From bb2f5d07d97f655797d57e82603ca4caddac1911 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 4 Jan 2022 17:41:49 +0530 Subject: [PATCH 01/13] Updated table --- .../ie11-deploy-guide/new-group-policy-settings-for-ie11.md | 1 + 1 file changed, 1 insertion(+) diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md index 557d57b34a..e6c30a056e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md @@ -34,6 +34,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manage | Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.

If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.

**In Internet Explorer 9 and 10:**
If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.

**In at least IE11:**
If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.

If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. | | Don't run antimalware programs against ActiveX controls
(Internet, Restricted Zones) |

| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.

If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. | | Don't run antimalware programs against ActiveX controls
(Intranet, Trusted, Local Machine Zones) |

| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.

If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. | +| Hide Internet Explorer 11 Application Retirement Notification | Administrative Templates\Windows Components\Internet Explorer | Internet Explorer 11 on Windows 10 20H2 & newer | This policy setting allows you to prevent the notification bar that informs users of Internet Explorer 11’s retirement from showing up.
If you disable or don’t configure this setting, the notification will be shown. | | Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.

If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.

If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.

If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. | | Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.

If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.

If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. | | Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.

If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.

If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.

**Note:**
You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. | From c9766eefa956eaeeaa14ccc4ce920e47d13af587 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:02:03 +0200 Subject: [PATCH 02/13] Add info about next version https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10051 --- ...e-guard-signing-portal-in-microsoft-store-for-business.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index 7311563492..cc73221cbc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -26,6 +26,9 @@ ms.technology: windows-sec - Windows 11 - Windows Server 2016 and above +> [!IMPORTANT] +> The existing web-based mechanism for the Device Guard Signing service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). More details can be found [here](https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing) and [here](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). + > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). @@ -47,4 +50,4 @@ Before you get started, be sure to review these best practices: 4. After the files are uploaded, click **Sign** to sign the code integrity policy. 5. Click **Download** to download the signed code integrity policy. - When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. \ No newline at end of file + When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. From 25d4a0950f71c2e502a375619ff982e6ea4613a0 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:31:25 +0200 Subject: [PATCH 03/13] add info https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10070 --- .../hello-hybrid-cert-new-install.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 893bb67c67..7fc2f3cb26 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -55,15 +55,17 @@ Windows Hello for Business must have a public key infrastructure regardless of t This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. +More details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [here](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). + +>[!NOTE] +>Never install a certificate authority on a domain controller in a production environment. + ### Lab-based public key infrastructure The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment. Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. ->[!NOTE] ->Never install a certificate authority on a domain controller in a production environment. - 1. Open an elevated Windows PowerShell prompt. 2. Use the following command to install the Active Directory Certificate Services role. ```PowerShell @@ -148,4 +150,4 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation 3. New Installation Baseline (*You are here*) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) -6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) \ No newline at end of file +6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) From 5c669bde762a84a0779e938a257c1e568a497a28 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 6 Jan 2022 10:22:46 +0200 Subject: [PATCH 04/13] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 7fc2f3cb26..c93d1abad1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -55,7 +55,7 @@ Windows Hello for Business must have a public key infrastructure regardless of t This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. -More details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [here](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). +For more details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services, see [Follow the Windows Hello for Business hybrid key trust deployment guide](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [Install the Certification Authority](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). >[!NOTE] >Never install a certificate authority on a domain controller in a production environment. From 618bad0a8532ac48d1b91b27b900844a7fe67dd7 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 6 Jan 2022 10:30:52 +0200 Subject: [PATCH 05/13] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-new-install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index c93d1abad1..05d4a7b317 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -57,8 +57,8 @@ This guide assumes most enterprises have an existing public key infrastructure. For more details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services, see [Follow the Windows Hello for Business hybrid key trust deployment guide](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [Install the Certification Authority](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). ->[!NOTE] ->Never install a certificate authority on a domain controller in a production environment. +> [!NOTE] +> Never install a certificate authority on a domain controller in a production environment. ### Lab-based public key infrastructure From 03c95d0f0909232244c48b4ccd5e0204a03ed74f Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 6 Jan 2022 11:35:47 +0200 Subject: [PATCH 06/13] Update windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...vice-guard-signing-portal-in-microsoft-store-for-business.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index cc73221cbc..5956abbc56 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -27,7 +27,7 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!IMPORTANT] -> The existing web-based mechanism for the Device Guard Signing service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). More details can be found [here](https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing) and [here](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). +> The existing web-based mechanism for the Device Guard Signing Service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](/microsoft-store/device-guard-signing-portal). For more details, see [Sign an MSIX package with Device Guard signing](/windows/msix/package/signing-package-device-guard-signing) and [Device Guard signing](/microsoft-store/device-guard-signing-portal). > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). From 7b65e1466afd60e1e4f54369ae328b60ef477e7c Mon Sep 17 00:00:00 2001 From: Herbert Mauerer <41573578+HerbertMauerer@users.noreply.github.com> Date: Tue, 25 Jan 2022 07:39:01 +0100 Subject: [PATCH 07/13] event ID wrong. it's 4625, not 4525. Sorry about the typo. --- .../credential-guard/credential-guard-known-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 0f5e251a7f..c1be2ae436 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -33,7 +33,7 @@ The following known issue has been fixed in the [Cumulative Security Update for Failure occurred in ‘LogonUserExEx’.
User Action: Ensure the credentials for the task are correctly specified.
Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect)." -- When enabling NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. You also get a similar user name in a user logon failure event 4525 with error 0xC0000064 on the machine itself. For example: +- When enabling NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. You also get a similar user name in a user logon failure event 4625 with error 0xC0000064 on the machine itself. For example: > Log Name: Microsoft-Windows-NTLM/Operational Source: Microsoft-Windows-Security-Netlogon Event ID: 8004 From 11c75bf65aadf4a86ecd1ffa3de4339882485939 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 25 Jan 2022 13:31:48 +0500 Subject: [PATCH 08/13] Update in Zone Information I have checked and found that the default settings in the IE security zone were not correct. Updated the correct default security zone settings. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10154 --- windows/client-management/mdm/policy-csp-internetexplorer.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 1206fca386..036aa82cdc 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -1956,7 +1956,7 @@ ADMX Info: This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. -Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) +Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Medium template), Intranet zone (Medium-Low template), Internet zone (Medium-high template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.) If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information: @@ -14006,4 +14006,4 @@ ADMX Info:

- \ No newline at end of file + From 7d34ec3f2df69d626b0589dad1f21ef155a57e77 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 25 Jan 2022 13:25:49 +0200 Subject: [PATCH 09/13] Add link to HVCI in WDAC context https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10042 --- .../select-types-of-rules-to-create.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index e5bf200d59..2ce348a9f0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -31,6 +31,8 @@ ms.technology: windows-sec Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. +Windows Defender Application Control (WDAC) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [hypervisor-protected code integrity (HVCI)](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control). + ## Windows Defender Application Control policy rules To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy: From c1bfb01ce7f77db0f55eed9ee5c452d396f67468 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 26 Jan 2022 09:14:59 +0200 Subject: [PATCH 10/13] Update windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 2ce348a9f0..c702281850 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -31,7 +31,7 @@ ms.technology: windows-sec Windows Defender Application Control (WDAC) can control what runs on Windows 10 and Windows 11, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted. -Windows Defender Application Control (WDAC) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [hypervisor-protected code integrity (HVCI)](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control). +WDAC is used to restrict devices to run only approved apps, while the operating system is hardened against kernel memory attacks using [hypervisor-protected code integrity (HVCI)](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control). ## Windows Defender Application Control policy rules From 0c8ecea7d25946dc9d25d2631862915abb66b5aa Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 26 Jan 2022 13:30:12 -0800 Subject: [PATCH 11/13] Update credential-guard-known-issues.md --- .../credential-guard/credential-guard-known-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index c1be2ae436..8b066076bb 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -12,7 +12,7 @@ ms.author: dansimp manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -ms.date: 01/24/2022 +ms.date: 01/26/2022 ms.reviewer: --- From 6e1af48451de4541cebf4ad10446440090f64045 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 26 Jan 2022 13:34:37 -0800 Subject: [PATCH 12/13] Update select-types-of-rules-to-create.md --- .../select-types-of-rules-to-create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index c702281850..a4b02ea6ac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -10,11 +10,11 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: jsuther1974 +author: dansimp ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 07/15/2021 +ms.date: 01/26/2022 ms.technology: windows-sec --- From 215aaa2b68b855c0098898e343df76b5428579e0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 26 Jan 2022 13:37:52 -0800 Subject: [PATCH 13/13] Update windows-security-baselines.md --- .../windows-security-baselines.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 17e520e281..ebdec42441 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 01/24/2022 +ms.date: 01/26/2022 ms.reviewer: jmunck ms.technology: windows-sec --- @@ -63,9 +63,9 @@ There are several ways to get and use security baselines: 1. You can download the security baselines from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319). This download page is for the Security Compliance Toolkit (SCT), which comprises tools that can assist admins in managing baselines in addition to the security baselines. The security baselines are included in the [Security Compliance Toolkit (SCT)](security-compliance-toolkit-10.md), which can be downloaded from the Microsoft Download Center. The SCT also includes tools to help admins manage the security baselines. You can also [Get Support for the security baselines](get-support-for-security-baselines.md) -2. [MDM (Mobile Device Management) security baselines](/windows/client-management/mdm/#mdm-security-baseline.md) function like the Microsoft group policy-based security baselines and can easily integrate this into an existing MDM management tool. +2. [MDM (Mobile Device Management) security baselines](/windows/client-management/mdm/#mdm-security-baseline) function like the Microsoft group policy-based security baselines and can easily integrate this into an existing MDM management tool. -3. MDM Security baselines can easily be configures in Microsoft Endpoint Manager on devices that run Windows 10 and 11. The following article provides the detail steps: [Windows MDM (Mobile Device Management) baselines](/mem/intune/protect/security-baseline-settings-mdm-all.md). +3. MDM Security baselines can easily be configures in Microsoft Endpoint Manager on devices that run Windows 10 and 11. The following article provides the detail steps: [Windows MDM (Mobile Device Management) baselines](/mem/intune/protect/security-baseline-settings-mdm-all). ## Community