mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 02:13:43 +00:00
merge from Master
This commit is contained in:
Joey Caparas
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: high
|
||||
author: jdeckerms
|
||||
ms.date: 04/04/2018
|
||||
ms.date: 04/13/2018
|
||||
---
|
||||
|
||||
# Change history for Configure Windows 10
|
||||
@ -20,6 +20,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
|
||||
New or changed topic | Description
|
||||
--- | ---
|
||||
[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | Updated endpoints.
|
||||
[Configure cellular settings for tablets and PCs](provisioning-apn.md) | Added instructions for confirming that the settings were applied.
|
||||
|
||||
## March 2018
|
||||
|
||||
|
||||
@ -65,16 +65,17 @@ If you use a web browser as your assigned access app, consider the following tip
|
||||
|
||||
## Secure your information
|
||||
|
||||
Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting this type of apps if they provide unnecessary data access.
|
||||
Avoid selecting Windows apps that may expose the information you don’t want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
|
||||
|
||||
## App configuration
|
||||
|
||||
Some apps may require additional configurations before they can be used appropriately in assigned access . For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
|
||||
Check the guidelines published by your selected app and do the setup accordingly.
|
||||
Some apps may require additional configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
|
||||
|
||||
Check the guidelines published by your selected app and set up accordingly.
|
||||
|
||||
## Develop your kiosk app
|
||||
|
||||
Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above lock . The kiosk app is actually running as an above lock screen app.
|
||||
Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
|
||||
|
||||
Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx).
|
||||
|
||||
@ -82,7 +83,7 @@ Follow the [best practices guidance for developing a kiosk app for assigned acce
|
||||
|
||||
The above guidelines may help you select or develop an appropriate Windows app for your assigned access experience. Once you have selected your app, we recommend that you thoroughly test the assigned access experience to ensure that your device provides a good customer experience.
|
||||
|
||||
## Learn more
|
||||
## Learn more
|
||||
|
||||
[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
author: jdeckerMS
|
||||
ms.localizationpriority: high
|
||||
ms.date: 07/27/2017
|
||||
ms.date: 04/13/2018
|
||||
---
|
||||
|
||||
# Configure cellular settings for tablets and PCs
|
||||
@ -76,5 +76,39 @@ For users who work in different locations, you can configure one APN to connect
|
||||
9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
|
||||
|
||||
|
||||
## Confirm the settings
|
||||
|
||||
After you apply the provisioning package, you can confirm that the settings have been applied.
|
||||
|
||||
1. On the configured device, open a command prompt as an administrator.
|
||||
|
||||
2. Run the following command:
|
||||
|
||||
```
|
||||
netsh mbn show profiles
|
||||
```
|
||||
|
||||
3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
|
||||
|
||||
```
|
||||
netsh mbn show profiles name="name"
|
||||
```
|
||||
|
||||
This command will list details for that profile, including Access Point Name.
|
||||
|
||||
|
||||
Alternatively, you can also use the command:
|
||||
|
||||
```
|
||||
netsh mbn show interface
|
||||
```
|
||||
|
||||
From the results of that command, get the name of the cellular/mobile broadband interface and run:
|
||||
|
||||
```
|
||||
netsh mbn show connection interface="name"
|
||||
```
|
||||
|
||||
The result of that command will show details for the cellular interface, including Access Point Name.
|
||||
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ ms.date: 04/03/2018
|
||||
|
||||
# Frequently asked questions and troubleshooting Windows Analytics
|
||||
|
||||
This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions.
|
||||
This topic compiles the most common issues encountered with configuring and using Windows Analytics, as well as general questions. This FAQ, along with the [Windows Analytics Technical Community](https://techcommunity.microsoft.com/t5/Windows-Analytics/ct-p/WindowsAnalytics), are recommended resources to consult before contacting Microsoft support.
|
||||
|
||||
## Troubleshooting common problems
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
|
||||
Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
|
||||
The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com).
|
||||
|
||||
Windows 10 LTSB is not supported by Upgrade Readiness. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSB.
|
||||
While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
|
||||
|
||||
## Operations Management Suite
|
||||
|
||||
|
||||
@ -15,18 +15,7 @@ ms.date: 04/19/2017
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies.
|
||||
Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista.
|
||||
There is no difference in security auditing support between 32-bit and 64-bit versions.
|
||||
Windows editions that cannot join a domain, such as Windows 10 Home edition, do not have access to these features.
|
||||
|
||||
Versions of the Windows operating system that cannot join a domain do not have access to these features. There is no difference in security auditing support between 32-bit and 64-bit versions.
