From 444267510fb6804307e7e80128b2cbb08433dc5d Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Thu, 28 Oct 2021 13:04:18 -0700 Subject: [PATCH 01/14] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index ccd89eb916..a7b16168c5 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -266,7 +266,7 @@ ADMX Info: **Status** -Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. +Returns bitmask that indicates status of Application Guard installation for Microsoft Office/generic platform and pre-requisites on the device. This does not apply to Microsoft Edge currently. Value type is integer. Supported operation is Get. From ca904a7467792aee0720946b6f0c6cf6f32ffc3f Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Thu, 28 Oct 2021 13:11:14 -0700 Subject: [PATCH 02/14] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index a7b16168c5..8f39a5d200 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -266,7 +266,7 @@ ADMX Info: **Status** -Returns bitmask that indicates status of Application Guard installation for Microsoft Office/generic platform and pre-requisites on the device. This does not apply to Microsoft Edge currently. +Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and pre-requisites on the device. In contrast, PlatformStatus indicates status of Microsoft Office/Generic platform. Value type is integer. Supported operation is Get. From 2c5347382083eb587072337c46f1ca445dcbbd4f Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Thu, 28 Oct 2021 13:13:08 -0700 Subject: [PATCH 03/14] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 8f39a5d200..56261362ec 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -266,7 +266,7 @@ ADMX Info: **Status** -Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and pre-requisites on the device. In contrast, PlatformStatus indicates status of Microsoft Office/Generic platform. +Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and pre-requisites on the device. Value type is integer. Supported operation is Get. @@ -279,7 +279,7 @@ Value type is integer. Supported operation is Get. - Bit 6 - Set to 1 when system reboot is required. **PlatformStatus** -Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. +Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. Value type is integer. Supported operation is Get. From ea4ca19574e2cb173b03f77bb5c6b5a99115ceb3 Mon Sep 17 00:00:00 2001 From: Lucas Moura Date: Thu, 28 Oct 2021 21:19:21 -0300 Subject: [PATCH 04/14] Update the Windows Sandbox Architeture I've added just an article in a sentence on 'Integrated Kernel' section. --- .../windows-sandbox/windows-sandbox-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md index 544e0ab263..31d3aba69a 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md @@ -42,7 +42,7 @@ Because Windows Sandbox runs the same operating system image as the host, it has ## Integrated kernel scheduler -With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles. +With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles. ![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png) From 238ed5e395895008b8bcd43b8511ce077914e12b Mon Sep 17 00:00:00 2001 From: Kim O'Sullivan Date: Fri, 29 Oct 2021 13:41:11 +1100 Subject: [PATCH 05/14] Update smart-card-group-policy-and-registry-settings.md Fixed default value for TransactionTimeoutMilliseconds registry key. --- .../smart-card-group-policy-and-registry-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index ad5011e9b9..09d479bde6 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -389,7 +389,7 @@ The registry keys for the smart card KSP are in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\ | **AllowPrivateSignatureKeyImport** | A non-zero value allows RSA signature private keys to be imported for use in key archival scenarios.
Default value: 00000000 | | **DefaultPrivateKeyLenBits** | Defines the default length for private keys, if desired.
Default value: 00000400
Default key generation parameter: 1024-bit keys | | **RequireOnCardPrivateKeyGen** | This key sets the flag that requires on-card private key generation (default). If this value is set, a key generated on a host can be imported into the smart card. This is used for smart cards that don't support on-card key generation or where key escrow is required.
Default value: 00000000 | -| **TransactionTimeoutMilliseconds** | Default timeout values allow you to specify whether transactions that take an excessive amount of time will fail.
Default value: 000005dc1500
The default timeout for holding transactions to the smart card is 1.5 seconds. | +| **TransactionTimeoutMilliseconds** | Default timeout values allow you to specify whether transactions that take an excessive amount of time will fail.
