From c6f495d6c9a65262413c83d9060a46cbd8b28aa1 Mon Sep 17 00:00:00 2001 From: Technion Date: Fri, 16 Mar 2018 07:53:01 +0000 Subject: [PATCH 1/5] Fixes #559 by referencing modern password policy. --- .../security-policy-settings/maximum-password-age.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index 5577c3b083..cbcffa7067 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -59,15 +59,15 @@ None. Changes to this policy become effective without a computer restart when th ## Security considerations -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. +This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of implementation. ### Vulnerability -The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords is a major security risk because that allows a compromised password to be used by the malicious user for as long as the valid user is authorized access. +Modern security guidance does not consider long lifetime passwords a vulnerability. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information. -### Countermeasure +### Considerations -Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements. +Many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet your organization's business requirements. ### Potential impact From 2854ecc8b7298fbc4f46f5b06c35550a2751a0af Mon Sep 17 00:00:00 2001 From: Christopher McClister Date: Tue, 20 Mar 2018 09:11:23 -0700 Subject: [PATCH 2/5] C-Card Alt Tags & Accessibility - remove alt content --- education/index.md | 64 +++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/education/index.md b/education/index.md index 1f982844d6..4a5f5a36ba 100644 --- a/education/index.md +++ b/education/index.md @@ -18,7 +18,7 @@ ms.date: 10/30/2017
- Learn more about Microsoft Education products. +
@@ -36,7 +36,7 @@ ms.date: 10/30/2017
- For IT Pros: Get started with Microsoft Education +
@@ -54,7 +54,7 @@ ms.date: 10/30/2017
- Test Windows 10 S for education +
@@ -88,7 +88,7 @@ ms.date: 10/30/2017
- Learn about Microsoft 365 Education +
@@ -107,7 +107,7 @@ ms.date: 10/30/2017
- For IT Pros: Get started with Microsoft Education +
@@ -126,7 +126,7 @@ ms.date: 10/30/2017
- Office 365 for Education +
@@ -145,7 +145,7 @@ ms.date: 10/30/2017
- Microsoft Intune for Education +
@@ -164,7 +164,7 @@ ms.date: 10/30/2017
- Windows 10 for Education +
@@ -183,7 +183,7 @@ ms.date: 10/30/2017
- School Data Sync +
@@ -202,7 +202,7 @@ ms.date: 10/30/2017
- Azure Active Directory +
@@ -221,7 +221,7 @@ ms.date: 10/30/2017
- Microsoft Store for Education +
@@ -240,7 +240,7 @@ ms.date: 10/30/2017
- Minecraft: Educaton Edition +
@@ -259,7 +259,7 @@ ms.date: 10/30/2017
- Set up School PCs +
@@ -278,7 +278,7 @@ ms.date: 10/30/2017
- Meet Microsoft Teams +
@@ -312,7 +312,7 @@ ms.date: 10/30/2017
- Office help and training +
@@ -331,7 +331,7 @@ ms.date: 10/30/2017
- Windows help +
@@ -350,7 +350,7 @@ ms.date: 10/30/2017
- Microsoft Store for Education +
@@ -369,7 +369,7 @@ ms.date: 10/30/2017
- Minecraft: Education Edition +
@@ -388,7 +388,7 @@ ms.date: 10/30/2017
- Microsoft Educator Community +
@@ -407,7 +407,7 @@ ms.date: 10/30/2017
- Meet Microsoft Teams +
@@ -426,7 +426,7 @@ ms.date: 10/30/2017
- Set up School PCs +
@@ -460,7 +460,7 @@ ms.date: 10/30/2017
- Get started for students +
@@ -479,7 +479,7 @@ ms.date: 10/30/2017
- Office help and training +
@@ -498,7 +498,7 @@ ms.date: 10/30/2017
- Windows help +
@@ -517,7 +517,7 @@ ms.date: 10/30/2017
- Microsoft Imagine +
@@ -551,7 +551,7 @@ ms.date: 10/30/2017
- UWP apps for education +
@@ -570,7 +570,7 @@ ms.date: 10/30/2017
- Take a Test API +
@@ -589,7 +589,7 @@ ms.date: 10/30/2017
- Office Education Dev Center +
@@ -623,7 +623,7 @@ ms.date: 10/30/2017
- Microsoft Education Partner Network +
@@ -642,7 +642,7 @@ ms.date: 10/30/2017
- Authorized Education Partner home page +
@@ -661,7 +661,7 @@ ms.date: 10/30/2017
- Authorized Education Partner directory +
@@ -680,7 +680,7 @@ ms.date: 10/30/2017
- Education Partner community Yammer group +
From 3fe77287e2def91634506ad9e88f0db731d55e9a Mon Sep 17 00:00:00 2001 From: ashley-kim <35980531+ashley-kim@users.noreply.github.com> Date: Thu, 22 Mar 2018 00:43:00 -0700 Subject: [PATCH 3/5] Updating flight rings Fast and Slow Included planned release cadence for flight rings: Fast/weekly and Slow/monthly. --- windows/deployment/update/waas-windows-insider-for-business.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/waas-windows-insider-for-business.md b/windows/deployment/update/waas-windows-insider-for-business.md index 52a170184a..dc35477a1b 100644 --- a/windows/deployment/update/waas-windows-insider-for-business.md +++ b/windows/deployment/update/waas-windows-insider-for-business.md @@ -145,6 +145,7 @@ The Slow Windows Insider level is for users who prefer to see new builds of Wind * Builds are sent to the Slow Ring after feedback has been received from Windows Insiders within the Fast Ring and analyzed by our Engineering teams. * These builds will include updates to fix key issues that would prevent many Windows Insiders from being able to use the build on a daily basis. * These builds still might have issues that would be addressed in a future flight. +* These builds are typically released once a month. ### Fast @@ -154,6 +155,7 @@ Best for Windows Insiders who prefer being the first to get access to builds and * Because we are also validating a build on a smaller set of devices before going to Fast, there is also a chance that some features might work on some devices but might fail in other device configurations. * Windows Insiders should be ready to reinstall Windows using the [Media Creation Tool](http://go.microsoft.com/fwlink/?LinkId=691209) or [Windows Device Recovery Tool](http://go.microsoft.com/fwlink/p/?LinkId=522381) when you are significantly blocked. * Remember to report any issue to us through the Windows Insider Feedback Hub or the Windows Insider community forum. +* These builds are typically released once a week. >[!NOTE] >Once your device is updated to Windows 10 and you select your desired flight ring, the process known as "Compatibility check" will need to run in the background. There is no manual way to force this process to run. This process allows for the discovery of your OS type (32-bit, 64-bit), build edition (Home, Pro, Enterprise), country and language settings, and other required information. Once this process is complete, your device will be auto-targeted for the next available flight for your selected ring. For the first build on any given device, this might take up to 24 hours to complete. From 324c22f9fb1e26af9e0b3b4d88285589c65e4887 Mon Sep 17 00:00:00 2001 From: Zach Dvorak Date: Thu, 22 Mar 2018 10:02:14 -0700 Subject: [PATCH 4/5] Update upgrade-readiness-get-started.md --- windows/deployment/upgrade/upgrade-readiness-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index 9d80d93f94..8468224bf5 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -37,7 +37,7 @@ To enable system, application, and driver data to be shared with Microsoft, you Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/). >[!IMPORTANT] ->Upgrade Readiness is a free solution for Azure subsribers. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits. +>Upgrade Readiness is a free solution for Azure subscribers. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits. The Upgrade Readiness service will ingest a full snapshot of your data into your OMS workspace on a daily basis. Each snapshot includes all of your devices that have been active within the past 30 days regardless of your OMS retention period. If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions. From 836ae25a11f2001cfe07b399bf9ccfe0ccfdf54d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 22 Mar 2018 14:01:58 -0700 Subject: [PATCH 5/5] revised contribution from technion --- .../security-policy-settings/maximum-password-age.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index cbcffa7067..7057705ad8 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -63,11 +63,13 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability -Modern security guidance does not consider long lifetime passwords a vulnerability. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information. +The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords allows a compromised password to be used by the malicious user for as long as the valid user is authorized access. ### Considerations -Many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet your organization's business requirements. +Mandated password changes are a long-standing security practice, but current research strongly indicates that password expiration has a negative effect. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information. + +Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements. For example, many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet business requirements. ### Potential impact