mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-07-03 03:03:43 +00:00
Merged PR 4587: 11/17 PM Publish
This commit is contained in:
Alma Jenks
@ -19,7 +19,7 @@ Consider these additional features you can use after your organization deploys W
|
||||
* [Conditional access](#conditional-access)
|
||||
* [Dynamic lock](#dynamic-lock)
|
||||
* [PIN reset](#PIN-reset)
|
||||
* [Privileged workstation](#Priveleged-workstation)
|
||||
* [Privileged credentials](#Priveleged-crednetials)
|
||||
* [Mulitfactor Unlock](#Multifactor-unlock)
|
||||
|
||||
|
||||
@ -142,14 +142,14 @@ On-premises deployments provide users with the ability to reset forgotton PINs e
|
||||
>[!NOTE]
|
||||
> Visit the [Frequently Asked Questions](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-identity-verification#frequently-asked-questions) section of the Windows Hello for Business page and watch the **What happens when the user forgets their PIN?** video.
|
||||
|
||||
## Privileged Workstation
|
||||
## Privileged Credentials
|
||||
|
||||
**Requirements**
|
||||
* Hybrid and On-premises Windows Hello for Business deployments
|
||||
* Domain Joined or Hybird Azure joined devices
|
||||
* Windows 10, version 1709
|
||||
|
||||
The privileged workstation scenario enables administrators to perform elevated, admistrative funcions by enrolling both their non-privileged and privileged credentials on their device.
|
||||
The privileged credentials scenario enables administrators to perform elevated, admistrative funcions by enrolling both their non-privileged and privileged credentials on their device.
|
||||
|
||||
By design, Windows 10 does not enumerate all Windows Hello for Business users from within a user's session. Using the computer Group Policy setting, Allow enumeration of emulated smartd card for all users, you can configure a device to all this enumeration on selected devices.
|
||||
|
||||
|
||||
@ -81,7 +81,7 @@ Organizations using older directory synchronization technology, such as DirSync
|
||||
<br>
|
||||
|
||||
## Federation with Azure ##
|
||||
You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated envionments, key trust deployments work in environments that have deployed [Password Syncrhonization with Azure AD Connect](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated envirnonments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later.
|
||||
You can deploy Windows Hello for Business key trust in non-federated and federated environments. For non-federated environments, key trust deployments work in environments that have deployed [Password Synchronization with Azure AD Connect](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization) and [Azure Active Directory Pass-through-Authentication](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). For federated environments, you can deploy Windows Hello for Business key trust using Active Directory Federation Services (AD FS) 2012 R2 or later.
|
||||
|
||||
### Section Review ###
|
||||
> [!div class="checklist"]
|
||||
@ -91,7 +91,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat
|
||||
<br>
|
||||
|
||||
## Multifactor Authentication ##
|
||||
Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication.
|
||||
Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor, but needs a second factor of authentication.
|
||||
|
||||
Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service or they can use multifactor authentication provides by Windows Server 2012 R2 or later Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS.
|
||||
|
||||
|
||||
@ -43,4 +43,4 @@
|
||||
##### [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md)
|
||||
#### [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
|
||||
|
||||
## [Windows Hello for Businesss Feature](hello-features.md)
|
||||
## [Windows Hello for Business Features](hello-features.md)
|
||||
@ -1029,6 +1029,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
<li>Authentication/AllowFidoDeviceSignon</li>
|
||||
<li>Browser/LockdownFavorites</li>
|
||||
<li>Browser/ProvisionFavorites</li>
|
||||
<li>Cellular/LetAppsAccessCellularData</li>
|
||||
<li>Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</li>
|
||||
<li>Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</li>
|
||||
<li>Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</li>
|
||||
<li>CredentialProviders/DisableAutomaticReDeploymentCredentials</li>
|
||||
<li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
|
||||
<li>DeviceGuard/RequirePlatformSecurityFeatures</li>
|
||||
@ -1081,6 +1085,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
<li>Education/PrinterNames</li>
|
||||
<li>Search/AllowCloudSearch</li>
|
||||
<li>Security/ClearTPMIfNotReady</li>
|
||||
<li>Start/HidePeopleBar</li>
|
||||
<li>Storage/AllowDiskHealthModelUpdates</li>
|
||||
<li>System/LimitEnhancedDiagnosticDataWindowsAnalytics</li>
|
||||
<li>Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork</li>
|
||||
@ -1377,6 +1382,44 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
|
||||
## Change history in MDM documentation
|
||||
|
||||
### November 2017
|
||||
|
||||
<table class="mx-tdBreakAll">
|
||||
<colgroup>
|
||||
<col width="25%" />
|
||||
<col width="75%" />
|
||||
</colgroup>
|
||||
<thead>
|
||||
<tr class="header">
|
||||
<th>New or updated topic</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
|
||||
