diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 9efa92de94..fc15a38c27 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -320,4 +320,5 @@ #### [WindowsLicensing DDF file](windowslicensing-ddf-file.md) ### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) #### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md) - +### [WiredNetwork CSP](wirednetwork-csp.md) +#### [WiredNetwork DDF file](wirednetwork-ddf-file.md) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 5c5d9301ff..5cbbae1bca 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -30,6 +30,7 @@ Footnotes: - 2 - Added in Windows 10, version 1703 - 3 - Added in Windows 10, version 1709 - 4 - Added in Windows 10, version 1803 +- 5 - Added in Windows 10, next major version
@@ -2531,6 +2532,34 @@ Footnotes: + +[WiredNetwork CSP](wirednetwork-csp.md) + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark5check mark5check mark5check mark5check mark5check mark5
+ + + + [w7 APPLICATION CSP](w7-application-csp.md) @@ -2568,6 +2597,7 @@ Footnotes: - 2 - Added in Windows 10, version 1703 - 3 - Added in Windows 10, version 1709 - 4 - Added in Windows 10, version 1803 +- 5 - Added in Windows 10, next major version ## CSP DDF files download @@ -2614,6 +2644,7 @@ The following list shows the configuration service providers supported in Window - 2 - Added in Windows 10, version 1703 - 3 - Added in Windows 10, version 1709 - 4 - Added in Windows 10, version 1803 +- 5 - Added in Windows 10, next major version ## CSPs supported in Microsoft Surface Hub diff --git a/windows/client-management/mdm/images/provisioning-csp-wifi.png b/windows/client-management/mdm/images/provisioning-csp-wifi.png index 463a784f95..f5891084ea 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-wifi.png and b/windows/client-management/mdm/images/provisioning-csp-wifi.png differ diff --git a/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png b/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png new file mode 100644 index 0000000000..2fd93631ff Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-wirednetwork.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 83d93b958d..5e145ab167 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1638,6 +1638,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware +[Wifi CSP](wifi-csp.md) +

Added a new node WifiCost.

+ + [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)

Recent changes:

+ +[WiredNetwork CSP](wirednetwork-csp.md) +New CSP added in Windows 10, next major version. + diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index 6e43514e39..f1d6952717 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 04/16/2018 +ms.date: 06/28/2018 --- # WiFi CSP @@ -59,8 +59,6 @@ If it exists in the blob, the **keyType** and **protected** elements must come b > **Note**  If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](http://go.microsoft.com/fwlink/p/?LinkId=618963). -  - The supported operations are Add, Get, Delete, and Replace. **Proxy** @@ -96,6 +94,17 @@ Added in Windows 10, version 1607. Optional. When set to true it enables Web Pr Value type is bool. +**WiFiCost** +Added in Windows 10, next major version. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behaviour: Unrestricted. + +Supported values: + +- 1 - Unrestricted - unlimited connection +- 2 - Fixed - capacity constraints up to a certain data limit +- 3 - Variable - paid on per byte basic + +Supported operations are Add, Get, Replace and Delete. Value type is integer. + ## Examples diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index b5bcd3d75e..e8bbb6795d 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 06/26/2017 +ms.date: 06/28/2018 --- # WiFi DDF file @@ -15,7 +15,190 @@ ms.date: 06/26/2017 This topic shows the OMA DM device description framework (DDF) for the **WiFi** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Content under development and will be published soon. +The XML below is for Windows 10, next major version. + +``` syntax + + +]> + + 1.2 + + WiFi + ./Vendor/MSFT + + + + + + + + + + + + + + + com.microsoft/1.1/MDM/WiFi + + + + Profile + + + + + + + + + + + + + + + + + + + + + + + + + + + The Profile name of the Wi-Fi network. This is added when WlanXML node is added and deleted when Wlanxml is deleted. + + + + + + + + + + SSID + + + + + + WlanXml + + + + + + + + + XML describing the network configuration and follows Windows WLAN_profile schema. + Link to schema: http://msdn.microsoft.com/en-us/library/windows/desktop/ms707341(v=vs.85).aspx + + + + + + + + + + + + text/plain + + + + + Proxy + + + + + + + + Optional node. The format is url:port. Configuration of the network proxy (if any). + + + + + + + + + + + + + + text/plain + + + + + ProxyPacUrl + + + + + + + + Optional node. URL to the PAC file location. + + + + + + + + + + + + + + text/plain + + + + + ProxyWPAD + + + + + + + + Optional node: The presence of the field enables WPAD for proxy lookup. + + + + + + + + + + + text/plain + + + + + + + +``` ## Related topics diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md new file mode 100644 index 0000000000..6a06c59879 --- /dev/null +++ b/windows/client-management/mdm/wirednetwork-csp.md @@ -0,0 +1,34 @@ +--- +title: WiredNetwork CSP +description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: MariciaAlforque +ms.date: 06/27/2018 +--- + +# WiredNetwork CSP + +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, next major version. + +The following diagram shows the WiredNetwork configuration service provider in tree format. + +![WiredNetwork CSP diagram](images/provisioning-csp-wirednetwork.png) + +**./Device/Vendor/MSFT/WiredNetwork** +Root node. + +**LanXML** +Optional. XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx. + +Supported operations are Add, Get, Replace, and Delete. Value type is string. + +**EnableBlockPeriod** + Optional. Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt. + +Supported operations are Add, Get, Replace, and Delete. Value type is integer. \ No newline at end of file diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md new file mode 100644 index 0000000000..0a156256a0 --- /dev/null +++ b/windows/client-management/mdm/wirednetwork-ddf-file.md @@ -0,0 +1,167 @@ +--- +title: WiredNetwork DDF file +description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. +ms.author: maricia +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: MariciaAlforque +ms.date: 06/28/2018 +--- + +# WiredNetwork DDF file + + +This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. This CSP was added in Windows 10, version 1511. + +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). + +The XML below is the current version for this CSP. + +``` syntax + +]> + + 1.2 + + WiredNetwork + ./User/Vendor/MSFT + + + + + + + + + + + + + + + + + + + LanXML + + + + + + + + XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx + + + + + + + + + + + text/plain + + + + + EnableBlockPeriod + + + + + + + + Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt. + + + + + + + + + + + text/plain + + + + + + WiredNetwork + ./Device/Vendor/MSFT + + + + + + + + + + + + + + + + + + + LanXML + + + + + + + + XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx + + + + + + + + + + + text/plain + + + + + EnableBlockPeriod + + + + + + + + Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt. + + + + + + + + + + + text/plain + + + + + +``` \ No newline at end of file diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index bca4cfe0a9..10b578947d 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -4,10 +4,10 @@ description: Deployment rings in Windows 10 are similar to the deployment groups ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha -ms.date: 07/27/2017 +ms.author: jaimeo +ms.date: 07/11/2018 --- # Build deployment rings for Windows 10 updates @@ -38,9 +38,7 @@ Table 1 provides an example of the deployment rings you might use. | Critical | Semi-annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization | >[!NOTE] ->In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC servicing channel does not receive feature updates. -> ->Windows Insider PCs must be enrolled manually on each device and serviced based on the Windows Insider level chosen in the **Settings** app on that particular PC. Feature update servicing for Windows Insider devices is done completely through Windows Update; no servicing tools can manage Windows Insider feature updates. +>In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC does not receive feature updates. As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. @@ -66,6 +64,7 @@ As Table 1 shows, each combination of servicing channel and deployment group is - [Configure Windows Update for Business](waas-configure-wufb.md) - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) +- [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure) - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md) - [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md index 37f12a310f..3bf18afce3 100644 --- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md +++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: deploy author: jaimeo ms.author: jaimeo -ms.date: 07/02/2018 +ms.date: 07/11/2018 ms.localizationpriority: high --- @@ -229,3 +229,6 @@ System Center Configuration Manager (SCCM) considers a device ready to upgrade i Currently, you can choose the criteria you wish to use: - To use the SCCM criteria, create the collection of devices ready to upgrade within the SCCM console (using the analytics connector). - To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the SCCM collection from that spreadsheet. + +### How does Upgrade Readiness collect the inventory of devices and applications? +For details about this process and some tips, see [How does Upgrade Readiness in WA collects application inventory for your OMS workspace?](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-does-Upgrade-Readiness-in-WA-collects-application-inventory/ba-p/213586) on the Windows Analytics blog. \ No newline at end of file diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md index 29a5d2fc39..66780914d3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 05/03/2018 +ms.date: 07/10/2018 --- # BitLocker To Go FAQ @@ -18,5 +18,7 @@ ms.date: 05/03/2018 ## What is BitLocker To