diff --git a/.github/workflows/AutoLabelAssign.yml b/.github/workflows/AutoLabelAssign.yml index 8247aa8e9c..65e87b3d4b 100644 --- a/.github/workflows/AutoLabelAssign.yml +++ b/.github/workflows/AutoLabelAssign.yml @@ -14,6 +14,7 @@ on: jobs: download-payload: name: Download and extract payload artifact + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod with: WorkflowId: ${{ github.event.workflow_run.id }} @@ -23,6 +24,7 @@ jobs: label-assign: name: Run assign and label + if: github.repository_owner == 'MicrosoftDocs' needs: [download-payload] uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod with: @@ -32,10 +34,4 @@ jobs: ExcludedUserList: '["user1", "user2"]' ExcludedBranchList: '["branch1", "branch2"]' secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - - - - + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/AutoLabelMsftContributor.yml b/.github/workflows/AutoLabelMsftContributor.yml index c41825acc8..6fcfb6e43e 100644 --- a/.github/workflows/AutoLabelMsftContributor.yml +++ b/.github/workflows/AutoLabelMsftContributor.yml @@ -13,7 +13,7 @@ on: jobs: download-payload: - if: github.repository_visibility == 'public' + if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public' name: Download and extract payload artifact uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod with: @@ -24,7 +24,7 @@ jobs: label-msft: name: Label Microsoft contributors - if: github.repository_visibility == 'public' + if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'public' needs: [download-payload] uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod with: @@ -32,4 +32,4 @@ jobs: secrets: AccessToken: ${{ secrets.GITHUB_TOKEN }} ClientId: ${{ secrets.M365_APP_CLIENT_ID }} - PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }} + PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }} \ No newline at end of file diff --git a/.github/workflows/BackgroundTasks.yml b/.github/workflows/BackgroundTasks.yml index c0389bb252..8dc3ceae0a 100644 --- a/.github/workflows/BackgroundTasks.yml +++ b/.github/workflows/BackgroundTasks.yml @@ -9,6 +9,7 @@ on: jobs: upload: + if: github.repository_owner == 'MicrosoftDocs' runs-on: ubuntu-latest steps: @@ -23,4 +24,4 @@ jobs: - uses: actions/upload-artifact@v4 with: name: PayloadJson - path: pr/ + path: pr/ \ No newline at end of file diff --git a/.github/workflows/BuildValidation.yml b/.github/workflows/BuildValidation.yml index e57844b453..dadccacbef 100644 --- a/.github/workflows/BuildValidation.yml +++ b/.github/workflows/BuildValidation.yml @@ -11,11 +11,9 @@ on: jobs: build-status: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-BuildValidation.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - diff --git a/.github/workflows/LiveMergeCheck.yml b/.github/workflows/LiveMergeCheck.yml index faeb2a0ef4..7db35548e9 100644 --- a/.github/workflows/LiveMergeCheck.yml +++ b/.github/workflows/LiveMergeCheck.yml @@ -12,11 +12,9 @@ on: jobs: live-merge: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - \ No newline at end of file + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/PrFileCount.yml b/.github/workflows/PrFileCount.yml index 40f7d61629..17faf7a211 100644 --- a/.github/workflows/PrFileCount.yml +++ b/.github/workflows/PrFileCount.yml @@ -12,11 +12,9 @@ on: jobs: file-count: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/ProtectedFiles.yml b/.github/workflows/ProtectedFiles.yml index 007f8f04b1..bbdbbe2e40 100644 --- a/.github/workflows/ProtectedFiles.yml +++ b/.github/workflows/ProtectedFiles.yml @@ -10,11 +10,9 @@ on: [pull_request_target] jobs: protected-files: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} - - - \ No newline at end of file + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/Stale.yml b/.github/workflows/Stale.yml index 82b6875e28..7f262d325a 100644 --- a/.github/workflows/Stale.yml +++ b/.github/workflows/Stale.yml @@ -11,9 +11,10 @@ on: jobs: stale: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod with: RunDebug: false RepoVisibility: ${{ github.repository_visibility }} secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/StaleBranch.yml b/.github/workflows/StaleBranch.yml index 470eadbd32..f55d979291 100644 --- a/.github/workflows/StaleBranch.yml +++ b/.github/workflows/StaleBranch.yml @@ -13,6 +13,7 @@ on: jobs: stale-branch: + if: github.repository_owner == 'MicrosoftDocs' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-StaleBranch.