deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-firewall-reusable-settings

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-02-14 08:11:40 +01:00
parent a6db0f3995 9ef501b442
commit cae5b28781
2498 changed files with 17423 additions and 46795 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/operating-system-security/data-protection/bitlocker/images/network-unlock-diagram.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

1
windows/security/operating-system-security/data-protection/bitlocker/images/network-unlock-diagram.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

6
windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
View File

@ -46,7 +46,7 @@ The server side configuration to enable Network Unlock also requires provisionin
The Network Unlock process follows these phases:
:::row:::
:::column span="3":::
:::column span="2":::
1. The Windows boot manager detects a Network Unlock protector in the BitLocker configuration
2. The client computer uses its DHCP driver in the UEFI to get a valid IPv4 IP address
3. The client computer broadcasts a vendor-specific DHCP request that contains a network key (a 256-bit intermediate key) and an AES-256 session key for the reply. The network key is encrypted by using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server
@ -57,8 +57,8 @@ The Network Unlock process follows these phases:
8. This combined key is used to create an AES-256 key that unlocks the volume
9. Windows continues the boot sequence
:::column-end:::
:::column span="1":::
:::image type="content" source="images/network-unlock-diagram.png" alt-text="Diagram of the Network Unlock sequence." lightbox="images/network-unlock-diagram.png" border="false":::
:::column span="2":::
:::image type="content" source="images/network-unlock-diagram.svg" alt-text="Diagram of the Network Unlock sequence." lightbox="images/network-unlock-diagram.svg" border="false":::
:::column-end:::
:::row-end:::

2
windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
View File

@ -230,7 +230,7 @@ Add the desired protectors prior to encrypting the volume. The following example
```powershell
$pw = Read-Host -AsSecureString
<user inputs password>
Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
Add-BitLockerKeyProtector E: -PasswordProtector -Password $pw
```
> [!NOTE]

0
windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.PNG → windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 228 KiB

After

Width:  |  Height:  |  Size: 228 KiB

4
windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
View File

@ -47,7 +47,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
| *Public* | Setting name: [EnableLogSuccessConnections][CSP-10]<br>OMA-URI: `./Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableLogSuccessConnections` |
| *Public* | Setting name: [LogMaxFileSize][CSP-13]<br>OMA-URI: `./Vendor/MSFT/Firewall/MdmStore/PublicProfile/LogMaxFileSize` |
# [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
# [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../../../includes/configure/gpo-settings-1.md)]
@ -74,7 +74,7 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
Here are some recommendations for configuring Windows Firewall logging:
- Change the logging size to at least **20,480 KB (20 MB)** to ensure that the log file doesn't fill up too quickly. The maximum log size is 32,768 KB (32 MB)
- Change the logging size to at least **20,480 KB (20 MB)** to ensure that the log file doesn't fill up too quickly. The maximum log size is 32,767 KB (32 MB)
- For each profile (Domain, Private, and Public) change the default log file name from `%windir%\system32\logfiles\firewall\pfirewall.log` to:
- `%windir%\system32\logfiles\firewall\pfirewall_Domain.log`
- `%windir%\system32\logfiles\firewall\pfirewall_Private.log`

12
windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
View File

@ -49,7 +49,7 @@ Enhanced Phishing Protection can be configured via Microsoft Intune, Group Polic
Follow these instructions to configure your devices using either Microsoft Intune, GPO or CSP.
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
#### [:::image type="icon" source="../../../images/icons/intune.svg"::: **Intune**](#tab/intune)
To configure devices using Microsoft Intune, create a [**Settings catalog** policy][MEM-2], and use the settings listed under the category **`SmartScreen > Enhanced Phishing Protection`**:
@ -61,7 +61,7 @@ To configure devices using Microsoft Intune, create a [**Settings catalog** poli
Assign the policy to a security group that contains as members the devices or users that you want to configure.
#### [:::image type="icon" source="images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
#### [:::image type="icon" source="../../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
Enhanced Phishing Protection can be configured using the following group policy settings found under **Administrative Templates > Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection**:
@ -71,7 +71,7 @@ Enhanced Phishing Protection can be configured using the following group policy
- Notify Password Reuse
- Notify Unsafe App
#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
#### [:::image type="icon" source="../../../images/icons/gear.svg"::: **CSP**](#tab/csp)
Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1].
@ -107,7 +107,7 @@ To better help you protect your organization, we recommend turning on and using
| Notify Password Reuse | **Disabled** | **Enabled**:Turns on Enhanced Phishing Protection notifications when users reuse their work or school password and encourages them to change their password. |
| Notify Unsafe App | **Disabled** | **Enabled**:Turns on Enhanced Phishing Protection notifications when users type their work or school passwords in Notepad and Microsoft 365 Office Apps. |
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
#### [:::image type="icon" source="../../../images/icons/intune.svg"::: **Intune**](#tab/intune)
| Settings catalog element | Recommended value |
|---------------------------|-------------------|
@ -117,7 +117,7 @@ To better help you protect your organization, we recommend turning on and using
| Notify Password Reuse | **Enabled** |
| Notify Unsafe App | **Enabled** |
#### [:::image type="icon" source="images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
#### [:::image type="icon" source="../../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
| Group Policy setting | Recommended value |
|---------------------------|-------------------|
@ -127,7 +127,7 @@ To better help you protect your organization, we recommend turning on and using
| Notify Password Reuse | **Enabled** |
| Notify Unsafe App | **Enabled** |
#### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
#### [:::image type="icon" source="../../../images/icons/gear.svg"::: **CSP**](#tab/csp)
| MDM setting | Recommended value |
|-------------------------|-------------------|