Go? -BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. +BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems. + +As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel. diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md index d871cf396b..1edcded5ee 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 05/03/2018 +ms.date: 07/10/2018 --- # Using BitLocker with other programs FAQ @@ -89,11 +89,11 @@ Yes. However, shadow copies made prior to enabling BitLocker will be automatical BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run. - With TPM - Yes it is supported -- Without TPM - Yes it is supported (with password ) protector +- Without TPM - Yes it is supported (with password protector) -BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2. +BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012. ## Can I use BitLocker with virtual machines (VMs)? -Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (in **Settings** under **Accounts** > **Access work or school** > **Connect** to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators. +Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (via **Settings** > **Accounts** > **Access work or school** > **Connect**) to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators. diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 1fa8a3afba..0743b419b6 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -41,10 +41,7 @@ The recovery process included in this topic only works for desktop devices. WIP >[!Important] >Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location. -4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as Microsoft Intune or System Center Configuration Manager. - - >[!Note] - >To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic. +4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md). ## Verify your data recovery certificate is correctly set up on a WIP client computer @@ -52,7 +49,7 @@ The recovery process included in this topic only works for desktop devices. WIP 2. Open an app on your protected app list, and then create and save a file so that it’s encrypted by WIP. -3. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command: +3. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command: cipher /c filename diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 10ad578044..a293cb908b 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -8,7 +8,7 @@ ms.pagetype: security author: justinha ms.author: justinha ms.localizationpriority: medium -ms.date: 05/30/2018 +ms.date: 07/10/2018 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune @@ -379,7 +379,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor 1. From the **App policy** blade, click the name of your policy, and then click **Required settings**. -2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add additional domains, for example your email domains, you can do it in the **Advanced settings** area. +2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add domains, for example your email domains, you can do it in the **Advanced settings** area. ![Microsoft Intune, Set your corporate identity for your organization](images/wip-azure-required-settings-corp-identity.png) @@ -487,7 +487,7 @@ After you've decided where your protected apps can access enterprise data on you - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are: - - **On (recommended).** Turns on the feature and provides the additional protection. + - **On.** Turns on the feature and provides the additional protection. - **Off, or not configured.** Doesn't enable this feature. @@ -497,7 +497,7 @@ After you've decided where your protected apps can access enterprise data on you - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions. - - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: + - **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are: - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu. @@ -509,6 +509,12 @@ After you've decided where your protected apps can access enterprise data on you - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP. + - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files. + + - **On.** Starts Windows Search Indexer to index encrypted files. + + - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files. + ## Choose to set up Azure Rights Management with WIP WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png index 517c4a4ad3..7fff387ab2 100644 Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png differ diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png index 7775888473..cd8e0d0388 100644 Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png differ diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png index c467cd1e24..752ea852ce 100644 Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png differ diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png index bdd625c9c6..734f23b46c 100644 Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png differ diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 2dfc1630ad..b019f68b3c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -78,7 +78,7 @@ For October 2017, we are announcing an update to system.management.automation.dl Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet: -``` +```xml 10.0.0.0