From e18dd0d16eda742c5e437bed37e8d55ad60ea9b9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 21 Dec 2019 13:51:49 +0500 Subject: [PATCH 01/17] Update upgrading-to-mbam-25-sp1-from-mbam-25.md --- .../upgrading-to-mbam-25-sp1-from-mbam-25.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index 4e0f5b098c..c94973efcc 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -29,21 +29,17 @@ Verify you have a current documentation of your MBAM environment, including all Note: You will not see an option to remove the Databases; this is expected. 2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: 3. Do not configure it at this time  -4. Install the May 2019 Rollup: https://www.microsoft.com/download/details.aspx?id=58345 -5. Using the MBAM Configurator; re-add the Reports role -6. This will configure the SSRS connection using the latest MBAM code from the rollup  -7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server. -8. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected. -9. This process updates the existing databases to the current version being installed +4. Using the MBAM Configurator; re-add the Reports role +5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server. +6. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected. +7. This process updates the existing databases to the current version being installed #### Steps to upgrade the MBAM Server (Running MBAM and IIS) 1. Using the MBAM Configurator; remove the Admin and Self Service Portals from the IIS server 2. Install MBAM 2.5 SP1 3. Do not configure it at this time   -4. Install the May 2019 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=58345) -5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server  -6. This will configure the sites using the latest MBAM code from the May 2019 Rollup -7. Open an elevated command prompt, Type: **IISRESET** and Hit Enter. +4. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server  +5 Open an elevated command prompt, Type: **IISRESET** and Hit Enter. #### Steps to upgrade the MBAM Clients/Endpoints 1. Uninstall the 2.5 Agent from client endpoints From 9c2764441b76d150164dbda445ae9f4a47f36076 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 23 Dec 2019 22:12:24 +0500 Subject: [PATCH 02/17] Update mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index c94973efcc..38aa4137f3 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -39,7 +39,7 @@ Verify you have a current documentation of your MBAM environment, including all 2. Install MBAM 2.5 SP1 3. Do not configure it at this time   4. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server  -5 Open an elevated command prompt, Type: **IISRESET** and Hit Enter. +5. Open an elevated command prompt, type: **IISRESET** and hit Enter. #### Steps to upgrade the MBAM Clients/Endpoints 1. Uninstall the 2.5 Agent from client endpoints From 2536efd15744eb0816bc42c1fa2d263806cd0857 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 14 Jan 2020 10:20:16 +0500 Subject: [PATCH 03/17] Update mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index 38aa4137f3..f259ca9362 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -32,7 +32,7 @@ Verify you have a current documentation of your MBAM environment, including all 4. Using the MBAM Configurator; re-add the Reports role 5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server. 6. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected. -7. This process updates the existing databases to the current version being installed +7. This process updates the existing databases to the current version being installed. #### Steps to upgrade the MBAM Server (Running MBAM and IIS) 1. Using the MBAM Configurator; remove the Admin and Self Service Portals from the IIS server From 8231d8403069794acf1e2e76b3db21d2e8ed8203 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 14 Jan 2020 10:20:27 +0500 Subject: [PATCH 04/17] Update mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index f259ca9362..46e122559e 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -39,7 +39,7 @@ Verify you have a current documentation of your MBAM environment, including all 2. Install MBAM 2.5 SP1 3. Do not configure it at this time   4. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server  -5. Open an elevated command prompt, type: **IISRESET** and hit Enter. +5. Open an elevated command prompt, type **IISRESET**, and hit Enter. #### Steps to upgrade the MBAM Clients/Endpoints 1. Uninstall the 2.5 Agent from client endpoints From 49b3e4e0bc836bf0cfc17fcbaf0c8add08e68188 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 14 Jan 2020 10:20:40 +0500 Subject: [PATCH 05/17] Update mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index 46e122559e..a666d5a4f7 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -26,7 +26,8 @@ Verify you have a current documentation of your MBAM environment, including all ### Upgrade steps #### Steps to upgrade the MBAM Database (SQL Server) 1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one. - Note: You will not see an option to remove the Databases; this is expected. + > [!NOTE] + > You will not see an option to remove the Databases; this is expected. 2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: 3. Do not configure it at this time  4. Using the MBAM Configurator; re-add the Reports role From b7f996de87dbb9aededce83919490b70f188fc72 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 14 Jan 2020 10:20:50 +0500 Subject: [PATCH 06/17] Update mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index a666d5a4f7..d344cfc5be 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -31,7 +31,7 @@ Verify you have a current documentation of your MBAM environment, including all 2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: 3. Do not configure it at this time  4. Using the MBAM Configurator; re-add the Reports role -5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server. +5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server 6. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected. 7. This process updates the existing databases to the current version being installed. From 9be0bfb0a4c8f099aa399ca5ef82e51bbd1a902c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 14 Jan 2020 10:21:01 +0500 Subject: [PATCH 07/17] Update mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md index d344cfc5be..436bbbe48d 100644 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md @@ -32,7 +32,7 @@ Verify you have a current documentation of your MBAM environment, including all 3. Do not configure it at this time  4. Using the MBAM Configurator; re-add the Reports role 5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server -6. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected. +6. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected 7. This process updates the existing databases to the current version being installed. #### Steps to upgrade the MBAM Server (Running MBAM and IIS) From a7bd6004a55f954a354103ccd29449b414435374 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Fri, 17 Jan 2020 10:28:18 -0800 Subject: [PATCH 08/17] Update manage-windows-mixed-reality.md Updated to clarify the 1903 FOD also supports 1909 --- windows/application-management/manage-windows-mixed-reality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 205e2c3711..4e0bc2998e 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -33,7 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD. - a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). + a. Download the FOD .cab file for [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). >[!NOTE] >You must download the FOD .cab file that matches your operating system version. From 153a6c8532ed31c4f920f063513ff4ad84941bd9 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 18 Jan 2020 20:59:31 +0500 Subject: [PATCH 09/17] Removed links pointing to a personal blog I think this reference should be removed as the content is pointing to a non-official document. It's a personal blog and we can not refer any information from any personal blog in MS documentation. All of the links pointing to a personal blog should be removed. Link to **Configuring a proxy for your Surface Hub** , **Configuring a proxy for your Surface Hub** and **Surface Hub and the Skype for Business Trusted Domain List** . Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5847 --- .../use-surface-hub-diagnostic-test-device-account.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md index 40a5768d27..cbabc6e3fa 100644 --- a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md +++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md @@ -89,11 +89,11 @@ The Surface Hub Hardware Diagnostic tool is an easy-to-navigate tool that lets t Field |Success |Failure |Comment |Reference |------|------|------|------|------| -Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/) +Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection | HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store | Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? | Proxy Address | | |If configured, returns proxy address. | -Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated thru the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/) +Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated thru the proxy. | Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. | #### Environment @@ -131,5 +131,5 @@ SIP Pool Cert Root CA | | |Information. Display the SIP Pool Cert Root CA, if av Field |Success |Failure |Comment |Reference |------|------|------|------|------| -Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. |[Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/) +Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. Domain Name(s) | | |Return the list of domains that should be added for SFB to connect. | From 23e560a3ec19eb6004b7cd263d75e5fd6db54114 Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Tue, 21 Jan 2020 17:41:53 -0500 Subject: [PATCH 10/17] Document Surface Hub fixes in 2B --- devices/surface-hub/surface-hub-update-history.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md index 943400d44c..5d6989d80b 100644 --- a/devices/surface-hub/surface-hub-update-history.md +++ b/devices/surface-hub/surface-hub-update-history.md @@ -24,6 +24,17 @@ Please refer to the “[Surface Hub Important Information](https://support.micro ## Windows 10 Team Creators Update 1703 +
+January 14, 2020—update for Team edition based on KB4534296* (OS Build 15063.2254) + +This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: + +* Addresses an issue with log collection for Microsoft Surface Hub 2S. + +Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. +*[KB4534296](https://support.microsoft.com/help/4534296) +
+
September 24, 2019—update for Team edition based on KB4516059* (OS Build 15063.2078) @@ -57,7 +68,6 @@ Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: -* Addresses an issue with log collection for Microsoft Surface Hub 2S. * Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully. * Adds support for TLS 1.2 connections to identity providers and Exchange in device account setup scenarios. * Fixes to improve reliability of Hardware Diagnostic App on Hub 2S. From 2bf53c6b7f3d1d07e364a0e24c537a5d2b554f48 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 28 Jan 2020 12:52:58 +0500 Subject: [PATCH 11/17] Removed one more link There was one more personal blog link in the document and has been removed. --- .../use-surface-hub-diagnostic-test-device-account.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md index 7dfc7994bc..e01737c52e 100644 --- a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md +++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md @@ -93,7 +93,7 @@ Internet Connectivity |Device does have Internet connectivity |Device does not h HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store | Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? | Proxy Address | | |If configured, returns proxy address. | -Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated through the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/) +Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated through the proxy. | Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. | #### Environment From 7e09ce0ea287ee76c585f550578aa7790cb58f96 Mon Sep 17 00:00:00 2001 From: mapalko Date: Fri, 31 Jan 2020 15:51:41 -0800 Subject: [PATCH 12/17] Update error with non-destructive PIN reset note --- .../hello-for-business/hello-planning-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 7dffe7b0a9..17f9e5e49f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -65,7 +65,7 @@ The hybrid deployment model is for organizations that: * Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources > [!Important] -> Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.
+> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models.
> **Requirements:**
> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 From 8875ddff1dcf42288af8a7b475cb4ef2f8fc463e Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 4 Feb 2020 12:29:50 +0200 Subject: [PATCH 13/17] removed outdated information https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5675 --- .../microsoft-defender-atp/troubleshoot-siem.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md index 6641950721..cc0b92af10 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md @@ -39,9 +39,7 @@ If your client secret expires or if you've misplaced the copy provided when you 3. Select your tenant. -4. Click **App registrations**. Then in the applications list, select the application: - - For SIEM: `https://WindowsDefenderATPSiemConnector` - - For Threat intelligence API: `https://WindowsDefenderATPCustomerTiConnector` +4. Click **App registrations**. Then in the applications list, select the application. 5. Select **Keys** section, then provide a key description and specify the key validity duration. @@ -59,9 +57,7 @@ If you encounter an error when trying to get a refresh token when using the thre 3. Select your tenant. -4. Click **App Registrations**. Then in the applications list, select the application: - - For SIEM: `https://WindowsDefenderATPSiemConnector` - - For Threat intelligence API: `https://WindowsDefenderATPCustomerTiConnector` +4. Click **App Registrations**. Then in the applications list, select the application. 5. Add the following URL: - For the European Union: `https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback` From bc40f95d26ea47821c4c60c13047124afbf9bec0 Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 5 Feb 2020 21:05:37 +0100 Subject: [PATCH 14/17] BitLocker: typo in How to enable Network Unlock As pointed out in issue ticket (Typo), the word "local" is misspelled as "lcoal". This PR provides a simple typo correction. Thanks to Lexy2 for pointing out the typo. Proposed change: - Change the word "lcoal" to **local**. issue ticket reference or closure: Closes #5983 --- .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 7cdd7f45b1..5ca3a201cf 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -311,7 +311,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many - Group policy for Network Unlock is enabled and linked to the appropriate domains. - Verify group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. - Verify the clients were rebooted after applying the policy. -- Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer: +- Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the local computer: ```powershell manage-bde -protectors -get C: From d005d21d56214818acd32104b4f662db9181046d Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Wed, 5 Feb 2020 15:43:52 -0800 Subject: [PATCH 15/17] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200205142038 (#1987) (#1990) Co-authored-by: Direesh Kumar Kandakatla Co-authored-by: Direesh Kumar Kandakatla --- windows/release-information/windows-message-center.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index 6cba12b21c..e5ecf14f9e 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,7 +50,7 @@ sections: text: " - + From 9258ff9b913161850944c56de2cc93967031ad16 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 5 Feb 2020 17:03:34 -0800 Subject: [PATCH 16/17] Corrected mark up of notes --- .../bitlocker-how-to-enable-network-unlock.md | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 5ca3a201cf..56c13ecbbe 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -55,7 +55,8 @@ Network Unlock must meet mandatory hardware and software requirements before the The network stack must be enabled to use the Network Unlock feature. Equipment manufacturers deliver their products in various states and with different BIOS menus, so you need to confirm that the network stack has been enabled in the BIOS before starting the computer. ->**Note:**  To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a compatibility support module (CSM) enabled. +> [!NOTE] +> To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a compatibility support module (CSM) enabled. For Network Unlock to work reliably on computers running Windows 8 and later, the first network adapter on the computer, usually the onboard adapter, must be configured to support DHCP and used for Network Unlock. This is especially worth noting when you have multiple adapters, and you wish to configure one without DHCP, such as for a lights-out management protocol. This configuration is necessary because Network Unlock will stop enumerating adapters when it reaches one with a DHCP port failure for any reason. Thus, if the first enumerated adapter does not support DHCP, is not plugged into the network, or fails to report availability of the DHCP port for any reason, then Network Unlock will fail. @@ -243,7 +244,8 @@ The following steps describe how to enable the Group Policy setting that is a re The following steps describe how to deploy the required Group Policy setting: ->**Note:**  The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012. +> [!NOTE] +> The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012. 1. Copy the .cer file created for Network Unlock to the domain controller. 2. On the domain controller, launch Group Policy Management Console (gpmc.msc). @@ -254,10 +256,12 @@ The following steps describe how to deploy the required Group Policy setting: 2. Right-click the folder and choose **Add Network Unlock Certificate**. 