From 75d4c0e98a422e27e090e519fccc3c6f18062cee Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 28 Jul 2016 15:59:21 -0700 Subject: [PATCH 01/16] what's new changes for WSFB --- windows/manage/TOC.md | 1 + ...-up-windows-store-for-business-overview.md | 10 +- .../windows-store-for-business-overview.md | 277 ++++++++++++++++++ ...ts-new-windows-10-version-1507-and-1511.md | 8 + .../windows-store-for-business-overview.md | 1 + 5 files changed, 294 insertions(+), 3 deletions(-) create mode 100644 windows/manage/windows-store-for-business-overview.md diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md index 8b79eb4ff0..29e5c3e336 100644 --- a/windows/manage/TOC.md +++ b/windows/manage/TOC.md @@ -38,6 +38,7 @@ ## [Application development for Windows as a service](application-development-for-windows-as-a-service.md) ## [Windows Store for Business](windows-store-for-business.md) ### [Sign up and get started](sign-up-windows-store-for-business-overview.md) +####[Windows Store for Business overview](windows-store-for-business-overview.md) #### [Prerequisites for Windows Store for Business](prerequisites-windows-store-for-business.md) #### [Sign up for Windows Store for Business](sign-up-windows-store-for-business.md) #### [Roles and permissions in the Windows Store for Business](roles-and-permissions-windows-store-for-business.md) diff --git a/windows/manage/sign-up-windows-store-for-business-overview.md b/windows/manage/sign-up-windows-store-for-business-overview.md index 7a391739cc..5a85ddec8a 100644 --- a/windows/manage/sign-up-windows-store-for-business-overview.md +++ b/windows/manage/sign-up-windows-store-for-business-overview.md @@ -36,18 +36,22 @@ IT admins can sign up for the Windows Store for Business, and get started workin +

[Windows Store for Business overview](windows-store-for-business-overview.md)

+

Learn about Windows Store for Business.

+ +

[Prerequisites for Windows Store for Business](prerequisites-windows-store-for-business.md)

There are a few prerequisites for using Store for Business.

- +

[Sign up for Windows Store for Business](sign-up-windows-store-for-business.md)

Before you sign up for Store for Business, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD account and directory as part of the sign up process.

- +

[Roles and permissions in the Windows Store for Business](roles-and-permissions-windows-store-for-business.md)

The first person to sign in to Store for Business must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.

- +

[Settings reference: Windows Store for Business](settings-reference-windows-store-for-business.md)

The Store for Business has a group of settings that admins use to manage the store.

diff --git a/windows/manage/windows-store-for-business-overview.md b/windows/manage/windows-store-for-business-overview.md new file mode 100644 index 0000000000..e2a222e6ee --- /dev/null +++ b/windows/manage/windows-store-for-business-overview.md @@ -0,0 +1,277 @@ +--- +title: Windows Store for Business overview (Windows 10) +description: With the new Windows Store for Business, organizations can make volume purchases of Windows apps. +ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C +ms.prod: w10 +ms.pagetype: store, mobile +ms.mktglfcycl: manage +ms.sitesec: library +author: TrudyHa +--- + +# Windows Store for Business overview + + +**Applies to** + +- Windows 10 +- Windows 10 Mobile + +With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps. + +## Features + + +Organizations of any size can benefit from using the Store for Business provides: + +- **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Businessare available to you, or you can integrate the Store for Businesswith management tools, for greater control over access to apps and app updates. You can use existing work or school accounts. + +- **Bulk app acquisition** - Acquire apps in volume from the Store for Business. + +- **Private store** - Curate a private store for your business that’s easily available from any Windows 10 device. + +- **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices: + + - Distribute through Store for Business services. You can assign apps to individual employees, or make apps available to all employees in your private store. + + - Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images. + + - Offline licensing model allows you to distribute apps without connecting to Store services, and for managing images. + +- **Line-of-business apps** - Privately add and distribute your internal line-of-business apps using any of the distribution options. + +- **App license management**: Admins can reclaim and reuse app licenses. Online and offline licenses allow you to customize how you decide to deploy apps. + +- **Up-to-date apps** - The Store for Business manages the update process for apps with online licenses. Apps are automatically updated so you are always current with the most recent software updates and product features. Store for Business apps also uninstall cleanly, without leaving behind extra files, for times when you need to switch apps for specific employees. + +## Prerequisites + + +You'll need this software to work with the Store for Business. + +### Required + +- IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox. + +- Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device. + +Microsoft Azure Active Directory (AD) accounts for your employees: + +- Admins need Azure AD accounts to sign up for the Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses. + +- Employees need Azure AD account when they access Store for Business content from Windows devices. + +- If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account + +- For offline-licensed apps, Azure AD accounts are not required for employees. + +For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611). + +### Optional + +While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. A couple of things to note about management tools: + +- Need to integrate with Windows 10 management framework and Azure AD. + +- Need to sync with the Store for Business inventory to distribute apps. + +## How does the Store for Business work? + + +### Sign up! + +The first step for getting your organization started with the Store for Business is signing up. To sign up for the Business store, you need an Azure AD account and you must be a Global Administrator for your organization. + +For more information, see [Sign up for the Store for Business](../manage/sign-up-windows-store-for-business.md). + +### Set up + +After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions. + + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PermissionAccount settingsAcquire appsDistribute appsDevice Guard signing

Admin

X

X

X

Purchaser

X

X

Device Guard signer

X

+ + + +In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md). + +Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with the Store for Business. + +### Get apps and content + +Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. + +**App types** -- These app types are supported in the Store for Business: + +- Universal Windows Platform apps + +- Universal Windows apps, by device: Phone, Surface Hub, IOT devices , HoloLens + +Apps purchased from the Store for Business only work on Windows 10 devices. + +Line-of-business (LOB) apps are also supported via the Business store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization. These apps can be distributed using the distribution methods discussed in this topic. For more information, see Working with Line-of-Business apps. + +**App licensing model** + +The Business store supports two options to license apps: online and offline. **Online** licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require users and devices to connect to the Store for Business service to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. + +For more information, see [Apps in the Store for Business](../manage/apps-in-windows-store-for-business.md#licensing-model). + +### Distribute apps and content + +App distribution is handled through two channels, either through the Store for Business, or using a management tool. You can use either or both distribution methods in your organization. + +**Using the Store for Business** – Distribution options for the Store for Business: + +- Email link – After purchasing an app, admins can send employees a link in an email message. Employees can click the link to install the app. + +- Curate private store for all employees – A private store can include content you’ve purchased from the Store, and your line-of-business apps that you’ve submitted to the Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed. + +- To use the options above users must be signed in with an Azure AD account on a Windows 10 device. + +**Using a management tool** – For larger organizations that might want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options: + +- Scoped content distribution – Ability to scope content distribution to specific groups of employees. + +- Install apps for employees – Employees are not responsible for installing apps. Management tool installs apps for employees. + +Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps. + +For more information, see [Distribute apps to your employees from the Store for Business](../manage/distribute-apps-to-your-employees-windows-store-for-business.md). + +### Manage Store for Business settings and content + +Once you are signed up with the Business store and have purchased apps, Admins can manage Store for Business settings and inventory. + +**Manage Store for Business settings** + +- Assign and change roles for employees or groups + +- Device Guard signing + +- Register a management server to deploy and install content + +- Manage relationships with LOB publishers + +- Manage offline licenses + +- Update the name of your private store + +**Manage inventory** + +- Assign app licenses to employees + +- Reclaim and reassign app licenses + +- Manage app updates for all apps, or customize updates for each app. Online apps will automatically update from the Store. Offline apps can be updated using a management server. + +- Download apps for offline installs + +For more information, see [Manage settings in the Store for Business](../manage/manage-settings-windows-store-for-business.md) and [Manage apps](../manage/manage-apps-windows-store-for-business-overview.md). + +## Supported markets + + +Store for Business is currently available in these markets. + +|Country or locale|Paid apps|Free apps| +|-----------------|---------|---------| +|Argentina|X|X| +|Australia|X|X| +|Austria|X|X| +|Belgium (Dutch, French)|X|X| +|Brazil| |X| +|Canada (English, French)|X|X| +|Chile|X|X| +|Columbia|X|X| +|Croatia|X|X| +|Czech Republic|X|X| +|Denmark|X|X| +|Finland|X|X| +|France|X|X| +|Germany|X|X| +|Greece|X|X| +|Hong Kong SAR|X|X| +|Hungary|X|X| +|India| |X| +|Indonesia|X|X| +|Ireland|X|X| +|Italy|X|X| +|Japan|X|X| +|Malaysia|X|X| +|Mexico|X|X| +|Netherlands|X|X| +|New Zealand|X|X| +|Norway|X|X| +|Philippines|X|X| +|Poland|X|X| +|Portugal|X|X| +|Romania|X|X| +|Russia| |X| +|Singapore|X|X| +|Slovakia|X|X| +|South Africa|X|X| +|Spain|X|X| +|Sweden|X|X| +|Switzerland (French, German)|X|X| +|Taiwan| |X| +|Thailand|X|X| +|Turkey|X|X| +|Ukraine| |X| +|United Kingdom|X|X| +|United States|X|X| +|Vietnam|X|X| + +## ISVs and the Store for Business + + +Developers in your organization, or ISVs can create content specific to your organization. In the Store for Business, we call these app line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this: + +- Admin invites devs to be LOB publishers for your organization. These devs can be internal devs, or external ISVs. + +- LOB publishers accept the invitation, develop apps, and submits the app to the Windows Dev Center. LOB publishers use Enterprise associations when submitting the app to make the app exclusive to your organization. + +- Admin adds the app to Store for Business inventory. + +Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in the Store for Business. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in the Store for Business will work only on Windows 10. + +For more information on line-of-business apps, see [Working with Line-of-Business apps](../manage/working-with-line-of-business-apps.md). diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 0221cdb67d..1e0c6c19dd 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -298,6 +298,14 @@ A standard, customized Start layout can be useful on devices that are common to Administrators can also use mobile device management (MDM) or Group Policy to disable the use of [Windows Spotlight on the lock screen](../manage/windows-spotlight.md). +### Windows Store for Business +**New in Windows 10, version 1511** + +With the Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps. + +For more information, see [Windows Store for Business overview](../manage/windows-store-for-business-overview.md). + + ## Updates Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. diff --git a/windows/whats-new/windows-store-for-business-overview.md b/windows/whats-new/windows-store-for-business-overview.md index e1934201c2..e5f822783a 100644 --- a/windows/whats-new/windows-store-for-business-overview.md +++ b/windows/whats-new/windows-store-for-business-overview.md @@ -6,6 +6,7 @@ ms.prod: w10 ms.pagetype: store, mobile ms.mktglfcycl: manage ms.sitesec: library +redirect: author: TrudyHa --- From 841481294fbde0ea09a6974046dcecb4c5f33b50 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 28 Jul 2016 16:36:09 -0700 Subject: [PATCH 02/16] WSFB WN redirect work --- .../windows-store-for-business-overview.md | 278 +----------------- 1 file changed, 1 insertion(+), 277 deletions(-) diff --git a/windows/whats-new/windows-store-for-business-overview.md b/windows/whats-new/windows-store-for-business-overview.md index e5f822783a..abb7c7f8f3 100644 --- a/windows/whats-new/windows-store-for-business-overview.md +++ b/windows/whats-new/windows-store-for-business-overview.md @@ -6,282 +6,6 @@ ms.prod: w10 ms.pagetype: store, mobile ms.mktglfcycl: manage ms.sitesec: library -redirect: +redirect_url: https://technet.microsoft.com/itpro/windows/manage/windows-store-for-business-overview author: TrudyHa --- - -# Windows Store for Business overview - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps. - -## Features - - -Organizations of any size can benefit from using the Store for Business provides: - -- **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Businessare available to you, or you can integrate the Store for Businesswith management tools, for greater control over access to apps and app updates. You can use existing work or school accounts. - -- **Bulk app acquisition** - Acquire apps in volume from the Store for Business. - -- **Private store** - Curate a private store for your business that’s easily available from any Windows 10 device. - -- **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices: - - - Distribute through Store for Business services. You can assign apps to individual employees, or make apps available to all employees in your private store. - - - Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images. - - - Offline licensing model allows you to distribute apps without connecting to Store services, and for managing images. - -- **Line-of-business apps** - Privately add and distribute your internal line-of-business apps using any of the distribution options. - -- **App license management**: Admins can reclaim and reuse app licenses. Online and offline licenses allow you to customize how you decide to deploy apps. - -- **Up-to-date apps** - The Store for Business manages the update process for apps with online licenses. Apps are automatically updated so you are always current with the most recent software updates and product features. Store for Business apps also uninstall cleanly, without leaving behind extra files, for times when you need to switch apps for specific employees. - -## Prerequisites - - -You'll need this software to work with the Store for Business. - -### Required - -- IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox. - -- Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device. - -Microsoft Azure Active Directory (AD) accounts for your employees: - -- Admins need Azure AD accounts to sign up for the Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses. - -- Employees need Azure AD account when they access Store for Business content from Windows devices. - -- If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account - -- For offline-licensed apps, Azure AD accounts are not required for employees. - -For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611). - -### Optional - -While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. A couple of things to note about management tools: - -- Need to integrate with Windows 10 management framework and Azure AD. - -- Need to sync with the Store for Business inventory to distribute apps. - -## How does the Store for Business work? - - -### Sign up! - -The first step for getting your organization started with the Store for Business is signing up. To sign up for the Business store, you need an Azure AD account and you must be a Global Administrator for your organization. - -For more information, see [Sign up for the Store for Business](../manage/sign-up-windows-store-for-business.md). - -### Set up - -After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PermissionAccount settingsAcquire appsDistribute appsDevice Guard signing

