Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into WAreorg

2025-05-16 15:27:22 +00:00 · 2018-03-15 10:42:54 -07:00 · 2018-03-15 10:42:54 -07:00 · bda1e8fbb7
commit bda1e8fbb7
parent c838abc067 68e95a2033
6 changed files with 87 additions and 4 deletions
--- a/mdop/mbam-v25/mbam-25-security-considerations.md
+++ b/mdop/mbam-v25/mbam-25-security-considerations.md
@ -32,7 +32,7 @@ This topic contains the following information about how to secure Microsoft BitL

 ## <a href="" id="bkmk-tpm"></a>Configure MBAM to escrow the TPM and store OwnerAuth passwords

-**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.  
+**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addition, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](http://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password) for further details.  

 Depending on its configuration, the Trusted Platform Module (TPM) will lock itself in certain situations ─ such as when too many incorrect passwords are entered ─ and can remain locked for a period of time. During TPM lockout, BitLocker cannot access the encryption keys to perform unlock or decryption operations, requiring the user to enter their BitLocker recovery key to access the operating system drive. To reset TPM lockout, you must provide the TPM OwnerAuth password.

--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1425,6 +1425,14 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>[How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)</li>
 </ul>
 </td></tr>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
+<ul>
+<li>ApplicationDefaults/EnableAppUriHandlers</li>
+<li>Connectivity/AllowPhonePCLinking</li>
+</ul>
+</td></tr>
 </tbody>
 </table>

--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -193,6 +193,9 @@ The following diagram shows the Policy configuration service provider in tree fo
  <dd>
    <a href="./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration" id="applicationdefaults-defaultassociationsconfiguration">ApplicationDefaults/DefaultAssociationsConfiguration</a>
  </dd>
+  <dd>
+    <a href="./policy-csp-applicationdefaults.md#applicationdefaults-enableappurihandlers" id="applicationdefaults-enableappurihandlers">ApplicationDefaults/EnableAppUriHandlers</a>
+  </dd>
 </dl>

 ### ApplicationManagement policies
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@ -11,6 +11,8 @@ ms.date: 03/12/2018

 # Policy CSP - ApplicationDefaults

+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.


 <hr/>
@ -22,6 +24,9 @@ ms.date: 03/12/2018
  <dd>
    <a href="#applicationdefaults-defaultassociationsconfiguration">ApplicationDefaults/DefaultAssociationsConfiguration</a>
  </dd>
+  <dd>
+    <a href="#applicationdefaults-enableappurihandlers">ApplicationDefaults/EnableAppUriHandlers</a>
+  </dd>
 </dl>


@ -132,6 +137,73 @@ Here is the SyncMl example:

 <!--/Example-->
 <!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="applicationdefaults-enableappurihandlers"></a>**ApplicationDefaults/EnableAppUriHandlers**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td></td>
+	<td></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting determines whether Windows supports web-to-app linking with app URI handlers.
+
+Enabling this policy setting enables web-to-app linking so that apps can be launched with a http(s) URI.
+
+Disabling this policy disables web-to-app linking and http(s) URIs will be opened in the default browser instead of launching the associated app.
+
+If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Configure web-to-app linking with app URI handlers*
+-   GP name: *EnableAppUriHandlers*
+-   GP ADMX file name: *GroupPolicy.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+This setting supports a range of values between 0 and 1.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
 <hr/>

 Footnote:
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@ -99,7 +99,7 @@ Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Auth
 > [!div class="checklist"]
 > * Azure MFA Service
 > * Windows Server 2016 AD FS and Azure (optional, if federated)
-> * Windows Server 2016 AD FS and third party MFA Adapter (optiona, if federated)
+> * Windows Server 2016 AD FS and third party MFA Adapter (optional, if federated)

 <br>

@ -136,4 +136,4 @@ For federerated and non-federated environments, start with **Configure Windows H
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
 6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md)
-7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
+7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
--- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
@ -29,7 +29,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
 |Policy name|Supported versions|Description|
 |-----------|------------------|-----------|
 |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
-|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may use "." as a wildcard character to automatically trust subdomains. Configuring '.constoso.com' will automatically trust 'subdomain1.contoso.com', 'subdomain2.contoso.com etc. |
+|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Please include a full domain name (www.contoso.com) in the configuration 2) You may optionally use "." as a wildcard character to automatically trust subdomains. Configuring ".constoso.com" will automatically trust "subdomain1.contoso.com", "subdomain2.contoso.com" etc. |
 |Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|

 ### Application-specific settings