deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Copy edits for 401116 fixed

Browse Source 
fixed note coding,
This commit is contained in:
1justingilmore 2020-06-11 11:11:51 -06:00
parent 2e762b0ff5
commit b349c9ad5e
8 changed files with 64 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -50,8 +50,8 @@ What do you need in order to run the scripts?
- Remote PowerShell access to your organization's domain or tenant, Exchange servers, and Skype for Business servers.
- Admin credentials for your organization's domain or tenant, Exchange servers, and Skype for Business servers.
>[!NOTE]
>Whether youre creating a new account or modifying an already-existing account, the validation script will verify that your device account is configured correctly. You should always run the validation script before adding a device account to Surface Hub.
> [!NOTE]
> Whether youre creating a new account or modifying an already-existing account, the validation script will verify that your device account is configured correctly. You should always run the validation script before adding a device account to Surface Hub.
## Running the scripts
@ -297,8 +297,8 @@ Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue
Import-PSSession $sessLync -AllowClobber -WarningAction SilentlyContinue
## Create the Exchange mailbox ##
>[!Note]
>These exchange commandlets do not always throw their errors as exceptions
> [!Note]
> These exchange commandlets do not always throw their errors as exceptions
# Because Get-Mailbox will throw an error if the mailbox is not found
$Error.Clear()
@ -664,8 +664,8 @@ Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue
Import-PSSession $sessCS -AllowClobber -WarningAction SilentlyContinue
## Create the Exchange mailbox ##
>[!Note]
>These exchange commandlets do not always throw their errors as exceptions
> [!Note]
> These exchange commandlets do not always throw their errors as exceptions
# Because Get-Mailbox will throw an error if the mailbox is not found
$Error.Clear()
@ -1662,8 +1662,8 @@ Set-CalendarProcessing $strRoomUpn -AutomateProcessing AutoAccept
For a device account to accept external meeting requests (a meeting request from an account not in the same tenant/domain), the device account must be set to allow processing of external meeting requests. Once set, the device account will automatically accept or decline meeting requests from external accounts as well as local accounts.
>[!Note]
>If the **AutomateProcessing** attribute is not set to **AutoAccept**, then setting this will have no effect.
> [!Note]
> If the **AutomateProcessing** attribute is not set to **AutoAccept**, then setting this will have no effect.
```PowerShell
Set-CalendarProcessing $strRoomUpn -ProcessExternalMeetingMessages $true

36
mdop/appv-v5/app-v-50-prerequisites.md
View File

@ -18,8 +18,8 @@ ms.date: 08/30/2016
Before you begin the Microsoft Application Virtualization (App-V) 5.0 Setup, you should make sure that you have met the prerequisites to install the product. This topic contains information to help you successfully plan for preparing your computing environment before you deploy the App-V 5.0 features.
>[!Important]
>**The prerequisites in this article apply only to App-V 5.0**. For additional prerequisites that apply to App-V 5.0 Service Packs, see the following web pages:
> [!Important]
> **The prerequisites in this article apply only to App-V 5.0**. For additional prerequisites that apply to App-V 5.0 Service Packs, see the following web pages:
- [What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md)
@ -68,8 +68,8 @@ The following table lists prerequisite information that pertains to specific ope
## Installation prerequisites for App-V 5.0
>[!Note]
>The following prerequisites are already installed for computers that run Windows 8.
> [!Note]
> The following prerequisites are already installed for computers that run Windows 8.
Each of the App-V 5.0 features have specific prerequisites that must be met before the App-V 5.0 features can be successfully installed.
@ -126,8 +126,8 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
### Prerequisites for the App-V 5.0 Remote Desktop Services client
>[!Note]
>The following prerequisites are already installed for computers that run Windows Server 2012.
> [!Note]
> The following prerequisites are already installed for computers that run Windows Server 2012.
The following table lists the installation prerequisites for the App-V 5.0 Remote Desktop Services client:
@ -180,13 +180,13 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
### Prerequisites for the App-V 5.0 Sequencer
>[!Note]
>The following prerequisites are already installed for computers that run Windows 8 and Windows Server 2012.
> [!Note]
> The following prerequisites are already installed for computers that run Windows 8 and Windows Server 2012.
The following table lists the installation prerequisites for the App-V 5.0 Sequencer. If possible, the computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications.
>[!Note]
>If the system requirements of a locally installed application exceed the requirements of the Sequencer, you must meet the requirements of that application. Additionally, because the sequencing process is system resource-intensive, we recommend that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. For more information see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md).
> [!Note]
> If the system requirements of a locally installed application exceed the requirements of the Sequencer, you must meet the requirements of that application. Additionally, because the sequencing process is system resource-intensive, we recommend that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. For more information see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md).
<table>
<colgroup>
@ -227,8 +227,8 @@ The following table lists the installation prerequisites for the App-V 5.0 Seque
### Prerequisites for the App-V 5.0 server
>[!Note]
>The following prerequisites are already installed for computers that run Windows Server 2012:
> [!Note]
> The following prerequisites are already installed for computers that run Windows Server 2012:
- Microsoft .NET Framework 4.5. This eliminates the Microsoft .NET Framework 4 requirement.
@ -236,18 +236,18 @@ The following table lists the installation prerequisites for the App-V 5.0 Seque
- Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (https://support.microsoft.com/kb/2533623)
>[!Important]
>You can still download install the previous KB. However, it may have been replaced with a more recent version.
> [!Important]
> You can still download install the previous KB. However, it may have been replaced with a more recent version.
The following table lists the installation prerequisites for the App-V 5.0 server. The account that you use to install the server components must have administrative rights on the computer that you are installing on. This account must also have the ability to query Active Directory Directory Services. Before you install and configure the App-V 5.0 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to the specified ports.
>[!Note]
>Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service.
> [!Note]
> Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service.
The App-V 5.0 server is supported for a standalone deployment, where all the components are deployed on the same server, and a distributed deployment. Depending on the topology that you use to deploy the App-V 5.0 server, the data that you will need for each component will slightly change.
>[!Important]
>The installation of the App-V 5.0 server on a computer that runs any previous version or component of App-V is not supported. Additionally, the installation of the server components on a computer that runs Server Core or a Domain Controller is also not supported.
> [!Important]
> The installation of the App-V 5.0 server on a computer that runs any previous version or component of App-V is not supported. Additionally, the installation of the server components on a computer that runs Server Core or a Domain Controller is also not supported.
<table>
<colgroup>

4
mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
View File

@ -84,8 +84,8 @@ Microsoft Error Reporting is not turned on or off by MBAM. MBAM will utilize wha
"HKLM\\Software\\Wow6432Node\\Microsoft\\Microsoft Standalone System Sweeper Tool" (for the 64-bit version)
>[!Warning]
>Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the PC. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.
> [!Warning]
> Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the PC. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.
Important Information: Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their PCs. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available on [TechNet](https://technet.microsoft.com/library/cc709644.aspx).

4
windows/client-management/mdm/certificate-authentication-device-enrollment.md
View File

@ -16,8 +16,8 @@ ms.date: 06/26/2017
This section provides an example of the mobile device enrollment protocol using certificate authentication policy. For details about the Microsoft mobile device enrollment protocol for Windows 10, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347).
>[!Note]
>To set up devices to use certificate authentication for enrollment, you should create a provisioning package. For more information about provisioning packages, see [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107).
> [!Note]
> To set up devices to use certificate authentication for enrollment, you should create a provisioning package. For more information about provisioning packages, see [Build and apply a provisioning package](https://msdn.microsoft.com/library/windows/hardware/dn916107).
