diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md index ca1542a952..83c7c6b9b8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md +++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md @@ -7,6 +7,7 @@ ms.reviewer: audience: itpro manager: dansimp ms.author: dansimp +ms.prod: ie11 --- # Full-sized flowchart detailing how document modes are chosen in IE11 diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml index 05e93f6e25..17eee2393b 100644 --- a/browsers/internet-explorer/internet-explorer.yml +++ b/browsers/internet-explorer/internet-explorer.yml @@ -9,6 +9,7 @@ metadata: author: aczechowski ms.author: aaroncz ms.date: 07/29/2022 + ms.prod: ie11 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index e6daee3daa..c997343c49 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -15,6 +15,8 @@ ms.reviewer: manager: aaroncz appliesto: - ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE --- # Set up Take a Test on multiple PCs @@ -271,8 +273,8 @@ This assessment URL uses our lockdown API: ## Related topics -[Take tests in Windows 10](take-tests-in-windows-10.md) +[Take tests in Windows](take-tests-in-windows-10.md) [Set up Take a Test on a single PC](take-a-test-single-pc.md) -[Take a Test app technical reference](take-a-test-app-technical.md) \ No newline at end of file +[Take a Test app technical reference](take-a-test-app-technical.md) diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md index 2dcc9c525c..2cf14b3079 100644 --- a/education/windows/take-a-test-single-pc.md +++ b/education/windows/take-a-test-single-pc.md @@ -15,6 +15,8 @@ ms.reviewer: manager: aaroncz appliesto: - ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows 11 SE --- # Set up Take a Test on a single PC @@ -23,7 +25,7 @@ To configure [Take a Test](take-tests-in-windows-10.md) on a single PC, follow t ## Set up a dedicated test account To configure the assessment URL and a dedicated testing account on a single PC, follow these steps. -1. Sign into the Windows 10 device with an administrator account. +1. Sign into the Windows device with an administrator account. 2. Open the **Settings** app and go to **Accounts > Access work or school**. 3. Click **Set up an account for taking tests**. @@ -127,7 +129,7 @@ Once the shortcut is created, you can copy it and distribute it to students. ## Related topics -[Take tests in Windows 10](take-tests-in-windows-10.md) +[Take tests in Windows](take-tests-in-windows-10.md) [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) diff --git a/windows/deployment/media/Windows10AutopilotFlowchart.pdf b/windows/deployment/media/Windows10AutopilotFlowchart.pdf deleted file mode 100644 index 5ab6f1c52e..0000000000 Binary files a/windows/deployment/media/Windows10AutopilotFlowchart.pdf and /dev/null differ diff --git a/windows/deployment/media/Windows10DeploymentConfigManager.pdf b/windows/deployment/media/Windows10DeploymentConfigManager.pdf deleted file mode 100644 index 3a4c5f022e..0000000000 Binary files a/windows/deployment/media/Windows10DeploymentConfigManager.pdf and /dev/null differ diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md index 18021d5a5d..f140db4d51 100644 --- a/windows/deployment/windows-10-deployment-posters.md +++ b/windows/deployment/windows-10-deployment-posters.md @@ -19,15 +19,15 @@ The following posters step through various options for deploying Windows 10 with ## Deploy Windows 10 with Autopilot -The Windows Autopilot poster is two pages in portrait mode (11x17). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10AutopilotFlowchart.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10Autopilotflowchart.vsdx) format. +The Windows Autopilot poster is two pages in portrait mode (11x17). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://download.microsoft.com/download/8/4/b/84b5e640-8f66-4b43-81a9-1c3b9ea18eda/Windows10AutopilotFlowchart.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10Autopilotflowchart.vsdx) format. -[![Deploy Windows 10 with Autopilot.](./media/windows10-autopilot-flowchart.png)](./media/Windows10AutopilotFlowchart.pdf) +[![Deploy Windows 10 with Autopilot.](./media/windows10-autopilot-flowchart.png)](https://download.microsoft.com/download/8/4/b/84b5e640-8f66-4b43-81a9-1c3b9ea18eda/Windows10AutopilotFlowchart.pdf) ## Deploy Windows 10 with Microsoft Endpoint Configuration Manager -The Configuration Manager poster is one page in landscape mode (17x11). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.vsdx) format. +The Configuration Manager poster is one page in landscape mode (17x11). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://download.microsoft.com/download/e/2/a/e2a70587-d3cc-4f1a-ba49-cfd724a1736b/Windows10DeploymentConfigManager.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.vsdx) format. -[![Deploy Windows 10 with Configuration Manager.](./media/windows10-deployment-config-manager.png)](./media/Windows10DeploymentConfigManager.pdf) +[![Deploy Windows 10 with Configuration Manager.](./media/windows10-deployment-config-manager.png)](https://download.microsoft.com/download/e/2/a/e2a70587-d3cc-4f1a-ba49-cfd724a1736b/Windows10DeploymentConfigManager.pdf) ## See also diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md index fa5d7a9ffd..c90d19fae5 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md @@ -20,7 +20,7 @@ Windows Autopatch is a cloud service for enterprise customers designed to keep e Windows Autopatch provides its service to enterprise customers, and properly administers customers' enrolled devices by using data from various sources. -The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages. The service also uses these Microsoft services to enable Windows Autopatch to provide IT as a Service (ITaaS) capabilities: +The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Microsoft Windows 10/11. The sources provide a comprehensive view of the devices that Windows Autopatch manages. | Data source | Purpose | | ------ | ------ | diff --git a/windows/hub/WaaS-infographic.pdf b/windows/hub/WaaS-infographic.pdf deleted file mode 100644 index cb1ef988a1..0000000000 Binary files a/windows/hub/WaaS-infographic.pdf and /dev/null differ diff --git a/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf b/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf deleted file mode 100644 index 557f45193a..0000000000 Binary files a/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf and /dev/null differ diff --git a/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf b/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf deleted file mode 100644 index d01542ed2b..0000000000 Binary files a/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf and /dev/null differ diff --git a/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf b/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf deleted file mode 100644 index 87110d6b3e..0000000000 Binary files a/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf and /dev/null differ diff --git a/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf b/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf deleted file mode 100644 index 8d04e66910..0000000000 Binary files a/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf and /dev/null differ diff --git a/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf b/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf deleted file mode 100644 index 86529c1665..0000000000 Binary files a/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf and /dev/null differ diff --git a/windows/media/ModernSecureDeployment/WindowsServicing.pdf b/windows/media/ModernSecureDeployment/WindowsServicing.pdf deleted file mode 100644 index 19a419e3a9..0000000000 Binary files a/windows/media/ModernSecureDeployment/WindowsServicing.pdf and /dev/null differ diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index cfab29e74f..b42e9b004b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -100,6 +100,7 @@ For errors listed in this table, contact Microsoft Support for assistance. | 0x801C03F1 | ​There is no UPN in the token. | | ​0x801C044C | There is no core window for the current thread. | | 0x801c004D | DSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request Azure Active Directory token for provisioning. Unable to enroll a device to use a PIN for login. | +| 0xCAA30193 | HTTP 403 Request Forbidden: it means request left the device, however either Server, proxy or firewall generated this response. | ## Related topics diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md index f85611c594..fe15669214 100644 --- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md +++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md @@ -49,7 +49,7 @@ The general steps for expanding the S mode base policy on your Intune-managed de - Create a new base policy using [New-CIPolicy](/powershell/module/configci/new-cipolicy?view=win10-ps&preserve-view=true) ```powershell - New-CIPolicy -MultiplePolicyFormat -ScanPath -UserPEs -FilePath "\SupplementalPolicy.xml" -Level Publisher -Fallback Hash + New-CIPolicy -MultiplePolicyFormat -ScanPath -UserPEs -FilePath "\SupplementalPolicy.xml" -Level FilePublisher -Fallback SignedVersion,Publisher,Hash ``` - Change it to a supplemental policy using [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo?view=win10-ps&preserve-view=true) diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md index 8b30f46fa9..ca600a98a7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md @@ -59,7 +59,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these 4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. ```powershell - New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings + New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings ``` > [!NOTE] diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index c15d853296..b81414e10f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -126,13 +126,13 @@ Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC ### Software Publisher Based Deny Rule ```Powershell -$DenyRules += New-CIPolicyRule -Level FilePublisher -DriverFilePath -Deny -Fallback FileName,Hash +$DenyRules += New-CIPolicyRule -Level FilePublisher -DriverFilePath -Fallback SignedVersion,Publisher,Hash -Deny ``` ### Software Attributes Based Deny Rule ```Powershell -$DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath -Deny -Fallback Hash +$DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath -Fallback Hash -Deny ``` ### Hash Based Deny Rule diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md index 65565ec200..cfea5dc30f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance author: jsuther1974 -ms.reviewer: isbrahm +ms.reviewer: jgeurten ms.author: dansimp manager: dansimp ms.date: 02/28/2018 @@ -49,7 +49,9 @@ To create a catalog file, you use a tool called **Package Inspector**. You must 2. Start Package Inspector, and then start scanning a local drive, for example, drive C: - `PackageInspector.exe Start C:` + ```powershell + PackageInspector.exe Start C: + ``` > [!NOTE] > Package inspector can monitor installations on any local drive. Specify the appropriate drive on the local computer. @@ -77,13 +79,12 @@ To create a catalog file, you use a tool called **Package Inspector**. You must For the last command, which stops Package Inspector, be sure to type the drive letter of the drive you have been scanning, for