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} @@ -22,4 +23,4 @@ jobs: ]' ReportOnly: true secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/TierManagement.yml b/.github/workflows/TierManagement.yml index 4078a48fda..47baf0be65 100644 --- a/.github/workflows/TierManagement.yml +++ b/.github/workflows/TierManagement.yml @@ -11,11 +11,11 @@ on: jobs: tier-mgmt: - if: github.repository_visibility == 'private' + if: github.repository_owner == 'MicrosoftDocs' && github.repository_visibility == 'private' uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-TierManagement.yml@workflows-prod with: PayloadJson: ${{ toJSON(github) }} EnableWriteSignOff: 1 - EnableReadOnlySignoff: 0 + EnableReadOnlySignoff: 1 secrets: - AccessToken: ${{ secrets.GITHUB_TOKEN }} + AccessToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index c7a8579e25..2c00a22b4a 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -143,6 +143,8 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant +> [!CAUTION] +> If the Microsoft Account Sign-In Assistant service is disabled, the initial digital license activation with a Multiple Activation Key (MAK) will fail. diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index caf72cbace..4708cd0e55 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 03/12/2025 +ms.date: 03/26/2025 ms.topic: generated-reference --- @@ -370,6 +370,8 @@ This policy setting determines which app opens when the user presses the Copilot +The property value is the Application User Model ID (AUMID) for the target application. For example: the Microsoft 365 Copilot app is `Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub`. For more information, see [Find the application user model ID of an installed app](/windows/configuration/store/find-aumid?tabs=ps%2Cexplorer&pivots=windows-11). + diff --git a/windows/configuration/taskbar/pinned-apps.md b/windows/configuration/taskbar/pinned-apps.md index 6f93e76b25..f8ec2fe588 100644 --- a/windows/configuration/taskbar/pinned-apps.md +++ b/windows/configuration/taskbar/pinned-apps.md @@ -214,7 +214,9 @@ The GPO applies the Start and taskbar layout at the next user sign-in. Each time ## User experience -After the taskbar layout is applied, the users must sign out and sign in again to see the new layout. Unless prohibited via policy settings, users can pin more apps, change the order, and unpin apps from the taskbar. +After the taskbar layout is applied, users must sign out and sign in again to see the new layout. Unless prohibited via policy settings, users can pin more apps, change the order, and unpin apps from the taskbar. + +Any pins provisioned via policy settings are restored upon the next policy refresh, even when users unpin them. ### OS install and upgrade experience diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md index 64b6580098..3e4efcc4cd 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md @@ -11,7 +11,7 @@ In many cases, a first step for administrators is to customize the firewall prof This article describes the concepts and recommendations for creating and managing firewall rules. -## Rule precedence for inbound rules +## Rule precedence for inbound and outbound rules In many cases, allowing specific types of inbound traffic is required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when configuring inbound exceptions: @@ -19,7 +19,9 @@ In many cases, allowing specific types of inbound traffic is required for applic 1. Explicit block rules take precedence over any conflicting allow rules 1. More specific rules take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 takes precedence -Because of 1 and 2, when designing a set of policies you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow. +Because of 1 and 2, when designing a set of policies, you should make sure that there are no other explicit block rules that could inadvertently overlap, thus preventing the traffic flow you wish to allow. + +Outbound rules follow the same precedence behaviors. > [!NOTE] > Windows Firewall doesn't support weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors as described. diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 87ff332844..a276519e51 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -36,6 +36,8 @@ In many cases, applications should be able to replace NTLM with Negotiate using Negotiate's built-in fallback to NTLM is preserved to mitigate compatibility issues during this transition. For updates on NTLM deprecation, see [https://aka.ms/ntlm](https://aka.ms/ntlm). +NTLM v1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. Some situations still use NTLMv1 primitives for legacy reasons. MSCHAPv2 uses the same response function as NTLMv1 and is vulnerable to the same attacks against the weak crypto. MSCHAPv2 is only disabled by enabling Credential Guard. + ## WordPad WordPad is removed from all editions of Windows starting in Windows 11, version 24H2 and Windows Server 2025. As a result, Windows will no longer have a built-in, default RTF reader. We recommend Microsoft Word for rich text documents like .doc and .rtf and Notepad for plain text documents like .txt. The following binaries will be removed as a result of WordPad removal: