diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 070552040e..e253a3f659 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -283,8 +283,14 @@ MBAM supports the following versions of Configuration Manager. + +

Microsoft System Center Configuration Manager (Current Branch), versions up to 1902

+

+

64-bit

+ + -

Microsoft System Center Configuration Manager (Current Branch), versions up to 1806

+

Microsoft System Center Configuration Manager 1806

64-bit

diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md index 197eeba1a0..aea3b32045 100644 --- a/store-for-business/troubleshoot-microsoft-store-for-business.md +++ b/store-for-business/troubleshoot-microsoft-store-for-business.md @@ -49,6 +49,10 @@ The private store for your organization is a page in Microsoft Store app that co ![Private store for Contoso publishing](images/wsfb-privatestoreapps.png) +## Troubleshooting Microsoft Store for Business integration with System Center Configuration Manager + +If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w). + ## Still having trouble? If you are still having trouble using Microsoft Store or installing an app, Admins can sign in and look for topics on our **Support** page. @@ -56,4 +60,4 @@ If you are still having trouble using Microsoft Store or installing an app, Admi **To view Support page**  1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) -2. Click **Manage**, and then click **Support**. \ No newline at end of file +2.Choose **Manage**> **Support**. diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index cd7c59e6d2..4f8803ead5 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile author: greg-lindsay -ms.date: 04/19/2017 +ms.date: 05/20/2019 --- # Sideload LOB apps in Windows 10 @@ -48,10 +48,16 @@ And here's what you'll need to do: ## How do I sideload an app on desktop You can sideload apps on managed or unmanaged devices. +>[!IMPORTANT] +> To install an app on Windows 10, in addition to following [these procedures](https://docs.microsoft.com/windows/msix/app-installer/installing-windows10-apps-web), users can also double-click any APPX/MSIX package. + + **To turn on sideloading for managed devices** - Deploy an enterprise policy. + + **To turn on sideloading for unmanaged devices** 1. Open **Settings**. diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index adffb8bef0..32ca9ee217 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -183,6 +183,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid

Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available: - Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F +- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD - MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8 - IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13 - SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index b79c6c1219..481636bb71 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -107,20 +107,27 @@ Requirements: - Enterprise AD must be integrated with Azure AD. - Ensure that PCs belong to same computer group. -1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. - >[!Note] - >If you do not see the policy, it may be caused because you don’t have the ADMX installed for Windows 10, version 1803. To fix the issue, follow these steps: - > 1. Download [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803) -](https://www.microsoft.com/en-us/download/details.aspx?id=56880). - > 2. Install the package on the Primary Domain Controller. - > 3. Navigate to the folder **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**. - > 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. - > 5. Restart the Primary Domain Controller for the policy to be available. +>[!IMPORTANT] +>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps: +> 1. Download: +> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/en-us/download/details.aspx?id=56880) or +> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/en-us/download/details.aspx?id=57576). +> 2. Install the package on the Primary Domain Controller (PDC). +> 3. Navigate, depending on the version to the folder: +> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or +> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2** +> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**. +> 5. Restart the Primary Domain Controller for the policy to be available. +> This procedure will work for any future version as well. +1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**. 2. Create a Security Group for the PCs. 3. Link the GPO. 4. Filter using Security Groups. -5. Enforce a GPO link +5. Enforce a GPO link. + +>[!NOTE] +> Version 1903 (March 2019) is actually on the Insider program and doesn't yet contain a downloadable version of Templates (version 1903). ### Related topics @@ -129,3 +136,8 @@ Requirements: - [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx) - [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx) - [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx) + +### Useful Links +- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880) +- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576) + diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index e307f8f433..14369d49d1 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -407,8 +407,8 @@ ADMX Info: Supported values: -- false - disabled -- true - enabled +- 0 - disabled +- 1 - enabled @@ -556,4 +556,4 @@ Footnotes: - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. -- 6 - Added in Windows 10, version 1903. \ No newline at end of file +- 6 - Added in Windows 10, version 1903. diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index 86165f1bf1..16e282f16f 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -149,7 +149,7 @@ Any user who accesses the system through a sign-in process has the Authenticated

Default Location in Active Directory

-

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

+

cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Default User Rights

diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 388993c2d8..387b2f434b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -43,7 +43,7 @@ When the PIN is created, it establishes a trusted relationship with the identity The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM. -User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised. +User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md index 217418bd99..763ad94de7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md @@ -37,7 +37,10 @@ You can control the following attributes about the folder that you'd like to be **Folders**
-You can specify a folder and its subfolders to be skipped. You can use wild cards so that all files under the directory is skipped by the automated investigation. +You can specify a folder and its subfolders to be skipped. + +> [!NOTE] +> Wild cards are not yet supported. **Extensions**
You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore.