mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into win10soffer
This commit is contained in:
Celeste de Guzman
commit
ccee8ac375
@ -227,7 +227,7 @@
|
||||
},
|
||||
{
|
||||
"source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
|
||||
"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
|
||||
"redirect_url": "/windows/configuration/kiosk-shared-pc",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
|
||||
@ -6,7 +6,7 @@ ms.topic: article
|
||||
ms.prod: w10
|
||||
ms.technology: windows
|
||||
author: nickbrower
|
||||
ms.date: 08/14/2017
|
||||
ms.date: 08/28/2017
|
||||
---
|
||||
|
||||
# BitLocker CSP
|
||||
@ -211,6 +211,9 @@ The following diagram shows the BitLocker configuration service provider in tree
|
||||
|
||||
<p style="margin-left: 20px">On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.</p>
|
||||
|
||||
> [!Note]
|
||||
> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
|
||||
|
||||
<p style="margin-left: 20px">If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.</p>
|
||||
|
||||
<p style="margin-left: 20px">If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.</p>
|
||||
@ -298,6 +301,11 @@ The following diagram shows the BitLocker configuration service provider in tree
|
||||
|
||||
<p style="margin-left: 20px">This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.</p>
|
||||
|
||||
> [!Note]
|
||||
> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits.
|
||||
>
|
||||
>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
|
||||
|
||||
<p style="margin-left: 20px">If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.</p>
|
||||
|
||||
<p style="margin-left: 20px">If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.</p>
|
||||
|
||||
@ -981,6 +981,14 @@ For details about Microsoft mobile device management protocols for Windows 10 s
|
||||
</ul>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
|
||||
<td style="vertical-align:top"><p>Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies)</td>
|
||||
<td style="vertical-align:top"><p>Added new policies.</p>
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
|
||||
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
|
||||
<ul>
|
||||
@ -1385,7 +1393,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
|
||||
<td style="vertical-align:top">Added information to the ADMX-backed policies.
|
||||
<td style="vertical-align:top">Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
|
||||
</td></tr>
|
||||
<tr class="odd">
|
||||
<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
|
||||
|
||||
@ -239,8 +239,8 @@ This section contains several procedures to support Zero Touch installation with
|
||||
1. Type the following commands at a Windows PowerShell prompt on SRV1:
|
||||
|
||||
```
|
||||
New-Item -ItemType Directory -Path "C:Sources\OSD\Boot"
|
||||
New-Item -ItemType Directory -Path "C:Sources\OSD\OS"
|
||||
New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
|
||||
New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
|
||||
New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
|
||||
New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
|
||||
New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
|
||||
@ -560,7 +560,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
|
||||
1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
|
||||
|
||||
```
|
||||
New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64"
|
||||
New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
|
||||
cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
|
||||
```
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|
||||
|-----------|------------------|-----------|-------|
|
||||
|Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<ul><li>Disable the clipboard functionality completely when Virtualization Security is enabled.</li><li>Enable copying of certain content from Application Guard into Microsoft Edge.</li><li>Enable copying of certain content from Microsoft Edge into Application Guard.<br><br>**Important**<br>Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.</li></ul>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|
||||
|Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<ul><li>Enable Application Guard to print into the XPS format.</li><li>Enable Application Guard to print into the PDF format.</li><li>Enable Application Guard to print to locally attached printers.</li><li>Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.</ul>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
|
||||
|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.<br><br>**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.|
|
||||
|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.<br><br>**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
|
||||
|Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<br><br>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<br><br>**Note**<br>If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br>**To reset the container:**<ol><li>Open a command-line program and navigate to Windows/System32.</li><li>Type `wdagtool.exe cleanup`.<br>The container environment is reset, retaining only the employee-generated data.</li><li>Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.<br>The container environment is reset, including discarding all employee-generated data.</li></ol>|
|
||||
|Turn On/Off Windows Defender Application Guard (WDAG)|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.<br><br>**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Test how Windows Defender EG features will work in your organization
|
||||
title: Test how Windows Defender EG features work
|
||||
description: Audit mode lets you use the event log to see how Windows Defender Exploit Guard would protect your devices if it were enabled
|
||||
keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Prevent ransomware and other threats from encrypting and changing important files
|
||||
description: Files in default folders, such as Documents and Desktop, can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files.
|
||||
title: Help prevent ransomware and threats from encrypting and changing files
|
||||
description: Files in default folders can be protected from being changed by malicious apps. This can help prevent ransomware encrypting your files.
|
||||
keywords: controlled folder access, windows 10, windows defender, ransomware, protect, files, folders
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure how ASR works so you can finetune the protection in your network
|
||||
title: Configure how ASR works to finetune protection in your network
|
||||
description: You can individually set rules in audit, block, or disabled modes, and add files and folders that should be excluded from ASR
|
||||
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, customize, configure, exclude
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -77,7 +77,6 @@ For further details on how audit mode works, and when you might want to use it,
|
||||
- **Disable (Default)** - The Controlled Folder Access feature will not work. All apps can make changes to files in protected folders.
|
||||
- **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
|
||||
|
||||
|
||||
|
||||
|
||||
>[!IMPORTANT]
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use a demo tool to see how ASR could help protect your organization's devices
|
||||
title: Use a demo to see how ASR can help protect your devices
|
||||
description: The custom demo tool lets you create sample malware infection scenarios so you can see how ASR would block and prevent attacks
|
||||
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, evaluate, test, demo
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: See how Windows 10 can protect your files from being changed by malicious apps
|
||||
title: See how CFA can help protect files from being changed by malicious apps
|
||||
description: Use a custom tool to see how Controlled Folder Access works in Windows 10.
|
||||
keywords: controlled folder access, windows 10, windows defender, ransomware, protect, evaluate, test, demo, try
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Evaluate the impact of each of the four features in Windows Defender Exploit Guard
|
||||
title: Evaluate the impact of Windows Defender Exploit Guard
|
||||
description: Use our evaluation guides to quickly enable and configure features, and test them against common attack scenarios
|
||||
keywords: evaluate, guides, evaluation, exploit guard, controlled folder access, attack surface reduction, exploit protection, network protection, test, demo
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Import custom views in XML to see Windows Defender Exploit Guard events
|
||||
title: Import custom views to see Windows Defender Exploit Guard events
|
||||
description: Use Windows Event Viewer to import individual views for each of the features.
|
||||
keywords: event view, exploit guard, audit, review, events
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Apply mitigations that help prevent attacks that use vulnerabilities in software
|
||||
title: Apply mitigations to help prevent attacks through vulnerabilities
|
||||
keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
|
||||
description: Exploit Protection in Windows 10 provides advanced configuration over the settings offered in EMET.
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use Network Protection to prevent connections to suspicious domains
|
||||
title: Use Network Protection to help prevent connections to bad sites
|
||||
description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
|
||||
keywords: Network Protection, exploits, malicious website, ip, domain, domains
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Use Windows Defender Exploit Guard to protect your corporate network
|
||||
description: Windows Defender Exploit Guard consists of features that can protect your network from malware and threat infection, including helping to prevent ransomware encryption and exploit attacks
|
||||
title: Use Windows Defender Exploit Guard to protect your network
|
||||
description: Windows Defender EG employs features that help protect your network from threats, including helping prevent ransomware encryption and exploit attacks
|
||||
keywords: emet, exploit guard, Controlled Folder Access, Network Protection, Exploit Protection, Attack Surface Reduction, hips, host intrusion prevention system
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user