From 2ec15d173352969d2c4cdfa1e14b5a7a862707a6 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 2 May 2018 08:59:00 -0700 Subject: [PATCH 1/5] added known issue for msi files --- ...er-application-control-deployment-guide.md | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index a4d05d50a0..5cd18cac3b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: jsuther1974 -ms.date: 02/27/2018 +ms.date: 05/02/2018 --- # Planning and getting started on the Windows Defender Application Control deployment process @@ -60,5 +60,25 @@ This topic provides a roadmap for planning and getting started on the Windows De 8. Enable desired virtualization-based security (VBS) features. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by Windows Defender Application Control. - > [!WARNING] - > Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error). +## Known issues + +This section covers known issues with WDAC and Device Guard. Virtualization-based protection of code integrity may be incompatible with some devices and applications, which might cause unexpected failures, data loss, or a blue screen error (also called a stop error). +Test this configuration in your lab before enabling it in production. + +### MSI Installations are blocked by WDAC + +Installing .msi files directly from the internet to a computer protected by WDAC will fail. +For example, this command will not work: + +```code +msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi +``` + +As a workaround, download the MSI file and run it locally: + + +```code +msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi +``` + + From cf60775555c4522b546cd57ad203e8c5249767b6 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 16 May 2018 00:56:41 +0000 Subject: [PATCH 2/5] Merged PR 8245: Update privacy docset breadcrumb --- windows/hub/breadcrumb/toc.yml | 3 +++ windows/privacy/breadcrumb/toc.yml | 3 --- windows/privacy/docfx.json | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 windows/privacy/breadcrumb/toc.yml diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml index 2d61591d22..dd69dd086f 100644 --- a/windows/hub/breadcrumb/toc.yml +++ b/windows/hub/breadcrumb/toc.yml @@ -25,6 +25,9 @@ - name: Mobile Device Management tocHref: /windows/client-management/mdm/ topicHref: /windows/client-management/mdm/index + - name: Privacy + tocHref: /windows/privacy/ + topicHref: /windows/privacy/index - name: Security tocHref: /windows/security/ topicHref: /windows/security/index diff --git a/windows/privacy/breadcrumb/toc.yml b/windows/privacy/breadcrumb/toc.yml deleted file mode 100644 index 61d8fca61e..0000000000 --- a/windows/privacy/breadcrumb/toc.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / \ No newline at end of file diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json index b801f0325c..801539efd6 100644 --- a/windows/privacy/docfx.json +++ b/windows/privacy/docfx.json @@ -33,8 +33,7 @@ "externalReference": [], "globalMetadata": { "uhfHeaderId": "MSDocsHeader-WindowsIT", - "breadcrumb_path": "/windows/privacy/breadcrumb/toc.json", - "extendBreadcrumb": true, + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", "ms.technology": "windows", "ms.topic": "article", "ms.author": "daniha", From 264f06d9834e80b58f7bf01229b7ff32475cbd36 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 16 May 2018 01:01:56 +0000 Subject: [PATCH 3/5] Merged PR 8254: Some formatting and content fixes --- windows/privacy/gdpr-it-guidance.md | 2 +- windows/privacy/manage-windows-endpoints.md | 6 +- ...ws-personal-data-services-configuration.md | 397 ++++++++++-------- 3 files changed, 219 insertions(+), 186 deletions(-) diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index 06a4930af2..a87e41b1a2 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -178,7 +178,7 @@ If an IT organization has not disabled this policy, users within the organizatio Windows 10, version 1803, and later can provide users with a notification during their logon. If the IT organization has not disabled the Group Policy **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in change notifications** or the MDM policy **ConfigureTelemetryOptInChangeNotification**, Windows diagnostic data notifications can appear at logon so that the users of a device are aware of the data collection. -This notification can also be shown when the diagnostic level for the device was changed. For instance, if the telemetry level on the device is set to “Basic” and the IT organization changes it to “Full”, users will be notified on their next logon. +This notification can also be shown when the diagnostic level for the device was changed. For instance, if the diagnostic level on the device is set to “Basic” and the IT organization changes it to “Full”, users will be notified on their next logon. ### Diagnostic Data Viewer (DDV) diff --git a/windows/privacy/manage-windows-endpoints.md b/windows/privacy/manage-windows-endpoints.md index 692310a8a3..d0be3c4145 100644 --- a/windows/privacy/manage-windows-endpoints.md +++ b/windows/privacy/manage-windows-endpoints.md @@ -24,13 +24,13 @@ Some Windows components, app, and related services transfer data to Microsoft ne - Connecting to the cloud to