From d4c80c969d9289c20c4c37a2b5572ed7afe0a957 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 31 May 2018 15:31:10 -0700 Subject: [PATCH 1/3] fixed link --- windows/security/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index a465944d46..d980430450 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -251,7 +251,7 @@ sections: - html: Windows Defender Firewall - html: Windows Defender Exploit Guard - html: Windows Defender Credential Guard - - html: Windows Defender Device Guard + - html: Windows Defender Application Control - html: Windows Defender Application Guard - html: Windows Defender SmartScreen - html: Windows Defender Security Center From a2b503764c33feb777ae6f3adfa4ca1f6cf0e5ea Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 31 May 2018 22:49:35 +0000 Subject: [PATCH 2/3] Merged PR 8675: SetupDiag v1.2 v1.2 updates --- windows/deployment/upgrade/setupdiag.md | 47 +++++++++++++++++-------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 32654c3c19..e32dd8bf17 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.date: 05/02/2018 +ms.date: 05/30/2018 ms.localizationpriority: high --- @@ -312,38 +312,57 @@ Each rule name and its associated unique rule identifier are listed with a descr - Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes. 24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29 - Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes. -25. OptionalComponentInstallFailure - D012E2A2-99D8-4A8C-BBB2-088B92083D78 - - This rule detects an optional component installation failure that caused the update to fail. It will output the optional component name and error code its installation resulted in for diagnostic purposes. -26. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043 +25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043 - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes. -27. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14 +26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14 - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes. -28. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 +27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549 - This rule indicates the update failed to mount a wim file. It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes. -29. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E +28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E - Determines if the given setup was a success or not based off the logs. -30. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC +29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC - Gives information about failures surfaced early in the upgrade process by setuphost.exe -31. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 +30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55 - Gives failure information surfaced by SetupPlatform, later in the down-level phase. -32. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD +31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD - Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly. -33. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1 +32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1 - Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes. -34. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 +33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48 - Gives last operation, failure phase and error information when a rollback occurs. +34. AdvancedInstallerGenericFailure – 4019550D-4CAA-45B0-A222-349C48E86F71 + - A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported. +35. OptionalComponentFailedToGetOCsFromPackage – D012E2A2-99D8-4A8C-BBB2-088B92083D78 (NOTE: This rule replaces the OptionalComponentInstallFailure rule present in v1.10. + - This matches a specific Optional Component failure when attempting to enumerate components in a package. Will output the package name and error code. +36. OptionalComponentOpenPackageFailed – 22952520-EC89-4FBD-94E0-B67DF88347F6 + - Matches a specific Optional Component failure when attempting to open an OC package. Will output the package name and error code. +37. OptionalComponentInitCBSSessionFailed – 63340812-9252-45F3-A0F2-B2A4CA5E9317 + - Matches a specific failure where the advanced installer service or components aren’t operating or started on the system. Will output the error code. +38. UserProfileCreationFailureDuringFinalize – C6677BA6-2E53-4A88-B528-336D15ED1A64 + - Matches a specific User Profile creation error during the finalize phase of setup. Will output the failure code. +39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8 + - Matches a wim apply failure during wim extraction phases of setup. Will output the extension, path and error code. +40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2 + - Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code. +41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636 + - Matches any plug in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code. ## Release notes -05/02/2018 - SetupDiag v1.1 is released with 34 rules, as a standalone tool available from the Download Center. +05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center. + - Fixed a bug in device install failure detection in online mode. + - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost. + - Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing. + +05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center. - A performance enhancment has been added to result in faster rule processing. - Rules output now includes links to support articles, if applicable. - SetupDiag now provides the path and name of files that it is processing. - You can now run SetupDiag by simply clicking on it and then examining the output log file. - An output log file is now always created, whether or not a rule was matched. -03/30/2018 - SetupDiag v1.0 is released with 26 rules, as a standalone tool available from the Download Center. +03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center. ## Related topics From c5bd3b4ee96cb21153943603dd18a46a527e5816 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Fri, 1 Jun 2018 17:26:57 +0000 Subject: [PATCH 3/3] Merged PR 8690: add instructions for anonymous email/IM on Surface Hub --- .../surface-hub/change-history-surface-hub.md | 9 +++- ...-deployment-surface-hub-device-accounts.md | 51 +++++++++++++++++-- ...ses-deployment-surface-hub-multi-forest.md | 46 ++++++++++++++++- 3 files changed, 99 insertions(+), 7 deletions(-) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index e5ecc34139..3d35042b08 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -9,7 +9,7 @@ ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 05/22/2018 +ms.date: 06/01/2018 ms.localizationpriority: medium --- @@ -17,6 +17,12 @@ ms.localizationpriority: medium This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md). +## June 2018 + +New or changed topic | Description +--- | --- +[On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md) and [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Added (prerelease) instructions for disabling anonymous email and IM. + ## May 2018 New or changed topic | Description @@ -29,6 +35,7 @@ New or changed topic | Description --- | --- [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions for Skype for Business Hybrid. + ## March 2018 New or changed topic | Description diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index 6b3031daf5..aadc1fa22e 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -9,8 +9,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.topic: article -ms.date: 04/13/2018 +ms.date: 06/01/2018 ms.localizationpriority: medium --- @@ -105,10 +104,54 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true ``` - Again, you'll need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. + Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. -  + ## Disable anonymous email and IM + + +>[!WARNING] +>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account. + +Assume you have a per-user client policy assigned to each meeting room device with an identity of **SurfaceHubPolicy**. To disable anonymous email and messaging, you add a clientPolicyEntry to this client policy by using the following commands. + +``` +$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $false +$clientPolicy = Get-CsClientPolicy -Identity SurfaceHubPolicy +$clientPolicy.PolicyEntry.Add($policyEntry) +Set-CsClientPolicy -Instance $clientPolicy +``` + +To verify that the policy has been set: + +``` +Select-Object -InputObject $clientPolicy -Property PolicyEntry +``` + +The output should be: + +``` +PolicyEntry +----------- +{Name=AllowResourceAccountSendMessage;Value=False} +``` + + +To change the policy entry: + +``` +$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true +$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry} +``` + +To remove the policy entry: + +``` +$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true +$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry} +```   diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md index dd4e285e06..3c92823a8b 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md @@ -8,8 +8,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.topic: article -ms.date: 07/27/2017 +ms.date: 06/01/2018 ms.localizationpriority: medium --- @@ -98,7 +97,50 @@ If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 o You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity. +## Disable anonymous email and IM +>[!WARNING] +>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account. + +Assume you have a per-user client policy assigned to each meeting room device with an identity of **SurfaceHubPolicy**. To disable anonymous email and messaging, you add a clientPolicyEntry to this client policy by using the following commands. + +``` +$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $false +$clientPolicy = Get-CsClientPolicy -Identity SurfaceHubPolicy +$clientPolicy.PolicyEntry.Add($policyEntry) +Set-CsClientPolicy -Instance $clientPolicy +``` + +To verify that the policy has been set: + +``` +Select-Object -InputObject $clientPolicy -Property PolicyEntry +``` + +The output should be: + +``` +PolicyEntry +----------- +{Name=AllowResourceAccountSendMessage;Value=False} +``` + + +To change the policy entry: + +``` +$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true +$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry} +``` + +To remove the policy entry: + +``` +$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true +$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry} +```