<td style="vertical-align:top"><p>Added the following policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Authentication/AllowFidoDeviceSignon</li>
|
||||
<li>Cellular/LetAppsAccessCellularData</li>
|
||||
<li>Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</li>
|
||||
<li>Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</li>
|
||||
<li>Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</li>
|
||||
<li>Start/HidePeopleBar</li>
|
||||
<li>Storage/EnhancedStorageDevices</li>
|
||||
<li>Update/ManagePreviewBuilds</li>
|
||||
<li>WirelessDisplay/AllowMdnsAdvertisement</li>
|
||||
<li>WirelessDisplay/AllowMdnsDiscovery</li>
|
||||
</ul>
|
||||
<p>Added missing policies from previous releases:</p>
|
||||
<ul>
|
||||
<li>Connectivity/DisallowNetworkConnectivityActiveTest</li>
|
||||
<li>Search/AllowWindowsIndexer</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
### October 2017
|
||||
|
||||
<table class="mx-tdBreakAll">
|
||||
@ -1402,14 +1445,6 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
<li>Defender/ControlledFolderAccessAllowedApplications - string separator is |.</li>
|
||||
<li>Defender/ControlledFolderAccessProtectedFolders - string separator is |.</li>
|
||||
</ul>
|
||||
<p>Added the following policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Authentication/AllowFidoDeviceSignon</li>
|
||||
<li>Storage/EnhancedStorageDevices</li>
|
||||
<li>Update/ManagePreviewBuilds</li>
|
||||
<li>WirelessDisplay/AllowMdnsAdvertisement</li>
|
||||
<li>WirelessDisplay/AllowMdnsDiscovery</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="even">
|
||||
<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
|
||||
|
||||
@ -532,6 +532,18 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
### Cellular policies
|
||||
|
||||
<dl>
|
||||
<dd>
|
||||
<a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata" id="cellular-letappsaccesscellulardata">Cellular/LetAppsAccessCellularData</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata_forceallowtheseapps" id="cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata_forcedenytheseapps" id="cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-cellular.md#cellular-letappsaccesscellulardata_userincontroloftheseapps" id="cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-cellular.md#cellular-showappcellularaccessui" id="cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
|
||||
</dd>
|
||||
@ -2584,6 +2596,9 @@ The following diagram shows the Policy configuration service provider in tree fo
|
||||
<dd>
|
||||
<a href="./policy-csp-start.md#start-hidelock" id="start-hidelock">Start/HideLock</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-start.md#start-hidepeoplebar" id="start-hidepeoplebar">Start/HidePeopleBar</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-start.md#start-hidepowerbutton" id="start-hidepowerbutton">Start/HidePowerButton</a>
|
||||
</dd>
|
||||
|
||||
@ -6,7 +6,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 11/01/2017
|
||||
ms.date: 11/16/2017
|
||||
---
|
||||
|
||||
# Policy CSP - Authentication
|
||||
@ -204,16 +204,17 @@ ms.date: 11/01/2017
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether Fast Identity Online (FIDO) device can be used to sign on.
|
||||
<p style="margin-left: 20px">Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0
|
||||
|
||||
<p style="margin-left: 20px">Value type is integer.
|
||||
|
||||
<p style="margin-left: 20px">Here is an example scenario: At Contoso, there are a lot of shared devices and kiosks that employees throughout the day using as many as 20 different devices. To minimize the loss in productivity when employees have to login with username and password everytime they pick up a device, the IT admin deploys SharePC CSP and Authentication/AllowFidoDeviceSignon policy to shared devices. The IT admin provisions and distributes FIDO 2.0 devices to employees, which allows them to authenticate to various shared devices and PCs.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
|
||||
- 0 - Do not allow. The FIDO device credential provider disabled.
|
||||
- 1 - Allow. The FIDO device credential provider is enabled and allows usage of FIDO devices to sign into an Windows.
|
||||
|
||||
<p style="margin-left: 20px">Value type is integer.
|
||||
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
|
||||
@ -6,7 +6,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 11/01/2017
|
||||
ms.date: 11/16/2017
|
||||
---
|
||||
|
||||
# Policy CSP - Cellular
|
||||
@ -19,11 +19,166 @@ ms.date: 11/01/2017
|
||||
## Cellular policies
|
||||
|
||||
<dl>
|
||||
<dd>
|
||||
<a href="#cellular-letappsaccesscellulardata">Cellular/LetAppsAccessCellularData</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#cellular-letappsaccesscellulardata_forceallowtheseapps">Cellular/LetAppsAccessCellularData_ForceAllowTheseApps</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#cellular-letappsaccesscellulardata_forcedenytheseapps">Cellular/LetAppsAccessCellularData_ForceDenyTheseApps</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#cellular-letappsaccesscellulardata_userincontroloftheseapps">Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<hr/>
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="cellular-letappsaccesscellulardata"></a>**Cellular/LetAppsAccessCellularData**
|
||||
|
||||
<!--StartSKU-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
Added in Windows 10, version 1709. This policy setting specifies whether Windows apps can access cellular data.