Default value: 000005dc
The default timeout for holding transactions to the smart card is 1.5 seconds. | **Additional registry keys for the smart card KSP** From ffe06c0758f3e68bae33f685f77519cad756819b Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Fri, 29 Oct 2021 08:13:41 -0700 Subject: [PATCH 06/14] Update windows/client-management/mdm/windowsdefenderapplicationguard-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 56261362ec..24cb571da7 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -266,7 +266,7 @@ ADMX Info: **Status** -Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and pre-requisites on the device. +Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and prerequisites on the device. Value type is integer. Supported operation is Get. From 0ee36c3a67fff8d9c2adc769ca9c0a50635599d7 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 1 Nov 2021 11:22:47 -0700 Subject: [PATCH 07/14] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index ccd89eb916..3197ccaf2a 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -275,6 +275,8 @@ Value type is integer. Supported operation is Get. - Bit 2 - Set to 1 when the client machine has a valid OS license and SKU. - Bit 3 - Set to 1 when Application Guard installed on the client machine. - Bit 4 - Set to 1 when required Network Isolation Policies are configured. + > [!IMPORTANT] +> If you are deploying Application Guard via Intune, Network Isolation Policy must to configured, to enable Application Guard for Microsoft Edge. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. - Bit 6 - Set to 1 when system reboot is required. From 5422a2ebc0206752a1edb313ca07215e21c406e1 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Tue, 2 Nov 2021 01:16:54 -0700 Subject: [PATCH 08/14] Update windows/client-management/mdm/windowsdefenderapplicationguard-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 3197ccaf2a..ecb1f41ec7 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -276,7 +276,7 @@ Value type is integer. Supported operation is Get. - Bit 3 - Set to 1 when Application Guard installed on the client machine. - Bit 4 - Set to 1 when required Network Isolation Policies are configured. > [!IMPORTANT] -> If you are deploying Application Guard via Intune, Network Isolation Policy must to configured, to enable Application Guard for Microsoft Edge. + > If you are deploying Application Guard via Intune, Network Isolation Policy must to configured, to enable Application Guard for Microsoft Edge. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. - Bit 6 - Set to 1 when system reboot is required. From 5e67f05b9aeddcfab11dd48068849a5a119e68f3 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Tue, 2 Nov 2021 01:18:11 -0700 Subject: [PATCH 09/14] Update windows/client-management/mdm/windowsdefenderapplicationguard-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index ecb1f41ec7..c31e531d60 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -278,7 +278,7 @@ Value type is integer. Supported operation is Get. > [!IMPORTANT] > If you are deploying Application Guard via Intune, Network Isolation Policy must to configured, to enable Application Guard for Microsoft Edge. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. -- Bit 6 - Set to 1 when system reboot is required. +- Bit 6 - Set to 1 when system reboot is required. **PlatformStatus** Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. From d81248d8d400db9ee45603c9a9372e59ef08c099 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Tue, 2 Nov 2021 03:59:05 -0700 Subject: [PATCH 10/14] Update windows/client-management/mdm/windowsdefenderapplicationguard-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index c31e531d60..f94a10cd0f 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -276,7 +276,7 @@ Value type is integer. Supported operation is Get. - Bit 3 - Set to 1 when Application Guard installed on the client machine. - Bit 4 - Set to 1 when required Network Isolation Policies are configured. > [!IMPORTANT] - > If you are deploying Application Guard via Intune, Network Isolation Policy must to configured, to enable Application Guard for Microsoft Edge. + > If you are deploying Application Guard via Intune, Network Isolation Policy must be configured to enable Application Guard for Microsoft Edge. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. - Bit 6 - Set to 1 when system reboot is required. From 0377f3bb1d9705f894a78d848a0a813704757e83 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 2 Nov 2021 08:19:25 -0700 Subject: [PATCH 11/14] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index f94a10cd0f..bb6740363d 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: dansimp -ms.date: 10/11/2021 +ms.date: 11/02/2021 ms.reviewer: manager: dansimp --- From 92172e02c9f556af25c32195e8f18cd59820cd08 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 2 Nov 2021 08:21:52 -0700 Subject: [PATCH 12/14] Update smart-card-group-policy-and-registry-settings.md --- .../smart-card-group-policy-and-registry-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index 09d479bde6..17d490b6d0 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 09/23/2021 +ms.date: 11/02/2021 ms.reviewer: --- From 27b6e88d032f4850e0e6357951145afbd4cf63d6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 2 Nov 2021 08:24:08 -0700 Subject: [PATCH 13/14] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 24cb571da7..352f39942f 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: dansimp -ms.date: 10/11/2021 +ms.date: 11/02/2021 ms.reviewer: manager: dansimp --- From 5eabd84d585e989a879cf1d544846dede4dcafbf Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 2 Nov 2021 08:28:49 -0700 Subject: [PATCH 14/14] Update windows-mdm-enterprise-settings.md --- .../client-management/mdm/windows-mdm-enterprise-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index e5e7511669..bb12be25b3 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -12,12 +12,12 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 06/26/2017 +ms.date: 11/02/2021 --- # Enterprise settings, policies, and app management -The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526). +The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf). Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](configuration-service-provider-reference.md).