Admin

X

X

X

Purchaser

X

X

Device Guard signer

X

- -  - -In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md). - -Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with the Store for Business. - -### Get apps and content - -Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. - -**App types** -- These app types are supported in the Store for Business: - -- Universal Windows Platform apps - -- Universal Windows apps, by device: Phone, Surface Hub, IOT devices , HoloLens - -Apps purchased from the Store for Business only work on Windows 10 devices. - -Line-of-business (LOB) apps are also supported via the Business store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization. These apps can be distributed using the distribution methods discussed in this topic. For more information, see Working with Line-of-Business apps. - -**App licensing model** - -The Business store supports two options to license apps: online and offline. **Online** licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require users and devices to connect to the Store for Business service to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. - -For more information, see [Apps in the Store for Business](../manage/apps-in-windows-store-for-business.md#licensing-model). - -### Distribute apps and content - -App distribution is handled through two channels, either through the Store for Business, or using a management tool. You can use either or both distribution methods in your organization. - -**Using the Store for Business** – Distribution options for the Store for Business: - -- Email link – After purchasing an app, admins can send employees a link in an email message. Employees can click the link to install the app. - -- Curate private store for all employees – A private store can include content you’ve purchased from the Store, and your line-of-business apps that you’ve submitted to the Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed. - -- To use the options above users must be signed in with an Azure AD account on a Windows 10 device. - -**Using a management tool** – For larger organizations that might want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options: - -- Scoped content distribution – Ability to scope content distribution to specific groups of employees. - -- Install apps for employees – Employees are not responsible for installing apps. Management tool installs apps for employees. - -Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps. - -For more information, see [Distribute apps to your employees from the Store for Business](../manage/distribute-apps-to-your-employees-windows-store-for-business.md). - -### Manage Store for Business settings and content - -Once you are signed up with the Business store and have purchased apps, Admins can manage Store for Business settings and inventory. - -**Manage Store for Business settings** - -- Assign and change roles for employees or groups - -- Device Guard signing - -- Register a management server to deploy and install content - -- Manage relationships with LOB publishers - -- Manage offline licenses - -- Update the name of your private store - -**Manage inventory** - -- Assign app licenses to employees - -- Reclaim and reassign app licenses - -- Manage app updates for all apps, or customize updates for each app. Online apps will automatically update from the Store. Offline apps can be updated using a management server. - -- Download apps for offline installs - -For more information, see [Manage settings in the Store for Business](../manage/manage-settings-windows-store-for-business.md) and [Manage apps](../manage/manage-apps-windows-store-for-business-overview.md). - -## Supported markets - - -Store for Business is currently available in these markets. - -|Country or locale|Paid apps|Free apps| -|-----------------|---------|---------| -|Argentina|X|X| -|Australia|X|X| -|Austria|X|X| -|Belgium (Dutch, French)|X|X| -|Brazil| |X| -|Canada (English, French)|X|X| -|Chile|X|X| -|Columbia|X|X| -|Croatia|X|X| -|Czech Republic|X|X| -|Denmark|X|X| -|Finland|X|X| -|France|X|X| -|Germany|X|X| -|Greece|X|X| -|Hong Kong SAR|X|X| -|Hungary|X|X| -|India| |X| -|Indonesia|X|X| -|Ireland|X|X| -|Italy|X|X| -|Japan|X|X| -|Malaysia|X|X| -|Mexico|X|X| -|Netherlands|X|X| -|New Zealand|X|X| -|Norway|X|X| -|Philippines|X|X| -|Poland|X|X| -|Portugal|X|X| -|Romania|X|X| -|Russia| |X| -|Singapore|X|X| -|Slovakia|X|X| -|South Africa|X|X| -|Spain|X|X| -|Sweden|X|X| -|Switzerland (French, German)|X|X| -|Taiwan| |X| -|Thailand|X|X| -|Turkey|X|X| -|Ukraine| |X| -|United Kingdom|X|X| -|United States|X|X| -|Vietnam|X|X| - -## ISVs and the Store for Business - - -Developers in your organization, or ISVs can create content specific to your organization. In the Store for Business, we call these app line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this: - -- Admin invites devs to be LOB publishers for your organization. These devs can be internal devs, or external ISVs. - -- LOB publishers accept the invitation, develop apps, and submits the app to the Windows Dev Center. LOB publishers use Enterprise associations when submitting the app to make the app exclusive to your organization. - -- Admin adds the app to Store for Business inventory. - -Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in the Store for Business. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in the Store for Business will work only on Windows 10. - -For more information on line-of-business apps, see [Working with Line-of-Business apps](../manage/working-with-line-of-business-apps.md). - -  - -  - - - - - From 5fe01fab0cd7cb1ec91ea0d6bf307242127665b7 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 28 Jul 2016 17:22:17 -0700 Subject: [PATCH 03/16] added link at bottom --- windows/plan/windows-10-servicing-options.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/plan/windows-10-servicing-options.md b/windows/plan/windows-10-servicing-options.md index 6ac55f7ffc..de610fd342 100644 --- a/windows/plan/windows-10-servicing-options.md +++ b/windows/plan/windows-10-servicing-options.md @@ -72,6 +72,7 @@ Windows 10 enables organizations to fulfill the desire to provide users with the ## Related topics +[Windows 10 release information](https://technet.microsoft.com/windows/release-info)
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
[Windows 10 compatibility](windows-10-compatibility.md)
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) \ No newline at end of file From 3ca92201945004a740c1d25b96d73c8343ad7023 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 29 Jul 2016 08:30:53 -0700 Subject: [PATCH 04/16] Pulled beta slug and added server 2016 to parent topic --- browsers/edge/Index.md | 6 +++--- browsers/edge/available-policies.md | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index ab4caaef1d..3bca7ff3af 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -12,9 +12,9 @@ title: Microsoft Edge - Deployment Guide for IT Pros (Microsoft Edge for IT Pros **Applies to:** -- Windows 10 -- Windows 10 Mobile - +- Windows 10 +- Windows 10 Mobile +- Windows Server 2016 Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities. diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 8b2cf5059e..1b28328f38 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -16,8 +16,6 @@ title: Available policies for Microsoft Edge (Microsoft Edge for IT Pros) - Windows 10 Mobile - Windows Server 2016 -[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] - Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. From 3edbcde27014d128bfe9cd70f1fcbd53b33d4aee Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 29 Jul 2016 08:37:10 -0700 Subject: [PATCH 05/16] Updated change history to be more clear about what changed --- browsers/edge/change-history-for-microsoft-edge.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index 8295d7bbd5..1be3d42b37 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -14,7 +14,7 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th ## July 2016 |New or changed topic | Description | |----------------------|-------------| -|[Microsoft Edge - Deployment Guide for IT Pros](index.md)| Updated to include support for Windows Server 2016 and a note about the Long Term Servicing Branch (LTSB) | +|[Microsoft Edge - Deployment Guide for IT Pros](index.md)| Updated various topics to include support for Windows Server 2016 and a note about the Long Term Servicing Branch (LTSB) | ## June 2016 From 3c6c6a4ade72cf0ffd0047d1add193f1655cfd00 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 29 Jul 2016 09:02:15 -0700 Subject: [PATCH 06/16] adding link to SCM 4.0 --- windows/keep-secure/windows-security-baselines.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/windows-security-baselines.md b/windows/keep-secure/windows-security-baselines.md index d9f379c2a6..59dc7cc5af 100644 --- a/windows/keep-secure/windows-security-baselines.md +++ b/windows/keep-secure/windows-security-baselines.md @@ -31,18 +31,22 @@ In modern organizations, the security threat landscape is constantly evolving. I To help faster deployments and increase the ease of managing Windows, Microsoft provides customers with security baselines that are available in formats that can be consumed, such as Group Policy Objects backups. - ## How can you use security baselines? +## How can you use security baselines? You can use security baselines to: - Ensure that user and device configuration settings are compliant with the baseline. - Set configuration settings. For example, you can use Group Policy, System Center Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. + + > [!NOTE] + > Microsoft Security Compliance Manager 4.0 is available from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53353). - ## Where can I get the security baselines? +## Where can I get the security baselines? Here's a list of security baselines that are currently available. - > **Note:** If you want to know what has changed with each security baseline, or if you want to stay up-to-date on what’s happening with them, check out the [Microsoft Security Guidance](http://blogs.technet.microsoft.com/secguide) blog. + > [!NOTE] + > If you want to know what has changed with each security baseline, or if you want to stay up-to-date on what’s happening with them, check out the [Microsoft Security Guidance](http://blogs.technet.microsoft.com/secguide) blog. ### Windows 10 security baselines From 6d592961df17fda23e02f584e7648779f00d364e Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 29 Jul 2016 09:09:15 -0700 Subject: [PATCH 07/16] comment out phone sign-in --- windows/whats-new/whats-new-windows-10-version-1607.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index bb0c229571..8a9d9319a1 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -20,7 +20,7 @@ Below is a list of some of the new and updated features in Windows 10, version 1 ### Windows Imaging and Configuration Designer (ICD) -In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) +In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) Windows ICD now includes simplified workflows for creating provisioning packages: @@ -44,7 +44,7 @@ Additional changes for Windows Hello in Windows 10, version 1607: - Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. - Group Policy for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. -- Users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. + [Learn more about Windows Hello for Business.](../keep-secure/manage-identity-verification-using-microsoft-passport.md) From d849de10d29b431ed1dbe825e3bd1888be0ac52a Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 29 Jul 2016 09:28:24 -0700 Subject: [PATCH 08/16] fix notes, add screenshot --- windows/deploy/images/adk-install.png | Bin 0 -> 66296 bytes .../provision-pcs-for-initial-deployment.md | 12 +++++++----- .../provision-pcs-with-apps-and-certificates.md | 12 +++++++----- windows/deploy/provisioning-packages.md | 12 ++++++++---- 4 files changed, 22 insertions(+), 14 deletions(-) create mode 100644 windows/deploy/images/adk-install.png diff --git a/windows/deploy/images/adk-install.png b/windows/deploy/images/adk-install.png new file mode 100644 index 0000000000000000000000000000000000000000..c087d3bae54145d5462b285d5b7aba746c596d9b GIT binary patch literal 66296 zcmc$_gL5Wdv;~@(*iI&x*!p7Iwr$(CZB49+ZQD*Jw(aDL^YXj*{t55ZTUFg%r>l;3 zpWbKhwYnqZWyRoOuwg(zK;R|Bg%v?SesY3<{3wR{`F+RxZX)aZ^213{Oc11c8u#?O z0A?m2BLD(Y7YF-p0RCNuwinlM0s%o7`0w~JVpnPm0`gTXAuOQmu6vOU?v25QKZ3t9 z>^-Uv=VsO_1ly=w3ahA@SByp_@Ae-s&#wN%*3s1Fy>c!5lPpEYHF+*;+QjBzqSxI7 zUz(IX0|SHW6GE))bov195q(%&%AU5i_U6XsHq^U4@C*0qX!rDB_tA~ZOb(DP{EnV4 zE>PAV0tU|G*Z-M#%<)}=W75D@gk69aZ|MzatJ_03IRhN7Ms)a^+3o)csLA0acE7!d ziaP$}1>Wtojr^6JO-zFA5>|u~fssU~Bc-e(plv3gMR59`?puhoEnE}R8miKFqQ>7F z*<5|X-~142sHP7Lim1ItvSII4$s7q3X)6VZ)Nc}|Wc1OD)Vp&r;io?rddSt`L&EaJ3am~cKE zDp=Nk0P{bCP)#2=IP0pWA*bXbWH#$FAq~bT89_HA>qLhC-$4QqTYDs`9g_;9m{7M} zC-%LQwGVkstM@$RKa)vgVi@)bjiwqPQ{*)Aj$_R2I`}Bn9B+pgG8(oBQZfSBRACTP~%qPR;q({@UWQtnDjH{<*Sa4n4yH3C$u)>msUbl5hSmI z$!cB3M8QY*+aUgE|6=LT)H_XMts`%k*n?dnwG$| z0ZcpN^jo>`alUZ&r^)`Zp7#$P+r=V}xa&^jOB>*vV@fVIEPmd2XAzECsq*~m!w-GC zA9}B9juysL6A?y^k274)Z*otp?Nj1c$Vf1LE2|ciKTynOxEE)pBd4XqCGT7EO2{AK z6nyqmwV|n}hRKOFmF;I)1^p823Cj*1!syW4@%O+)>Z>XMa zAe$urypiSRj1(AtKa^eerv*g5_vd}YZNCQ7x2cg^tc)QE{LBpbii0bB1y`uAFf?l3 zdUk3CJ_`xkeAQwu@po6fB4!>|VwPea@w+2$2Kk82+lpk zYH-ZSDKDqbh5GPzCY7*4pN-lAYM;p>pW_;fmHh&s=R%Dz?Q!uHlfmJEjp~#N0by|* zM1@3l$a9flEJ`M^`)DZkGZoLlFezyCZLe&&mCk$G>ajVUHRtllC_3rCX}o-CZ3i?) z(ia04Th&ZwC~RjThe%Q}kCF*#H*T^PTQ`!^`=bZ@AASj%{Kij6%TZ5E(!@5E5O&?% z;Gw`&O@medKZUMkj#@B6M*T4?A;NQWDi=F7pf*b{3-i7jc3d*tmo7z4lEuo%x0VvO zfA(VooA)|6MDy)&6#Cir_L@U_DIL~XtF4Mqe$HSPjLLf^DzI5%DTn;1k-(*6{z(zu~=V6Y@b@;Dy73s?>pQ< z?*+ILB{_VAl1>(_P*0TZTroQf3Vu#*2GLM!nh1GqF>^&T_n6KDD*~|4Q_-6+lWL`U zgdEy0XY!!6^FX|xwur!tVp8_FJ8+*ZjzSzk%ob@=B?~zY4YJdmsxRn5GDaYofD{h{ zMl;!=R&rb_>=t#0BY}OkD<^|KO22Jjo;;XDSe2x8LAQr)A6Gp=ww9GKai4LrO;yLB zhE{swDS@xnGeuHg!NStrR#jETR@+t6GKv=Us!>=$V%$)*bHFDP(b!v9LJ?^UqR5wf z+EzUWIVl_YdZcb&%yR!V75CVyr;<=IH)vk6FM9ZzVBh^Jy4@tP7 z<8=)aXGSHO6x^-PQ5DjW4XFlftP1)B-0n|d|E(kkTd&+j!pi%|$~yfC)KgB_Lntm5 zlh?KMHfUw}64Lafg2_BqjDU7Ht-&oW1`E;?NFv&hQ&XN8gH)H>V+m#9f4A}?kY#!*s=pWiZFs=c3- zivqwkdG?742}w{FTcjkQs6FS5W+L#e8qh(6-YqH0l~Rm>C(BUJZ{}{aOGphIqM`gm zr)FYl8yWDJ10yQrS6qqR`tb&rcvi${1B&lK+?>61(f zi}*^(PtfvFLyV*20bB8N~WyhIQ}5V@V&D$Q>CSzqGl=42aFILwTa(gP?Nx#p#0 zGzVEoHYD!Lx=Y?sL$wfdVM)ovPPjXyT;5_sBdkm{(I(#yGcr3Yw&)(zTUS>r-h{`9}PYc1dt*S^7vH43RkulXUMPFSg3v!VEoaE|E2Y( z&<(C-fP{vH&EO@bk{&4A6@Y#hsI-R)zp}KkXF)d|J7>7!qBk6SJ_(OpF+TtE$9zrM zVU}f7L#|G57kyMYHGKCY_*L%|`Oy*vTl4N!S$i`2p~R-HS8D7;|GaRhDc{xdMC_*l z>21!%Uxcj#W&OT=j2u4I31HEG8RT`nwan|ZMJ5O8>NwsLzFim6h1O;f_B;GbdDF< z+|a#Y=%_Xl$-?A%M0dq9aRarOHyTvDB1G1-zK)*Ezs|zZclZ5$1(6nARlXC#W7WMO zW@GRd;Cw#1%+_Xgzi{7`68qt*Gcw(;v%4FbYe8%|zY!eXGiZavRHxYGcQmmteY#p# zvv}>-@fg|MWWg^_-+eSC9ub#VVvxw{+_YfG@jhUJmG-)4uCiCtvm#k;Ye4Ca*YcKc z;A`Mo+8>gOpoF82-6lD^->o@OeRzx41|uaGUExF8ZZX9YR~aZ+0ojw&WoK!(`;=%t zfEBSg&h7T}*m~{iG;zkRF^2c)kzH#eZ)1R=TRnc?FolQ5=NvNByCJU=>@b2gzq5iS zQ_>~euPU+{acetYlvd+TipISix9)OTSC(>Eh|0dvTtOsxrYZQ)gV(wDNmb82Y~*1o z*$zS45ryBoEADYHY25a7$)k^il%Y@ReK@%aDVSKzEAYI<+NoVtoHXZgLmiT5V8A(l zotBhf>jj*+R}2VY$iXXE?q>HMncZTgV|4CAf}SCBrW2vdB+ESl&B#GgQa~#kalT+o zuDBSC1R0v@I4OWdY1ku*y7x(U{mi>eOGs-)@&IoKj{V~?^;FK;IsiR{`E4oCwjogU z>KCeclPeIa>HRTuHW?<(05rdec!>(r>@{OxA+@lyl+@B%UYI)1FLn0L*ODyA>+162 z=jXS!wsv)morSfPuKom1LsCM|Z-RB3ZKhYvhzypRqTTug-%R;y5t52&zfMEMH12de z^>nhfNATLUJ=R9LjAr^gw%O&P#agp*vPMOen{|;GJ=m##FQq2820r*&u}#=PnVguE znwu)0W+c}9nx&%<4YNvV>F@^*aG6F!9(&=7q=P~z=aHl|MXMfixJIg)J6N<%lwm3iz+H6C%XWnnPyt%F}_VGTsuo4#oFO~ef!{@8|JRQ!bz#?->(_` z5~ij)M;H2};%%pd2@2)QJ}zQ4Q_>>$v#c)9H4ggbc9P-eEv)&!WH+&ydS%s{Gx3@j zW&FNZWEDk!v&$-?D35tJh~K#N60E|m$Jx+K7ELs_)qSRk_&PY`Ej|p6k_#4#&)~5A zUN|@eFj!Ml1L}+P^b$vFq~$x>kD6VrWppi#3ibk69u!z~Y4q@z#U}t#QPmW52R)yM zI{$zZD%#E#-M29SfV-IogHP8>Mnuq`;<}Csy0KIh&A!7eT&tG*cIHEJG*dIM3VQ9< z(TsGxUb**_JQZ!9<}>IGmY$8Qy~fta3;hh7mevPtRNP?mYVPpyQP&;vLgP7_>e1uQ z#8Iy#4(`? zH{nQq5~z0LzbUw;=%y(Y4D@p)Z-RuyBa`m=p$QdP#p1XNIk9w<1YjESkcR-=TQ^2S z4At`vW=w9L*WWFEwd4eOtt{|AP&FNuhYopO+q)cNb2o4z88scz%cA~%$u24P;ca`A zu#I)|a{(8ld9KrMSk``*{7)-t(6Q@R*g=9;v2;o}r^{JCf#zfCJI~aGnkkP^KOmqXll(+NOZpF_6Q%a5Ct*_{V zLBrz__6@`$=}BM)mfi2|=ku{Q0|$xIU02wIDW*u2z{XrXzNW`_6}-4suo1D5?iJU} zfP~1L$i&!8#kD~u^6}g31fBkVrcRf#vg&s5VT@xitGR8%ghq;S>B@%$Ew6MAt_fgY z22Tf_o>@tkjF^aol+59;jH7YCLyS0E2~$CfK+0RT^<-j4?2p4GJmYXZY#Zd9B)k)n zVVBEy3r5cNx3m@;f)qfhw0!qF`d=AS1xss@*2U`UYKV|bTuq;$DiRJzbn+oDvDAo# z^(7TUqn)U0*9|$?xwZF8jKq#cIAyfPCBhWgs@AstAy>+ByPf0R76!}6yY}gg(1~;I}PEbl%w7P?cLs|!~l$Oxvp(JX*G=`_0 z92&v5+Fx@txm6#hyLp6J6Odn^ccZ@Z;1p#O7q=;s+vwss4CI%L>i5AxW#txIWImr1 ztd{hQ+%?b$xqmp0j~|}%@%<#`Iw@%FiZ;)(6F{cMYTk_xzA(RwjtahG-tl&r7%14P z^76!l1eW=EhO)`dg36oqj6(P(_%m#5&2pIOB{J|+Ke9jcz^{(V#zph7qzbwC1;)A8 zQ1TQpu30^z9v^r&(cUU{9>?8cC`GOfuIIv3IZjP3d0i6ZX=r5KFH#A8I_pU?f|yk+ z^2?yTP4MvP#E9bKqNBfLi$^O7d$Jivrm7+3U#^G6`Ge@TL8DYk89O>rX11KdtFV_cG`e*lz>=msF{hFmLjbVV0UC;L`g(sM~f&q4$#WQC5YgQ#kCnHxuEmI{6>+)uAe9CMM*0D*5h3fB|+|dZJ+dM{9#dB$* zu@cb+a>~i`Yxx~E(|ApdBxZr*kU>gpTE*rzGPsCVR_`U_6b*$;3>| zUCl&QTUOFr#iaEtA0WZJhm-UeyZf}7w#j!OBi=6(f(NIgB zSw`Zsp^}(2WcOe9t7)Vvq^CBLsHVy2AxfPB_;X6S-^dRMLjI+(K;Pr7gG9+KH*pN< z?5Hmoykwdj1<1(Rj>~Vx5kE~zPwKkDQcoK=HXY~_lU}HZJ4i%yb_V9>8|ZqLqy|3Z zNMYW?);~7741jjsDPr<2_ipfA?