deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-tea-CI-103303-04

Browse Source
This commit is contained in:
Teresa-Motiv
2019-06-28 09:04:35 -07:00
parent d499b82d47 1219258629
commit cb9258d285
8 changed files with 18 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -194,10 +194,13 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
##### FileExplorerNamespaceRestrictions
Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported.
Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog box in multi-app assigned access by including **FileExplorerNamespaceRestrictions** in your XML file. Currently, **Downloads** is the only folder supported. This can also be set using Microsoft Intune.
The following example shows how to allow user access to the Downloads folder in the common file dialog box.
>[!TIP]
> To grant access to the Downloads folder through File Explorer, add "Explorer.exe" to the list of allowed apps, and pin a file explorer shortcut to the kiosk start menu.
```xml
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration

16
windows/deployment/windows-autopilot/enrollment-status.md
View File

@ -30,22 +30,6 @@ The ESP will track the installation of applications, security policies, certific
![Enrollment Status Page](images/enrollment-status-page.png)
## Installation progress tracking
The Enrollment Status Page tracks a subset of the available MDM CSP policies that are delivered to the device as part of the complete device configuration process. The specific types of policies that are tracked include:
- Certain types of app installations.
- Enterprise modern apps (Appx/MSIX) installed by the [Enterprise Modern App Management CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisemodernappmanagement-csp).
- Enterprise desktop apps (single-file MSIs) installed by the [Enterprise Desktop App Management CSP](https://docs.microsoft.com/windows/client-management/mdm/enterprisedesktopappmanagement-csp).
- Certain device configuration policies. The following types of policies and installations are not tracked:
- Intune Management Extensions PowerShell scripts
- Office 365 ProPlus installations<sup>**</sup>
- System Center Configuration Manager apps, packages, and task sequences
<sup>**</sup>The ability to track Office 365 ProPlus installations was added with Windows 10, version 1809.<br>
## More information
For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).<br>

5
windows/security/identity-protection/hello-for-business/hello-overview.md
View File

@ -53,9 +53,9 @@ Windows stores biometric data that is used to implement Windows Hello securely o
## The difference between Windows Hello and Windows Hello for Business
- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, however it is not backed by asymmetric (public/private key) or certificate-based authentication.
- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, but can use a simple password hash depending on an individual's account type. This configuration is referred to as Windows Hello convenience PIN and it is not backed by asymmetric (public/private key) or certificate-based authentication.
- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication.
- **Windows Hello for Business**, which is configured by Group Policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This makes it much more secure than **Windows Hello convenience PIN**.
## Benefits of Windows Hello
@ -95,7 +95,6 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md).
Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
## Learn more
[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/en-us/itshowcase/implementing-windows-hello-for-business-at-microsoft)