|
||||
|
||||
## Are there any special considerations?
|
||||
|
||||
In addition, the following special considerations apply to the various tasks associated with advanced security auditing enhancements:
|
||||
|
||||
- **Creating an audit policy.** To create an advanced security auditing policy, you must use a computer running any supported version of Windows. You can use the Group Policy Management Console (GPMC) on a computer running a supported version of the Windows client operating system after installing the Remote Server Administration Tools.
|
||||
- **Applying audit policy settings.** If you are using Group Policy to apply the advanced audit policy settings and global object access settings, client computers must be running any supported version of the Windows server operating system or Windows client operating system. In addition, only computers running any of these supported operating systems can provide "reason for access" reporting data.
|
||||
- **Developing an audit policy model.** To plan advanced security audit settings and global object access settings, you must use the GPMC that targets a domain controller running a supported version of the Windows server operating system.
|
||||
- **Distributing the audit policy.** After a Group Policy Object (GPO) that includes advanced security auditing settings is developed, it can be distributed by using domain controllers running any Windows Server operating system.
|
||||
However, if you cannot put client computers running a supported version of the Windows client operating system into a separate organizational unit (OU), you should use Windows Management Instrumentation (WMI) filtering to ensure that the advanced security auditing policy settings are applied only to client computers running a supported version of the Windows client operating system.
|
||||
|
||||
>**Important:** Using both the basic auditing policy settings under **Local Policies\\Audit Policy** and the advanced auditing policy settings under **Advanced Audit Policy Configuration** can cause unexpected results in audit reporting. Therefore, the two sets of audit policy settings should not be combined. If you use advanced audit policy configuration settings, you should enable the **Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings** policy setting under **Local Policies\\Security Options**. This will prevent conflicts between similar settings by forcing basic security auditing to be ignored.
|
||||
|
||||
@ -82,7 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir
|
||||
> [!NOTE]
|
||||
> Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection).
|
||||
|
||||
See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus) topic for instructions to add custom contact information to the notifications that users see on their machines.
|
||||
See the [Customize the Windows Defender Security Center app for your organization](/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md) topic for instructions to add custom contact information to the notifications that users see on their machines.
|
||||
|
||||
**Use Group Policy to hide notifications:**
|
||||
|
||||
|
||||
@ -9,9 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: iaanw
|
||||
ms.author: iawilt
|
||||
ms.date: 10/12/2017
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/11/2018
|
||||
---
|
||||
|
||||
|
||||
@ -59,6 +59,9 @@ This topic includes the following instructions for setting up and running Window
|
||||
## Enable or disable the interface on Windows Server 2016
|
||||
By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs, but is not required.
|
||||
|
||||
>[!NOTE]
|
||||
>You can't uninstall the Windows Defender Security Center app, but you can disable the interface with these instructions.
|
||||
|
||||
If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
|
||||
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
|
||||
|-----------|------------------|-----------|
|
||||
|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|
||||
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. |
|
||||
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|
||||
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.|
|
||||
|
||||
### Application-specific settings
|
||||
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
|
||||
|
||||
@ -9,9 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: iaanw
|
||||
ms.author: iawilt
|
||||
ms.date: 10/17/2017
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/11/2018
|
||||
---
|
||||
|
||||
|
||||
@ -39,12 +39,18 @@ In Windows 10, version 1709, we increased the scope of the app to also show info
|
||||
>[!NOTE]
|
||||
>The Windows Defender Security Center app is a client interface on Windows 10, version 1703 and later. It is not the Windows Defender Security Center web portal console that is used to review and manage [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection).
|
||||
|
||||
This library describes the Windows defender Security Center app, and provides information on configuring certain features, inlcuding:
|
||||
This library describes the Windows Defender Security Center app, and provides information on configuring certain features, including:
|
||||
|
||||
<a id="customize-notifications-from-the-windows-defender-security-center"></a>
|
||||
- [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md)
|
||||
- [Hiding notifications](wdsc-hide-notifications.md)
|
||||
|
||||
You can't uninstall the Windows Defender Security Center app, but you can do one of the following:
|
||||
|
||||
- Disable the interface on Windows Server 2016. See [Windows Defender Antivirus on Windows Server 2016](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016).
|
||||
- Hide all of the sections on client computers (see below).
|
||||
- Disable Windows Defender Antivirus, if needed. See [Enable and configure Windows Defender AV always-on protection and monitoring](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
|
||||
|
||||
You can find more information about each section, including options for configuring the sections - such as hiding each of the sections - at the following topics:
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user