From 931d5be5a65a7fbcb72d4c60a47169e82f46a617 Mon Sep 17 00:00:00 2001 From: Saurabh Koshta Date: Tue, 29 Jun 2021 11:51:33 -0500 Subject: [PATCH 1/8] Update bitlocker-csp.md https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5707 greg-lindsay commented on Dec 18, 2019 @lXbalanque I understand the issue :) I've confirmed that the MDM stack (Intune profile settings) currently supports only used space encryption. You can probably see that by going through all the settings that you've shown above. There is no available choice for "encrypt entire drive" or "full encryption" even though there are a lot of other settings. --- windows/client-management/mdm/bitlocker-csp.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index f19bba4d59..e9bd144485 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -172,6 +172,10 @@ If you want to disable this policy, use the following SyncML: ``` + +> [!NOTE] +> Currently only used space encryption is supported when using this CSP. + **EncryptionMethodByDriveType** @@ -1405,4 +1409,4 @@ The following example is provided to show proper format and should not be taken ``` - \ No newline at end of file + From 4ff59a54710e1006b8474d21a7b9fc2885be990a Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 13:31:11 -0700 Subject: [PATCH 2/8] formatting --- windows/whats-new/windows-11-requirements.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 368dd33786..c6338640b5 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -38,7 +38,9 @@ To install or upgrade to Windows 11, devices must meet the following minimum har - Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use. -\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). +\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). + +Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility). From bbcb845f9e40aecc8d7abd57782d42440a53f689 Mon Sep 17 00:00:00 2001 From: lmqferreira Date: Tue, 29 Jun 2021 22:10:14 +0100 Subject: [PATCH 3/8] Update hello-hybrid-cert-whfb-settings-pki.md fixed typo on group name --- .../hello-for-business/hello-hybrid-cert-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 25a3d96332..98cb3003ec 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -193,7 +193,7 @@ Sign-in to a certificate authority or management workstation with _Domain Admin 10. On the **Request Handling** tab, select the **Renew with same key** check box. -11. On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**. +11. On the **Security** tab, click **Add**. Type **Windows Hello for Business Users** in the **Enter the object names to select** text box and click **OK**. 12. Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Read**, **Enroll**, and **AutoEnroll** permissions. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. From 644c15d06715e50ec31d0bccbd36c68ec8cf5c96 Mon Sep 17 00:00:00 2001 From: JackD Date: Tue, 29 Jun 2021 17:25:25 -0400 Subject: [PATCH 4/8] Add link to CSP in alignment with above CSPs Link missing to CSP documentation similar to other CSPs listed above. --- .../deployment/update/update-compliance-configuration-manual.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index 10b6032442..e15c04a0eb 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -47,7 +47,7 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e |**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. | |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. | |**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. | -| **System/AllowUpdateComplianceProcessing** |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | +| **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. | ### Group policies From 52aa9452f44e2eeb52338308e1ac2a3f3de9161f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 29 Jun 2021 17:16:49 -0700 Subject: [PATCH 5/8] Acrolinx: 16 instances of "Bitlocker" --- .../client-management/mdm/bitlocker-csp.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index e9bd144485..e3f6b2bd85 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -180,7 +180,7 @@ If you want to disable this policy, use the following SyncML: **EncryptionMethodByDriveType** -Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)". +Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)". @@ -208,7 +208,7 @@ ADMX Info:
  • GP English name: Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
  • GP name: EncryptionMethodWithXts_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption
    • +
  • GP path: Windows Components/BitLocker Drive Encryption
  • GP ADMX file name: VolumeEncryption.admx
@@ -264,7 +264,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesRequireStartupAuthentication** -This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup". +This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
@@ -293,7 +293,7 @@ ADMX Info:
  • GP English name: Require additional authentication at startup
  • GP name: ConfigureAdvancedStartup_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -372,7 +372,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesMinimumPINLength** -This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup". +This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
@@ -401,7 +401,7 @@ ADMX Info:
  • GP English name:Configure minimum PIN length for startup
  • GP name: MinimumPINLength_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -448,7 +448,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesRecoveryMessage** -This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL" +This setting is a direct mapping to the BitLocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name). @@ -478,7 +478,7 @@ ADMX Info:
  • GP English name: Configure pre-boot recovery message and URL
  • GP name: PrebootRecoveryInfo_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -538,7 +538,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesRecoveryOptions** -This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name). +This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
@@ -567,7 +567,7 @@ ADMX Info:
  • GP English name: Choose how BitLocker-protected operating system drives can be recovered
  • GP name: OSRecoveryUsage_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -635,7 +635,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **FixedDrivesRecoveryOptions** -This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" (). +This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
@@ -664,7 +664,7 @@ ADMX Info:
  • GP English name: Choose how BitLocker-protected fixed drives can be recovered
  • GP name: FDVRecoveryUsage_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Fixed Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -741,7 +741,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **FixedDrivesRequireEncryption** -This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name). +This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
@@ -770,7 +770,7 @@ ADMX Info:
  • GP English name: Deny write access to fixed drives not protected by BitLocker
  • GP name: FDVDenyWriteAccess_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Fixed Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -810,7 +810,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **RemovableDrivesRequireEncryption** -This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name). +This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
@@ -839,7 +839,7 @@ ADMX Info:
  • GP English name: Deny write access to removable drives not protected by BitLocker
  • GP name: RDVDenyWriteAccess_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Removeable Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Removeable Drives
  • GP ADMX file name: VolumeEncryption.admx
From 6d8c5dd4bba6e9bf65ad57fd1ab0eb1fbef97b9c Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 23:16:30 -0700 Subject: [PATCH 6/8] title --- windows/whats-new/windows-11-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index c6338640b5..6f7a2364b6 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -38,7 +38,7 @@ To install or upgrade to Windows 11, devices must meet the following minimum har - Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use. -\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). +\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Windows 11 specifications](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). From 10aad7f0a310d68776dcfa95b9a4f9f490d8d854 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 23:20:49 -0700 Subject: [PATCH 7/8] fix title --- windows/whats-new/windows-11-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 6f7a2364b6..aa0532e98d 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -19,7 +19,7 @@ ms.custom: seo-marvel-apr2020 **Applies to** -- Windows 11 +- Windows 11 This article lists the system requirements for Windows 11. Windows 11 is also supported on a virtual machine (VM). From 94a34870288fe792549bdf36e7cdd23aa80abc91 Mon Sep 17 00:00:00 2001 From: "Boris I. Bendovsky" Date: Wed, 30 Jun 2021 13:15:11 +0300 Subject: [PATCH 8/8] Fix typo --- windows/client-management/troubleshoot-tcpip-port-exhaust.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md index e41c64b649..ca8551b1dd 100644 --- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md +++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md @@ -90,7 +90,7 @@ If you suspect that the machine is in a state of port exhaustion: ![Screenshot of event id 4231 in Event Viewer](images/tcp-ts-19.png) -3. Collect a `netstat -anob output` from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID. +3. Collect a `netstat -anob` output from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID. ![Screenshot of netstate command output](images/tcp-ts-20.png) @@ -196,4 +196,4 @@ goto loop - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status -- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10) \ No newline at end of file +- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10)