From 164dde37c0555d5ef3244a68fd9a2893cbee3b93 Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Wed, 8 Aug 2018 10:24:38 -0700 Subject: [PATCH 1/6] Edited requirements table. --- .../windows-defender-exploit-guard.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 96ed1733a8..90ebc28935 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/30/2018 +ms.date: 08/08/2018 --- @@ -68,14 +68,13 @@ This section covers requirements for each feature in Windows Defender EG. |--------|---------| | ![not supported](./images/ball_empty.png) | Not supported | | ![supported](./images/ball_50.png) | Supported | -| ![supported, enhanced](./images/ball_75.png) | Includes advanced exploit protection for the kernel mode via [HVCI](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity) | -| ![supported, full reporting](./images/ball_full.png) | Includes automated reporting into the Windows Defender ATP console| +| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Windows Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an Attack surface reduction rule that blocks executable files that meet age or prevalence criteria.| | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | -| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | -| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | +| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | From ab90399e87a89ff6bc2e84789127d695b677118d Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 8 Aug 2018 17:43:44 +0000 Subject: [PATCH 2/6] Merged PR 10448: Added new Browser policies to the What's new topic --- ...ew-in-windows-mdm-enrollment-management.md | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index c49ddb2579..e4e1e68a4c 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1381,6 +1381,24 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • Authentication/EnableFastFirstSignIn
  • Authentication/EnableWebSignIn
  • Authentication/PreferredAadTenantDomainName
    • +
  • Browser/AllowFullScreenMode
    • +
  • Browser/AllowPrelaunch
    • +
  • Browser/AllowPrinting
    • +
  • Browser/AllowSavingHistory
    • +
  • Browser/AllowSideloadingOfExtensions
    • +
  • Browser/AllowTabPreloading
    • +
  • Browser/AllowWebContentOnNewTabPage
    • +
  • Browser/ConfigureFavoritesBar
    • +
  • Browser/ConfigureHomeButton
    • +
  • Browser/ConfigureKioskMode
    • +
  • Browser/ConfigureKioskResetAfterIdleTimeout
    • +
  • Browser/ConfigureOpenMicrosoftEdgeWith
    • +
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
    • +
  • Browser/ForceEnabledExtensions
    • +
  • Browser/PreventCertErrorOverrides
    • +
  • Browser/SetHomeButtonURL
    • +
  • Browser/SetNewTabPageURL
    • +
  • Browser/UnlockHomeButton
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
    • @@ -1396,6 +1414,8 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • Experience/AllowClipboardHistory
  • Experience/DoNotSyncBrowserSetting
  • Experience/PreventUsersFromTurningOnBrowserSyncing
    • +
  • Privacy/AllowCrossDeviceClipboard
    • +
  • Privacy/UploadUserActivities
  • Security/RecoveryEnvironmentAuthentication
  • TaskManager/AllowEndTask
  • Update/EngagedRestartDeadlineForFeatureUpdates
    • @@ -1741,8 +1761,28 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware [Policy CSP](policy-configuration-service-provider.md)

    Added the following new policies in Windows 10, next major version:

    From 49eeff4e58f099671b1fec4509c11b5f769a1253 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 8 Aug 2018 18:21:26 +0000 Subject: [PATCH 3/6] Merged PR 10452: Fixed version information for AllowInputPersonalization fixed version information --- windows/client-management/mdm/policy-csp-privacy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 57093ef791..ce7a93c11d 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -433,7 +433,7 @@ The following list shows the supported values: -Updated in Windows 10, version 1809. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users. +Updated in Windows 10, next major version. This policy specifies whether users on the device have the option to enable online speech recognition. When enabled, users can use their voice for dictation and to talk to Cortana and other apps that use Microsoft cloud-based speech recognition. Microsoft will use voice input to help improve our speech services. If the policy value is set to 0, online speech recognition will be disabled and users cannot enable online speech recognition via settings. If policy value is set to 1 or is not configured, control is deferred to users. Most restricted value is 0. From ac84c3edb9acbe94a3042639a0076eb9cfb767ce Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 8 Aug 2018 18:21:47 +0000 Subject: [PATCH 4/6] Merged PR 10450: Update/AllowAutoUpdate - added one new setting option --- windows/client-management/mdm/policy-csp-update.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 8bda477361..4b7d9f5023 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/30/2018 +ms.date: 08/06/2018 --- # Policy CSP - Update @@ -428,7 +428,7 @@ The following list shows the supported values: - 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. - 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. - 5 – Turn off automatic updates. - +- 6 - When AllowAutoUpdate is set to 6, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by other policies. (Added Windows 10, next major version). From e90febbe3b2397ed0d081c49bab76e6dbbc51f8c Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 8 Aug 2018 19:07:40 +0000 Subject: [PATCH 5/6] Merged PR 10455: clarify skipwifi (#1438) --- windows/configuration/wcd/wcd-firstexperience.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index 3c2044f533..cb1554991e 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -8,7 +8,7 @@ author: jdeckerMS ms.localizationpriority: medium ms.author: jdecker ms.topic: article -ms.date: 04/30/2018 +ms.date: 08/08/2018 --- # FirstExperience (Windows Configuration Designer reference) @@ -27,5 +27,5 @@ PreferredRegion | Enter the [geographical location identifier](https://msdn.micr PreferredTimezone | Enter the timezone. [Microsoft Time Zone Index Values](https://msdn.microsoft.com/library/ms912391.aspx) SkipCalibration | Initial setup of HoloLens includes a calibration step. Set to **True** to skip calibration. SkipTraining | Initial setup of HoloLens includes training on how to perform the gestures to operate HoloLens. Set to **True** to skip training. -SkipWifi | Set to **True** to skip connecting to a Wi-fi network. +SkipWifi | Set to **True** to skip connecting to a Wi-Fi network.

    **Note:** HoloLens [requires a Wi-Fi connection during setup to verify the account](https://docs.microsoft.com/hololens/hololens-setup). To skip the Wi-Fi connection page during setup, your provisioning package must provide the network configuration. You can configure the network configuration [in the HoloLens wizard](https://docs.microsoft.com/hololens/hololens-provisioning#create-a-provisioning-package-for-hololens-using-the-hololens-wizard) and then switch to the advanced editor to configure **FirstExperience** settings, or in advanced settings, configure a WLAN [connectivity profile](wcd-connectivityprofiles.md). From bdd07e0983b9a580d28daac2eaa39756aa46da69 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 8 Aug 2018 19:38:19 +0000 Subject: [PATCH 6/6] Merged PR 10456: NetworkProxy CSP - Added a note to ProxySettingsPerUser that user proxy configuration is not supported --- windows/client-management/mdm/networkproxy-csp.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md index 9b846e226a..fcc6d7386e 100644 --- a/windows/client-management/mdm/networkproxy-csp.md +++ b/windows/client-management/mdm/networkproxy-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 04/12/2018 +ms.date: 08/08/2018 --- # NetworkProxy CSP @@ -34,7 +34,10 @@ The following diagram shows the NetworkProxy configuration service provider in t The root node for the NetworkProxy configuration service provider..

    **ProxySettingsPerUser** -Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide; set to 1 for proxy configuratio per user. +Added in Windows 10, version 1803. When set to 0, it enables proxy configuration as global, machine wide. + +> [!Note] +> Per user proxy configuration setting is not supported. **AutoDetect** Automatically detect settings. If enabled, the system tries to find the path to a PAC script.