-^Mt!TS#GBFssV7Y$+>i>>hV_z(CPWTs|g#=&uT zxgvY0$Sa}s)}B+d0E%4g(Fr+RPBjz_GMHbM|C+noT+*Oj;SN{v8C_%MV4m{#IBnAU zT9{e!I2?!mzREPmRtx3YsYHU39#`4RmV8lc10K|dvQ@d~PdiYTTs95q4% zs^o|g-<{XVAHvg`eMHGYYBASFS!be=PleWFTcUudL_{py?YK517!s;8xw<5tdU@v~ zF_FlQc}BaP&>inwx9ItDQdVr17k4lP6mFh=Tp%UnIKIGF%0ev?6&WNjjvP%%Tg=p1 zgdSR@YzDOKEWxb*;mV+9OtK%uBwgp@b9;<{AX2*>#&r0DMqGbB(1hq)CpX$hMZ(UG zN~OweJ-fcSUY8`ZFh3=oX*qFb7hwWJwSPFXr%o&127|gD&2^cmfn8<4ckc60(rlU| z3AAsm(OBF}9aAZ1emuHIG|8fQxP(i|)n08m3l+CA@OBmTOy3J((aTnAVrgPSH8Vky zq8@+TS&P)_P?DaS-wg1AwEf#{XRYE3p(%}=GW1eExQ$EdYi(##PV8_@#i1lFEN!c) z*a^Nol&khT<*roJ%G=x6UCGxIaSUJ|N=lw0vbvz%LuYZU^y{*bn~8Sg!|(!pv?l3I zgfxxB3tF2~l+aQm?P$v56Aikh_Aj475j&BZX;y0#VufSk#JC`fY|W64C)S^MYd^m! z4(PA>$zVyuEtZNI>JCm)QQGbf&$zcDJaNJDJnazk`3pWLwF+h?PA(o=;ivB{9IGNSMTT zS%sKVQ8f5mU0ppAw+g&k&rMBbSV8I6&M~D|o*^bSH#3D|I*$>e2O@GlE5R-AwbhvH zr)1+MWc*4x$p3t}iVCMGnu67OO|7q7+8X7j;URR5Q*&q=n=@FtyK{tykZ{mYkVOGX zP)gW!E;cjGsXQPej7h`*B5QZO?B7_i#(aE34uaX$^UcV}MKkRksaH*kMGnn^t!_5i z>|v>-W1bU^AZRPi)8VAN=9pVkxZ-d7qqDNvHP)^}p zk#W?t;q{n{k?+fdPRdB)OanW z(GRQ~;H1!XnO4RYvY`tDk7~k`=&L*MTWHM)baHXp6eafVZT$!GJOZMUjEWE#t}V0A z??v`2P^D2!ybt%_z-VT3WIEAMHoU{?LedJ%++RtU`&AVr=O>u)X{oK;Ooc{!C?7J7 z$!LX!hEAxUHiyEEl{_$vh6TUT@Rf8A=Uqv?Ia85RuBw2_s*qR+c=$>gyYIn?s$=8F zDZ8j5e|9A*%RX9^L_UYs(r|+Pp?l9kOqOuKhmUO3 zbK+nIYNp{&KN>aCRSC11tk0`3e2X$lP@Zhp%T+5Qve8Rhe=diZfKyk^$%^RblucHR z7dmc$&n_sLG7}6_>Z_SPctQ*_Q-Yl04Z4h}qBGuZR90zV^x$5lu)4%y@gPz;Aqo8t z2#n$(f?-I{#K{BpcTB<2rg^B`A0}i&XeNYVfUj2cHqW)YWeD-c{>77J;=)`Q+77Tx zQ)2+{0g#AzTL(FITrzfSXxqh`m<;48sv3haBT;73q#}v0qKb zJB*n=)F+JZD7g2(^13dPWFUBMT!t8_w#hc;NQ-cA0isa#Zgf48~=2 zS@VR>or?qO^a~M1qR-upgwUQ0|v9p?LAHI znZ4(jHy_e*j@G9rgi|oTsOx3wLejYwLN*%Cv7XhXk@3Z8dUbg6-}GKgFQNm2D%q#( z60a<)Ux!m;B=p_5IKR{lFjR9e1l@!z`H%$DgybL(KgxuB7>!I=#dHv}c*ICEgk#dD zbwXCk(a+<(T9n`54)VkPu3cm&C z`afaiLj{3q3DOdMi?Ct+kYtaReA3`sYSRAi^eq;t1`hn6=tJM~bA#)UikOau8t;Eq zp0GB*g*fAFjpVAx0@ zeVtnIEH7P6{~tb0@_y06ppvQm`VYAj-+k+UqY{L^t^dC|>Ob@yLjt~0_p|o^2J{<7 z;QnLi5Z@Sv0ZF2U`$jZ6$p6)+2Km2cRYCs$X-Ge0;@^d_mX3sjgTu%#!kz1HBCfrt zsHn6oxAub^%c``Jf|k@I2WjvK>zj>IPuf+N5=66v93_vu#~ z(p4pu!JFJ{Qq`CbIuEREt}`Pcl2OQPPF_0}WxL%#C^VrThiHNIkuj`yP#oowA zW#+2vN=(2l{*h8rMW|O8t6$uwDD-0B#hoNbtK;F>RT~W8DzmdKw z!I#S!I2H)=2fI(z19q=H8{yigsf51w`xyu+`2pn5p0I5`&Za8Ix%H4{T-gU9k2;Q@ zlbfF{zkp203T!dhq}JWT*J*EWC)Bm<;oLvo>XAE+3txJpR5|afM|PJk*i-z&4QXB{ ze=|;A4_^=UJ_GJ0#{M-T4%Cd!IAQvjgJRPwnN?rRhk0&~eNn1$>k*G^F_#fo_lQz2 zlNw($L?OICebK5JmD7m30RPDUAlxam(BFO{yb|0dnq*i(CUqxZ~p6 zvhhX7dsFb=is_7#ldLX(aV6xNS;$Ha_Fq07MXXy~R#5xrj4**CCbUJUHt;XNl}r=6 z9Kv<$uq&88x$Oc;%twb7-bDp=W@Twf(oSs(cAH@2s?gKIa$o%}ld4%=ypy{Jb1sy& zvB2|)w+bW}>N9ZA)EOdZRrM8H@{Ci0Wdg2eb($T31JB~3WAt~C%=;{r373Y}aet7^ zJx~UdU8OP0@pkE-S8TaBY%Lq>{E{+L<1N*tu&s@0E$fQ^^+TwgLn}abV^2}OC6r1N zYrm|T!fZF4EdVcNpR_P9&m2Vw{zIm$&l3j5bo!QOGvz6>KL63lJh=}EQs}pgiwsW` zcOVQg^HHz{j)j%E<*BB7iu0aas2LI0poECP+#;PT(q<066=HKjT1x7~Z~m5JPa#}* zmnPiOaB%RNELrEIUT?Sj;{5XZd=*>rJ44e} zx;b$L0o6V~uvHF)9euhgTQr?m?dH3x4gZG}VVnwT>@|!V$vfWy67=3hbvT6<6{{_ zZY=)}%=7=2S|liJYNZ@iX@MHIiIIcx30Rxw-UFaW(8Uu$~h_4NFRYcbN2>_Ala5LWRoyY77 zxOlFN#I{CwRxk{Wo+KKh{Er54v1T$ywN{qh8$8GYV3iQ7?`9oh7e{c-v?bwf3H9K~ z4KT3&)X=(eeO@S{cDxnNpWCA!V|>rY;CqX><>jSp3rtR|40}Wi*lZb^*F^5Zl9?0r zZQ;uX`kNwDrp@%mT$38L_nK1*RPPzsC(Ys&X}aenL9k`|u*d&?Xs(TA^m6~{*~2@D z5*K?`K657}q$eIxXeeN#6ldKjkqb41Xnze3*)Pv8Xhv{lkFt?2NwgYJiV@=uwo#wQ z@A^KzkNCk9Q9c{`Y8yx2&Ezlkw!g??2!-j=8l)WBK^kAd zkF~>xVC3_r&W5;&>vYrw4ZLDE35>IGhvnEEP79dL&2x^E7xC?|I0xV?CUI5b;RR?N zzo5jI!fVcc@szEwn|B2aw;KhOE_$2vSM)Di6U^ec+^VS$*r7bw25M!rkIE;=7|MTe zdPF2pTHP+{OQs);thQp@d(KpP-WX9RjF=C3xiPL9;6k#@S1lMXYc+sH|Xx_8@|8FcHN66U1mPykqZ+xKV%v-D}s~ zhjW-S87KUC#}>5Xe!-BbDzD(rlWQ!uk8dQcsTDtjpmb_Es1%ADj?P;`SB z24pw4KlrwuBR4J!zm$;;?A+h0n5d_bPGI+cF@QUHZl-qMutic!-Q<8)Si&}?F)`}< zs;I<5@0$6hswX@SER&NKuVhh%mpC1kwA$WbBp3MSY*q6Ym`sig&3tI8sp;7~qP$aZ z6}&QiVRxEc_ictwsp$42qeW#bkWBG1i;;8@0M=H(EY=cQHGL7Rwd}#2_fE))AYEFT z8B&&!vA3Yt9j4{wvprk!Vk=1c38xoW&N)xk`&+?Zr1Va}5xhj` zs{dvH@j>7AqQ8o)fMEN9_R3#g*Dn->d#_fVj(1I~&EO~K?Z4OMj_IQOLdx&X5_HaA zWnsf5a|;Z9{=R(BHO}?G`4yKW!b#+yrbTWHT0HFq4BlyS!}!)H#Xa^ELm8yN|hJkzve zmhQIr567bkxM~oaPRNzR0X}`+jJ(-34NHwTk3Wo~97Adb$@>+o4&YhY7v)UG2tM2? zda^j7&gpPt7eRPLz%i-RfY6RCXM<7cqFl219|a)k@x%_8hcHVeeE3KGK*?BTFC8JK zU6SwDAsc zt@!Q+!{r-75GlBxu`8W7)8Ml$zIGGn=^{)4;*A`lKf~4y4=)`&acs{$6aYrP>FUrV zuhLm7HV68_LmT{&`emA8P3?62AXxJ4x1?)f%XW?^w7+@N+{XT$A8!5jv4`zk6BYQT z=Hp7ru0u(`7V!QgE=%6%I5y=hx1nsRx#QdDWe^?znz&06tMR|N_u#ySNiX$y-*337 zmHD{+Ul+)ko2)$r=ZrwteUMY`&>qeDPAbWta%yz4`ThqbA84F_*WXcbEKxfS#SY`L zAJ&Co=Uv94d<$g*%v~mGTsr;>A(oJK=LDFwYpy=+(yDH?BRF$g+i^L!6sVSlx^y$w ziP;u#wNB|%%c6+7-biy7s^(|g*AgRaGO}B-b;sPkbQ27tG_KI*H$ymiK}9PjR| z$O^ZOZOdEw*POKW+y}<^H=%Xn(DEbS%-jZsUyl+e6I#-4>-++Wv-yXiblfP@)yT0O zxh~w?ADre;xEuT^Y{$opBXLLNeUkWY1u!d&MqmQy7}BAa_@U3v9JTWd2(0Ix+bBAS z;;iV$)!k;rws%AJkFC0w)vDGes|dQ>q1|c%7C)`gYPW+>MZxxk0fpxWYUFkbb$>j5kquJ^y>ZFV z@dcnlpP&nlX#ITxuy%VEcMbbr(6IbcbWpCczvv>Vs{n7qV+86`;$;5Vk^|#`yp1dx zgW%k1uco~{DlYc=V&Iwc?plf+@@yGMjUbx&;1LQ(y<(rPExFLkFBkH$#v-6s#45qy z7bx6c)k9ojQB={_FSr{Y^Dy@-v7k@vL>gCHYWvq3!*!i` zn_~dFVJG9OrO&2{3aF3}j}1d}!?6l9kCap=r5b_g=~N+|d1}z=B2GA*x7>KKc_pDc znjHXzj?-KsP+3oFdLuQyR?JT*OfNu(wpPIaW! z84i{eUysa4AqxDA!*N*D&vMR^qoa%E_&!j*IW6Q^b-3Z9kzm!aaZk`Bs69k|D60DN!`kZY|{!^cgg9>N$FshG~lo z%E*JjNgg**y(GGQp@Z>uROL4DS%z8*>`d&k+ux$|4~0d1cThOA+KY=rEp>DOxNYOt zTbTc4kTw6M8Ro$xn#Cy3sm}?H-k^6CA<@gEe7p^dt8RB?CWw`+T#ORFf~*;WH^d-Z zlfvd0T&t?rMYq-c%PNH)0c%k~E2{Xdzr&_c=;e1Mx-iR36Oauj#2^abQoxw5M}T>R z#GoIyiEfHmo2ymb;AP5jn`~myNiW^@JkvhUOoX`gRK8X;Z_X*_-V=dMe_5+biz`wBteK;Y4HHihW76nw1~bN_!T%C$aKPi&&!PH z`6Gmr4`l1mG>1DgX|$*Yq$^VqzKFqhn>M=pdpRwkgME`V@ZAw5r)f!dQccg+c8OJB znk~c^WPA7HA~E2j{1FHXzTWI91<=1en>&T_X=?X>nsz2;0B1 z+wy-7L`_~3e*#*93t2qcV5#dPjE49i^~-Pi`qd{7i9v5Wb+5$5^J~Zsec#1}%x`s* zngk$=I%Ty&8DA@R1@q9CFk@5suDUrA`yon_zzQ zcjCg4V!!wK^gS(DLw)D1MOky9IiR5Xd{gA4YQJ)6x*Si`f0pFA$)f(p7TmT3jiC?Y zGsRcOJ-O)E5Q6T3j228Nz~EXg==E3 zgEiZBT(TB;ab3K9y}i$DegEI_4m+r66~11cSIHjo$7KA)Ct^@qdBZunRJ%GAL)~G_ z4d?&m7OFk9xVw_Q7q4z!*JB?864Q)F21+r0Bb-EjVxFdJ%B$|t4YgP~|B)&Fax&FN zMA^@=yWO8pVSu=-g|nYQcYN75-g1ZP1dpH@~ef#^bc>5Z!<-MW2Ln7rSl8z z7bVO$$F>ZPTf@4XjFzk%X8}S=)g%8V2Rdt3O_#bDf)_-ugmOhgN>OTg)~bv(4GdlH zT#4hNzCwk5w5gm_ivJ?*p{pn100A{1%ls+WubRJVPb{41x?PtI%xy;qm`i>bq%)3r zkJuP|SPN+DE6-x@;de0!XcPcxXM#fmCt;bSPSbMh!b<%NQTYBi4iG|pb6(mKdV3EW z9900l|u-dbd(4!a6cjz;_*O_`y8WwE;91W=HFhy|l<4qWrTUl8W?M=4^xbYx_$ z`xrSA8%VGH3x0{%I!_bB=07g#sk1{V1LohN+}?qoCgNx$Ow!Nb!NOI722_qT*VbH) z;kyZ%Z#3euv9y;0*ib6Bc#MLA^P0ihw9zfma^dr-2TZP|{LKvCYhc}5(vbzj&HQ*@ zwjUzLwk>xC{D*wGSYKWWSc*jIpN#F5)qhK?9PKo6MqFBh#yQyJ$YGLP$+X-&EY0nA zw!39(G?-VXfa+#mg={Oy2lOf>5mXS9%C}XUg$3;)O7oys{Zn@rxtU;lQt1j(BNQ28>D<{yB5 ztKt{vx9>1i{<+042H}0Nw@V*Ffy&cXBCR)frpheiFL^m-w$in?S8%8%$*! zgWk`$oJ^EBeJPZ=#mv1aAsP7vGdJ!RPu2I$kA7+J zlD1hsy`=tDJ)b!3pHK;*+!tENI)(8QA#4!wDiL(rW;Iofg_E*KymLnl=?59?3(#q=^}Cu#xY`(y0|ootcl<9IBPMk zM541&@DCWupLM|2KnXOQEk}%#Wu|u0_7G!35=wmiD5UJPy$O+#oUIJ} zCjJRQUdO-Kd4^zcEase*DQo@;FDMi@=FFOLt?FtlXBv+_%yRzrAMOCO%{sI6=pWx& zgW%1Z1sC3su2K@v{#gU1S?OUD!CV<1p04BquT9xaLDe&p<>htzw^mDghI+xVl(_;u}oCAk+U&Sfcj*{&k?Y};C2Gp4m`UADWv%fU(YKB~AmR<%rso(b>(8fQcV|2UaeaD1Q z=|Lf2U5d-DYwc%qwx#V7AWh4Ed8{O5?)nC5zfkL_&h-C@VM~=ZKN+Dqrw*s?ik!sXococdLd??`UNX0+|$L>k90!0Y7RYbQ8fy`o*M=Q7e4AAbx`b z^AG*OdQCn|=+S#sBnG-alZl0ORigj1<0O4Y2;h_rZBcJ`>(|RWbkL-r^oGtk44w#! z?DsIMgqP=YGy@G>s=LkEjH94a7-=~o0>u`{?6(sl4OH*D`UM(CTRAn|&yM(iv!YDj z>yg2R6wMwu<@Jg#68>5Fss{}~{{@-F6ZSU#SPnzjAW3ys0kMg&@WXmlVb@gGX?`BV z)r{hDIIIg!l``B{_Q|VmHH6#Jt^lU-*6&u-bZg6zpVcw5)@|%isQo&_p>LZ3M@=S| ziPrjH`B(L4U6?pen<8@JO}QVt^TP#^SwIx7wZ{AL-?H8Xds#;C10M>-5?7&GG;pn7 z`^6Ies+QT(KiTm&dZ1^0G+vMsoIyCleKTZHgw9aa=TEm&4UWVmLP%YY4ry~8!lHg1 ztL_(=79DQ$vC64N)IFE#A5L@8$8a|Ty4*$6!u`%E9}b@5@Y4?YYCcmz>TOergJPMys*)QjoLMS0B z?CCnd4dMFZIHtX3#_@xYxs_gVyvu4yCVB?;KPB(egi7$4buU&u8L1@d0#;u|%oOxf zTr{X<$2UUgIP7Y2zC&a(Mtbm>OW z9jt!XL@yNU@HE$+ePgD_*5^u>OX+xQs%%O81P*uJh-|Cf=RB3Vpv>T|(K<(nzH;sZ zJA1yr|KC2LWtJh`s5Q_ffC|7(B^eXZ&3i*oZUW)_mzS@@W8`X+D{hlfPGo5^Lb0d$ zY8~LPZL{KZP;MwreR8Mainl{HQ)}}Uo4p>_Nv~U*8p?RB@T)PP;P@}=$Ll$UDpS7> z4QLAW;d1*OBTHGgAtSl9KlXeKj@$KCb4Gt45(s}OQX(xEo1LjhhYZf<^#Y~Ij$1&4 z_SSum?Pgu}MRjLYesDCkqn=QPDH;Sr-sr(%NmY;SYBM)_(-q8dv(0AvM_{7aZ*2NB z3$jW~9^_%*$1)pOR7YBsK=7^IecM<{bTnKa5MzFR9t^)<+f3&?j5}gsp|H^CUca@j z(rML_q=t!$g_qf%CY51rVPoaK&kjyh3kD_%2KG+#Yg_iu%UnSIZJ7r>+uX_;BQG1* z;#`Zf6_e0mQ?`>n!WINb(iCZo63Bxa98D$V3wEK-RB?z1`oHi09$y}LuDkStHPQjZ z4Z-lyd@@*@E$me-=k~#5bF_T8=+R;y3jns=a1T)Z&^R@(oRD^5s|YZ**3ZbdB~T4v zG}Q$IubwsJpz6WZ93nqsfD)xQirF7sZ9TETYG#PDpR#s?AGKPT3E7M$8`x_h;ALVm z8Be+?Vi+;h_1^B*ABf%&qn@*)rvB0B?H5PV#Y0CjBode6ep+QOAN%ig;uOZK9)pN` z;b8CaVW#z`Lna%9b><|E08=2a6`p)ZfzrG+a^M!cg?NkfTeK9aGi?2h7>}>m@P%06 z!1^ez-+!;Oov=QDh9+6H{Y(N5{gZ==YV@bI$vDo^ERodTpYfhhEeb3~NUxbfq&@w+ zbmpc)etOZ1K=us@hX*QnQ}zu}Zz{(risjrROaGqKKJWGzzDQw$aU4R?I+rQWKM*88 zhslSI$<%7B=B+xLtq3ltuFlOylined)4bR_TBg%9VP1QHFTZJ|8kb=Ma?ZqY7ETbo zCg1jR8h8nej0^G!nrO6}Pi}J!$oOY?%S^E+oBy=4H%+rt=wJ*2D#Gd235xLOxz(?) z&ejmyFFj~PdutcrKin+ltm|5SK<;lA^7%RBWXbY80ChcP8dE#kIep`IjNb7MANY0} zF)^&PWc5l^Z45I%EE$jxt2RSe=H z@M{ana=#7AazHnsBbP^W_R>6pqTRJW9Xl`zY|+nJ@iVAy^TGP~+xMw#@OGY{_l2ON z(bKIa%Ef!wYwznl2p!GKRyPX)SvOp_#{!9Z#f=s{dx{+uYe#>s0mM>y@S=7)U6g3} zP%%t(NoE|}sY?^0?qS;S!;yQnTYKe_tBTVe9!#X$|A>ePNuoX zWI+1Ee{L$5&2Gza0;Sm!a-d#E*-rcG1+L8pI)4tvuYiu+oaH=K<>}s}GWjo?9dE@6 zm>&;Q-@D~cZt^AA!2rfWq3tiz%sJSj4k5;Vo{&;jYtE{ZU}m#yj%B;e`k?XVUybhC zeLlDUfNFQ4e_`*OMEgpAbL3V&1;y}HFAHQ|{>!!KaX>mvzwfXFUMbd8rMs05ZE0%}dqpFLtQ?dgewRFGp-Bzq#Vnazu~WaMdRGgKJhEu8?`fyumuP`(RnlE}lQ}>Lb|# zcAsrpZ31d#m~o$AV?F9>n1oUuW_g^P=VnE|oxqfBoS(^JNJ|mF-@%`ljyPP-R==-4 z;t|$;d%ZusVosf*Koo=)*BLtKcgs@uwn%?I+<~r&QE!DI(O)ed_R(lOPJZbiu^Q<3 zFbbqYn+<_-)_1D7wr_JvVF(v|?$5JN0EgE7JA1pI$wtH<{Y=h;zpypf;H=JMK$y*I3swXe5bh;LEp5*1e@ZyQd5+GsVGdQGE zG1jgtD-jkv%WxG~HSp}J&LL%rGKGb<1>=c3Q%G^C7V?(1?gM@oCMHK~a(pPE6PBaA zj(S0eHvrk>tZ#LbWoeJhO0abF>k~tcJ+9=_Zt7xWFKb~|o+gr*>5_<`2n{G~y<6rL_N7uhv(e`Tt3B%@ znyp)tJ&7UbW9b^S-PG`!#LCEz4H3b#P%pZwPe8 z21jB&+59u8FsaHrNJn8Qg5^u_TgnR|`ne7z!}jQtRts2|&cxn^Sm8;=&3p5&OEH#A zbLcyIt|2T#_$fJ?%{ky9ZToDZ$+SxYE_dvxPQ&MPjVHaW>zI&IsEZUHA`MtFFnQtf z0T0J2UPec|LNJGsw)xA*MU+Xn26e(>0J^(oZI{u+c=6{YA&;h3u|A6y{m)K`s*?zO z--4%rZmK}-DeQ|Og*Vz9JU_i~IATYUzu|}>6iGYkG`lZ2C#p8yBDG4G8HlI^C2E?l z8Ajfm@0f>{1-#Gy4{Pt(o=Mk5?Z)YjZQHhO+qP||V|Q%xif!9Y$F}X{&He1XKkjdD z{eo3T)vB6n%rVZ1IJb%p^+r=gO0s7rs%I<=`S-%xJZ38UJ_%P_408u^GG<4KR#ar8clcyrEg~Ku- z(Fu|_)jNb1!)!!Wf~&KQF!~t%+Baa${VX;a%m4})?FVMiJU+c%fFoA0Cb%ZgyZPmd zuBJq6pWRKM4tiu%+qXq5TM`A6QSIJt{C6qQwBYiOJbfT|o0Q*6GFx~3xPz&KLo)#* zym-qS%NR^X={l&7k63TgrLP&EXyRbT5EG3ocTWmoDBL2-Lsww`IQ{*2PCH99B0sXBz@b42e~X)N38Ovl|MKoh;AZ+*9b|yHA^ccg{{x}TM-meGA zunJ&g>|mW2>Z|IfJ16^*2~?o&xR&iZ?F)bFM02mBz(z&y+@2k|(+XyiRExm+9T#Pk zas{gp5fH;m(gz_LlyYt>j~rf#a<^_rI0%qu<`ocg!GIK3r%#@=YS-sSD@f(LR5FJ1mgTlKxuV4LT8%KWYZNT+we@87wE3sSdl{>7iQcO6tvE z1R$KlJ(pr`+DDJJ9}miO{4*Exr1Lx~&IEkyj`|XUpxDiJKHWpU zh|w8iQ;r4eY=6-UvI9)3FSb8BPkVDV&99)fB=p`4JGk_elwi`A_q+f38L$sA<1X*( z=cGu52DW7sVQWs!e*W5`5AXgmTKEx|a!yb1zMV2vh zio@Y@G`f$R0iYsIai#6m#3v^0_LnbsolbV1rmRtdc4IZ&*FgENw%lKOx9Hgr#TyB) zeWQxHdpAWUX~JP=LTc1(*Lv*HIa~PHZ|PSQ&nwpBaNTWBv$IYlaoXrI&SD2g*kf%s zJH5ZRvfu5UO5A!yX5Q=YJIJD4A^akJ?3_rcsikkah6;4rBJoDx^MX+8vNJrb+&>nA zVT#Cm26xkTXX@A&rS!s2pf@U{b=q&9w>B^kaps_<8W$6m&0}s3K{+;-&Ba3YUzs>I zAe4-V`qX6&x<%tJ#IYLczm%Tiampm7COJ0F=p842f?w-~herw^)TvvcwY59d;B7$~ z47=SQZky^HSq@l0v|p+4pN(&&!AM)KwR?4bWxo%d33l?yoaV$>VPE!78(I9s8jY_j zF3DXN5R`|HfZ?9OIkBNNH&D_>XE)vlu8OL6%P2HLWYU#uHwg5D2XLkSOih;KxTf+j zY#^bbK~+(syADECwzPMizDO5c-4ecuK2AAW20Fpt&%PDZY`h`CnL$sZ`7*PnlE8cd zTA2Sd%LNCP)Rt)|9D)fiUv!`^-*`n~?kAd%?L1)(gB$PNn-6Ebvf*I41(g z<#PsyhC+HoWn?Dbdpe}{NwlymRE|q3@j|e~b5V#@$H^cLzmF06S0v$Ui;6gNZ@sk9 z_nnQr@&NTlh9W~cXy@(ttqpqkCpYPHDLBmxa86X>*Rz3{ey~ydnG9+?KSy`epQ|&f zv$Hc4Vo}TkGWd|wHfozt)`gAb!N*JW_Wg#<{LiV?t#HVuNf?*}X5%)d5 z?yK8=wQv~Rm4449OfK*jb@fat8#IpHW&Qxb%p%cf-^F(2$3L$$;Wl{rJYB5&(G0~3=Hyq-pNO9Tl?F# zv86B?0w#q+U;FJX-}h(S4o~vasiD=aq9#^WLSRkZgPMW{!c*1W{=14#%*mE%Tpp*r z$yMP@cAn2oEvsf0!nPvRo>vxdoxQdD>Z(z+l7ezboN%HhMx{NM)0Ma$!cxPH4Fw%_ zi4b<~wr=&c?rraHy_tz&UIi6CJG)6l%vkJ?noxh2V~Js03$H6>VP@n}>tAGV)!NhC z3M`gWMM-sjLR@LIw4$Y|qY};HRw_PRDt;a*ZN-%!8mYvqBKpG1m0CrjlzdrPlMn=- zhI>^`M_XlSHDEstyPVnwU?T#^k#=~Jsk!z8*pkuERf*5rjVe8k?k(l`^_z9YQIXPDDk#q%6-+tb_K}DXA7qNN<;CR8Jjl6W!S(cmU=%O zP;Oohq}HsLJ~gvKdcQUYN8mX94W5if!IoD}PCgiw2C#w7W?7Y1+MA0@_L0nZre{cs z$)@kWHA!DsH7yv_A0?-OZ4_jlO%I zHz&KtLK_?;%u>M*8Va-F6#>TVt&p0y0iyL}t8*;BhyJDdPdJx@|LEXUW%K>X>6Kt2 zR9s^n-V4TZIdK!+#5k{8ZX9d&&-U+Lm9FAJW-O_{6DwC>d#QFJmU50uE3WR|G9|Iq zEJ!21F(dp#3gX?Kcn2I#2-|-7`LrWn3Ol~iv&IG=#vkH`;}Y24_mG>0VrrhAXXXx> zv583f@2>B3`~57SaIpR+`t>{!S|0Y|A_5-5clQ(XFQ!|aSM`6I-!nDM*#c!sz44|9 z{=|+WhoW1=OAxSz#B>SE!aJA@`F6a|yY3lx_!&;n)|RHihjv(1UUp5aLuT|}OhzUs z)7GZt+!-vTN{tHDFBH$MwO7BAm0o)lGD?})S)!)&K#iYf`3|*2DM9Pwr+{w$?uuC!XQXj2qG-t5w+i$&(EQkjVonJLf_HwcmPr6Aj1KVxOkt7ZYI7~;Fm-` zJx=~FYGkB~Vdm8>J@#i!U!8U885MSx(C0`XJ5)Xc-7vRF?a=(5yZl_ti=gtXtP%Vc z3@RVBdB|s?0Zzq4Q8e;c6plH6^(GmspdU=e0i$d)w5|}-OJGvB)HJ$3g7fyy&z^)$ zCv%r;pg6OLx{t4mY?T8+C~{5S`;ulA#T=Pm&6g0ZIF@f@DbAU#e>aO^UwUu#a0!x| z;6=YaI~!+8(32HP$(cEBchqDsfmsH2OZ~S1lqRcY)-nTO&_6cT(2Z%rd7sF@r=XD1 z5^;(*p>|v={`OXpo#kVN9a^E!TWA1XEjArgO0}RT&57xC)Q&`Y6@NEj@q5dB;m!*9 z-jiHTFJ)oLxP<$BlPUFZH({P5>zcN(0x&397`}v?3kpgZSzjMHPIac#nMBf0Yao`p zm*BUoP&prh?0rRXS`IkTRGXeU{EevVmsea&MsNBTXc&r)DLzb97GWBw*JBF6O(L#0 zZVjNEkS^y?i4JP^K+e#1Cs9S!z;^^|4%AAn@}6ohL5{iR-(OHj*~{}h$O`RD9a_M! zC#JQ5msdZhuRZ@I%=gel5-th7G85Y^H%kXi5Q%Ce}L)Uj5hL}F1;UxQfBceb^~HQv9UWt)g|b8~X}HFcVfZA~NW z7FgHZJbn9{f%`AsSIL9JEYx+gi#YFqi4M7&f*R0yMP|UuRe%@L`$GARC(-I@!TQ&fBbw zKizKp!=FxvpP!$F=q^939^4|8v$L~M(RT4+a)|2ub(cC`H7vpVt$5$gHm+Oj|6Ew9 zcWwV~R?GbN|J8`rHx{p`Bt(T178eA>nibPu2-j;3)C1P`2Aq1nsMD5lB%Dlh!KNCw z`RzJ~bsu$&9sFr5){MjW8_J_YNYXEQvqnD7d>c!v>eb!miwl&rP%!ZUDwC=%`H&ge z>c*|$_V)H%{Q6!>-lS+CZ5M99p{RIS%M?BT%i>Bc-qB*Np=y85x+bY+q=M zR*oUspL$WWotWKU1K-fttE{f1zP{TtDeu?4E^Kl#Dk`o;RRVRF92Yw5mjV|JX71R! zI2w>lJP#uauvzFh^%+EI?}mZ2s4Vh>Kqco2xLdCmBBzm?i;J6I zXI()-U0AJ5pM<=#sHms)_dH8C{FwNAU|mFCe%on&=pC0yTTb=eT?L#_hMBmR6*U!> z7NTZ4_9;$wdXT#=bHIkSciEsKURR%=$5>s;+jvF$@NS$Ig$-NgS*RWRNmWJJS@81H z!;QcU1`;3t0{iUaTR)?}j5sGvbf}@n;>YCR!>od|w5jjJFE4n|s>5UpPC@@ne)<~k zJrQGFQ)BiG&ZYRD#O(qHteIGRSK?=I;)1X%YI0Sf$Gv|y@|K3Lvi9sH-3WR8v!M%=DM% z8u?_*qQuSHEqya{K}T13ru=s&u6gF2*E8!gNJ#V)X`%E>8j14Isqu1~@9;^oewynZ zdBMDj`udElMv*6>kXN?->=4A70tmjl(!0P;*I?zLRnsxS;gFXDc+^#~{ZzPfY3K1u zO4#3HIy(5zu4df&#VW`j_(MK`s``TZf-D;W)D5c%IA#^KB=uSNDA`9T`yugH?TD76 zgIjSr7Je;TGLOtVG)zWt@KVZp7V}DAXwq9(D=8=iZ(1esJ!pn72S~; zt|U2?4y&BfydSq~agoyG)oWS(4;Ino?@#5@?)702eG%7V_j=jCaFG#o{LoP@fl2H1 zCS@Gc)|SgqUpv|^(r2X*9KDN3K7>gG>S02F&Q1KTd}rNKc70bC#oO)j_27#Mk6|~_ zMrZ`$frRUx304e&V^TT8K}mPbJA||VRdPloN*aP!$J;tmsuit&dk&gz@z;>gFZS=% zkaOhJh-p6Au_y)|2@P7n_Ruyh ze4lc-E=Z&uw>5ZT=GLj1=M1)EvKY@UTXxIWsh(vKH0{^_f9NW2lf?cUmyQk^YrLC+9OOO4FcAMUV zp0_ZHaFbEL4Cf(rj93;+<#dr?0btpdcX#w&z0s5Q>i59E^8N{v<` z?j#DJ$$F_X(PU7LTm^r{c4T5Y%#SH*DWCFhs`VS?9%ZkEs`PEJCrG$9MFY~C&Ot@3 zq1NmM_BX)&*p65Ism628yJ8Qsr{>}E@uuBW{|u>Y4QUuF`rSfiU+sJDLmYEcN3*zo zl00ujh_FH8#O<(Q7V^(K6nuJ35f{IPl4VR@l z*PBkH8pN{tbt*v0nGYfY$m0sd({S^pTB6*ym9~`9F2U~Q5Iaz`@E-I8Zo#JvIrJs8 ze_B5YH>;|>A*uHLGVktd#r-zh#mv3N3%(g(cT^1)>{Y)gqF9!ce)=KL4(cI>)S^4@YcY|rfY;o<3Zt8oxdZv;FW zU`1H7kzg(=G}A82gx?uVaAt%tRsJ2@n8-@odwbPxytyvq(YjyzUcG%AUwMGy|l!x>l1 z)~rD+5s~`+nTQH05ZD4fy0m~BRyJW&E)Kf?*tu>bhN_`b+z`+0`No&3Lw4QJvrM2wIhu#;=`5guW^C{5LTiItvWCm3&s=Zx~k#bSc=l7;Cv-Kr~?rQ$5nU# zz;DN#rQQ$H+vjb6_w*HfzA?;#y&H%R-cM|8!E)S*75d2U1 z_BI*07LkT8uq|e+S4BjXTwaSOzf%=tv^35zfYh%5g09Bdw!Q`hOaJs9c5{SVW#3VZ z#Lrn;ZVN!NX@txZm#|TBpvVTM6CD(?I&hcx?B88R&RDG-dUyiF^zzF?VsXZ(HrPdU zQWWMva<0hpyCT=8QZww_(84;(!aueIwRu)wL3{8z&Opv9nPNWULhO7a1~z9wKqFWr z{yH{?j}ob%baX(t1hyd{Imx%44ieNDP93ZRlXZ@z_nSco2NSJx0gxUwB<%6m1Gp!T zf+#fWk>H+(eitNapl^A#tUN=8?9xwauTXUvNrd3F zK(#3ISmYz1ilBgo^Rn;LirmA83&7`n?pBg}^-l8vH=UA%E?CIQ-U%xPI0jevyL zf}rMT6@!Ytyt({!!}^B<>E5K$ zG2HoJ%;#-EN@$f?+KDL1FB!+ZI?6$5Cy7H#M36d?&6Y&zmeNkF7y;qvk#IMj5VW0A zal@kawg725Oq%dxt@l9?MZ0%B52lOkC^Nb0q!wJ zl62A-8#8TsVEoPfswefn+6`+pJjr?T^7_=!m#=Bk3uH>L5X!1#a%>S=E>IGY^^_5d z32Iu+zzGmUJgX1|8HTQ|h7~^J(wJ%F4SIN0jrWJk;{x*C)2cBDF7T72<{LBKlg#|X z5?K>%zJd@vSbBF+k5sG%2gx~dTE+16zE9%mgZG{-Go3bsHUZ_sBBY1tw9W?2l!}6) z7Oku=i*T|Y*1XLmE`0_}cZa?cA|zWnSf{X6)%iHZrcQ_Aq6bkht!eiqUAwC5RK(;; z;U)CKQTkhuQ#byRKf)Sp%239c27IywZyhc39P8x8B^zNIyuYEQ(O!tb@Wre0KFW*7 z5(XyV;W0$_O%{=pO#UR^YSpK5-Y`O-l@*y%t|nIvx0vd3GX)^(oh{YbJpLZ2ZP|Xs zD!0D!R_Ii9t!u2#Hrp}NcLDlV0FR3t61QQJbTZ^kq^DOhiLRLq73y471l`v<9#{yh z5Dwvs>1y18)JVZ$duvX?<_=>kB3pJ<52OxhcT|{znd?g9G%v@sOgrgDX`4nS;!x!2E76avk?jd98NG^G5kKni%3pZNt z*w)WwO0XibfYs~m|I4&BJY>qWtcA6g` zId2(ji(t1Hyl6Ig9qjWqlX+Ing=Ax8#v*d*FMOq+=m-L+>dXXjQE|h(_+Mox#_l~; zd2trjIoxh&Ymr&}+T(Owj8PL$y6{R-wk#4dqIKnSpA7CQ?x|>-AKYaiAF_DEG}C>| z3QIgR4by@D2TDgm-Jb5ewI(xxUQF1_!;*F*{FHG5eg|wK5S6JvvEuMEz9-Qu=R)G- zjKCy)2^sb4UR?&AiqX5d_^IaMgKJYd$H{%EK;S>B{5YSe+!DIsmm5i|^RnE3%1U;I zzO0sNP-Ee5+l=oNMG&&By*~C-D^QoLU%O{`3^0}*{*VjPw`xJy z+Z$G-)7MZQEAWxeCQDj%6jI_Io>lCc|3PzmNYh2K>LQ^5*I#>hQb2wV-?cKAU#`w< z3JKX$5%T1CHW3|AZ}7_>;`u_xOOMN>6^c=nggkFL6N92Ym&Y?{_{Q9`-2XJ+yq=ek zlxE~>)e*z^!qO|$;(^}i#?bje5~#jE3F*3y_b_Rd&v0=#kx6fYkhZ~b;LPPF$(T`? zA%#o+{v_psI2QB|EGS6q^p<1l$_H$X6BVGww1RK)^tniyILI016Jq41`$q<0i(*xL zC}g)c{wY@zrAAu7Uwn91b5jijn=%!@9wwC23F3}C+KV`Sp2VSp9%^*?a5-V19-=#? z*7_uh+s=rwpBZ#5)uN;nC}<;60Y`2K<=%=zWK=@Qp>z&d!