|
||||
|
||||
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
|
||||
|
||||
If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.
|
||||
|
||||
If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your organization cannot change it.
|
||||
|
||||
If you choose the "Force Deny" option, Windows apps are not allowed to access cellular data and employees in your organization cannot change it.
|
||||
|
||||
If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device.
|
||||
|
||||
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.”
|
||||
|
||||
Suported values:
|
||||
|
||||
- 0 - User is in control
|
||||
- 1 - Force Allow
|
||||
- 2 - Force Deny
|
||||
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="cellular-letappsaccesscellulardata_forceallowtheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceAllowTheseApps**
|
||||
|
||||
<!--StartSKU-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="cellular-letappsaccesscellulardata_forcedenytheseapps"></a>**Cellular/LetAppsAccessCellularData_ForceDenyTheseApps**
|
||||
|
||||
<!--StartSKU-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="cellular-letappsaccesscellulardata_userincontroloftheseapps"></a>**Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps**
|
||||
|
||||
<!--StartSKU-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--EndSKU-->
|
||||
<!--StartDescription-->
|
||||
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="cellular-showappcellularaccessui"></a>**Cellular/ShowAppCellularAccessUI**
|
||||
@ -61,6 +216,16 @@ ms.date: 11/01/2017
|
||||
|
||||
<!--EndScope-->
|
||||
<!--StartDescription-->
|
||||
This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX.
|
||||
|
||||
If this policy setting is enabled, a drop-down list box presenting possible values will be active. Select "Hide" or "Show" to hide or show the link to the per-application cellular access control page.
|
||||
|
||||
If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed by default.”
|
||||
|
||||
Supported values:
|
||||
|
||||
- 0 - Hide
|
||||
- 1 - Show
|
||||
<!--EndDescription-->
|
||||
> [!TIP]
|
||||
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
||||
|
||||
@ -314,7 +314,7 @@ ms.date: 11/01/2017
|
||||
|
||||
<!--EndScope-->
|
||||
<!--StartDescription-->
|
||||
<p style="margin-left: 20px">Specifies whether to allow the user to delete the workplace account using the workplace control panel.
|
||||
<p style="margin-left: 20px">Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), which is majority of the case for Intune, then disabling the MDM unenrollment has no effect.
|
||||
|
||||
> [!NOTE]
|
||||
> The MDM server can always remotely delete the account.
|
||||
|
||||
@ -67,6 +67,9 @@ ms.date: 11/01/2017
|
||||
<dd>
|
||||
<a href="#start-hidelock">Start/HideLock</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#start-hidepeoplebar">Start/HidePeopleBar</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#start-hidepowerbutton">Start/HidePowerButton</a>
|
||||
</dd>
|
||||
@ -901,6 +904,41 @@ ms.date: 11/01/2017
|
||||
1. Enable policy.
|
||||
2. Open Start, click on the user tile, and verify "Lock" is not available.
|
||||
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
<!--StartPolicy-->
|
||||
<a href="" id="start-hidepeoplebar"></a>**Start/HidePeopleBar**
|
||||
|
||||
<!--StartSKU-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!--EndSKU-->
|
||||
|
||||
<!--StartDescription-->
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
|
||||
|
||||
<p style="margin-left: 20px">Value type is integer.
|
||||
|
||||
<!--EndDescription-->
|
||||
<!--EndPolicy-->
|
||||
<hr/>
|
||||
|
||||
@ -66,7 +66,7 @@ The hardware requirements for Windows Defender ATP on endpoints is the same as t
|
||||
> Endpoints that are running mobile versions of Windows are not supported.
|
||||
|
||||
#### Internet connectivity
|
||||
Internet connectivity on endpoints is required.
|
||||
Internet connectivity on endpoints is required either directly or through proxy.
|
||||
|
||||
The Windows Defender ATP sensor can utilize up to 5MB daily of bandwidth to communicate with the Windows Defender ATP cloud service and report cyber data.
|
||||
|
||||
|
||||
@ -29,6 +29,9 @@ ms.date: 10/17/2017
|
||||
|
||||
The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
|
||||
|
||||
>[!IMPORTANT]
|
||||
> This feature is available for machines on Windows 10, version 1703 or later.
|
||||
|
||||
The **Security analytics dashboard** displays a snapshot of:
|
||||
- Organizational security score
|
||||
- Security coverage
|
||||
|
||||
Reference in New Issue
Block a user