information about tampering attempts From 037984625e192cb45256bd902023532de6aa3269 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 14 Oct 2020 10:06:35 -0700 Subject: [PATCH 152/153] pencil edit --- ...event-changes-to-security-settings-with-tamper-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 44171dcc93..6cc3ece08f 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -240,7 +240,7 @@ No. Local admins cannot change or modify tamper protection settings. ### What happens if my device is onboarded with Microsoft Defender for Endpoint and then goes into an off-boarded state? -If a devices is offboarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. +If a device is off-boarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices. ### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center? From 31c5cb638c9845ff6509953719ad0b7e7450dcdc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 14 Oct 2020 10:35:49 -0700 Subject: [PATCH 153/153] delete old file --- .../ios-privacy-statement.md | 60 ------------------- 1 file changed, 60 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md deleted file mode 100644 index 04c810e52c..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Microsoft Defender ATP for iOS note on Privacy -ms.reviewer: -description: Describes the Microsoft Defender ATP for iOS Privacy -keywords: microsoft, defender, atp, iOS, license, terms, application, use, installation, service, feedback, scope, -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: sunasing -author: sunasing -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint -ms.topic: conceptual -hideEdit: true ---- - -# Microsoft Defender ATP for iOS note on Privacy - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -## What information can my organization see when I use Microsoft Defender ATP on iOS - -Your organization cannot see your personal information when you use Microsoft Defender ATP. Microsoft Defender ATP sends certain pieces of information from your device to the ATP portal, such as device threat level, device model, and serial number. Your organization uses this information to help protect you from web-based attacks. - -**What your organization can never see:** - -- Calling and web browsing history -- Email and text messages -- Contacts -- Calendar -- Passwords -- Pictures, including what's in the photos app or camera roll -- Files - -**What your organization can see:** - -- Malicious Connections that were blocked by Microsoft Defender ATP -- Device model, like iPhone 11 -- Operating system and version, like iOS 12.0.1 -- Device name -- Device serial number - -## VPN Usage - -Microsoft Defender ATP for iOS uses VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. - -## More on Privacy - -[More information about Privacy](https://aka.ms/mdatpiosmainprivacystatement) - - -

    Windows Edition Supported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecross mark
    Educationcross mark
    HoloLens (1st gen) Development Edition cross markWindows Edition Supported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecross mark
    Educationcross mark
    HoloLens (1st gen) Development Edition cross markWindows Edition Supported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecross mark
    Educationcross mark
    HoloLens (1st gen) Development Edition cross markWindows Edition Supported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecross mark
    Educationcross mark
    HoloLens (1st gen) Development Edition cross markWindows Edition Supported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecross mark
    Educationcross mark
    HoloLens (1st gen) Development Edition cross mark
    ErrorContext valueStage where error occuredStage where error occurred Description and suggestions