$!O*K;77Qe`K2rw4*M=R3d;$E!WaoLqXKRbo>9=GQyLg7 zx=Q14oVNfqb1f6^U7fyTclIkYqPSWN9`h7-AHDq*!e?e9>EYG^iYml)u_!J_*lT}& zA{4=LS5*7ezM!S9wl&)T9A@RiXvnzAZSC_X%s4)WQ) zf%!2`Hu!`i)5g~DG(Q(L;cqP3P158T-Y1re|=L^Mw?p}bTPM?z}U*gCr<_) zeYK_7vH<~IO;yPGXnNV(rWWU$8~DqYaCO#Sg&_%QY;KB{r{$I>?*&7DO#4&B8IM~& zaya$eQkpIFc^5HBI}c4AcL-96>TE1LEy!0^1j@ebe4Rsk*av|wcKo>JBVqEQiSCmyUY^^R2^YeV~+Zp*W^we?@4^9sccO>1k zdx-2uN#kz=eqjceIy%)hL{@<{2s0dy9QS>A*qfUE?kulh@Yd%3j;{O@g!k{D%z|dB zv7srjEuc|6!H6ob#6wmKt#kdUa#3xNF4ula#x|IgZyWV}e4U!@UzY9~50rl2hwuma zA=IQ;8vkm2AU73G5+dRWI7T;fE8T?3$d%c6}GB+NKc9C**dd3CK z+y0CQoUXdj3<|8 zOFK|Ks=*7i)8OD&kQI5eX;|q^g%SNAegAUmft=4GaY=h)-AfPmrjm3$xJu*p3LYMv z-S0D#vHc{dY+i%T=C$BtXbfIm}r1Ki`r7CcWT3dUim5 zezU{tl6wrWh1cN7QM!^gO8(Rc`6i?-dOj>U2d=pQ`Oq}+Z~}utL3tOTS2k(Ic$e0( zbij2`V~F{vu)_E_b!$;!dl@!y4j@VQ{(}+ge}NqJdTA0t@B7vp9yjL1`|YK=>%ITw zdvr{8{&B$Wq>0?j4@?H(y}r)HJzy!e5?|0Ak$a&iV;)22{sdUqBF>7$)p zG94>YiQRV&uhd}53=Na9JxvCbS6_76SXipO@R4_WC5o@~l7d+3v2sG`cZvDvFQI;V z*bzSA=RWLhI=20gQJM<5~U_l#Gm z@w|t=L*s#HHuAtqV7;D1!YUjFlg6KpFg!UURA6=`i&m)|i>dYxrUUk3?kkMnWne!!&> zX^ov!g5KeXZ}a{HQ{=c}r_$cT9!viDJw?T2q`lCucxLsio0I(&pq9!qGjmaY-M?{;**`9oDH!@YRD|E;WQ4!MXgtEbXGU#w;=PGd_Omo0Amzeo<;X}Xw z;^Ypw^cw5wcKRG1fi?-5q%n*;g!c9O_PymZ&88(^ppD5=VP@jYTKC&Og{k5UN9N5* zG8kA&%ygtP7?G_ALsI(^J*a!}x6`Tysj=rmG=$h`O|IB)k0eOp|7^O ztbgnPpJ+d7w33q29|??HCS%+7y}R9|lk;}}bTK?7Hj_#EpTq}w?~hmE{{Ei%IuHSL zKhfOJ&d%=3m{0Y!BkkRsKWOkLA;tUC0QpHu0U7Xc6EFcRcVW-2|DsktbL*FXdy-iP z4OoAz-8Uzbm$1kNZ>jKZM?PnJwpQ_w7yB8GKKq2!YD;(8eH4!GT~oEnWBeD}Py>p=|DZpJDc8`L)(G> z#J?eidt|I#Rb5^0Z(!1J&N4)-XX^UoTpsQfXg3yuSS|-(Jn$nt-Se{(K`&WZmzHon z)-9b39IQ%8yDMx#B30Z?U1|N4y35BT|J~qSl~t5i+1prNon&U@;@MQxRF~Te^7}); z-8D{%SuOxg%EBRrO1G%32zVtV2s$SYBpNiAR>WimsM2QX{Gg97qztI*OAh% z2_~}}IOd%`P%!=TgKEp%tvJi54m^D0%Ja*nYO^mXE~$X#{QPhrXL3MovmhAoS7(81@lGWS*R3iPJGG zvjfdAa06c>al%|xT?>GXC>oa2>{PeSUDd5xdaRGiME$zow2fhnq5T9UPF#>qXXoW> z#b~RlXvepMVOL*bi7QkT^IEe8SZA!Y$6NP}el{&Fv33P$alh=D7hwneh#;H zw;G!zdJ+7W6XX0GLnp&;uun?J7T+F2{wDRIPFU>e4&>-#OvNm2Vb}MkYV0I%%^>1$NdaPJVCGa`Dpp-?e_1%wo$a5@&O4sF%hTWEUB?_ z_c|_ISg!7ny*7sRDrNq9qHPP9KagqLUGBL#DWZfzv?~r_px}8#BMYyFnNLI5JM475ES)`=BlR;OAqnV2rDPAr3RtZY5VRh69;Llf zKALuTQG#6vZ~JXnNAm$85c1(3md2_-o7MaI24*Fln)_yt9$t>W(cyX5#QC-(T#uj` zm3h*Os-`I$BEIr7kD?UkH!9thSn}mGCIt?_c z-&4q@f%Yg@oe+kUzz-m?gu-+5HxzDaubD{1pPBJ&wI6$l za*)IhSJ{V1o2hEjtQK)P|0uj|w>JR>%SMhtqR>TcxIxVT^BDYGt;prHia_eu_40&c zZYNSbj^d|Cjs38{(d>)QNs7sX-)8Aqjo8GNL0?QK#6us1ezvIzFICX%i9kMh-}~#8 zt3Ob?p9s?ykpL#*)2$y{)+mo8UCgq0n0{vN`g+Y|#W5N2prVFSaQAL*-3SS<2Dam8 zX5E~y+6F^1y7P>{b@!+VdJXfQAmT>Ex?4&{&`1A~eam2fWnJ>Rgp3ht@PpwR&n5~x z&z;c#+EYjbw)3VwP0|pThrenCHf9VWfI84MQ*x}a5vT^8OI-it-1&hv3I>^h>TVPK z!1^_?*M2oRVRI^9XHp%`mbbS=Tg|dN7?B^ALZ zSzwfGS@Z)5EnLf4*oEXJ$r2{Nn><>U4!P%KZ~HgkMid<(sx2`#X-V&jNCU7`9*i|y!0 zfG%4qrcmh_E&arvb!JK`b`E=>AF$-Bh)T^u6FBPtwv!IpfmB!RlH5n}r;u;lq*~J) zHtP5=1*qg!Z%72mFQ*V0-L!cSc2G~0%6)WwU^oh0V&M`?V1nVDKoPOPCp0t@A+%Y# z)|3VudUeguDZx9)?zap%c9a+i12W~~3NehvEtjUp1*_Q(`&+GNlUw60#I`8)z0_y! z<`>&9vrO8zK=Pz?pobEvDvTAKgR)Rl!wwC!aFFD&ngMwsjl5Pxx(a2%2nKQelIGq! z&Nsa{7}6)q`Wjk;0cZ2s)UQA9a*r$)u`DU6unyiLHc{*!?Y4$|Gb|d}-mhMoc_H2_ zUC@&<(e&r`AB+D%V)ylnX3}@xU=?v)MKkvh5$uP24x0nY+c*!en(~G7Hm1bZMRbEy zsS3O32RCEfP`v9%?c?wwvBpSf<2MHeI(D|^Xs zm8b50J`evMQ{Tkas$=KQ>g6>;P+*F4bj?fvX+WfYKB*Ez&Tj!r1N5KXf>GF;W7q}5 z!(ucKB9U}NL-{{9zfli4Zd3Ij5?uFvs)D~}tjt{0vq;e5K-21kx z9w)$c}+W`^T#=9+HyV&%+D{cJ1GyIRB&H^K_Bn$ad0T$ z!=v3m2QeFqg$HjGHUOL;|B!%SqWx3Ru&Jf3Cj#yQF&XA?49!hV6V>Jswjl+UsP(0( z&u3{|W}i&NvpO_QRtYLi5<6{eE35kN68Or}Qyw1Bil(;y=0tztOURdJKsvh?tMV!% zg9pM@Usc1oEq@`h4)~e^PqXQ5&7Cea6*?Q(HC`pRDXXokXgh-W_4lh_Q*(1$14vAa zwj-YUKOl!2b*n0AXg=rc=s}RHUUS&UW)(oQN&TkT*yOrJZ71~nCf!H| zO-0_;(zI!CShXx{O|8vsF`H~$_pj~{u&Fci8lwyT&ZQG6OQ9}sphHs6fSK&{sw_y` zN@6Rkdwb7RQkfV?+6(&`9@Ah{|DqOW6Ne_QG?3GPNO~MNmop1n)za1^S7~NTcH0q0 z5O}ncln*qsQdblehF8gWeG)p+Z1gg-M%pVN@~xVro$dSsZ0n|$;-;9O3H-{SWNs*` z{Jm&lu4+lk6iu|e#oFTAX9J21Uc9=M1F^KJU@N~%z=VLO2B(p_s~DuGhX{BE zZ;BS5xW2I8zxq++L&MjT@26UjLAmP5*nrjDM8$cfP>jJQLpV1&K3GR9?pEX7BO}d0 z6*&2(J!p2IW)`pbXe~QbKdt|vr*9=0GV?vvw!&(GF>8E@D6?O3bL$+P%6b3|rKL=P zKjYI}T&h>&%*Bn1jT`LU+8QhA>yn&B=y``P#?W_?hQ67dV?{ zDZj#^VWM|>OnvZ~l?#nu;)KvK?5fJG%WBH6JgSgCbYU7KdxA}#vcC7 zf;olMZC&v_oKNtZIF$kF^7Fg9tGkZf?`^Hh@}a+P&vH#mTD)D{jEsED(ERoHZKqsa zU14#3jc+cdVjf{(VVhp$rH;iqegSBIP~IQpKPx;FUhb%vtX)!&`S@q$*WNL?A=Uzn ztN1n&tyYV#CBOUPy%|S}NEJyZy>Pbpc3!{P?ilqkJk&7nKdZZq_x(3rOov@$X0y5T ze7{4=snOFX9u?F1VoKLIRjuzEm&aq-mRDHT^?kX@InLI3tB1u(mm^b=q3^pi9Mw=k zu4ZM4dAu?mh&fxYf<~n!!X80cLd!hJ2z6uF*@dM=Qa;_BNmc$urJh`m1E=JnEK`-G}uGa`-ITRK?d<{I%Bsh<-qFF}Ks%?>P<*ckfGq zr-2_I1)Q^1#1|y5CNodE^Ct!ce8z0!zU=l+y1jlCTI3u< zv3|#~=SG@c3Z$hxEO>Yu{x`7&p{fi_bieWkQj=n#Kj%XQ>5*faxi$F6waO-u%2pdm7u2c!~Q+o(Wv1Dz4diVXdwxsmrhN!`$-PW@A3R-T9fS!^rPh zryEjNn~a|a7)%bSK@#3ti03-8DI59S!vG#AGANoG8x7`hB498VasiT?o|#krRwW$2 zvh!%?bRI5pc#GELG#zydUqj#E+!!uh+)hA@nGds~2hAxp6W+&{7V4NxJxJs+K6!8+ zg^-6aml^A6EJ02Clwhnzsb;{KNG(8a*LX^$+#}g-KupFbM*QMk|HF}C-smS&e+n_+ zyEtqHYt7blJJX79n3VFk3y6(iRgcOuyU!daG1L5bfgfPviq)0GC6e=mPwMM=3=%~o9j`F$NQ|I7Kb?u!tYz8zBH*emi3>gn* z#Z0rOr6p)dz{6)eK3!bBX)i`+WzFun>xC2{P6c@GQVqeV!V~9h@f@_DWiQ*xAy1} z=V8RgUGQraHcCiK4Q6EONf?FrO|PLkY?FS8W%&9SnCg>=;0CymJiV83prwslgsH^{ zGX7$AiXPLw$iO;Ydj`!71PpJwiZ^lPBMOpT#DTTEOo%?3aq;X%2=T>JNY^uHAOsRI z<4JxO=M0=tD4W`uM4~h381CB5YvW54Mqf=OCyauE61KN9k{XoEF;leGEZ;Nn8twJA zYlp7Ylzt@3a@|!KRR^~DdzyO&)fxV}lQh#Uprl@4#o7x-Z^9NxzlDZBcz;Hb&+W7` z7`T;%vEo!M;?fiuE@#jpR9jL>DYB$OimaEZZeNm_;tDEqLHC6UM+Ym?O5G0n>qSZ=y%b|1ot^O|2xi29f8oAiaD!8Z7uPnMC<5+Ey{< z$T&+2WSmoEq^V$;W$#3MueIDR{ik^etX$%ZpvKt*j!8uo{7a}h3MU@msM-e_-R$B0 z9uq9Yr(|9vx_v})u6y}@mu?5fQgOucheQVotrDfvn?WY;dlP zUHQ+Tv!H%niJAyunw`V*{dKx@=~{10n!^B__lc00G%dzueB0c^70>+CX;t*X!h@LI zNc29r$b!|N8?{=HkZm`R30|&=`}IZaDZ?t@gK!kq^Y=9~6@_YhRaDuPM18y>(nlP* zQXCQ1WzB>_Y3o-%s>{0VyDaWzL$A)5G*f8Bn!{@C(=vyvo}4{~+CJsOVtw`Ye+dD_ z2$0#Ypo}GaNjjn23E4VRYUagOOsyiJ*RvHC26{Wt;;*b{4%=Vv1eivPeJ9W(W3##) zl0I{E@{CmLLz*Z*$VEQ;|BU6y$)qn^MvB#E(7shuQGFUax`#YKX1-Sv1lwLLU=*T_ z0bfF~Q5+joZk(6L3Ori4l*=ED=}&8O+bYU^9@Y*w07eBO-xbL6O>Q34Pl!GdvZ3OE zOnE#mDY|rx$eK{|kL&Fx{W6gST`(12p`1}j0_;)Jj6RiMhR0=9KsO1RqHDAel`aVA z?z;oPPvaRD&K)vRBXYQ~s+GPuha@r>Z7ARx*Yv?VNd`PwXcphj2umNTBm+bbyb(mf z@_A?dn(gB*DfFAJ5nOzd4u9y9S7;^=OL<#6-NX_pIy$=S34JX{+czcowoMXt5&Vi6 zJK|y-Ks1nm`r#FYmp$YgIDkl~Jnve*!73_~mLLP3NlN+~X+7@!Yy`hs&o!1D=DVI^ zB>?Mr2n***!)PV|X8&mk(A{ae4b(1-I*^$+XWZ-UytxMJozvae3^<22RwXRbWkmm? zcI5QlDWzAl^*2-bhc{f(e!+}AdqTPc?CLT)xK>vSe01wmc{gzRGq>>w;Oe48nAi6^ z?A_?|&EAm%D+pK1o@}q4BOCrlA~&D@k;vt9`DCS~qr9VjAU$#4R~7Vq>kC_BO9JT= zEO4HL4{W~4V>xim)hWX|TyUzRXUyL`4V2SjZqs&lQbAdaxq||2<$di8;?Cse=&Yoo zVRvy%e#2QNr2SZYHj_s#>(a~Kr1;$3KV&%Lp&#eFs+yYGQHO-Qd`)#VnaG<0gwn?b zEiJ8%G1L~jmQNnn)aG=5{}v$cb=&KZKl94Y%GB2Mtg8`Wx@Y1+LAbS{t+?3J;Yp}w zJ8U5ZLAQm2cKw=Z?IgM5V+rm5yP^Nze4A0%%%%4j0Dp{KjQy1(bhL)f#RhbUIQApY0UzYOsbMuSy3aU?IuW5p>$y-w66;#u^ zzEO!md6Umce^7l+iV1n!?Ak`DqQA+F+w3UqbItrJhgD@&H6_argwa1TYoeg6vmilD zSHWR@|I~_#jXyTAx;8GNP8omqAFguW2Mzd{V@<-FSI*IzT3(7UY@y=(m||a6=t=lD z6w`CJUILFVspKNV0k1D2GD#-rEbvqAD@7&j-8DC6*bDd6+ z_dq|l@KYieP?fJ!gcZC>jNpM%1EE#jo{e}0ohH~lYBJgIJ$ ztH0qjfT}v}xAjMR&&m+lr(8|gyc!<9a+g;VeSGPj5o740TJ27?y0o2O1hV%%W+iU1 zFR!+W2sT9X=da#2ruPbGW#&vjcEm@tINq)CRytQc%kR5#6zb*?z3YWLN_#iQ#1pLk zW&VD0T6MefP1(=9X7itUJKBQPrZ>a~b4HLlTOmHZQHiZif!BM*h$B>Rq5EaZQHhQzI(^GPxs*;<9|AJ zMx8pR#yWfNHTS}t#A=>dEVnn0&hp~Y!cJ?`XVj|#WTBo~SXf$I*VIGfviI^aG0scu zZ1nxuR+V;`5U5ON&41_G#YPIQvI&p_dPF9>p`BdaQO2Vi*z1X0jQo6jl<`*?axyM$ z?EXNV3U*Fs+~u|(vV%)Si6r`Ly)qE1y`sauzYsVT%sDw3>A*(Y^c{!7(~aIgjo03c zP5%Dw;hksC=j7mJ;N@POVPat8n`l4{0b4u8dz4qR?VkVC8=q!W}IWqsfJbVOU%8i}=dJO|IG5)@@vu6_x z`|z;Au+V2t=bYODaya-#el%n4JA`8N0M&Tv-8r$>QH9GJloWCpq7}z2R_y8(_|jrg zsO5>5ympH``Q+Nb%F+PWTbU7=`*o`E$ip+Iq9rVBqblqPxjI}@yy+PAKE&L;*u1W%P`9?du{$0lWwlS6%G zj@xP$@l4pih*;(aJ{?=Z72SIrE6_YZSX!n`$E^VZ8oLR~46PFW5% zgg8B)+VTMQi?tgKNk*%y&#-7gE5{)q>a+{K&f}ytGxh8fz7$0kvIF%z@_tpd5Vbr& zALI_nr(|XxV{H&0y|b^b)CJ>t##&%dm{Y*EbLW9=4C0z5?vt&A6u5>0HcCH`XR|~| zo`Nqk`!}@G^E~_&U=5)c(WMa0quDZCtgdVb2Ozt$+DEE^l@A>7FixRVQtnd--f7JucUn-C(HW$gQWdrZZP%j>Fg{ zQuFYe4FkjG$%2d@p1pqU;}kDp3ykwAyT7V(!PX|6xMLJK`VxLRI(%1V=^wB=sv)Uf zR~(N{cX`}^%@oxU^6D3IO}s;q6Z3BH;?=n_6v*GN{k%OhBS|s!)*aL?tL_zCe>&n2 zm8unnQ*ba3U+1d*+*Z!C7<&MYysef$WW^5D;Jx4&6!VP^8tAJmfn6XG8p5|27z zin+ei7Qeo~X5ZD?xq!NqX*%eco_t7n7d&Q`cwUh^+fq(lvt?rX9xYgsma7+O+!DsW zLTu9P$4=qww%%br3om=w*iqxYK_)BJ?^HZt3p3e<*qtI`({RsAE z^eD74YKKje&Nu8maCNa2Q=%a{y+R)WpF4KdyZWwt{D;8r-k@?Lr26Qtp=g8AZ%M9R zpG55!<}8oWBhzpFpCxcZfSqM7OpPq++pn;4Ie4*be%jA$yDITO=fo4c&R^$026Tnw zVdFF?5N~B;X2J*#g=%rqOy|vuLQBJ_TMM*yg7qEU4kM+(o*(Vw2?Hyy>}yWxM*#%# zCzq~B;4IIygU~;6rZYMJ<)rr^|G_GzKaLxD7kq!{fC$u?OkBq^FN|;7TK76KJ0%_Q zZI6P?9ug|Z3wp$m<@rrDw;@~(@`Y{zEzw2|DjiC8zB?F&mguX&Yv0NyA+M*&Igk5ECe~dqNL9U& zCowaF`DppvAAA{z2;|T2Mc_>LN7nR&=v2EiqG}qigqL8I5a}xWX4)ov7VxpE)ca-pt7-q_fp zLRzw{)XFF#xW%vA$JmS@?yHvv&j5>kLys!tMxbGZ2$Y{iLG6{}cve7EvY2G6tdDB(h60uPrsm#>)Sd zzSiUT(RjBL-%XO9t~;cpWSb7(ON#q=%rO~_DF-}hoqwzVT7Z(bGIRY|si> zXUv~}f{9H07juU(gEuuh6qR`x%U>zBHISTMYjDMh>sC!SOxHYy<`Wv%fpTA_pvzZC z7YMoeI|{0j`tiUOGQ6Jy_jG?vpYBDU5l}o^VAQUue-qUItnxFBbw6~p)r%)r84WmF zz!GHX%J*SXS};8er+6cjX8NP~HMVA-{&Ls2yW2P-0ly5k_ZhF!TqhM&#cq-OyrY5n zzJ>VjGL0B%8m~EK3^9p%hN#f*aw9bMSwXLkNCtCNPk(HP?gx8q=0MPRg+S5l)a`M5 z>Wd@4Bw^$mO$lL-l0W>20E0F~Da96INplQ6^u`_BFUN;fsGFaFp?{|-C8`Yn{yJ45 zS<9kG+I1rT8Y}r6kk4GuUvw4({xCGfn)f}75rGHOZ)H?e{rtIEcio$zTEX0_yRkl+&Mt=A29h`<^}sTVbl(^u;oMoYSDyX&lj0o50l`~bCa z{zRC%XK$h;#C*Fc_WX%(ib*3p!2lH9_2cIW|E zh6O7{k~V3gzsLwe?+)*nxr|E5vX}6}sFLnAFoF!Fj_h*psD*|0cm2E}x*jFn-#xN{ z3a#4rAiXfNz+@F{BVt}!C|aXs1&p1ym%oONrs>CNb>5G3a)w>orKjDMbk&LYO!EOr zeO>S@E%^NMc@_rcMYfO+OL8%9o&TbWT6!O{L{7s~U4n0q_N8Zg zb`Q!8emDcj=Mr={?5}?%{dJLpG(U$_P{X=jI{oS5Gi>UEUy2U`SkO362}@kZ;WWps zD-i&1g&C|A7KzD4bGb%%MjsT%{j|rZb3h;={i!AX@Hh@4EQz#tzha6J!__WE#JE$m zvvS=8(okNa5gxs>eKQvdhv$2_z|0p)V!_B8`FV(laArzap02_ekqx>LS(t}DzsG)q zwI2C=^CY?)oc+Veui~wAvimSG=#W%2oi@sinVtFW_oQHm?*t2ZAxoEy4k$zV&Xs|w z=^>WZAGMUxD1ByTqw3tz@SBiA$9|^Nt7P6!s& z2Pxq-;wfF23j?FeBaDyLHHZ0x^gniX7x*b)rEL&EOV=LCkkJ2geH)1+IC_Un%=A)H zvIR8Q4t~sP>W+oAiGlG(%X;rr!60Avsc2y9!gX5gY?G~)8O0cZC~HU z`goR4A6f)T_R#ElKSc{FKZ;?v|Ke@_YMcoiM+(ccyRh~}9%0|)SZP;7SNY|HIXSX+34m6K%W;kl>E$e_u6OuX>XC1YFyG)@jKWf^ zB3B>vr+hIjz45a!AUU8I(_M(%h0S#?|Mqew^L7TJ6n27F@~2G;tMI|bT|*Y~0j`q* zIh7U!wU;1Z&RN4q+;ziTL&r=>&`7S2quv)MN+ie9bP3jfHoY;PZvR6=RZ!SbQCt+> z{5Y-J0(+9mO1k>Es)t$?|JX*dW7ra~#jCZVNA7En+v4K(#8O&zB{ObEYyC}N1Hnq0 zCHVr&DO<;SA^hT!aJ@oTZ7oA}PHBx*dHEAnXAZRicVqx}05?o(;Yrr`V2M0Awh=Dy zcJkyly|Mn(!99un7S_qH>e~tQK8vT0G&>|uV?LKqhOx53zKV;Z>9_YBQL3GvpZE0* zuXO`~bfo}vdflK2Sttt+3bhHNZa`?@R&j?DR@F45fS(&R_(-^Nf1y@mmcs>v!RYL` zyg6Mqhuf*Yt*-LQ#Dre;*3g+Q=5->um3`$Q=t>z(zl;bZ(9uh!B>2P%^7rF77gz4X)XxXE9yCf+b>xM*6?}YtJowUE@*?78| zyUOVFx18)nhi}K44c~&3_-l;^Oi<`E$ysa<0=hv@gg;+ul+`dyHp1u0cv|`&6F5Ynj(=MWo6Wk}d@4XKh$BOJc<$ls<){7$2gukjHVF9R_$AmbfJCVeY_M8iAu|5sjkWP8#v; zDPU!oF8>FKrxZm|fW_Yd;`F2g0`cOw-);j~loHKqCjIJI!7&0Yjw;3fY(P{|n(8xp zrg=bk%gpGqwpx=#cukmi7d1yp&_CsP>P-ws9bH^cn{X;>Ia4SwbHKxB^{h?s#u;!!$16a3x@B`|| zxVny2L4U|*nFF%c*S;Zw>6;Rdx2-#0mKqPSru==8(a8@Gi|$53mow=$m*0XdvvJX55i8x+QQE&`thA5ZDykM1 zW+!mLRyZjS8%F@dFpdxF*x7Yf&@9Gjh`jd9sDIJj=xlMpSat3mh;zHDrQaueoE$w` ziVRfw0B9&juv#EdS3}|!0M>$BD_l*6g$+%sbF54?Ea%ez15hRmr1~dUDT}qB!)R7m zZxLU^%PG$P<~4`olWz(5_M1T6j@7w2YUa^EnX_-MK6{*YPIZ_9nIB2fh zI#^t3QhJ`Ly|P-EXP!$*BxjeFqOonKzodoLd#`;9TYRx7 zA2`&cB}of2LTHWM-K}l0{@&liI0I6TR(N>b??Ec1U@P7|V#Gd8>!qNg10Mb7&^vnU z<6^ybc0oL%{Qgr(jdEb}YY1FHuj@JqBI0i;Ng_2yl>vrI@;)Y3I;BNg`ty-WOh6)n zGAS(b%b&qK%)c3mSt{JKEF1|+%Sy9g&=I!<6-Qd3oBOP121?&Rz zL-GPl1st)>%`wBK$|&!96Da^bfAw9xf*K*5HBUkZ0#1_#cuea7IYjIF6R4BTb6|LrDTy7@Pv#jdd*`5QeVV146V^&7f|q| zm~nWS7Um6d*zGr1j)VU=^qUR6m{jeH(*mdJ7Yx-G|B&Uo6N>1mSIURhS;kkix2od; zBdEJab5WrQ32D)`p2ttoc6=@wHaM&c8kHemUwJ@iW=C8-!gOpnXP`CL`|i zOzT_X{fzb*CU7*i!}la~|J5!+?-(*LbMzcUh%Ph*wb9!F?tQBn8dujqhXWTIAV~#- zp!;wkZ{@fCG~U?igd+*%8^mj%{r0um2J=i2(+R(=mQo_%04)k#G_bKj8vr5wM_-aa zB#hgE_)=(HM^Y#(E~vRp_nUy{Zt_w`h@xIzD;vG}`pfrG`0>&8$(7E)m%Yu4xvF}R zTozJ805)Xme~3YPg-)A$iJGvsz_Crw zDQRt~BV3h{70WsoFqk@*mi&kRrM5gFEKaVVz)Wa_s-mK$v$njoA+)qqJTx@q?JWb# z3M+kxYHO3MUDjo+LUl-A&y0SB=IqLxyla?wd4oM*82DhRr+KrrCpqLNZ9pbfJ9X-n zfj#uZyc`jWc@>t5k7<5I=oV%ccEz%EYJY9zMIJ3KDoaz7Q;#;Ex?4_Y1Xx&{nO+zB znw`cT62`c&tE?(7w>c+Ao|S)F)M=3Lj=G!;tz>HBKCM_Cblp&l+?rgqHEfva%=6z& zZhd{MITEvI`W<`k0{h_1rn39RU|wI;n%|i9&eg5&#_JoN9&%ZuW?MlV!OX!Va9_y5 zBw@`Z(T@0xuDT@G4~66AOFzl!M+IEp&Je%3ZYn*QOVxaOK$u+KW)MD5h#0`ntwdTaUCN7> zuDm@?N;mz0x6NvNZ}#$pr}A<&nJSKMgTv``JPf_*2`Sz7`%ghBgww8P`IdtJs|F5-7IQ*6DqRJrDt8Tm0zw(=YY@sXuQB!->Y5~ID> z*<`o3{$K`v2cc+mA1J)mbg}Fg5&eObB0|e+cXLIP>G2e=v-V`qU047_d6^q}x>)Wq z`vSGGTSu~P=Je|c_Ii5!Y<=l$W&29Xs_WE6k1#q2es8U7BAvR@sm@YYi{oo+nfp$LudDP3Q-U(g-$hdS}Zk0<-p7@iS| z_?Aki4We2>ABqY}RmqWD?Bm~|F7ZR6`BYl19gMlHvR;G!iT~V@dZPlxSsmnB(B;-` zCPTNV;NQ+D>)%39p+}npT>CyfjCW`=K8nu^diBybQ!@mNmmOrFC%wI;Q0de_mj5jtp4@1(B};Bt-Itja}>WDA;nUzIpr4J%@61hsp9 z%ze4PmMj6iMN&Q-Rm(96?FKeNILux**lAUI0WL`=psM`y=;K~XA;(YEiz!E)%3{rr zj8!6r6+maRlhD>?#QC+w_1OS^`vL*f!!@|(^m8@N2B_-Wpm5r9;LNlLb1YBzGAhu! zha{hHRp}E^u@5a2gYp{|aWmz(5qSc!F^ghF1ES~2s7@p;ua8Yx(3`P&nw@bWr@{jN z5XDpwo-!ASi=aCd5keq8BI_AD$t4{#BTl&^oZ5U>31>-vG^`y&>@a_SW z{}F#tZpx$El9F(hNv`d9wh+!}2#@d%#Xt074=JNw6;;dLQ-?*G4v?Q^uVh`45$;Ji zf9=uucE|iCF&iPqOCp6=TPJja6`0{?ly>i4!n-JS zt6T~JIVICd7l5PP%f`*;$zDfcLr#2$^#l6N$jE+U$|&v*S#9O)^Y(_s?a@u!j5{wZ z8t%GWFSIQ%&R64h{TUE<(C)bAvmf(rB6*;E6Pmqg2uivV<%(kJEXbGaDpyCZ@;RHh z6?|Q7{jWM@Ch)8vhFZRBewSYKhO|*w;yT zH9~JSb;ijteDxAV3F7j$(OxLe0!F0`tkY^gk9KRfj}o33*M5E+5msv;&;EU{v_9mm zJTNGCH9U1@uZ?-Zi^uk-7sVrH<1YiN(hk?qSq`fN>W6pkp&O~qF1Ev&RMt8j}nu{P%IXc6Y}qu?XXCucBNpuouC@J6+#c<_-7p- zYD?r+3t6##8Bz1eebPDKK5^sWsE;hO)7_YtubQ-Qw3t`5Xw2gB&9&yhuB_w4)h%~1 z9QyM*kEiHNw@l0z6HEzF2V+=9pl*t4CJMv+jH8^z@tA}0))-ZZNjZVHupBu^7c*D} zJ#whb!m4xHFOu>_IoEf&5g8n7?aWbztw20NiRm+LiC`hPFg(pXx73T~S^ zk~@WHiPl~R+oDyO#fK8ow93>von!e97KFV|&7*_#cud8yTtJenh-l$**g%7T@Sfr> z?q?sphLVJ$>`oVJIEU<#YO)2XG0JLuwLmdXh!{o29!Xg9LOR;A#8N1)3g!5+=3Oi~ z*gE#B*Xi$w6oL0wXI|a=YC>%I=9(fh`h-xYG2t(}>!- z@VSuv-#6Yq@dbH#HQ6y1BNfd;w46|w2O^PGOsoaX5bUBMW3x`wnl}}&#i871UWKlW zNk{D_{2{G_pY$+Z^Dze)2Izh^PfRZsr1a}Wn9;|w6n#~UDwEY3y@+9pkg8}?dQc06ohyc8-xhS zZib!DiObkv$`hTD#G$ecWEluXK_pbo!BG-n;W6cKJa3>E0k%;s1 z@(RZq=Rc?><5-*OU-utSdYtp7AxicWKB0({Alm86-$c&4&Z8H&hzf5ljrR|e#=B09 z;77=yTvtm+Yyo$G_v`12f-Lj#XO(6tid#5F6%{3RI11At5Lixib(kF<4>yCTYz!<+ z3>?3aWujOg;Njq78D2e7&sbR591IKo#^^{% znCd)!7!Z)FbLFUtUJ)zUVDnus#*Tp{QPCXKu5y>JQHhMW?4bHrBVy$>^de&O<-33P z?()>mSw9&YJ?nwWo71X}Mn}*m68T3MLOHa-w-vP)?Q2*GSykEVoHc)h55wJ5TPqU7#7TX= zUx>SSj-hr^A;+mjKcbV53Z6#GvuR?vN3u{}B?5eZGyytdqsNxF%W^(K9u6EOZ{7sV zJ;t!tOFCVN&9(Hgn}MV&{q6LhA$&&LM*m|WySfx*dE_)X+WWrTtm*OLEL z=d0re^KQmfP~6}x!W-n-6-PpBs}B8$BxV+rt>}tW#L2JdV)ZH=CX9Fn^t436VJP`E5B!hs$u1Myg`<%3Qazz#Nie~@Y2{V)kh|SKE6I7=v ztLL89u^Rv~7uWG9bHfaAt9~DSnq`B*N#c~>^T8(aE;rH3;<^+6SA@{Z3a+?ZQN=$s z#1=F{?K6XW0-+H@@$-`lzPq)$J}d0yl1yT;Px2%HL`7yx0b;fw55VCa2VFCBymR9$^1c3MKpPn#NnbnPD~N@ zwQhI0^7F{g%wyrW+aJ};!4$PFv(AkZ7%1+okz@{z9L48Wi^lH(pf1J&l(eJt8J{HNobS(?|CVxwQzE$?!G(#C1BCD?iij_|4;zffO;b1?-4T*JJziljD4j*(u zZ--ep0hF%?Z&-^7MW<8>>f!SqquMf?h{FaElH~XC8fJ}_?2!7?ItgR9o-*>-{A$!3 z00oofLjAJs%TVN=ZBy@yv3wKF9j2W=N2-b)3^+Xpn0Ruxty**^+h)8;vU{gK!SbAQ za<~vycn%A$#BL z?xEM}KIeLG3FN9#<947o+pJ2j>@7F%yDB zZx_pDt_uqCiOx6BY&liK?{sU;($IDv%m<%h{_qRy`1o?vWrciO51+s%WFxoOuGtP` zY5(T!a(R}GFbdACk&UI%HED2}7l|F;=84~%{(HXF*&+i4`aav)NpS8UpoyK0W$gEa z?`~NLx1d?3c{fY;&3)pN^Q2gX1fNXpc5C`&fd~y9y0jD;&jwtUDa}r5SE3eLuG`U& zIHG;SX_6Nf`V-0$}~2A^Lgh@br=}NC%K<7*lgBc zfvM5VbT~Flk1k+0{#z~D$;EtF+*xh6*gHAnlKo(fwF&P5JNBe<`4MZkS^EL9wqag- zWpd}_RhUJ!x*NPyWz_j4Fp{Dfs}R|_4eFbs#G*~o*Xl7B(%{B3l6Q0MyH?g?04gh7 z+CfOn6jnOP3_h>aim)&cXAZj%0`0)0!|k*mQ0O`WB2}+UO(b3c1<-7=C9bY*RbM3# znxOw?4Lt@h{7pt%;)rOi#ZhOs({8&&s_~Ex&;)V7EUPAS2`c@ zu$&uASmGIRRq+YxJ*0Ja(#V%o!9Pm9x2#Y>KQZh7bzT~-Zg%InDxJ$TVO7#(yHy*m z!PSP`02urUiNH+-rzTIx6+zdiN{oay_DeyUK%PjoXiekwZviYANH=$ewS&vaEUA%^ zQ3v~X9kGOj#I)M$@qN&7WDb|}`Eyzw7w8TC`@V)#V@77V*hd>&v@%uat13w*)DMvN z*l+uvo}Hb2A`1)KeF@DE<#ttcl-1ODLZ? zYvyRTW6%83|f9Cxd znOLT``17b&;<9abUHJaw_4Mqh*&XUT`50M=dud5KNn0)Hxw&w^Yl2QoY;7y(xg9-c zi-kaXns0ogx`(-`;~2Qd$KSH<=;9%-A=ep;o73~NGn<>M>&vse3|#*~Vu5ccd!xIP zG*vQ=K+;$>p<|N=D;JBrh6ZIi8;UKz5@i>3le0dW*8+z=KzcGn@Q3+7qJD)nXKR^v z_66uGkEl5yc~9z>B!kb2-e^s8>*HT<+z&)(!(wkT!5GP}PFPP%O|ku_X?$3cEZsKK zm3xi5k?;$F$Jx-h|KkArIeMA*BB8gkU~)(=TVn3=Cw< zB8;5uM)BxW;ugL1nnz#bl{-jmwdzbhvqd{AHeD4L29+k@hkF|<1jsw{HzqN8DT9(k z2G?NS4^1!i*h$mQkj`MUUAJEVol0qGepVP;lj_}r4jYse`y*y*ccnZg!@ZIeN}8!4 zJbXnBXVDVZ#{tV?xvAS_`f#u`=uFjcFz=AeUwcDZm47}SXQRDg^ZF|o_KZziO{wO-x*wi9z(cKigWLo& z`l!yPaNoqXx^tg{2W6zjJJ_0n({)J!l>TkR=g4ko7hH=&-5W_U;wT}fg*tm}M@kG`NEDLoQrQPb#P`yi(Y2n6ko|XE zt)H$CzTIz-?&EK_bXp=NA$_w*ykAl;52^O%A;qjwm4N__p6y5KUOKR}QQcn5v)D}- zf#J#^aIig>ZE*0StWvA^O{R@MSq`VxzMp_hk0r9BIdtD=RZ($nmt~K~ZfTETzCN4Wa5oW+JP`q;71H{_New`}s^J*r_9R%eGCt`s)k*T_ew z`Uum4@KSS-tq6GJ%Oj3Ag_G^gvQJTUiIFLeGndK%%R8h(q@yIe%$W!-<|PG?b4n|6 zDNc9H2Ebooib|!J@l%SP#OLohBw^)OT?j_i;~V%UEtMd{x?ggeh!@L8OeYbj9NEjH z{i@@@J)6E3C!a+2%e1I9QvpNHa^`Kl3A{vtRqjAx+JxAxf7T9b0s~=y@{Vu_&H&8z zQq>&XcyqT{Aw(RNlp^EbIJ6NSH;YKEDbwSq0icR6Z~FBwcOb?Ib#!7=qwNV;-On&O zhKCe)PcF8CR-ca)7I8T`&5qdQK>c1z-u)dxFXwh6ibuVz)#$YL7Ka|H=fkJ_Jj*oE zLNsvAbL*GKes&e{N>xUbF{-vI9+VO)UNhY-eq=n_s9uR)Fb&n)3zyLk4iGgkE(RpL zan=M*2B?b%{#C+P{dr4c6p<+L`zGNpQlZIh{_^GQLrMcHL@`?xfUcy_{#Vl)MfP%o z&0G|C`%m5lv2keQpV>sT=}`*Bj8ow{T8mZf#mhJpJO>U?H!`tXoCEtz8IW2_l^cHg zS1~qC!s&mngp-}$Ra)nvs`1tloD-PrFp4+1>)bCM!M)sUju!n?