example, C:. - `$ExamplePath=$env:userprofile+"\Desktop"` - - `$CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"` - - `$CatDefName=$ExamplePath+"\LOBApp.cdf"` - - `PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName` + ```powershell + $ExamplePath=$env:userprofile+"\Desktop" + $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat" + $CatDefName=$ExamplePath+"\LOBApp.cdf" + PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName + ``` >[!NOTE] >Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries' hash values. @@ -125,15 +126,18 @@ To sign the existing catalog file, copy each of the following commands into an e 1. Initialize the variables that will be used. Replace the *$ExamplePath* and *$CatFileName* variables as needed: - `$ExamplePath=$env:userprofile+"\Desktop"` - - `$CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"` + ```powershell + $ExamplePath=$env:userprofile+"\Desktop" + $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat" + ``` 2. Import the code signing certificate that will be used to sign the catalog file. Import it to the signing user's personal store. 3. Sign the catalog file with Signtool.exe: - ` sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName` + ```powershell + sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName + ``` >[!NOTE] >The *<Path to signtool.exe>* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file. @@ -156,16 +160,20 @@ After the catalog file is signed, add the signing certificate to a WDAC policy, 1. If you haven't already verified the catalog file digital signature, right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with the algorithm you expect. -2. If you already have an XML policy file that you want to add the signing certificate to, skip to the next step. Otherwise, use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a Windows Defender Application Control policy that you'll later merge into another policy (not deploy as-is). This example creates a policy called **CatalogSignatureOnly.xml** in the location **C:\\PolicyFolder**: +2. If you already have an XML policy file that you want to add the signing certificate to, skip to the next step. Otherwise, use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a Windows Defender Application Control policy that you will later merge into another policy (not deploy as-is). This example creates a policy called **CatalogSignatureOnly.xml** in the location **C:\\PolicyFolder** by scanning the system and allowlisting by signer and original filename: - `New-CIPolicy -Level PcaCertificate -FilePath C:\PolicyFolder\CatalogSignatureOnly.xml –UserPEs` + ```powershell + New-CIPolicy -Level FilePublisher -FilePath C:\PolicyFolder\CatalogSignatureOnly.xml –UserPEs -MultiplePolicyFormat -Fallback SignedVersion,Publisher,Hash + ``` > [!NOTE] > Include the **-UserPEs** parameter to ensure that the policy includes user mode code integrity. -3. Use [Add-SignerRule](/powershell/module/configci/add-signerrule) to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `` and ``: +3. Use [Add-SignerRule](/powershell/module/configci/add-signerrule) to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `` and ``: - `Add-SignerRule -FilePath -CertificatePath -User` + ```powershell + Add-SignerRule -FilePath -CertificatePath -User + ``` If you used step 2 to create a new WDAC policy, and want information about merging policies together, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md). diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md index dbe28e8b2a..b3cffd3fb8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md @@ -56,19 +56,19 @@ Prior to Windows 10 1903, Windows Defender Application Control only supported a In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in [New-CIPolicy](/powershell/module/configci/new-cipolicy?preserve-view=true&view=win10-ps) results in 1) unique GUIDs being generated for the policy ID and 2) the policy type being specified as base. The below example describes the process of creating a new policy in the multiple policy format. ```powershell -New-CIPolicy -MultiplePolicyFormat -ScanPath "" -UserPEs -FilePath ".\policy.xml" -Level Publisher -Fallback Hash +New-CIPolicy -MultiplePolicyFormat -ScanPath "" -UserPEs -FilePath ".\policy.xml" -Level FilePublisher -Fallback SignedVersion,Publisher,Hash ``` Optionally, you can choose to make the new base policy allow for supplemental policies. ```powershell -Set-RuleOption -FilePath -Option 17 +Set-RuleOption -FilePath ".\policy.xml" -Option 17 ``` For signed base policies to allow for supplemental policies, make sure that supplemental signers are defined. Use the **Supplemental** switch in **Add-SignerRule** to provide supplemental signers. ```powershell -Add-SignerRule -FilePath -CertificatePath [-Kernel] [-User] [-Update] [-Supplemental] [-Deny] [] +Add-SignerRule -FilePath ".\policy.xml" -CertificatePath [-Kernel] [-User] [-Update] [-Supplemental] [-Deny] ``` ### Supplemental policy creation @@ -79,12 +79,9 @@ In order to create a supplemental policy, begin by creating a new policy in the - "BasePolicyToSupplementPath": path to base policy file that the supplemental policy applies to ```powershell -Set-CIPolicyIdInfo [-FilePath] [-PolicyName ] [-SupplementsBasePolicyID ] [-BasePolicyToSupplementPath ] [-ResetPolicyID] [-PolicyId ] [] +Set-CIPolicyIdInfo -FilePath ".\supplemental_policy.xml" [-SupplementsBasePolicyID ] [-BasePolicyToSupplementPath ] -PolicyId -PolicyName ``` -> [!NOTE] -> **ResetPolicyId** reverts a supplemental policy to a base policy, and resets the policy GUIDs back to a random GUID. - ### Merging policies When you're merging policies, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID \, then regardless of what the GUIDs and types are for any subsequent policies, the merged policy will be a base policy with ID \.