From 8a84a248cc00a728858aa7c57451097ff605066e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 2 Aug 2018 14:27:09 -0700 Subject: [PATCH 1/7] fixed eg toc --- windows/security/threat-protection/TOC.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 6340403e0b..8127f557f1 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -306,18 +306,18 @@ ###### [Requirements for virtualization-based protection of code integrity](windows-defender-exploit-guard\requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) ###### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard\enable-virtualization-based-protection-of-code-integrity.md) #### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md) -#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md) -#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md) -#### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md) -#### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md) +##### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md) +##### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md) +##### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md) +##### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md) #### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md) -#### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md) -#### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md) -#### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md) +##### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md) +##### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md) +##### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md) #### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md) -#### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md) -#### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md) -#### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md) +##### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md) +##### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md) +##### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md) From f63f980de0f817069d2dceb6ab804996fd82b177 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 2 Aug 2018 21:28:31 +0000 Subject: [PATCH 2/7] Updated microsoft-edge-kiosk-mode-deploy.md --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 778a0a5819..b102a3e28a 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -215,7 +215,7 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie | [AllowSideloadingOfExtensions](new-policies.md#allow-sideloading-of-extensions)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | | [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | ![Supported](images/148767.png) | | [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | -| [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-start-and-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | +| [AllowTabPreloading](new-policies.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | | [AllowWebContentOnNewTabPage](available-policies.md#allow-web-content-on-new-tab-page)\* | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | | [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | | [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Not supported](images/148766.png) | ![Supported](images/148767.png) | From 91086c2417a36c5f58f8c4370470c126c98ef6b3 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 2 Aug 2018 21:30:26 +0000 Subject: [PATCH 3/7] Updated how-hardware-based-containers-help-protect-windows.md --- .../how-hardware-based-containers-help-protect-windows.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md index 2dfe986c88..2e381d417a 100644 --- a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md +++ b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md @@ -48,9 +48,4 @@ While Windows Defender System Guard provides advanced protection that will help As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. -<<<<<<< HEAD -![Windows Defender System Guard](../hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png) -======= ![Windows Defender System Guard](images/windows-defender-system-guard-validate-system-integrity.png) - ->>>>>>> 7baf18acbf0bb4554c3ba195434e88bd8b347db2 From 170a9d071d30437bece6016229b3a26ea8190941 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 2 Aug 2018 21:30:51 +0000 Subject: [PATCH 4/7] Updated how-hardware-based-containers-help-protect-windows.md --- .../how-hardware-based-containers-help-protect-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md index 2e381d417a..d7c4385d89 100644 --- a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md +++ b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md @@ -48,4 +48,4 @@ While Windows Defender System Guard provides advanced protection that will help As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. -![Windows Defender System Guard](images/windows-defender-system-guard-validate-system-integrity.png) +![Windows Defender System Guard](../hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png) From bc444ed60a689c3b63012e1173a4149ae706c752 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 2 Aug 2018 21:37:28 +0000 Subject: [PATCH 5/7] Updated how-hardware-based-containers-help-protect-windows.md --- .../how-hardware-based-containers-help-protect-windows.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md index d7c4385d89..056c2269d3 100644 --- a/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md +++ b/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md @@ -32,7 +32,7 @@ After successful verification and startup of the device’s firmware and Windows This is where Windows Defender System Guard protection begins with its ability to ensure that only properly signed and secure Windows files and drivers, including third party, can start on the device. At the end of the Windows boot process, System Guard will start the system’s antimalware solution, which scans all third party drivers, at which point the system boot process is completed. In the end, Windows Defender System Guard helps ensure that the system securely boots with integrity and that it hasn’t been compromised before the remainder of your system defenses start. -![Boot time integrity](../hardware-protection/images/windows-defender-system-guard-boot-time-integrity.png) +![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png) ## Maintaining integrity of the system after it’s running (run time) @@ -48,4 +48,4 @@ While Windows Defender System Guard provides advanced protection that will help As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. -![Windows Defender System Guard](../hardware-protection/images/windows-defender-system-guard-validate-system-integrity.png) +![Windows Defender System Guard](images/windows-defender-system-guard-validate-system-integrity.png) From ae0e60fe4d7da71d8775dbf8533e29b7d5646464 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 2 Aug 2018 14:41:14 -0700 Subject: [PATCH 6/7] added local policy caveat --- .../applocker/delete-an-applocker-rule.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index 1e2f6134bf..75aca3415c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -16,15 +16,17 @@ ms.date: 08/02/2018 - Windows 10 - Windows Server -This topic for IT professionals describes the steps to delete an AppLocker rule. +This topic for IT professionals describes the steps to delete an AppLocker rule. As older apps are retired and new apps are deployed in your organization, it will be necessary to modify the application control policies. If an app becomes unsupported by the IT department or is no longer allowed due to the organization's security policy, then deleting the rule or rules associated with that app will prevent the app from running. For info about testing an AppLocker policy to see what rules affect which files or applications, see [Test an AppLocker policy by Using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md). -You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer +You can perform this task by using the Group Policy Management Console for an AppLocker policy in a GPO or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). +These steps apply only for locally managed devices. If the device has AppLocker policies applied by using MDM or a Group Policy Object (GPO), the local policy will not override those settings. + **To delete a rule in an AppLocker policy** 1. Open the AppLocker console. From 6433c2f0f119945178e7c51d29031eba0c288305 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 2 Aug 2018 14:44:49 -0700 Subject: [PATCH 7/7] copyedit --- .../applocker/delete-an-applocker-rule.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index 75aca3415c..5ee0ccdb96 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -22,10 +22,10 @@ As older apps are retired and new apps are deployed in your organization, it wil For info about testing an AppLocker policy to see what rules affect which files or applications, see [Test an AppLocker policy by Using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md). -You can perform this task by using the Group Policy Management Console for an AppLocker policy in a GPO or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer +You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). -These steps apply only for locally managed devices. If the device has AppLocker policies applied by using MDM or a Group Policy Object (GPO), the local policy will not override those settings. +These steps apply only for locally managed devices. If the device has AppLocker policies applied by using MDM or a GPO, the local policy will not override those settings. **To delete a rule in an AppLocker policy**