&HKtzWiQpFes>xF zNftGS;GDk2AOg;g+DD3q%d>`I1mQP?9AgXsme)VwHE2{2tjdt56A6j=@YF~dA@KIO zxBi|3i40JyJ%ZjyYrLmpOt?aUT@BCYc2hgGh32Ooif_HB>e`Wp1D764NnH#}_Fux< zdC>3%cD2qRAcId9gQ%m7NzFrzx20q^J%0Ur`;H@yJk0y8Zm}9h898lwqOzS`<>}ON z(SrUaU1Gl1g4CmYp4GePoecu#4 z-Ez)>TY={6koPF%>KJ?KI8>Ck_O5sW6q06Jh?q~SboagQF#-s>1yL91D|GV|?RtJc zs?pA@<5kpfCy2qRnx++sw^_(TD^VHO(hQgEgC$$#qk&o`?G{r9Uw)}c%#Y>pL z^`0Di50XHN6Gy_tO==w)2t&$OcStJ~azgM>;w%m*h*x;UEM4K#K*!lbG!#&7>dQf?QsCd7DzNtfH zsX?A_(^xM}I$yW{@7E_7m?k}T_Q-{=L?=C-;TS8DVn~0*y)2CC96Z5Xafg7=YxgK8 zd)S5I%Lgwyplaf`Y&HiEhc8iK(Q@}RYYC9=X5@x+O{MPiwJs;4v@Om7P-&Z=AyjYe zKzHV}hV1_>vi5^aOZz(+z2oP#`3F5BJUp)AZ+c+zr&*dE`bXTX!Dxz}k1!`N>}ZU4 z{bP(uQRnu+1!dH1seYU@zm+R#>Ug`k{Bd>>YNFfW;PL>l7_sVT13#7LEtz-DUf>tx zXW;Uc2Y(UBD>akijia)eoEPIJoL3noOrg1R&K?*3SgGbmbDeyr|guZav{zMHRHFt!|7Io;4&Xv5h-h z$Tv6hNJPiYyTggN6dQRsP7?~x6l&Esn-+;)xyMv_T+YBnEIkOwEVRZt4O{QD{G1Ku z&x)_3#uo(bt>{c+JL)b1ucT_;;n?@J+Bnkl7F=txa|9APu1V%er{D!%e1tp5xvT#$i^aZRbYKpasTu<`E4~=^gC9SZtYO?L|)&} z@bRJ7fZd%sX%FK?zXihkQUP&-d>Qxr$I~j4wZVw$b5Zu)&!C=BL;KVLG)?Opp8f}> zK8Jpjf&m)pSyaFyk74-QXCjv8*Qs`a!)`Nc>gj2TZ>wdJARxqn|Bn#%|3tUnL(IX+ zNm^1;vRzO{Mn+97<$q&u&}OJUm$19LyZ4;ms5r{Bc3@!(Q-Ear+!bquSVuCbL6Bl5 z#ly+h`H!@A>FduoL&Fy>=Z<;%kGi8zXjTD-t889wb~~)I`VZO=E#-k&+}Ut%{Jl*v z%*?IYvullHBW}3tIT%7Oi!bG1x=Ykjs{Th(#%stjkt{$S^n;hxPh_7QaFA}Vd&=rd(Lc0w3N_uv?~Sm&qaCwOQ5-i2)qMZvC7rA^;K(+9xSp-4oCwrbT=%>njHSvJk*K_s(HM?VJ>t0fphT2E7;aW=tH+;n* z@qAuSlgnNREc4=}!x)x3uu~p}-fK|gWdbcP0Q-nWc^9D3Sp8~4$vr0gt5sgE=e#!Qn+vH1BQ>T=JA2sd zz^<&I97_kzm$#`3Rh;?QGs`gFaUa*OYyb`r));Q?Hz}^yworzRqwoD&Jgim<%?252 zK*79hoW;=VLj_w^Lel_jH3?(c@5F*9hTK+u$s>Zfh7{U?Vx+?vzF0KnPJVCMI_qA# z?``_mS_y_)*2`1_OTDFD*zN1$n)!F*06JxL3m`-xzf>Ipiv#<9d>cJCqH~c7mtTC zLrcM$;(II=6?8^VUiwst>q2s4zhTu=hC!hJ7+_BO^H(-c=S#`MZ5;25s^Pmx?cpo0 z^RP|hN^3?V_PTxRC#uO=OUAkQ(G(Z9fR@N{B)8*MTa9Sc2k^Rm%T{MS6`bZ z__LxS-Xsx&|8eJKO>%H^k~i3$u69+F!5U@w2AyeU#eE*CDG6dF2~rKLuR!`=KF z-211BVM*nz!s#LmG`$g-rmx7yhgde&aM zHm$EG&duoQUHZsqck2j<*z?)2Rv};)rAcxR(>#wEB}Yk5Z!_J-g=@Cb3^{U+QZeCW zoV64#Juj+p;~E9%kVUSArX7mc6Rk$J!#0GiQ%AGdZxwXZ@y0pAH zz95(9pN$#T=hLW2LFmFP}#5LJi~!g>x(8rg{zkNfK`*q4)_?@WltK1p2sw}Qj^sUv5=6n5bbMe`8lD}EO%L$tn6^i zQn*@9QML*ZI%tOMhTPcYtf->IcoR!L6#{!8UX0RkU+|gyTxh?(O%cujP*qZbqany9 zVNDq{W0x~uNpvrxsGz`ZPI1k9U7u#UMGL)gkqQ7TT-W*c%LYZSv=mJ|pTyOk2c$3h z&s-)4te^XOH$QmHleIUiODc|h%h~al_>|W1u(u)F&HCq*lS?60M!@$H)E1({CUI7j zQBqR}CChV!>Rj^Mp*Wh%2 z?@Uk6>TExA2oCjuyo;I1QeNC7lI70wVn^8|C~83|FjaF)4BrYL1Z1;Io)I|SVupQ$ z$UI1sbA?1E7BPCafPer)6X7O72C?g&p?j3&&G`MW(oNx;HG0Y(BVzpy^sH6WMpC02 zE^WMWB6`>BV@X?I%C)0@jCeobF<%b)>4?gbGR1i@Ev8h%U70wA!WLWckM9`Xb+Z}g29RXTlt2!eb+SwUev8$?}g=`Lb)Grx&6&W1T?3h83Lhqv8 z@iZTrQN%uGMi=@3X7tdC6PIEzF}ig44&_kyw@|6%OSy}M@brrw1o_0l;qrEsajRpa0B=qZZCx1SI57%_sU;Mr_8?(5LPv{1QB!lkRMN%)v!M#)Ow$F;OTY+<{4lkg! zM0l{6r;u#tDV0=r`gLPbid!RRO46ObHuM3t(XfoO?Sm0@9MzWdetecf+&k(6pC2K@YC~HZMh3u7`L7DABblaTHf>g45eM#79`v3#b{Q;Me6*qP|FuL*b24V`H$%Yk&Lz(B1##V9X)pP1hM-&A zLUW-srLQlSO2#bM^|sD;bSlbmA;6-YT0xIU*6>euM?%{CfaOAjW_6OJz{f_z{2r`r z--A^_8X~8)9QjMP!Zoq9>Jl^0>oSpC7l)iE+5h!ED%)5MF3-1IYq~B5VT3ZBgUo)f z|0>ha5ZD>!i!jOB9{QKKb*GeUK~!F8l_D_xULss?il!5V)kJG-%a|*V$ycssSVMm^ zwkwmvYv(9fk8iRchKkiV$aXzh(nkDXCKi9QnQ&h>)xg1E0@j1MW5|ZmrjZ_CQp(xSzS7btGU9a`MowYW=gr!DSIiWh00o{2aaDnzgS)mNv|)WO z&DGDknx#%42Q6%$w(5CGcHy5r?T9KbS~2zqh%*r$I#v}#a`C;So~6`yS?}N z{T4db^;>t2obkD@ldjQlc*BgR#F!!jukB*H^InTeh?|nJC)>eb>r}24k_Ld?g&CZ#lV<~uT zO}x1<=ndAa%%C(sZK_?M^&&@C4ltRQ=D#<$IK?%(`x_q@Os|-Q zQ-CuN4QcHAMvoyp*--qK8qoRG%?&7zlPXpyc@TFV^Hi z@h8J+EGT=LVwaykeRk6I;^1!4b8l|DE87N~GuZ z_Vy;1FtH_EHc_liH!Akl)YRlW0qfYXSFyR#{e`ywf`j z_zvdRes3>)3Pw7;{KjTvO5`<7g<2vQsw|E^X`Y1fUM5%LI<2Q*kNcbZNVMT-rz5z? z>TR6PtTs@_FJsZqS_{AT)s=QveSLk5PgxI5nv|mvuDvyC6nFNwJO_5)#V`2z)jS_s zp5|{90E_OyqL8uCKLQ>SMZyG*VE%hugOv&2Tb!}cfrd{5sjTg@|$3I&`d zPEPD%yb#?q@pIl9FZmyvU&?v-`2c?Dvk|Rs7U-t`WcuwQ3Jw@)XS$=0&CE^NZdT)q zk01Jec@WzW?eu46WehH0f-+A>cK`HkKOaP16rJ4#Wb>VhD$6G}MaB91&ApR|tFiN) z`lXV4S-RbP`8=$q-`MtNUCN(&w!y)k(NWP-y!@#PR~vi_P3E9FwP1rE5v3urGAns; zp=;K|4ZFF@g7>%*92baEayN_j0tUkH!C-OH%?A-#){8 za;o!Ju_7yIXDdUUI@HU`V4j~o6BAJ6C3f^F>MnrERxR)Lz}OijgrlsI6$-JvfM;R> zw=psMt}1kyB%a%q2u?USlp0&FR1-qp6!~ksY-(QSQzz1+Np*vF%Et2JG=U3}vzN+? z<-Ip7Fk+79yF0R+PC<|oV&`REEpFH9Pg-L~*)&LdYh0_|Ba-=q*vg8^)VO-QO^SY> ze%=OUQ!Vw7YIJuJdr|?}O-U;hHgGBnxVjs1h(@{r^;HdJXlHMhWoNFV8mby~KHsUO z_nevfV#QgqJ9U0un>&p~tS6Bfd0E6|h=F ze#T&GS4YHc)wg#5CT(-@Z_cTg1*NYRPwkq1BoR~33+?F0kfMvJvz01zv6WDq3oZqv zj(6?;z9D1QzKBDyue_+0N2JLxmWd8~SOQg~gCIn&8`PhP$MDgle#8t~tFEr1ki>M* z+uw$+QkHN6snDKFDD%k@YO+-HQ3@qK#{mjcEJWE4dvVuBUQT}CpW3>B*WjITFnNAn z^H;}eA{%J13?&8s*$hwqwYd1SFERqB%K(w6L#udnm${bmU3pGiC11(7eQ$SPQKwbR z)3n3ZhIP>^niy#{*Q;laUF3Sg+l`f_lw{o6M^tks^BO#Ga;h{O`y!?!h&w@&mre!o z9d}BFjLZMWTHH&lF~@V*?~X|Xy%2o-5vj#1q2isOl*45)v|O4R#~)qisB#vDKe4cv zr@?%LGo$%>=&)4j6pK+w_dY6tRjAlIHt0)C(5`|?t%=Y*7pE4qIVu04bM@gVa)h_I znfVng7OO<*M}Jy*p|7XvDzqWB)SYPJE(pm)eez*3WuPxUeAEZwTKn=~Ne1dY#rO2d z7x8O?E%f}CD6+!PFoEu!7W7)qC^oFOn1myaZnI2Pb&a*s@d+ZW`JaCp8EhZ=ROWZI zDsvP_*qo;wWjOnKJ?p!aZ)3Y&n7MgM5BtU`#-4MCKrT$H(NPUN}midVrv4p>ogqV{xb#$I`tVD*VN z6EzGI`D}K_M~fzj59YD)`}x&rxXi2(>DG~{nswu4JJ}J5rJwse3@!4QU4PuhP%4W9 zuDRM~zFHHbQqKpq)hrwBz?cAhh$l%Xk8Vtj_$IRDuQ1S`Pf_<%os1NrR_CLB9aIf} z`sD3k35hPFNtW+{4xxFKs3jWI@cgAYU-E7c*MW}uTolKFr05Gic5L4J`((p(XAw{2 zJVF^(==O%Wb*%orZ^)ueHQP^zsQ3<()tZ@mC0b`CP zqv~{>3N)V4`NWfp0!$`bpLevktl;sRn4h>bbVoq&$0f5z4`=a(0zOZyhB!8ff*JK) z+g<>C%X(7{@nt_IvMw8X;eF(6Es`ke=_a-6UbYwvh?w*I$UmDBI3ydKIf`a+6(~>{@7vj z0U41$A6%F*_(VH)|Hv0xpk2D6&0!DPi$}`-Mm|^s9GVR4dLOO@eUI9b*SJ#5&q=?q znD17#T9iLD3g*JdXJ$RG~q80aIUdsiA4^uLU( z;1@4mgvD(shd!j2!7)U7DMVK~Dz&d~YQw$mS{rWqa)pK zG`GK`($LlR4Kf2rl8KEcU0R!qhfs`l^sT&oezdYpjpL=0N<3R~ImJ|I89MMvsBh6CQ(4psUzt-7@}V zBhl#5VC5BBNn^IHL8UwL14b71BWj&zs8j!!W`HwjX=$~$x9_q171Z*ezzYh*C@H)_ zNeiF6ee$1aZvV@tx-DbM(Qqi`6ciNxk^`fE{(S%UssZY;XtAsCsQ+E%QW+LxEp)uK zg%-b~f0niTlN?KfsfHSk^Hnx4xbP z8gzcWG%a(h>@md=7&sf-8LpR)a*3t*YS`ic6Zf-0_j=LrH5Z#1yeZ=WN(cd@Jm4ZbBuy zihK|m`F@ESYc6DP5EmcYMQ-MCM`%hynw`k#;|W1GMyUT1gNJE99nj#?p#y83gl>!+ z0|)A^@V116UVW%L(I4CV^pAH(M2>JnEnSb}YM`N;qQsX??ECNWNM`#H!Nw_dqX7g6HwKbhZfXdtuP`nR^Uu}n_h;?(q^<}oM(tT1 zkqOs&>1e$lT=jNbd_2(3BRm53=XfT_mjnV_c&v5YxKrMxVNtJQ7|az^+@;j&CH$Gd zHG{P3Vl`>em@BFLbwY#E9w*h=Tvg@DW;7|TbfpF~P~v?0>M)(KPrE6*oa+S?^W$)y ze5I%uvG7jy>lUCI`l)MvNIF1;t{zSDsAYgyrE^^wPC;crb8@FU;8ns0r?(rsj=~jolBUq# z6g5<2ig*r}!gSjTd4mADF6h@!i6!Nl(vou&<8?uVjEn2(1|PvF>-C6D+4S*yzav6b z9)nZ4)4i%SK9OjriN;;=M)wt5qMYOhF_xC+UF-&)h6rET7(`TQ7yEJ$cj2LGg!?~F zzC0eF$QTquEv%fSXcIXVdNj*6P5O+A%bzBd*(`lIYYXsLCDc)xQr3~R5OrNTImypF7VP=0U~-IhFcPr&{Q6HLxmjR$kp29p@$9dK z!sX5OaMB#)?y*gQwJhJ(Ea}OuVmf(quYd4Fah~yX9XolzN8ytzg{pn$pg19(b=P&1 zXD#ovFTaZle&LEH_9xUuwJn&-IwhONxt%aHWM=3}sz?aDpmNK_nGocY$6v-gN?P-o zjuXfdsAxaCo=I0AQUA)b{12O#P>bbIzi>O+r4v49y-=%{%@Y#U5Nv;9lXHe06zro2 zNJiD+Y%Mh=54|1=o$EVFKXD9i3U7qNT;Re((l{?v9V)6zZTEgDccU>Z+sg0xoTMgg%`}&- z3b?nSw3x;lOvnE8 z$|Y$^@DSvCr5WF8wSQ_kPG_MP_tEytaA)^x{7Dnj=2QWu=6AW7Z!hA4si==6=<{4p#R`v>RsTnB)(#lL_A#UC zdYWbDg4g`UTOW6<)J7M${4)yc(yP%Ik29Bf6_3SP{L~x|;rOCO0vzy91b;n`jL5ln6R&!Zx#{=Y>6ry% zL$xUm?>j%rCr|DyP{FXUsA%8a-G&Elk0(=4r^bW&k> zc5IY91Q&Wz3Mwi}qhFS#g9{rvn?swEWG|lB$G|y$tej1011WBKLfQeYJal~u8X9*s z@R{-a#_m0oiCvGaszo=xpkRwEm&Tdb*9;%|iu|96-=%}D{>0%R06{PMqJBqz5Y{Kr z_w^-Fr}jsxztbW&qi11ZV4*W3Nqc1FEAV~AyDJ?Ad@t5o2>r~$5`GmzrvH2_L(uNX zGNzh|PD)clLuIJ~TrdmyC~aiIQ0r01eIFGW*<5U>N4)I#^ob7|YEAzvE&|Mx)-Z$O zQ1c~fYq>9v_d*$;pXS_=|YPEMr)hn3#~uWCLh#_FdS< z<=EfdaxpYmhZRk|WC@6Yw9h*8B*U)S-Fm*nxGbbod{;O@He5@8L>Rt|4VH9B((Nh7 zo_);u6 zHMFk!SdP(X_!DDaH;5RkB_<~iakL<;`bXt0bMwf<_9cgPbrOQP9|!%OfOj@0RmU_q zp32g|VerPJM2!(+;-&6pv2_r;nonH5ZgYx9*4MdLUBfnfSuWuUB&cC~23!v}gZ3)IVT9yp#D|{G|nUqDx#=~7-Xd3ac z_RrK!B&X_vA8-xZ2hzNf@APM0qVxf%&^YXzZ=b$Dk z0%`&ewMkrYxtSe-9|X}hg}hpz7`Ru+4F`Th0!P5~w`q~(6jF8Y=+uv=T2&rnwkZ)?rpc4 zoAypuJBR7Y-g7WmY^(`=gW!v})KUm`togi^)z1!>QhQyavs6cQ(nbU^LLL=Fh8I*M zM>zy$lEuishijF_Sh`APB>c&JZWPU&U`c5R_1YcbBEzq2TJ_N{AAM$Og)3Q07-`_i z(5@qiGez2Wz~il(ih=$C z(z^1oU&Gw5L&{tG(i(pCM9?Hl{VqOmZg)l0BqzsK#Hu<6cLKktpga9GN9_;2zxyNA zvZOLSTJ11CLzqxW!!>JrRefSy10>jHf|Xqzbm!yO)8xC27qmh}q9v<4qm8|O zPAzRIXzrtV@gMa+U5$b&8_(*V34RdMVX8N6pnN2p`_3531p!4;e|kjVeo0dz~`=B5>52e~O{WS$#S4^WTzq`|yvxs~Cg5Lk;lc!SP^{G&C?9;9^mb_TPhjF!%}A&r zN~-sT^DpOMYYPs{LXqc}UPxfUYQoe*V{uhNMI09-BPD%Fzzc$liY&iTkp&fDQtV$AWwqk5w2^2H{qir^K;X7+ znB6LskS)nU+1Lcz9ta1s`-%PL{ieh3D!#|~s_DpBaSF3+T+D5Tmu;=BFJ-Mdky#{Q z44eyB1om)g)`#gESIzIh2q3Ve4m9E5G9f2x|L6Q{;c?x7%d`*p#)1J0b;oat8>r&w zuJv_sV;()C|LZfRkJg`HqcaZ4i*N77`CHWQ{uAspL0<3;tcd068keUwc8B$x1Ty`p zK56mc8yAN3k*Z8R-;VM4{#>jO$cmT7Z*OETQ!}>Oc%9Yidv2nvdroS$+aoM;-9jUj z>6U!&91{%UQHX!+1XnC0G-U~LhRkC9qIr+GjeXxS!sWPmf+b4wnaoptS(DMHzXjB` z;6JuQK-jDg@%r(5R$0y;?zgpuY4R;a4D-9vYExvDrH>ENO^;vTfqr*Vp=uieawJ^b zi;+)x*Tyw`C=yP5t{xxN5|&!23LjttG7Ft^ilB+duOSzFCS6VZToA5GALr9_)p@fi zbb>A`w~`6&AHN=s#cIuF^LB$$QrbvMl8<^>XdbpxsxdknXO5lXkX3rc2tz&>aYam! zl)@BoXS4T^P^p%PX;ssGBEw=unbxf@EG77o>3{;&<$OvFWxQ|CT;t@K99c|yYw5_d z>Ngf$bZ&DWU^2}=vkw6h3=^-ZZh0}eM5}kWeI#kZ)=JRC&TVVhy`l-++fR2X%=|5QcTdGK}4NVJ}3 z;W710PX@*g$Li%e56ox=(|qwednJqTL!IkGGKnKAe^Yd*2k2=D9l@t;gZs<7R6CTt zkSAxCH^MbZ6sP2!bL--o@zn@`>7bmn8V0c*ZkHAhZb`*iFc)jm)Az9yAR2$P8_pK} zw*A&c-`S9l!;s4x0_@6*2h*z1Tl>gW8nw9oy2y)PYwCM(@y6VM$6@G>iqS|1f62Ka zd5uF5aB`L!(r#sZze>Yu0ejPMCTIL^rsw4M^oOIO>~5Fv5$EV9f>Jp4O~w+q-5ELb z9~bv|zCZ#yP2G-Hp(JR&%56wtX+5HGgW7AfVFfpSFuR)PhPV4J$Li_&;dqO#n*r*#eIDNy*cA;h3gT^WpmZqj@(sbhGW0LOEu)eC7VW zD;-4?iXw;XiK$a^uFaiyW+FjaR;|HPD-0Yo0b%iuZh;A+5t9G<*Oszp1a9UhXTMzw z%%Ti6;yCHFla4)&4Ue30$&GI7FNma9y1{VDt!tHhB`T)U;w0U#$kV8De^A>$;A2w+A{Ab#C&jEqMCfl6a}ox!y=53BmhTSz2O3g^48xDd7&?RwpRI z%xh4Pm*C;Uz6_?|l5bG2ME)ct&t`{ju>{q@W=Vhy+2?wPC!Ur|(UIqE;-3Y3VAqhF zfxg?+wV{TW!hnXiG(C-WF{C$AGnFqe;JeokG=BBIE6~&nHd*MZqwMi+;zBn>*#9M7 zf3UeHZJumFTVsEReFrbom|=Iy$MNEraWYezi7F!=Mp2g=Jv++E>>izOi5w&RT=kg8 zZfhc%FBw$gN0sPLa8adcmtV-5l~JmtI9RT6mF)-H)iXtlHbEiiGv}C#f8IifR4Z0U z6zd+-u}UhYBlC5v_=86-KPt+r>_CQSquGncJH6Rn&?sHcw)z~^*e6zqnUP^L zq%-)PwPkLk^VSKd`U2jq;K+UCvFu~C?;aoYziCW;aa-^Fk>*KnyF0M-qMuSz^^9aOgIlqwL6?YI-S@YQ5* zkgm;Q@>T5N@aHpbQ&gq8H{&!cit<KqYrGm4LA@dhF(kC_{>#fplpyO1&g;RsmUl=IXARy){Jb!A-MyL+f47%OaeFeqTno6~Ca`pr zuk9u8~!$5q*Ai% z`EJG%W0>ij00-CVqBf*2M{_{yhq^4bP z?pXixXO<}U4r-(0C0U-|hR+{f4bEA6*HZAm^*TRwfDsrKIFhl%ZB{T5yDm|0-`Vg- z`4KjWQr+{Z=3AH>IT3+)(R!VaeFOQeQ=P8t>U^UOi?au*g);HeCNIQX0&l5G{mi^> z^IzUS9a28~d5KY=zm$Ot&CvuqgT>FKNrRT>!%PFkj8Lqe(gL5w5`fO5T863SY zsYE}^WU~Z}x45!aVK+~6F(Xek(nqg6Lm2-pnja>luIW4fG!+~37|#DOq#Kq6UAH4@ z#4rk15y;*=T-4=&6yF!Lh#AD)e@GH78zs;_v($;CBx~bVpD1~|B0jhur#3hjHWTmW z>MG*%(`l7}sz7_r15r}l7?riL*e!eO?PA&D0T*G&lQIz}Wj_gKK@Bcjm*sl&oMa6IjWOF%fh{5(y6yrpL8i4Q=XC)}(Z{?w$@g zTnRL?8vU{gbFZDyxY!db-f|qAz_5QoJ9}=smKn#Y%aLodk@70nH6(CMa+u2>N#VrC zRXy(;zLr9h5J5&n+3Il7@A)6a=*?2|zVDX*VOI7SAtDTH@CV z>UJq@p@PTc?@kN@x?NtpPiKUR#qCl!{fc?KSB) zMX5@HrIEVB&mkFeU(O#}NTPyuNF9q<1%u9oZcDLXKBAH04Oh?q9xl6P5Hkxcg`%=b z*|D@F+uUL)6Vu`gr+U5-S6zUcIY3jK)X@b@$2@-7y2*Fu?&RVhC`k-(viSij%_XO4 zZQ~PVqvLJ(QQVMU5aEdLF;_^xlZwDS@1QF!Ew!`DXnCOMEhMF-boD8+DEr8F+`PQ})fMfH9Wkuiavf&9l zbWK0@=ZaW(ri~01c^{Y_;ylYVHIp^DmedC-PcrOE_#9?5lQrBjZ(Cs_2B-{stcbTS zYgW@>@dD|5nw73KDb-d9Vjy%$)mWZcQ>g466xK4-5XFD|`OgNjY;>PYhaCbTWKRNx{08sx##S#87`#?zRYmA5fb33~o>jvRIK|>w3^+!}bSs8O@UA^Lc{m6R61ATXt{_(@jU#pvkyx7#x2q_!< zE2DOfI90^&^BH9F3plkS`-Q!JWtszf*mvy>-ROZyz{UX4=X+lc55>4Zs3|8DG=3T<#H; z8@E|0U1CbTaL{CYPQt%fy6*oJ@S-~+m6|&xYTod9zGUcqx~7*+uy$<37>3bW{d&8TXRwbp9xZfPlsJ)A8a_=Lz%tZZV_-d^F!Q%a6p!a^hb9IaPn&Df$ zs!;>m;K|KY9(E!H3p6{^|C>)qN?4H4XC?MGx&G!AMXQ>lz9|zOu>rj>qvC8W8X#Wy zNQjF`Tizvd;p`_tl;FbeP6bllOLD$|BUt}qHLB=(ooJF!{)y^1Yr1N7=O3r>l-6Ew zxXsR|!S+`3;FzEEvy{KvG*{8I4Nj1VpT=k9ZN29?&}yR@#p--|1GL#6>KF#<}|TS^6Y+C6j-%A;8Z@%2nv{|yDW)d`O6xLHIYyxEx zlV&sU!Us`szo7QoB~zELv3c#s4II$EJgtfxYDMSDDXzL*k$|dO_`Tr z)0K)*U|Xos;Lm?^QCR88e*^JZK5+tV!EN>Nn?kdwb zmOHgR0Cq)RJXOsbydA2@qFakg+zM|H5}>0cBoe6yiRN5zi3oLHZo^@h(vo9vzu>*O zH*&jz5b#=~Cm5Nl+>YV6j zk7`ayCzbspv$h@RS3<}7r-^svww+=YUn!hlwB(tdCW_E5If`36-3_J0Cri_BQqAhn zh}=ak44QiK>EV`oo+R^4X>Y4_%-{Fc6{~eV%2(n)PQ^D=sX=;uBQ72-KO8)Y{sr#u zX{tm9I9znmO$CYdzLIWw0OnM6cwW#;c#m`Cot4Rmn&CNMJ3@lvIrihiWu;SN>Q76_ zbP;6g)jioqs)J&Ju-v=(YW$*o#k18nK<#w1T-B-SkIwwgcHxs%fH$Mn!F7+9w7zz) zIn_C}BPQqJ<30u!i-JDBMV4uy8Mes&{A+4R!k1#X%|=WpPxh^ux_oANIZw*qv**ij$zm14Hh~*@OynQ zyxRikb=rJ#wC=K>yj;`mWDca%9*Eg-)5dq79nmE6ZOFHdp>S{coqJFku1OT*^|{4>jDSXx0m2&q^k<-4R)|A5YNSU7t|uTp<8^|AK# z_{>lnDS;^=rwKO-?2XNsDN$0Vb4GX3F!C`PQ}P(Eu+uDAEop#2z6n?>WeM60TB%=B zsBGUfQ$Dh224@QfLIAe`+5WVA8l!bPqZy(Wgw-mn&XjR>__?AMJK2J=Qc_k`LQ@7F z6LX9IVApQ0Z1gaSk1-?3U80=Ts++g`Jo=5e1X*b5$jR9()h>HB_k9+uQ9!yVH1wH*iTKv* zhc>Z>-WVb_lX};U33qEYGvN8JqwR5@INobwQL9$IK&7_?)iqm#8FeK};u7qPZ-fG# zKRSbtlgWY~00SJt4WQNO$AE~dqSBdNyx;=OT|A2QEpb8q@w_N;h@hqoMrTt+4=T`n zS0c5vc0BufZuc)R^qH%a@WwBUHe2p_3NC6({~vCF|D|&2zo&Ql|MIH!BgoQ{v60d8 zTPpS!>=+$dYE=oVRKvX3e;bs%=;-JU4i4aO_*5(=mH5B^z)}{J6b&VJ_i3A+)<9Vz zLLd+~neYTE;4@&D2{Yru;L(^{+~2ZMu+ zX$CqvGNuBLpt-m~~OGJ6By#D>hO|Stwxt5-RfxVWcl%AfCxw(eC{C)&h z<)eIyn1oBZ1NmPhd*qtN$y6>b@|ZBJt)-QklY^k4SzcIJ7&)=~($&m+99tdjLPR5C{CZ76EJ2bweP8B6{pmKXc@h`K!QrL|6>gzow zPpCdX6WTGTjT)xZd5AP!U9DN<*sW@jB#jb`OU3E<=am}Z6O+L!w zS)@UW)=fdeG`2Z9M#%W1a_`c4fYFVQuV2^zdw>x<$LL1um(g&;S>|s#TKEhap0&<( zrCdxsA9qvcTiqlq5d5r5BS^%Y@=d9`^|--Y=-InPQSxW1c`rrclo-dOyMn!-Nod7U zH&9NK;Z5{QT#newQGJ;H^rp{4Z@;#*v48!=g(rG{P9?BvyvcJs=ZuIP+#nbu*7wS2uv zJa4;~fA6BeU)lp*6%QtwI)-TuKCsDpm#!=!r>TrAAx_^S1eWIuCiT_hTvGF)K@7<8LwRAc2A5H!BnrA$Ft~jSfWCLM~=d4>*p> zc(tPwjL)z6wiO`3&F-M=6aX%d@c!A|B5l22IZiBQWTZXseZ6{%12pxYDR(MOLo`SO zoY_r&`5neMBeB(2f(`p~mR44#bPE~)Mb-hGGzpU_li54rt&oAnRofws;La_Ay(cIdn%rYQw#tQw{d*~#Yp-xwk78kVmln?wYpa$m6a7>u+u@5?*&wY-Xzy> z;g8_4V(ELRjA`!czsJNBbxb(QyB6L6ibm-yiIVw6Ah_=V`?b+s5j}!@rMuU3Mp9n6 z$yiPk3mJ$x?5?wiUvA=Lk3eQ}{@Lt;_o}Q`>4@^O^1#7vKcIb%LXowVm9Ot@F`WoY zaHH9e9rCiZ>ln8krQTmJ>>CouH97(VG?P<)pI~e?N4GZYJ4*H1#`aAZYNbRr5A!W` zXfjn-Hgx#g*0U!;?*N0>27#+%$H6FXK{4>;z6$iqEdaQhPTxv{t_5=YZGSbrE-wNHB=KYi?=bnddri@np4 zC)$AKTklz|C^nlOnO4l?o|=odjqKbxxAukLrv$XX^z8K!3*)R zoVt_Mt>Me0)&j<3N%6q@xdqu{mOT>Da!1$@0(gH9t7gorJS)*LjEsT#7B{4KHP=|} zV}VYQ2fVR_Yfw_#ob};gosJOykroC-%_+$D|UvKAhblaKK(b)MK!JmPilPPR-d`M^bo_xAZ z9SF%UH4V7Gw~L1XQ+wMKp6TlqY1qT;4-`bMt4SI7JaBXbjTavliA}4z7&DEgQXaLe zj&Rn39#?>5e=1oH@WU=wu`9|VY#F4Ao;-QBEHCv*i)``flauGD>Zd#O0Ckc#@J52 zYyWA}g`t2^^H=B*G@a5a^~mq^hu(*TPZbSyc_mryettrgEX5Fr0pN9MmbbIKqQW+z zE>BVzP1WQ2Gp+f?_1cD}`4o&1X8X*gCDJmMf#~H~wFND0mC6c-D!MNE2 zI9hBIqwJh5Ash~IxFQ~2yJybI(nv{5U4(#GtVr#^fWg^_-nAN8SyW5y!2nUagrbG9 zVA>s4BR8Y%uQcMT;zxG#nc7QYS*ygq&)Y017 zT3n2pN^}-Te{6XFzky&~BO^yUyT#erP?+sN*nftrjRONaP`#AoTfIfyR{22mVZ_v} zM5uXDu;(9qr4Ohv8xa|< zm>VB@k}gUB(ux(KufBi&_L~0tXJq0`c}35R;TAgTo4=2URiRu<|LyCS-%(Ws5wTHm zcGf5V>)D>y5d`tf3R;%$RVo?(*Y99tpedxGeZ=`Eg}j#4WsCroO+As9R*|Zb`26jE E09PfyaR2}S literal 0 HcmV?d00001 diff --git a/windows/deploy/provision-pcs-for-initial-deployment.md b/windows/deploy/provision-pcs-for-initial-deployment.md index 7cafb0ca22..06c24efb04 100644 --- a/windows/deploy/provision-pcs-for-initial-deployment.md +++ b/windows/deploy/provision-pcs-for-initial-deployment.md @@ -44,13 +44,14 @@ In a simple provisioning package, you can configure: Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more. To learn about provisioning packages that include more than the settings in a simple provisioning package, see [Provision PCs with apps and certificates](provision-pcs-with-apps-and-certificates.md). -> **Tip!** Use simple provisioning to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc. +> [!TIP] +> Use simple provisioning to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc. ![open advanced editor](images/icd-simple-edit.png) ## Create the provisioning package -Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) +Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe). @@ -64,7 +65,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi 4. In the **Set up device** step, enter a unique 15-character name for the device. For help generating a unique name, you can use %SERIAL%, which includes a hardware-specific serial number, or you can use %RAND:x%, which generates random characters of x length. -5. (Optional) You can upgrade the following editions of Windows 10 by providing a product key for the edition to upgrade to. +5. (*Optional*) You can upgrade the following editions of Windows 10 by providing a product key for the edition to upgrade to. - Pro to Education - Pro to Enterprise - Enterprise to Education @@ -75,7 +76,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi 8. Click **Enroll into Active Directory**. -9. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (Optional) Enter a user name and password to create a local administrator account. +9. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (*Optional*) Enter a user name and password to create a local administrator account. > **Warning**: If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend: - Use a least-privileged domain account to join the device to the domain. @@ -88,7 +89,8 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi 12. Click **Create**. -> **Important** When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. +> [!IMPORTANT] +> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. ## Apply package diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md index dfeb124757..dfee308c03 100644 --- a/windows/deploy/provision-pcs-with-apps-and-certificates.md +++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md @@ -34,7 +34,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur ## Create the provisioning package -Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) +Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe). @@ -55,7 +55,8 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi 3. Go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandLine** and specify the command line that needs to be executed to install the app. This is a single command line (such as a script, executable, or msi) that triggers a silent install of your CommandFiles. Note that the install must execute silently (without displaying any UI). For MSI installers use, the `msiexec /quiet` option. -> **Note**: If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/library/windows/hardware/mt703295%28v=vs.85%29.aspx). +> [!NOTE] +> If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/library/windows/hardware/mt703295%28v=vs.85%29.aspx). ### Add a universal app to your package @@ -80,7 +81,8 @@ Universal apps that you can distribute in the provisioning package can be line-o [Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md) -> **Note:** Removing a provisioning package will not remove any apps installed by device context in that provisioning package. +> [!NOTE] +> Removing a provisioning package will not remove any apps installed by device context in that provisioning package. @@ -116,8 +118,8 @@ For details about the settings you can customize in provisioning packages, see [ 10. Set a value for **Package Version**. - **Tip**   - You can make changes to existing packages and change the version number to update previously applied packages. + > [!TIP]   + > You can make changes to existing packages and change the version number to update previously applied packages. 11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. diff --git a/windows/deploy/provisioning-packages.md b/windows/deploy/provisioning-packages.md index 0b06a2d745..4630340ba6 100644 --- a/windows/deploy/provisioning-packages.md +++ b/windows/deploy/provisioning-packages.md @@ -46,7 +46,8 @@ Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT * Mobile Iron (password-string based enrollment) * Other MDMs (cert-based enrollment) -> **Note:** Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index). +> [!NOTE] +> Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index). ## Benefits of provisioning packages @@ -95,11 +96,14 @@ For details about the settings you can customize in provisioning packages, see [ With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). -While running ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box: +When you run ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box: -- Configuration Designer +- **Configuration Designer** -> **Note:** In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features. +![Choose Configuration Designer](images/adk-install.png) + +> [!NOTE] +> In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features. After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651). From eefb19b9a67e1c5f99c963c6cbba4e984426cd6a Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 29 Jul 2016 09:35:25 -0700 Subject: [PATCH 09/16] grammar --- windows/whats-new/whats-new-windows-10-version-1607.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 8a9d9319a1..8f55a59e39 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -43,7 +43,7 @@ When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, Additional changes for Windows Hello in Windows 10, version 1607: - Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. -- Group Policy for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. +- Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. [Learn more about Windows Hello for Business.](../keep-secure/manage-identity-verification-using-microsoft-passport.md) From 1b1209e8730d96e6b9ddbab3fb861f240f69170f Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 29 Jul 2016 09:38:43 -0700 Subject: [PATCH 10/16] moving SCM 4.0 link up --- windows/keep-secure/windows-security-baselines.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/windows-security-baselines.md b/windows/keep-secure/windows-security-baselines.md index 59dc7cc5af..690b516662 100644 --- a/windows/keep-secure/windows-security-baselines.md +++ b/windows/keep-secure/windows-security-baselines.md @@ -12,7 +12,10 @@ author: brianlic-msft Microsoft is dedicated to provide our customers with a secure operating system, such as Windows 10 and Windows Server, as well as secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control of your environments by providing various configuration capabilities. Even though Windows and Windows Server are designed to be secure out-of-the-box, a large number of organizations still want more granular control of their security configurations. To navigate these large number of controls, organizations need guidance for configuring various security features. Microsoft provides this guidance in the form of security baselines. -We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Microsoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs. +We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Microsoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs. + + > [!NOTE] + > Microsoft Security Compliance Manager 4.0 is available from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53353). ## What are security baselines? @@ -37,9 +40,6 @@ To help faster deployments and increase the ease of managing Windows, Microsoft - Ensure that user and device configuration settings are compliant with the baseline. - Set configuration settings. For example, you can use Group Policy, System Center Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. - - > [!NOTE] - > Microsoft Security Compliance Manager 4.0 is available from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53353). ## Where can I get the security baselines? From 3c3c7ec6ec46264ae26cd5547c099b3cae235009 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 29 Jul 2016 09:41:40 -0700 Subject: [PATCH 11/16] fix headings --- windows/deploy/provision-pcs-with-apps-and-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md index dfee308c03..873cee5704 100644 --- a/windows/deploy/provision-pcs-with-apps-and-certificates.md +++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md @@ -163,7 +163,7 @@ If your build is successful, the name of the provisioning package, output direct ## Apply package -**During initial setup, from a USB drive** +### During initial setup, from a USB drive 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**. @@ -206,7 +206,7 @@ If your build is successful, the name of the provisioning package, output direct ![Sign in](images/sign-in-prov.png) -**After setup, from a USB drive, network folder, or SharePoint site** +### After setup, from a USB drive, network folder, or SharePoint site On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and select the package to install. From c7f38c150ef5a2d82154f417f286f1b3fa0bea0b Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 29 Jul 2016 09:58:38 -0700 Subject: [PATCH 12/16] notes, formatting --- .../manage/configure-windows-10-taskbar.md | 9 +++++--- windows/manage/lockdown-xml.md | 16 +++++++++---- .../set-up-a-device-for-anyone-to-use.md | 4 ++-- windows/manage/set-up-shared-or-guest-pc.md | 23 +++++++++++-------- 4 files changed, 33 insertions(+), 19 deletions(-) diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md index 83fd6310e1..0424d18166 100644 --- a/windows/manage/configure-windows-10-taskbar.md +++ b/windows/manage/configure-windows-10-taskbar.md @@ -12,7 +12,8 @@ localizationpriority: medium Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar. -> **Note:** The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout. +> [!NOTE] +> The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout. You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](http://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). @@ -20,7 +21,8 @@ If you specify an app to be pinned that is not installed on the computer, it won The order of apps in the xml file dictates order of apps on taskbar from left to right, to the right of any existing apps pinned by user. -> **Note**  In operating systems configured to use a right-to-left language, the taskbar order will be reversed. +> [!NOTE] +> In operating systems configured to use a right-to-left language, the taskbar order will be reversed. The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square). @@ -220,7 +222,8 @@ The resulting taskbar for computers in any other country region: ![taskbar for all other regions](images/taskbar-region-other.png) -> **Note**  [Look up country and region codes (use the ISO Short column)](http://go.microsoft.com/fwlink/p/?LinkId=786445) +> [!NOTE] +> [Look up country and region codes (use the ISO Short column)](http://go.microsoft.com/fwlink/p/?LinkId=786445) diff --git a/windows/manage/lockdown-xml.md b/windows/manage/lockdown-xml.md index 90f5d9ca65..0c9d0de387 100644 --- a/windows/manage/lockdown-xml.md +++ b/windows/manage/lockdown-xml.md @@ -22,7 +22,8 @@ This topic provides example XML that you can use in your own lockdown XML file t Lockdown XML is an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601). -> **Note**  On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](set-up-a-device-for-anyone-to-use.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601). +> [!NOTE] +> On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](set-up-a-device-for-anyone-to-use.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601). If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](how-it-pros-can-use-configuration-service-providers.md) first. @@ -211,7 +212,8 @@ Search | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](im Camera | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) Custom 1, 2, and 3 | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) -> **Note**  Custom buttons are hardware buttons that can be added to devices by OEMs. +> [!NOTE] +> Custom buttons are hardware buttons that can be added to devices by OEMs. In the following example, press-and-hold is disabled for the Back button. @@ -240,7 +242,8 @@ If you don't specify a button event, all actions for the button are disabled. In ButtonRemapList lets you change the app that a button will run. You can remap the Search button and any custom buttons included by the OEM. You can't remap the Back, Start, or Camera buttons. -> **Warning**  Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role. +> [!WARNING] +> Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role. To remap a button, you specify the button, the event, and the product ID for the app that you want the event to open. In the following example, when a user presses the Search button, the phone dialer will open instead of the Search app. @@ -268,7 +271,8 @@ CSPRunner is helpful when you are configuring a device to support multiple roles In CSPRunner, you specify the CSP and settings using SyncML, a standardized markup language for device management. A SyncML section can include multiple settings, or you can use multiple SyncML sections -- it's up to you how you want to organize settings in this section. -> **Note**  This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](https://msdn.microsoft.com/windows/hardware/dn914774.aspx). +> [!NOTE] +> This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](https://msdn.microsoft.com/windows/hardware/dn914774.aspx). Let's start with the structure of SyncML in the following example: @@ -354,7 +358,9 @@ For a list of the settings and quick actions that you can allow or block, see [S ![XML for tiles](images/TilesXML.png) By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. - > **Important** If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. + + > [!IMPORTANT] + > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. ```xml diff --git a/windows/manage/set-up-a-device-for-anyone-to-use.md b/windows/manage/set-up-a-device-for-anyone-to-use.md index 156c44901a..80380c211a 100644 --- a/windows/manage/set-up-a-device-for-anyone-to-use.md +++ b/windows/manage/set-up-a-device-for-anyone-to-use.md @@ -33,8 +33,8 @@ Do you need a computer that can only do one thing? For example: The following table identifies the type of application that can be used on each Windows 10 edition to create a kiosk device. -**Note**   -A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file. +> [!NOTE]   +> A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.   diff --git a/windows/manage/set-up-shared-or-guest-pc.md b/windows/manage/set-up-shared-or-guest-pc.md index a0c40e738a..6768b974ec 100644 --- a/windows/manage/set-up-shared-or-guest-pc.md +++ b/windows/manage/set-up-shared-or-guest-pc.md @@ -18,7 +18,8 @@ localizationpriority: medium Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Pro Education, Education, and Enterprise. -> **Note:** If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education. +> [!NOTE] +> If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education. ##Shared PC mode concepts A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. Users who sign-in are signed in as standard users, not admin users. @@ -65,7 +66,9 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re ##Configuring shared PC mode on Windows You can configure Windows to be in shared PC mode in a couple different ways: - Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune) + ![custom OMA-URI policy in Intune](images/oma-uri-shared-pc.png) + - A provisioning package created with the Windows Imaging and Configuration Designer (ICD): You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Imaging and Configuration Designer (ICD). Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx), exposed in ICD as SharedPC. ![Shared PC settings in ICD](images/icd-adv-shared-pc.png) @@ -73,7 +76,7 @@ You can configure Windows to be in shared PC mode in a couple different ways: ### Create a provisioning package for shared use -Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) +Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 1. Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). @@ -91,14 +94,14 @@ Use the Windows ICD tool included in the Windows Assessment and Deployment Kit ( 8. On the **Export** menu, select **Provisioning package**. 9. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** 10. Set a value for **Package Version**. - > **Tip**   - You can make changes to existing packages and change the version number to update previously applied packages. + > [!TIP] + > You can make changes to existing packages and change the version number to update previously applied packages.   -11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. +11. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - > **Important**   - We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. + > [!IMPORTANT]   + > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.   12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location. @@ -170,7 +173,8 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac ![add a package option](images/package.png) -> **Note:** If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost. +> [!NOTE] +> If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost. ## Guidance for accounts on shared PCs @@ -203,7 +207,8 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac ## Policies set by shared PC mode Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options. -> **Important**: It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required. +> [!IMPORTANT] +> It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required. From 68aa15818d3c96b781de2506a84102ca254af0a9 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 29 Jul 2016 10:18:23 -0700 Subject: [PATCH 13/16] fix link --- .../group-policies-for-enterprise-and-education-editions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md index 525b08904e..270b5e37ba 100644 --- a/windows/manage/group-policies-for-enterprise-and-education-editions.md +++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md @@ -20,7 +20,7 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows | **Configure Spotlight on lock screen** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md). Note that an additional **Cloud Content** policy, **Do not suggest third-party content in Windows spotlight**, does apply to Windows 10 Pro. | | **Turn off all Windows Spotlight features** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) | | **Turn off Microsoft consumer features** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) | -| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md | +| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) | | **Do not require CTRL+ALT+DEL**
combined with
**Turn off app notifications on the lock screen** | Computer Configuration > Administrative Templates > System > Logon
and
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon | When both of these policy settings are enabled, the combination will also disable lock screen apps ([assigned access](set-up-a-device-for-anyone-to-use.md)) on Windows 10 Enterprise and Windows 10 Education only. These policy settings can be applied to Windows 10 Pro, but lock screen apps will not be disabled on Windows 10 Pro.

**Important:** The description for **Interactive logon: Do not require CTRL+ALT+DEL** in the Group Policy Editor incorrectly states that it only applies to Windows 10 Enterprise and Education. The description will be corrected in a future release.| | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md | | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) | From 4366aa58ac06d066480265cd1eccb0145847d44c Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 29 Jul 2016 10:23:10 -0700 Subject: [PATCH 14/16] Fixed formatting, typo, and incorrect applies to --- browsers/edge/emie-to-improve-compatibility.md | 1 - .../create-and-verify-an-efs-dra-certificate.md | 2 +- windows/keep-secure/create-wip-policy-using-intune.md | 6 +++--- windows/keep-secure/create-wip-policy-using-sccm.md | 4 ++-- windows/keep-secure/protect-enterprise-data-using-wip.md | 8 ++++---- windows/keep-secure/testing-scenarios-for-wip.md | 6 +++--- 6 files changed, 13 insertions(+), 14 deletions(-) diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 32cc1d9d2d..10698fde4f 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -14,7 +14,6 @@ title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros) **Applies to:** - Windows 10 -- Windows 10 Mobile - Windows Server 2016 If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. diff --git a/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md b/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md index efe9a2b7a9..a9511d644b 100644 --- a/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md +++ b/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md @@ -43,7 +43,7 @@ If you already have an EFS DRA certificate for your organization, you can skip c >**Note**
To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic. -**To verify your data recovery certificate is correctly set up on an WIP client computer** +**To verify your data recovery certificate is correctly set up on a WIP client computer** 1. Find or create a file that's encrypted using Windows Information Protection. For example, you could open an app on your allowed app list, and then create and save a file so it’s encrypted by WIP. diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md index 01d0136664..ed343a003a 100644 --- a/windows/keep-secure/create-wip-policy-using-intune.md +++ b/windows/keep-secure/create-wip-policy-using-intune.md @@ -24,10 +24,10 @@ We've received some great feedback from you, our Windows 10 Insider Preview cust Note that if you exit the **Policy** page before you've saved your new policy, your existing deployments won't be affected. However, if you save the policy without reconfiguring your apps, an updated policy will be deployed to your employees with an empty app rules list. -## Add an WIP policy -After you’ve set up Intune for your organization, you must create an WIP-specific policy. +## Add a WIP policy +After you’ve set up Intune for your organization, you must create a WIP-specific policy. -**To add an WIP policy** +**To add a WIP policy** 1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy** from the **Tasks** area. 2. Go to **Windows**, click the **Windows Information Protection (Windows 10 Desktop and Mobile and later) policy**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**. diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md index 0f91219ae8..f439f23db6 100644 --- a/windows/keep-secure/create-wip-policy-using-sccm.md +++ b/windows/keep-secure/create-wip-policy-using-sccm.md @@ -20,9 +20,9 @@ author: eross-msft System Center Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network. >**Important**
-If you previously created an WIP policy using System Center Configuration Manager version 1511 or 1602, you’ll need to recreate it using version 1606 or later. Editing a WIP policy created in version 1511 or 1602 is not supported in later versions and there is no migration path between older and newer WIP policies. +If you previously created a WIP policy using System Center Configuration Manager version 1511 or 1602, you’ll need to recreate it using version 1606 or later. Editing a WIP policy created in version 1511 or 1602 is not supported in later versions and there is no migration path between older and newer WIP policies. -## Add an WIP policy +## Add a WIP policy After you’ve installed and set up System Center Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy. **To create a configuration item for WIP** diff --git a/windows/keep-secure/protect-enterprise-data-using-wip.md b/windows/keep-secure/protect-enterprise-data-using-wip.md index a2e1d5ffd9..824df7b27f 100644 --- a/windows/keep-secure/protect-enterprise-data-using-wip.md +++ b/windows/keep-secure/protect-enterprise-data-using-wip.md @@ -56,19 +56,19 @@ WIP gives you a new way to manage data policy enforcement for apps and documents - **Manage your enterprise documents, apps, and encryption modes.** - - **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using an WIP-protected device, WIP encrypts the data on the device. + - **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using a WIP-protected device, WIP encrypts the data on the device. - **Using allowed apps.** Managed apps (apps that you've included on the Allowed Apps list in your WIP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP management is set to **Block**, your employees can copy and paste from one protected app to another allowed app, but not to personal apps. Imagine an HR person wants to copy a job description from an allowed app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem. - **Managed apps and restrictions.** With WIP you can control which apps can access and use your enterprise data. After adding an app to your allowed apps list, the app is trusted with enterprise data. All apps not on this list are blocked from accessing your enterprise data, depending on your WIP management-mode. - - You don’t have to modify line-of-business apps that never touch personal data to list them as allowed apps; just include them in the allowed apps list. + + You don’t have to modify line-of-business apps that never touch personal data to list them as allowed apps; just include them in the allowed apps list. - **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your allowed apps list. - **Data encryption at rest.** WIP helps protect enterprise data on local files and on removable media. - Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies WIP to the new document. + Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies WIP to the new document. - **Helping prevent accidental data disclosure to public spaces.** WIP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your allowed apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your allowed apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally. diff --git a/windows/keep-secure/testing-scenarios-for-wip.md b/windows/keep-secure/testing-scenarios-for-wip.md index 125cf80953..113768489b 100644 --- a/windows/keep-secure/testing-scenarios-for-wip.md +++ b/windows/keep-secure/testing-scenarios-for-wip.md @@ -25,9 +25,9 @@ You can try any of the processes included in these scenarios, but you should foc |---------|----------| |Automatically encrypt files from enterprise apps |
  1. Start an unmodified (for example, WIP-unaware) line-of-business app that's on your allowed apps list and then create, edit, write, and save files.
  2. Make sure that all of the files you worked with from the WIP-unaware app are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
  3. Open File Explorer and make sure your modified files are appearing with a **Lock** icon.