3. Follow the wizard steps and import the .cer file that was copied earlier. ->**Note:**  Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. +> [!NOTE] +> Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. 5. Reboot the clients after deploying the group policy. - >**Note:** The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store. + > [!NOTE] + > The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store. ### Subnet policy configuration files on WDS Server (Optional) @@ -276,7 +280,8 @@ SUBNET4=2001:4898:a:3::/64; in production, the admin would likely give more usef ``` Following the \[SUBNETS\] section, there can be sections for each Network Unlock certificate, identified by the certificate thumbprint formatted without any spaces, which define subnets clients can be unlocked from with that certificate. ->**Note:**  When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint the subnet configuration will fail because the thumbprint will not be recognized as valid. +> [!NOTE] +> When specifying the certificate thumbprint, do not include any spaces. If spaces are included in the thumbprint the subnet configuration will fail because the thumbprint will not be recognized as valid. Subnet restrictions are defined within each certificate section by denoting the allowed list of permitted subnets. If any subnet is listed in a certificate section, then only those subnets listed are permitted for that certificate. If no subnet is listed in a certificate section, then all subnets are permitted for that certificate. If a certificate does not have a section in the subnet policy configuration file, then no subnet restrictions are applied for unlocking with that certificate. This means for restrictions to apply to every certificate, there must be a certificate section for every Network Unlock certificate on the server, and an explicit allowed list set for each certificate section. Subnet lists are created by putting the name of a subnet from the \[SUBNETS\] section on its own line below the certificate section header. Then, the server will only unlock clients with this certificate on the subnet(s) specified as in the list. For troubleshooting, a subnet can be quickly excluded without deleting it from the section by simply commenting it out with a prepended semi-colon. @@ -295,7 +300,8 @@ To disallow the use of a certificate altogether, its subnet list may contain the To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors the **Allow Network Unlock at startup** Group Policy setting should be disabled. When this policy setting is updated to disabled on client computers any Network Unlock key protectors on the computer will be deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. ->**Note:**  Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server. +> [!NOTE] +> Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server. ## Update Network Unlock certificates @@ -316,7 +322,8 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many ```powershell manage-bde -protectors -get C: ``` - >**Note:** Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock + > [!NOTE] + > Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock Files to gather when troubleshooting BitLocker Network Unlock include: From ff7071244329a29dd3b52044416f1acfa33e4bb3 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 5 Feb 2020 17:04:43 -0800 Subject: [PATCH 17/17] Labeled code block with "powershell" --- windows/application-management/manage-windows-mixed-reality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index 4e0bc2998e..da98a12e3b 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -40,7 +40,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to b. Use `Add-Package` to add Windows Mixed Reality FOD to the image. - ``` + ```powershell Add-Package Dism /Online /add-package /packagepath:(path) ```
MessageDate
Windows Search shows blank box
We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved. 
February 05, 2020
09:32 AM PT
Resolved: Windows Search shows blank box
We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved. 

This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select CTRL + Shift + Esc then select the Details tab.)
February 05, 2020
12:00 PM PT
January 2020 Windows 10, version 1909 \"D\" optional release is available.
The January 2020 optional monthly “D” release for Windows 10, version 1909 and Windows 10, version 1903 is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
January 28, 2020
08:00 AM PT
January 2020 Windows \"C\" optional release is available.
The January 2020 optional monthly “C” release for all supported versions of Windows is now available. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. Follow @WindowsUpdate for the latest on the availability of this release.
January 23, 2020
12:00 PM PT
Windows 7 has reached end of support
Windows 7 reached end of support on January 14, 2020. If your organization has not yet been able to complete your transition from Windows 7 to Windows 10, and want to continue to receive security updates while you complete your upgrade projects, please read How to get Extended Security Updates for eligible Windows devices. For more information on end of service dates for currently supported versions of Windows 10, see the Windows lifecycle fact sheet.
January 15, 2020
10:00 AM PT