## In this topic

28
windows/client-management/mdm/federated-authentication-device-enrollment.md
View File

@ -32,8 +32,8 @@ For the list of enrollment scenarios not supported in Windows 10, see [Enrollme
The discovery web service provides the configuration information necessary for a user to enroll a phone with a management service. The service is a restful web service over HTTPS (server authentication only).
>[!Note]
>The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
> [!Note]
> The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
The automatic discovery flow of the device uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http:<span></span>//enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc
@ -127,21 +127,21 @@ The discovery response is in the XML format and includes the following fields:
- Authentication policy (AuthPolicy) Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
- In Windows, Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
>[!Note]  
>The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
> [!Note]  
> The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
When authentication policy is set to be Federated, Web Authentication Broker (WAB) will be leveraged by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client will call the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage will be used by the enrollment client as the device security secret during the client certificate enrollment request call.
>[!Note]
>Instead of relying on the user agent string that is passed during authentication to get information, such as the OS version, use the following guidance:
> [!Note]
> Instead of relying on the user agent string that is passed during authentication to get information, such as the OS version, use the following guidance:
> - Parse the OS version from the data sent up during the discovery request.
> - Append the OS version as a parameter in the AuthenticationServiceURL.
> - Parse out the OS version from the AuthenticiationServiceURL when the OS sends the response for authentication.
A new XML tag, AuthenticationServiceUrl, is introduced in the DiscoveryResponse XML to allow the server to specify the WAB page start URL. For Federated authentication, this XML tag must exist.
>[!Note]
>The enrollment client is agnostic with regards to the protocol flows for authenticating and returning the security token. While the server might prompt for user credentials directly or enter into a federation protocol with another server and directory service, the enrollment client is agnostic to all of this. To remain agnostic, all protocol flows pertaining to authentication that involve the enrollment client are passive, that is, browser-implemented.
> [!Note]
> The enrollment client is agnostic with regards to the protocol flows for authenticating and returning the security token. While the server might prompt for user credentials directly or enter into a federation protocol with another server and directory service, the enrollment client is agnostic to all of this. To remain agnostic, all protocol flows pertaining to authentication that involve the enrollment client are passive, that is, browser-implemented.
The following are the explicit requirements for the server.
@ -294,8 +294,8 @@ After the user is authenticated, the web service retrieves the certificate templ
MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. For Windows device, we will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
>[!Note]  
>The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
> [!Note]  
> The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
The following snippet shows the policy web service response.
@ -386,8 +386,8 @@ Note that the RequestSecurityToken will use a custom TokenType (http:<span></spa
The RST may also specify a number of AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
>[!Note]
>The policy service and the enrollment service must be on the same server; that is, they must have the same host name.
> [!Note]
> The policy service and the enrollment service must be on the same server; that is, they must have the same host name.
The following example shows the enrollment web service request for federated authentication.
@ -476,8 +476,8 @@ The following example shows the enrollment web service request for federated aut
After validating the request, the web service looks up the assigned certificate template for the client, update it if needed, sends the PKCS\#10 requests to the CA, processes the response from the CA, constructs an OMA Client Provisioning XML format, and returns it in the RequestSecurityTokenResponse (RSTR).
>[!Note]
>The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
> [!Note]
> The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (http:<span></span>//schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc), because the token is more than an X.509 v3 certificate.

10
windows/client-management/mdm/mobile-device-enrollment.md
View File

@ -54,8 +54,8 @@ The following topics describe the end-to-end enrollment process using various au
- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
>[!Note]  
>As a best practice, do not use hardcoded server-side checks on values such as:
> [!Note]  
> As a best practice, do not use hardcoded server-side checks on values such as:
> - User agent string
> - Any fixed URIs that are passed during enrollment
> - Specific formatting of any value unless otherwise noted, such as the format of the device ID.
@ -292,9 +292,3 @@ TraceID is a freeform text node which is logged. It should identify the server s
- [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)

16
windows/client-management/mdm/on-premise-authentication-device-enrollment.md
View File

@ -30,8 +30,8 @@ For the list of enrollment scenarios not supported in Windows 10, see [Enrollme
The discovery web service provides the configuration information necessary for a user to enroll a device with a management service. The service is a restful web service over HTTPS (server authentication only).
>[!NOTE]
>The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
> [!NOTE]
> The administrator of the discovery service must create a host with the address enterpriseenrollment.*domain\_name*.com.
The devices automatic discovery flow uses the domain name of the email address that was submitted to the Workplace settings screen during sign in. The automatic discovery system constructs a URI that uses this hostname by appending the subdomain “enterpriseenrollment” to the domain of the email address, and by appending the path “/EnrollmentServer/Discovery.svc”. For example, if the email address is “sample@contoso.com”, the resulting URI for first Get request would be: http:<span></span>//enterpriseenrollment.contoso.com/EnrollmentServer/Discovery.svc
@ -129,8 +129,8 @@ The discovery response is in the XML format and includes the following fields:
- Authentication policy (AuthPolicy) Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
- Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
>[!NOTE]
>The HTTP server response must not be chunked; it must be sent as one message.
> [!NOTE]
> The HTTP server response must not be chunked; it must be sent as one message.
The following example shows a response received from the discovery web service for OnPremise authentication:
@ -214,8 +214,8 @@ After the user is authenticated, the web service retrieves the certificate templ
MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. We will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
>[!NOTE]
>The HTTP server response must not be chunked; it must be sent as one message.
> [!NOTE]
> The HTTP server response must not be chunked; it must be sent as one message.
The following snippet shows the policy web service response.
@ -306,8 +306,8 @@ The RequestSecurityToken will use a custom TokenType (http:<span></span>//schema
The RST may also specify a number of AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
>[!NOTE]
>The policy service and the enrollment service must be on the same server; that is, they must have the same host name.
> [!NOTE]
> The policy service and the enrollment service must be on the same server; that is, they must have the same host name.
The following example shows the enrollment web service request for OnPremise authentication.

20
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md
View File

@ -26,13 +26,13 @@ In Windows 10, version 1703 and later, the Windows Defender app is part of the W
Settings that were previously part of the Windows Defender client and main Windows Settings have been combined and moved to the new app, which is installed by default as part of Windows 10, version 1703.
>[!IMPORTANT]
>Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
>If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
> [!IMPORTANT]
> Disabling the Windows Security Center service will not disable Microsoft Defender AV or [Windows Defender Firewall](https://docs.microsoft.com/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security). These are disabled automatically when a third-party antivirus or firewall product is installed and kept up to date.
> If you do disable the Windows Security Center service, or configure its associated Group Policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
>It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
> It may also prevent Microsoft Defender AV from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
>This will significantly lower the protection of your device and could lead to malware infection.
> This will significantly lower the protection of your device and could lead to malware infection.
See the [Windows Security article](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center) for more information on other Windows security features that can be monitored in the app.
@ -68,8 +68,8 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De
This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Microsoft Defender Antivirus in the Windows Security app.
>[!NOTE]
>If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) topic describes how local policy override settings can be configured.
> [!NOTE]
> If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Microsoft Defender Antivirus](configure-end-user-interaction-microsoft-defender-antivirus.md) topic describes how local policy override settings can be configured.
<a id="scan"></a>
@ -107,9 +107,9 @@ This section describes how to perform some of the most common tasks when reviewi
4. Toggle the **Real-time protection** switch to **On**.
>[!NOTE]
>If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
>If you install another antivirus product, Microsoft Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md).
> [!NOTE]
> If you switch **Real-time protection** off, it will automatically turn back on after a short delay. This is to ensure you are protected from malware and threats.
> If you install another antivirus product, Microsoft Defender AV will automatically disable itself and will indicate this in the Windows Security app. A setting will appear that will allow you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md).
<a id="exclusions"></a>