From b24b63f2ef09ac763c66b44e7d4cd1fb402095c2 Mon Sep 17 00:00:00 2001 From: Jared Parkinson Date: Mon, 21 Aug 2017 06:08:56 -0600 Subject: [PATCH 1/7] Update test-windows10s-for-edu.md --- education/windows/test-windows10s-for-edu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index f84864aaaf..fec38dd7d3 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -228,7 +228,7 @@ Common support questions for the Windows 10 S test program: * **What if I want to move from Windows 10 S to Windows 10 Pro?** - If you want to discontinue using Windows 10 S, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, ther emay be a cost to acquire a Windows 10 Pro license in the Store. + If you want to discontinue using Windows 10 S, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store. For help with activation issues, click on the appropriate link below for support options. * For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you are seeking commercial support to contact our commercial support team. From d10dacc238a7ccea69199e159156307a3f419e34 Mon Sep 17 00:00:00 2001 From: chintanpatel Date: Fri, 25 Aug 2017 09:55:06 -0700 Subject: [PATCH 2/7] Update configure-wd-app-guard.md --- .../configure-wd-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 73bb0a5fb0..5221675063 100644 --- a/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -40,7 +40,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Win |-----------|------------------|-----------|-------| |Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| |Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| -|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.

**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.| +|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | |Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
  1. Open a command-line program and navigate to Windows/System32.
  2. Type `wdagtool.exe cleanup`.
    The container environment is reset, retaining only the employee-generated data.
  3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.
    The container environment is reset, including discarding all employee-generated data.
| |Turn On/Off Windows Defender Application Guard (WDAG)|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.