3
windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
View File

@ -1,3 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 2048 2048">
<path d="M1792 0q53 0 99 20t82 55 55 81 20 100q0 53-20 99t-55 82-81 55-100 20h-128v1280q0 53-20 99t-55 82-81 55-100 20H256q-53 0-99-20t-82-55-55-81-20-100q0-53 20-99t55-82 81-55 100-20V256q0-53 20-99t55-82 81-55T512 0h1280zM128 1792q0 27 10 50t27 40 41 28 50 10h930q-34-60-34-128t34-128H256q-27 0-50 10t-40 27-28 41-10 50zm1280 128q27 0 50-10t40-27 28-41 10-50V256q0-68 34-128H512q-27 0-50 10t-40 27-28 41-10 50v1280h1024q26 0 45 19t19 45q0 26-19 45t-45 19q-25 0-49 9t-42 28q-18 18-27 42t-10 49q0 27 10 50t27 40 41 28 50 10zm384-1536q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10q-27 0-50 10t-40 27-28 41-10 50v128h128zm-1280 0h896v128H512V384zm0 256h256v128H512V640zm0 256h256v128H512V896zm0 256h256v128H512v-128zm640-512q53 0 99 20t82 55 55 81 20 100q0 17-4 33t-4 31v539l-248-124-248 124V960q0-14-4-30t-4-34q0-53 20-99t55-82 81-55 100-20zm0 128q-27 0-50 10t-40 27-28 41-10 50q0 27 10 50t27 40 41 28 50 10q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10zm136 549v-204q-30 20-65 29t-71 10q-36 0-71-9t-65-30v204l136-68 136 68z" fill="#0078D4" />
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

24
windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
View File

@ -1,24 +0,0 @@
<svg id="a9ed4d43-c916-4b9a-b9ca-be76fbdc694c" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
<defs>
<linearGradient id="aaede26b-698f-4a65-b6db-859d207e2da6" x1="8.05" y1="11.32" x2="8.05" y2="1.26" gradientUnits="userSpaceOnUse">
<stop offset="0" stop-color="#0078d4" />
<stop offset="0.82" stop-color="#5ea0ef" />
</linearGradient>
<linearGradient id="bc54987f-34ba-4701-8ce4-6eca10aff9e9" x1="8.05" y1="15.21" x2="8.05" y2="11.32" gradientUnits="userSpaceOnUse">
<stop offset="0" stop-color="#1490df" />
<stop offset="0.98" stop-color="#1f56a3" />
</linearGradient>
<linearGradient id="a5434fd8-c18c-472c-be91-f2aa070858b7" x1="8.05" y1="7.87" x2="8.05" y2="4.94" gradientUnits="userSpaceOnUse">
<stop offset="0" stop-color="#d2ebff" />
<stop offset="1" stop-color="#f0fffd" />
</linearGradient>
</defs>
<title>Icon-intune-329</title>
<rect x="0.5" y="1.26" width="15.1" height="10.06" rx="0.5" fill="url(#aaede26b-698f-4a65-b6db-859d207e2da6)" />
<rect x="1.34" y="2.1" width="13.42" height="8.39" rx="0.28" fill="#fff" />
<path d="M11.08,14.37c-1.5-.23-1.56-1.31-1.55-3h-3c0,1.74-.06,2.82-1.55,3a.87.87,0,0,0-.74.84h7.54A.88.88,0,0,0,11.08,14.37Z" fill="url(#bc54987f-34ba-4701-8ce4-6eca10aff9e9)" />
<path d="M17.17,5.91H10.29a2.31,2.31,0,1,0,0,.92H11v9.58a.33.33,0,0,0,.33.33h5.83a.33.33,0,0,0,.33-.33V6.24A.33.33,0,0,0,17.17,5.91Z" fill="#32bedd" />
<rect x="11.62" y="6.82" width="5.27" height="8.7" rx="0.12" fill="#fff" />
<circle cx="8.05" cy="6.41" r="1.46" opacity="0.9" fill="url(#a5434fd8-c18c-472c-be91-f2aa070858b7)" />
<path d="M14.88,10.82,13.76,9.7a.06.06,0,0,0-.1.05v.68a.06.06,0,0,1-.06.06H11v.83H13.6a.06.06,0,0,1,.06.06v.69a.06.06,0,0,0,.1,0L14.88,11A.12.12,0,0,0,14.88,10.82Z" fill="#0078d4" />
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.8 KiB

3
windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
View File

@ -1,3 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048" width="18" height="18" >
<path d="M0 0h961v961H0V0zm1087 0h961v961h-961V0zM0 1087h961v961H0v-961zm1087 0h961v961h-961v-961z" fill="#0078D4" />
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 215 B