store and access backups. - Using your location to show a weather forecast. -This article lists different endpoints that are available on a clean installation of Windows 10 Enterprise, version 1709 and later. +This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. We used the following methodology to derive these network endpoints: -1. Set up the latest version of Windows 10 Enterprise test virtual machine using the default settings. +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. @@ -39,6 +39,8 @@ We used the following methodology to derive these network endpoints: > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. +## Windows 10 Enterprise connection endpoints + ## Apps The following endpoint is used to download updates to the Weather app Live Tile. diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md index ab9988ab42..4b824f3b1d 100644 --- a/windows/privacy/windows-personal-data-services-configuration.md +++ b/windows/privacy/windows-personal-data-services-configuration.md @@ -43,44 +43,49 @@ This setting determines the amount of Windows diagnostic data sent to Microsoft. #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | -| **Policy Name** | Allow Telemetry | -| **Default setting** | 2 - Enhanced | -| **Recommended** | 2 - Enhanced | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | +>| **Policy Name** | Allow Telemetry | +>| **Default setting** | 2 - Enhanced | +>| **Recommended** | 2 - Enhanced | -| | | -|:-|:-| -| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | -| **Policy Name** | Allow Telemetry | -| **Default setting** | 2 - Enhanced | -| **Recommended** | 2 - Enhanced | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | +>| **Policy Name** | Allow Telemetry | +>| **Default setting** | 2 - Enhanced | +>| **Recommended** | 2 - Enhanced | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection | -| **Value** | AllowTelemetry | -| **Type** | REG_DWORD | -| **Setting** | "00000002" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection | +>| **Value** | AllowTelemetry | +>| **Type** | REG_DWORD | +>| **Setting** | "00000002" | -| | | -|:-|:-| -| **Registry key** | HKCU\Software\Policies\Microsoft\Windows\DataCollection | -| **Value** | AllowTelemetry | -| **Type** | REG_DWORD | -| **Setting** | "00000002" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKCU\Software\Policies\Microsoft\Windows\DataCollection | +>| **Value** | AllowTelemetry | +>| **Type** | REG_DWORD | +>| **Setting** | "00000002" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | System | -| **Policy** | AllowTelemetry (scope: device and user) | -| **Default setting** | 2 – Enhanced | -| **Recommended** | 2 – Allowed | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | System | +>| **Policy** | AllowTelemetry (scope: device and user) | +>| **Default setting** | 2 – Enhanced | +>| **Recommended** | 2 – Allowed | ### Diagnostic opt-in change notifications @@ -88,30 +93,33 @@ This setting determines whether a device shows notifications about Windows diagn #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | -| **Policy Name** | Configure telemetry opt-in change notifications | -| **Default setting** | Enabled | -| **Recommended** | Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | +>| **Policy Name** | Configure telemetry opt-in change notifications | +>| **Default setting** | Enabled | +>| **Recommended** | Enabled | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection | -| **Value** | DisableTelemetryOptInChangeNotification | -| **Type** | REG_DWORD | -| **Setting** | "00000001" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection | +>| **Value** | DisableTelemetryOptInChangeNotification | +>| **Type** | REG_DWORD | +>| **Setting** | "00000001" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | System | -| **Policy** | ConfigureTelemetryOptInChangeNotification | -| **Default setting** | 0 – Enabled | -| **Recommended** | 0 – Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | System | +>| **Policy** | ConfigureTelemetryOptInChangeNotification | +>| **Default setting** | 0 – Enabled | +>| **Recommended** | 0 – Enabled | ### Configure telemetry opt-in setting user interface @@ -119,30 +127,33 @@ This setting determines whether people can change their own Windows diagnostic d #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | -| **Policy Name** | Configure telemetry opt-in setting user interface | -| **Default setting** | Enabled | -| **Recommended** | Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds | +>| **Policy Name** | Configure telemetry opt-in setting user interface | +>| **Default setting** | Enabled | +>| **Recommended** | Enabled | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection | -| **Value** | DisableTelemetryOptInSettingsUx | -| **Type** | REG_DWORD | -| **Setting** | "00000001" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection | +>| **Value** | DisableTelemetryOptInSettingsUx | +>| **Type** | REG_DWORD | +>| **Setting** | "00000001" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | System | -| **Policy** | ConfigureTelemetryOptInSettingsUx | -| **Default setting** | 0 – Enabled | -| **Recommended** | 0 – Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | System | +>| **Policy** | ConfigureTelemetryOptInSettingsUx | +>| **Default setting** | 0 – Enabled | +>| **Recommended** | 0 – Enabled | ## Policies affecting personal data protection managed by the Enterprise IT @@ -158,66 +169,73 @@ The following settings determine whether fixed and removable drives are protecte #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Fixed Data Drives | -| **Policy Name** | Deny write access to fixed drives not protected by BitLocker | -| **Default setting** | Not configured | -| **Recommended** | Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Fixed Data Drives | +>| **Policy Name** | Deny write access to fixed drives not protected by BitLocker | +>| **Default setting** | Not configured | +>| **Recommended** | Enabled | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE | -| **Value** | FDVDenyWriteAccess | -| **Type** | REG_DWORD | -| **Setting** | "00000001" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE | +>| **Value** | FDVDenyWriteAccess | +>| **Type** | REG_DWORD | +>| **Setting** | "00000001" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | BitLocker | -| **Policy** | RemovableDrivesRequireEncryption | -| **Default setting** | Disabled | -| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#fixeddrivesrequireencryption)) | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | BitLocker | +>| **Policy** | RemovableDrivesRequireEncryption | +>| **Default setting** | Disabled | +>| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#fixeddrivesrequireencryption)) | #### Removable Data Drives #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Removable Data Drives | -| **Policy Name** | Deny write access to removable drives not protected by BitLocker | -| **Default setting** | Not configured | -| **Recommended** | Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Removable Data Drives | +>| **Policy Name** | Deny write access to removable drives not protected by BitLocker | +>| **Default setting** | Not configured | +>| **Recommended** | Enabled | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE | -| **Value** | RDVDenyWriteAccess | -| **Type** | REG_DWORD | -| **Setting** | "00000001" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\System\CurrentControlSet\Policies\Microsoft\FVE | +>| **Value** | RDVDenyWriteAccess | +>| **Type** | REG_DWORD | +>| **Setting** | "00000001" | -| | | -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\FVE | -| **Value** | RDVDenyCrossOrg | -| **Type** | REG_DWORD | -| **Setting** | "00000000" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\FVE | +>| **Value** | RDVDenyCrossOrg | +>| **Type** | REG_DWORD | +>| **Setting** | "00000000" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | BitLocker | -| **Policy** | RemovableDrivesRequireEncryption | -| **Default setting** | Disabled | -| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#removabledrivesrequireencryption)) | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | BitLocker | +>| **Policy** | RemovableDrivesRequireEncryption | +>| **Default setting** | Disabled | +>| **Recommended** | Enabled (see [instructions](/windows/client-management/mdm/bitlocker-csp#removabledrivesrequireencryption)) | ### Privacy – AdvertisingID @@ -225,30 +243,33 @@ This setting determines if the advertising ID, which preventing apps from using #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\System\User Profiles | -| **Policy Name** | Turn off the advertising ID | -| **Default setting** | Not configured | -| **Recommended** | Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\System\User Profiles | +>| **Policy Name** | Turn off the advertising ID | +>| **Default setting** | Not configured | +>| **Recommended** | Enabled | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo | -| **Value** | DisabledByGroupPolicy | -| **Type** | REG_DWORD | -| **Setting** | "00000001" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo | +>| **Value** | DisabledByGroupPolicy | +>| **Type** | REG_DWORD | +>| **Setting** | "00000001" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | Privacy | -| **Policy** | DisableAdvertisingId | -| **Default setting** | 65535 (default) - Not configured | -| **Recommended** | 1 – Enabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | Privacy | +>| **Policy** | DisableAdvertisingId | +>| **Default setting** | 65535 (default) - Not configured | +>| **Recommended** | 1 – Enabled | ### Edge @@ -259,44 +280,49 @@ These settings whether employees send “Do Not Track” from the Microsoft Edge #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge | -| **Policy Name** | Configure Do Not Track | -| **Default setting** | Disabled | -| **Recommended** | Disabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge | +>| **Policy Name** | Configure Do Not Track | +>| **Default setting** | Disabled | +>| **Recommended** | Disabled | -| | | -|:-|:-| -| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Microsoft Edge | -| **Policy Name** | Configure Do Not Track | -| **Default setting** | Disabled | -| **Recommended** | Disabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Microsoft Edge | +>| **Policy Name** | Configure Do Not Track | +>| **Default setting** | Disabled | +>| **Recommended** | Disabled | #### Registry -| | | -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main | -| **Value** | DoNotTrack | -| **Type** | REG_DWORD | -| **Setting** | "00000000" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main | +>| **Value** | DoNotTrack | +>| **Type** | REG_DWORD | +>| **Setting** | "00000000" | -| | | -|:-|:-| -| **Registry key** | HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main | -| **Value** | DoNotTrack | -| **Type** | REG_DWORD | -| **Setting** | "00000000" | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Registry key** | HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main | +>| **Value** | DoNotTrack | +>| **Type** | REG_DWORD | +>| **Setting** | "00000000" | #### MDM -| | | -|:-|:-| -| **MDM CSP** | Browser | -| **Policy** | AllowDoNotTrack (scope: device + user) | -| **Default setting** | 0 (default) – Not allowed | -| **Recommended** | 0 – Not allowed | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **MDM CSP** | Browser | +>| **Policy** | AllowDoNotTrack (scope: device + user) | +>| **Default setting** | 0 (default) – Not allowed | +>| **Recommended** | 0 – Not allowed | ### Internet Explorer @@ -304,41 +330,46 @@ These settings whether employees send “Do Not Track” header from the Microso #### Group Policy -| | | -|:-|:-| -| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | -| **Policy Name** | Always send Do Not Track header | -| **Default setting** | Disabled | -| **Recommended** | Disabled | +> [!div class="mx-tableFixed"] +>| | | +>|:-|:-| +>| **Group Policy** | Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | +>| **Policy Name** | Always send Do Not Track header | +>| **Default setting** | Disabled | +>| **Recommended** | Disabled | -||| -|:-|:-| -| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | -| **Policy Name** | Always send Do Not Track header | -| **Default setting** | Disabled | -| **Recommended** | Disabled | +> [!div class="mx-tableFixed"] +>||| +>|:-|:-| +>| **Group Policy** | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | +>| **Policy Name** | Always send Do Not Track header | +>| **Default setting** | Disabled | +>| **Recommended** | Disabled | #### Registry -||| -|:-|:-| -| **Registry key** | HKLM\Software\Policies\Microsoft\Internet Explorer\Main | -| **Value** | DoNotTrack | -| **Type** | REG_DWORD | -| **Setting** | "00000000" | +> [!div class="mx-tableFixed"] +>||| +>|:-|:-| +>| **Registry key** | HKLM\Software\Policies\Microsoft\Internet Explorer\Main | +>| **Value** | DoNotTrack | +>| **Type** | REG_DWORD | +>| **Setting** | "00000000" | -||| -|:-|:-| -| **Registry key** | HKCU\Software\Policies\Microsoft\Internet Explorer\Main | -| **Value** | DoNotTrack | -| **Type** | REG_DWORD | -| **Setting** | "00000000" | +> [!div class="mx-tableFixed"] +>||| +>|:-|:-| +>| **Registry key** | HKCU\Software\Policies\Microsoft\Internet Explorer\Main | +>| **Value** | DoNotTrack | +>| **Type** | REG_DWORD | +>| **Setting** | "00000000" | #### MDM -||| -|:-|:-| -| **MDM CSP** | N/A | +> [!div class="mx-tableFixed"] +>||| +>|:-|:-| +>| **MDM CSP** | N/A | ## Additional resources From bac247d1650135486ade17b45b1b10a80373abba Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 16 May 2018 15:47:59 +0000 Subject: [PATCH 4/5] Merged PR 8260: fix dism command & update change history for diagnostic data --- .../application-management/manage-windows-mixed-reality.md | 4 ++-- .../configuration/change-history-for-configure-windows-10.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 13f1932669..0a173192fa 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -9,7 +9,7 @@ ms.localizationpriority: medium author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 04/30/2018 +ms.date: 05/16/2018 --- # Enable or block Windows Mixed Reality apps in the enterprise @@ -44,7 +44,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to ``` Add-Package - Dism /Image:C:\test\offline /Add-Package /PackagePath:*path to the cab file* + Dism /Online /add-windowspackage ``` c. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**. diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 18388abfb0..3b3edbc102 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -22,6 +22,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md) New or changed topic | Description --- | --- [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Added note that Wi-Fi Sense is no longer available. +Topics about Windows 10 diagnostic data | Moved to [Windows Privacy](https://docs.microsoft.com/windows/privacy/). ## RELEASE: Windows 10, version 1803 From 5490b605f4ee316b40de443bdaac16184d0d5e2d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 16 May 2018 09:54:24 -0700 Subject: [PATCH 5/5] updated date --- .../windows-defender-application-control-deployment-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md index d024620fc9..c61f2f8a64 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: jsuther1974 -ms.date: 05/03/2018 +ms.date: 05/16/2018 --- # Planning and getting started on the Windows Defender Application Control deployment process