**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.| From 9e44197fc374495cd08454e9979d97c2dcd135c4 Mon Sep 17 00:00:00 2001 From: Chai Wei Jie Date: Sat, 26 Aug 2017 14:18:50 +0800 Subject: [PATCH 3/7] Fix incorrect directory --- windows/deployment/windows-10-poc-sc-config-mgr.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index eb042d424b..dc842b3f38 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -239,8 +239,8 @@ This section contains several procedures to support Zero Touch installation with 1. Type the following commands at a Windows PowerShell prompt on SRV1: ``` - New-Item -ItemType Directory -Path "C:Sources\OSD\Boot" - New-Item -ItemType Directory -Path "C:Sources\OSD\OS" + New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot" + New-Item -ItemType Directory -Path "C:\Sources\OSD\OS" New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings" New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding" New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT" @@ -560,7 +560,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 1. Type the following commands at an elevated Windows PowerShell prompt on SRV1: ``` - New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64" + New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64" cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64" ``` From 7fb30e049f398b9758183369b97712f97e937f60 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Mon, 28 Aug 2017 14:48:10 -0700 Subject: [PATCH 4/7] fix seo meta and titles --- .../audit-windows-defender-exploit-guard.md | 2 +- .../controlled-folders-exploit-guard.md | 4 ++-- .../customize-attack-surface-reduction.md | 2 +- .../evaluate-attack-surface-reduction.md | 2 +- .../evaluate-controlled-folder-access.md | 2 +- .../evaluate-windows-defender-exploit-guard.md | 2 +- .../event-views-exploit-guard.md | 2 +- .../exploit-protection-exploit-guard.md | 2 +- .../network-protection-exploit-guard.md | 2 +- .../windows-defender-exploit-guard.md | 4 ++-- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index e2f11fc337..8ca8c4120a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Test how Windows Defender EG features will work in your organization +title: Test how Windows Defender EG features work description: Audit mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index c64d76ea70..2cda929649 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -1,6 +1,6 @@ --- -title: Prevent ransomware and other threats from encrypting and changing important files -description: Files in default folders, such as Documents and Desktop, can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files. +title: Help prevent ransomware and threats from encrypting and changing files +description: Files in default folders can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files. keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 72256aa36b..71db423dcf 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -1,5 +1,5 @@ --- -title: Configure how ASR works so you can finetune the protection in your network +title: Configure how ASR works to finetune protection in your network description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index e8476084c9..1e5a5acdee 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -1,5 +1,5 @@ --- -title: Use a demo tool to see how ASR could help protect your organization's devices +title: Use a demo to see how ASR can help protect your devices description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index 151c74bdb2..3b7019e217 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -1,5 +1,5 @@ --- -title: See how Windows 10 can protect your files from being changed by malicious apps +title: See how CFA can help protect files from being changed by malicious apps description: Use a custom tool to see how Controlled Folder Access works in Windows 10. keywords: controlled folder access, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md index bdeca98d57..7f93a40671 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Evaluate the impact of each of the four features in Windows Defender Exploit Guard +title: Evaluate the impact of Windows Defender Exploit Guard description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index 54066d6d43..2e4142e7ae 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Import custom views in XML to see Windows Defender Exploit Guard events +title: Import custom views to see Windows Defender Exploit Guard events description: Use Windows Event Viewer to import individual views for each of the features. keywords: event view, exploit guard, audit, review, events search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index e2d88d19db..cc5ba5334b 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Apply mitigations that help prevent attacks that use vulnerabilities in software +title: Apply mitigations to help prevent attacks through vulnerabilities keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET. search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index 23953b3eb1..2f1e023d45 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -1,5 +1,5 @@ --- -title: Use Network Protection to prevent connections to suspicious domains +title: Use Network Protection to help prevent connections to bad sites description: Protect your network by preventing users from accessing known malicious and suspicious network addresses keywords: Network Protection, exploits, malicious website, ip, domain, domains search.product: eADQiWindows 10XVcnh diff --git a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 7685caabc8..efab74fbdb 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -1,6 +1,6 @@ --- -title: Use Windows Defender Exploit Guard to protect your corporate network -description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection, including helping to prevent ransomware encryption and exploit attacks +title: Use Windows Defender Exploit Guard to protect your network +description: Windows Defender EG employs features that help protect your network from threats, including helping prevent ransomware encryption and exploit attacks keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system search.product: eADQiWindows 10XVcnh ms.pagetype: security From 39e8da095708055981bcd07bd6f9aa65f22c26d2 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 29 Aug 2017 11:55:01 -0700 Subject: [PATCH 5/7] gp image indentation --- .../enable-controlled-folders-exploit-guard.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index e105482635..3471eba455 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -77,8 +77,7 @@ For further details on how audit mode works, and when you might want to use it, - **Disable (Default)** - The Controlled Folder Access feature will not work. All apps can make changes to files in protected folders. - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization. - - ![](images/cfa-gp-enable.png) + ![](images/cfa-gp-enable.png) >[!IMPORTANT] >To fully enable the Controlled Folder Access feature, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu. From 186a3b08983d8a18c61695cea3e32b7c67c4f945 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 30 Aug 2017 13:54:53 +0000 Subject: [PATCH 6/7] Merged PR 2943: Fix redirect for old kiosk topic --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 9ee61b0ad6..cf6462beb5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -227,7 +227,7 @@ }, { "source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md", -"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use", +"redirect_url": "/windows/configuration/kiosk-shared-pc", "redirect_document_id": true }, { From 8a68fb42126c137884b3a7a3afb5a8a5b8198e56 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 30 Aug 2017 16:40:56 +0000 Subject: [PATCH 7/7] Merged PR 2952: Bitlocker CSP updated --- windows/client-management/mdm/bitlocker-csp.md | 10 +++++++++- .../mdm/new-in-windows-mdm-enrollment-management.md | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 979c1f9105..6b49909e86 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 08/14/2017 +ms.date: 08/28/2017 --- # BitLocker CSP @@ -211,6 +211,9 @@ The following diagram shows the BitLocker configuration service provider in tree

On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.

+> [!Note] +> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits. +

If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.

If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.

@@ -298,6 +301,11 @@ The following diagram shows the BitLocker configuration service provider in tree

This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.

+> [!Note] +> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits. +> +>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2. +

If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.

If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 1e82260c11..d3068c66de 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -981,6 +981,14 @@ For details about Microsoft mobile device management protocols for Windows 10 s +[Bitlocker CSP](bitlocker-csp.md) +

Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.

+ + +[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies) +

Added new policies.

+ + [Policy CSP](policy-configuration-service-provider.md)

Added the following new policies for Windows 10, version 1709:

    @@ -1385,7 +1393,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware [BitLocker CSP](bitlocker-csp.md) -Added information to the ADMX-backed policies. +Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. [Firewall CSP](firewall-csp.md)