    **Note**
    Some file types, like .exe and .dll, along with some file paths, like `%windir%` and `%programfiles%`, are excluded from automatic encryption.

| |Block enterprise data from non-enterprise apps |
  1. Start an app that doesn't appear on your allowed apps list, and then try to open an enterprise-encrypted file.

    The app shouldn't be able to access the file.

  2. Try double-clicking or tapping on the enterprise-encrypted file.

    If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message.

| -|Copy and paste from enterprise apps to non-enterprise apps |
  1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.

    You should see an WIP-related warning box, asking you to click either **Got it** or **Cancel**.

  2. Click **Cancel**.

    The content isn't pasted into the non-enterprise app.

  3. Repeat Step 1, but this time click **Got it**, and try to paste the content again.

    The content is pasted into the non-enterprise app.

  4. Try copying and pasting content between apps on your allowed apps list.

    The content should copy and paste between apps without any warning messages.

| -|Drag and drop from enterprise apps to non-enterprise apps |
  1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.

    You should see an WIP-related warning box, asking you to click either **Drag Anyway** or **Cancel**.

  2. Click **Cancel**.

    The content isn't dropped into the non-enterprise app.

  3. Repeat Step 1, but this time click **Drag Anyway**, and try to drop the content again.

    The content is dropped into the non-enterprise app.

  4. Try dragging and dropping content between apps on your allowed apps list.

    The content should move between the apps without any warning messages.

| -|Share between enterprise apps and non-enterprise apps |
  1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.

    You should see an WIP-related warning box, asking you to click either **Share Anyway** or **Cancel**.

  2. Click **Cancel**.

    The content isn't shared into Facebook.

  3. Repeat Step 1, but this time click **Share Anyway**, and try to share the content again.

    The content is shared into Facebook.

  4. Try sharing content between apps on your allowed apps list.

    The content should share between the apps without any warning messages.

| +|Copy and paste from enterprise apps to non-enterprise apps |
  1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.

    You should see a WIP-related warning box, asking you to click either **Got it** or **Cancel**.

  2. Click **Cancel**.

    The content isn't pasted into the non-enterprise app.

  3. Repeat Step 1, but this time click **Got it**, and try to paste the content again.

    The content is pasted into the non-enterprise app.

  4. Try copying and pasting content between apps on your allowed apps list.

    The content should copy and paste between apps without any warning messages.

| +|Drag and drop from enterprise apps to non-enterprise apps |
  1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.

    You should see a WIP-related warning box, asking you to click either **Drag Anyway** or **Cancel**.

  2. Click **Cancel**.

    The content isn't dropped into the non-enterprise app.

  3. Repeat Step 1, but this time click **Drag Anyway**, and try to drop the content again.

    The content is dropped into the non-enterprise app.

  4. Try dragging and dropping content between apps on your allowed apps list.

    The content should move between the apps without any warning messages.

| +|Share between enterprise apps and non-enterprise apps |
  1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.

    You should see a WIP-related warning box, asking you to click either **Share Anyway** or **Cancel**.

  2. Click **Cancel**.

    The content isn't shared into Facebook.

  3. Repeat Step 1, but this time click **Share Anyway**, and try to share the content again.

    The content is shared into Facebook.

  4. Try sharing content between apps on your allowed apps list.

    The content should share between the apps without any warning messages.

| |Use the **Encrypt to** functionality |
  1. Open File Explorer on the desktop, right-click a decrypted file, and then click **Encrypt to** from the **Encrypt to** menu.

    WIP should encrypt the file to your Enterprise Identity.

  2. Make sure that the newly encrypted file has a **Lock** icon.
  3. In the **Encrypted to** column of File Explorer on the desktop, look for the enterprise ID value.
  4. Right-click the encrypted file, and then click **Not encrypted** from the **Encrypt to** menu.

    The file should be decrypted and the **Lock** icon should disappear.

| |Verify that Windows system components can use WIP |
  1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
  2. Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
  3. Open File Explorer and make sure your modified files are appearing with a **Lock** icon
  4. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

    **Note**
    Most Windows-signed components like Windows Explorer (when running in the user’s context), should have access to enterprise data.

    A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.

| |Use WIP on FAT/exFAT systems |
  1. Start an app that uses the FAT or exFAT file system and appears on your allowed apps list.
  2. Create, edit, write, save, and move files.

    Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.

  3. Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.
| From 0640eaa451251c50e60b141fb71f246292d663f1 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 29 Jul 2016 10:28:55 -0700 Subject: [PATCH 15/16] bug# 8300761 --- ...system-components-to-microsoft-services.md | 198 +++++++++--------- 1 file changed, 104 insertions(+), 94 deletions(-) diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 69564006f4..c748755ae3 100644 --- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -60,83 +60,85 @@ Here's what's covered in this article: - [9. Mail synchronization](#bkmk-mailsync) - - [10. Microsoft Edge](#bkmk-edge) + - [10. Microsoft Account](#bkmk-microsoft-account) - - [10.1 Microsoft Edge Group Policies](#bkmk-edgegp) + - [11. Microsoft Edge](#bkmk-edge) - - [10.2 Microsoft Edge MDM policies](#bkmk-edge-mdm) + - [11.1 Microsoft Edge Group Policies](#bkmk-edgegp) - - [10.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov) + - [11.2 Microsoft Edge MDM policies](#bkmk-edge-mdm) - - [11. Network Connection Status Indicator](#bkmk-ncsi) + - [11.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov) - - [12. Offline maps](#bkmk-offlinemaps) + - [12. Network Connection Status Indicator](#bkmk-ncsi) - - [13. OneDrive](#bkmk-onedrive) + - [13. Offline maps](#bkmk-offlinemaps) - - [14. Preinstalled apps](#bkmk-preinstalledapps) + - [14. OneDrive](#bkmk-onedrive) - - [15. Settings > Privacy](#bkmk-settingssection) + - [15. Preinstalled apps](#bkmk-preinstalledapps) - - [15.1 General](#bkmk-priv-general) + - [16. Settings > Privacy](#bkmk-settingssection) - - [15.2 Location](#bkmk-priv-location) + - [16.1 General](#bkmk-priv-general) - - [15.3 Camera](#bkmk-priv-camera) + - [16.2 Location](#bkmk-priv-location) - - [15.4 Microphone](#bkmk-priv-microphone) + - [16.3 Camera](#bkmk-priv-camera) - - [15.5 Notifications](#bkmk-priv-notifications) + - [16.4 Microphone](#bkmk-priv-microphone) - - [15.6 Speech, inking, & typing](#bkmk-priv-speech) + - [16.5 Notifications](#bkmk-priv-notifications) - - [15.7 Account info](#bkmk-priv-accounts) + - [16.6 Speech, inking, & typing](#bkmk-priv-speech) - - [15.8 Contacts](#bkmk-priv-contacts) + - [16.7 Account info](#bkmk-priv-accounts) - - [15.9 Calendar](#bkmk-priv-calendar) + - [16.8 Contacts](#bkmk-priv-contacts) - - [15.10 Call history](#bkmk-priv-callhistory) + - [16.9 Calendar](#bkmk-priv-calendar) - - [15.11 Email](#bkmk-priv-email) + - [16.10 Call history](#bkmk-priv-callhistory) - - [15.12 Messaging](#bkmk-priv-messaging) + - [16.11 Email](#bkmk-priv-email) - - [15.13 Radios](#bkmk-priv-radios) + - [16.12 Messaging](#bkmk-priv-messaging) - - [15.14 Other devices](#bkmk-priv-other-devices) + - [16.13 Radios](#bkmk-priv-radios) - - [15.15 Feedback & diagnostics](#bkmk-priv-feedback) + - [16.14 Other devices](#bkmk-priv-other-devices) - - [15.16 Background apps](#bkmk-priv-background) + - [16.15 Feedback & diagnostics](#bkmk-priv-feedback) - - [16. Software Protection Platform](#bkmk-spp) + - [16.16 Background apps](#bkmk-priv-background) - - [17. Sync your settings](#bkmk-syncsettings) + - [17. Software Protection Platform](#bkmk-spp) - - [18. Teredo](#bkmk-teredo) + - [18. Sync your settings](#bkmk-syncsettings) - - [19. Wi-Fi Sense](#bkmk-wifisense) + - [19. Teredo](#bkmk-teredo) - - [20. Windows Defender](#bkmk-defender) + - [20. Wi-Fi Sense](#bkmk-wifisense) - - [21. Windows Media Player](#bkmk-wmp) + - [21. Windows Defender](#bkmk-defender) - - [22. Windows spotlight](#bkmk-spotlight) + - [22. Windows Media Player](#bkmk-wmp) - - [23. Windows Store](#bkmk-windowsstore) + - [23. Windows spotlight](#bkmk-spotlight) - - [24. Windows Update Delivery Optimization](#bkmk-updates) + - [24. Windows Store](#bkmk-windowsstore) - - [24.1 Settings > Update & security](#bkmk-wudo-ui) + - [25. Windows Update Delivery Optimization](#bkmk-updates) - - [24.2 Delivery Optimization Group Policies](#bkmk-wudo-gp) + - [25.1 Settings > Update & security](#bkmk-wudo-ui) - - [24.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm) + - [25.2 Delivery Optimization Group Policies](#bkmk-wudo-gp) - - [24.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov) + - [25.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm) - - [25. Windows Update](#bkmk-wu) + - [25.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov) + + - [26. Windows Update](#bkmk-wu) ## What's new in Windows 10, version 1607 @@ -147,6 +149,7 @@ Here's a list of changes that were made to this article for Windows 10, version - Added a section on how to turn off automatic root updates to stop updating the certificate trust list in [1. Certificate trust lists](#certificate-trust-lists). - Added a new setting in [25. Windows Update](#bkmk-wu). - Changed the NCSI URL in [11. Network Connection Status Indicator](#bkmk-ncsi). +- Added a section on how to turn off the automatic download of the Microsoft Account configuration file in [10. Microsoft Account](#bkmk-microsoft-account). - Added the following Group Policies: @@ -351,11 +354,18 @@ To turn off the Windows Mail app: - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Mail** > **Turn off Windows Mail application** -### 10. Microsoft Edge +### 10. Microsoft Account + +To turn off the automatic download of the Microsoft Account configuration file: + +- Change the **Start** REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentControlSet\\Services\\wlidsvc** to 4. + + +### 11. Microsoft Edge Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682). -### 10.1 Microsoft Edge Group Policies +### 11.1 Microsoft Edge Group Policies Find the Microsoft Edge Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Edge**. @@ -385,7 +395,7 @@ The Windows 10, version 1511 Microsoft Edge Group Policy names are: | Open a new tab with an empty tab | Choose whether a new tab page appears.
Default: Enabled | | Configure corporate Home pages | Choose the corporate Home page for domain-joined devices.
Set this to **about:blank** | -### 10.2 Microsoft Edge MDM policies +### 11.2 Microsoft Edge MDM policies The following Microsoft Edge MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). @@ -397,13 +407,13 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http | Browser/AllowSearchSuggestionsinAddressBar | Choose whether the address bar shows search suggestions..
Default: Allowed | | Browser/AllowSmartScreen | Choose whether SmartScreen is turned on or off.
Default: Allowed | -### 10.3 Microsoft Edge Windows Provisioning +### 11.3 Microsoft Edge Windows Provisioning Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** > **Policies**. For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx). -### 11. Network Connection Status Indicator +### 12. Network Connection Status Indicator Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx). @@ -416,7 +426,7 @@ You can turn off NCSI through Group Policy: > [!NOTE] > After you apply this policy, you must restart the device for the policy setting to take effect. -### 12. Offline maps +### 13. Offline maps You can turn off the ability to download and update offline maps. @@ -426,13 +436,13 @@ You can turn off the ability to download and update offline maps. - In Windows 10, version 1607 and later, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page** -### 13. OneDrive +### 14. OneDrive To turn off OneDrive in your organization: - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **OneDrive** > **Prevent the usage of OneDrive for file storage** -### 14. Preinstalled apps +### 15. Preinstalled apps Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section. @@ -544,43 +554,43 @@ To remove the Get Skype app: Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage** -### 15. Settings > Privacy +### 16. Settings > Privacy Use Settings > Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. -- [15.1 General](#bkmk-general) +- [16.1 General](#bkmk-general) -- [15.2 Location](#bkmk-priv-location) +- [16.2 Location](#bkmk-priv-location) -- [15.3 Camera](#bkmk-priv-camera) +- [16.3 Camera](#bkmk-priv-camera) -- [15.4 Microphone](#bkmk-priv-microphone) +- [16.4 Microphone](#bkmk-priv-microphone) -- [15.5 Notifications](#bkmk-priv-notifications) +- [16.5 Notifications](#bkmk-priv-notifications) -- [15.6 Speech, inking, & typing](#bkmk-priv-speech) +- [16.6 Speech, inking, & typing](#bkmk-priv-speech) -- [15.7 Account info](#bkmk-priv-accounts) +- [16.7 Account info](#bkmk-priv-accounts) -- [15.8 Contacts](#bkmk-priv-contacts) +- [16.8 Contacts](#bkmk-priv-contacts) -- [15.9 Calendar](#bkmk-priv-calendar) +- [16.9 Calendar](#bkmk-priv-calendar) -- [15.10 Call history](#bkmk-priv-callhistory) +- [16.10 Call history](#bkmk-priv-callhistory) -- [15.11 Email](#bkmk-priv-email) +- [16.11 Email](#bkmk-priv-email) -- [15.12 Messaging](#bkmk-priv-messaging) +- [16.12 Messaging](#bkmk-priv-messaging) -- [15.13 Radios](#bkmk-priv-radios) +- [16.13 Radios](#bkmk-priv-radios) -- [15.14 Other devices](#bkmk-priv-other-devices) +- [16.14 Other devices](#bkmk-priv-other-devices) -- [15.15 Feedback & diagnostics](#bkmk-priv-feedback) +- [16.15 Feedback & diagnostics](#bkmk-priv-feedback) -- [15.16 Background apps](#bkmk-priv-background) +- [16.16 Background apps](#bkmk-priv-background) -### 15.1 General +### 16.1 General **General** includes options that don't fall into other areas. @@ -658,7 +668,7 @@ To turn off **Let apps on my other devices use Bluetooth to open apps and contin - Turn off the feature in the UI. -### 15.2 Location +### 16.2 Location In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location. @@ -709,7 +719,7 @@ To turn off **Choose apps that can use your location**: - Turn off each app using the UI. -### 15.3 Camera +### 16.3 Camera In the **Camera** area, you can choose which apps can access a device's camera. @@ -746,7 +756,7 @@ To turn off **Choose apps that can use your camera**: - Turn off the feature in the UI for each app. -### 15.4 Microphone +### 16.4 Microphone In the **Microphone** area, you can choose which apps can access a device's microphone. @@ -764,7 +774,7 @@ To turn off **Choose apps that can use your microphone**: - Turn off the feature in the UI for each app. -### 15.5 Notifications +### 16.5 Notifications In the **Notifications** area, you can choose which apps have access to notifications. @@ -778,7 +788,7 @@ To turn off **Let apps access my notifications**: - Set the **Select a setting** box to **Force Deny**. -### 15.6 Speech, inking, & typing +### 16.6 Speech, inking, & typing In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees. @@ -813,7 +823,7 @@ Apply the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https:/ - Create a REG\_DWORD registry setting called **AllowSpeechModelUpdate** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\Current\\Device\\Speech**, with a value of 0 (zero). -### 15.7 Account info +### 16.7 Account info In the **Account Info** area, you can choose which apps can access your name, picture, and other account info. @@ -831,7 +841,7 @@ To turn off **Choose the apps that can access your account info**: - Turn off the feature in the UI for each app. -### 15.8 Contacts +### 16.8 Contacts In the **Contacts** area, you can choose which apps can access an employee's contacts list. @@ -845,7 +855,7 @@ To turn off **Choose apps that can access contacts**: - Set the **Select a setting** box to **Force Deny**. -### 15.9 Calendar +### 16.9 Calendar In the **Calendar** area, you can choose which apps have access to an employee's calendar. @@ -863,7 +873,7 @@ To turn off **Choose apps that can access calendar**: - Turn off the feature in the UI for each app. -### 15.10 Call history +### 16.10 Call history In the **Call history** area, you can choose which apps have access to an employee's call history. @@ -877,7 +887,7 @@ To turn off **Let apps access my call history**: - Set the **Select a setting** box to **Force Deny**. -### 15.11 Email +### 16.11 Email In the **Email** area, you can choose which apps have can access and send email. @@ -891,7 +901,7 @@ To turn off **Let apps access and send email**: - Set the **Select a setting** box to **Force Deny**. -### 15.12 Messaging +### 16.12 Messaging In the **Messaging** area, you can choose which apps can read or send messages. @@ -909,7 +919,7 @@ To turn off **Choose apps that can read or send messages**: - Turn off the feature in the UI for each app. -### 15.13 Radios +### 16.13 Radios In the **Radios** area, you can choose which apps can turn a device's radio on or off. @@ -927,7 +937,7 @@ To turn off **Choose apps that can control radios**: - Turn off the feature in the UI for each app. -### 15.14 Other devices +### 16.14 Other devices In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info. @@ -945,7 +955,7 @@ To turn off **Let your apps use your trusted devices (hardware you've already co - Set the **Select a setting** box to **Force Deny**. -### 15.15 Feedback & diagnostics +### 16.15 Feedback & diagnostics In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft. @@ -1019,7 +1029,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic - **3**. Maps to the **Full** level. -### 15.16 Background apps +### 16.16 Background apps In the **Background Apps** area, you can choose which apps can run in the background. @@ -1027,7 +1037,7 @@ To turn off **Let apps run in the background**: - Turn off the feature in the UI for each app. -### 16. Software Protection Platform +### 17. Software Protection Platform Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following: @@ -1039,7 +1049,7 @@ Enterprise customers can manage their Windows activation status with volume lice The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. -### 17. Sync your settings +### 18. Sync your settings You can control if your settings are synchronized: @@ -1065,13 +1075,13 @@ To turn off Messaging cloud sync: - Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero). -### 18. Teredo +### 19. Teredo You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx). - From an elevated command prompt, run **netsh interface teredo set state disabled** -### 19. Wi-Fi Sense +### 20. Wi-Fi Sense Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them. @@ -1097,7 +1107,7 @@ To turn off **Connect to suggested open hotspots** and **Connect to networks sha When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee. -### 20. Windows Defender +### 21. Windows Defender You can disconnect from the Microsoft Antimalware Protection Service. @@ -1149,7 +1159,7 @@ You can stop Enhanced Notifications: You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1. -### 21. Windows Media Player +### 22. Windows Media Player To remove Windows Media Player: @@ -1159,7 +1169,7 @@ To remove Windows Media Player: - Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer** -### 22. Windows spotlight +### 23. Windows spotlight Windows spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or through Group Policy. @@ -1197,13 +1207,13 @@ If you're not running Windows 10, version 1607 or later, you can use the other o For more info, see [Windows Spotlight on the lock screen](../manage/windows-spotlight.md). -### 23. Windows Store +### 24. Windows Store You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled. - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Store** > **Disable all apps from Windows Store**. -### 24. Windows Update Delivery Optimization +### 25. Windows Update Delivery Optimization Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet. @@ -1213,13 +1223,13 @@ Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delive In Windows 10, version 1607, you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Simple** (99) or **Bypass** (100), as described below. -### 24.1 Settings > Update & security +### 25.1 Settings > Update & security You can set up Delivery Optimization from the **Settings** UI. - Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**. -### 24.2 Delivery Optimization Group Policies +### 25.2 Delivery Optimization Group Policies You can find the Delivery Optimization Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization**. @@ -1231,7 +1241,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con | Max Cache Size | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20, which represents 20% of the disk.| | Max Upload Bandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.| -### 24.3 Delivery Optimization MDM policies +### 25.3 Delivery Optimization MDM policies The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). @@ -1244,7 +1254,7 @@ The following Delivery Optimization MDM policies are available in the [Policy CS | DeliveryOptimization/DOMaxUploadBandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.| -### 24.4 Delivery Optimization Windows Provisioning +### 25.4 Delivery Optimization Windows Provisioning If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies @@ -1260,7 +1270,7 @@ Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windo For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684). -### 25. Windows Update +### 26. Windows Update You can turn off Windows Update by setting the following registry entries: From 1ac37ac16b44da26fa93cbed90a87bd316ad5359 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 29 Jul 2016 11:26:45 -0700 Subject: [PATCH 16/16] added links to the readiness tool and added all of the registry settings for removing Credential Guard --- windows/keep-secure/credential-guard.md | 55 +++++++++++++++++++++---- 1 file changed, 46 insertions(+), 9 deletions(-) diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 94996dab65..c03bc8cfbf 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -143,7 +143,8 @@ If you would like to add Credential Guard to an image, you can do this by adding ### Add the virtualization-based security features First, you must add the virtualization-based security features. You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). -> **Note:**  If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. +> [!NOTE] +> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you.   **Add the virtualization-based security features by using Programs and Features** 1. Open the Programs and Features control panel. @@ -157,7 +158,8 @@ First, you must add the virtualization-based security features. You can do this ``` syntax dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all ``` -> **Note:**  You can also add these features to an online image by using either DISM or Configuration Manager. +> [!NOTE] +> You can also add these features to an online image by using either DISM or Configuration Manager. In Windows 10, version 1607, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode: @@ -181,14 +183,30 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. 4. Close Registry Editor. -> **Note:**  You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. +> [!NOTE] +> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. + +**Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool** + +You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v2.0.ps1 -Enable -AutoReboot +```   ### Remove Credential Guard If you have to remove Credential Guard on a PC, you need to do the following: 1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). -2. Delete the following registry setting: HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags +2. Delete the following registry settings: + - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures + + > [!IMPORTANT] + > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. + 3. Delete the Credential Guard EFI variables by using bcdedit. **Delete the Credential Guard EFI variables** @@ -208,9 +226,18 @@ If you have to remove Credential Guard on a PC, you need to do the following: 3. Accept the prompt to disable Credential Guard. 4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. -> **Note:** The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS +> [!NOTE] +> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). + +**Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool** + +You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v2.0.ps1 -Disable -AutoReboot +```   ### Check that Credential Guard is running @@ -223,6 +250,12 @@ You can use System Information to ensure that Credential Guard is running on a P Here's an example: ![System Information](images/credguard-msinfo32.png) + +You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v2.0.ps1 -Ready +``` ## Considerations when using Credential Guard @@ -314,7 +347,8 @@ On devices that are running Credential Guard, enroll the devices using the machi ``` syntax CertReq -EnrollCredGuardCert MachineAuthentication ``` -> **Note:**  You must restart the device after enrolling the machine authentication certificate. +> [!NOTE] +> You must restart the device after enrolling the machine authentication certificate.   ### Link the issuance policies to a group @@ -353,7 +387,8 @@ Now you can set up an authentication policy to use Credential Guard. 14. Click **OK** to create the authentication policy. 15. Close Active Directory Administrative Center. -> **Note:**  When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios. +> [!NOTE] +> When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.   ### Appendix: Scripts @@ -547,7 +582,8 @@ write-host "There are no issuance policies which are not mapped to groups" } } ``` -> **Note:**  If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.   #### Link an issuance policy to a group @@ -828,7 +864,8 @@ write-host $tmp -Foreground Red } ``` -> **Note:**  If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.   ## Related topics