deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-emie-portal

Browse Source
This commit is contained in:
LizRoss 2017-05-04 13:47:36 -07:00
commit ce353d87ff
5 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.openpublishing.publish.config.json
View File

@ -2,6 +2,7 @@
"build_entry_point": "",
"need_generate_pdf": false,
"need_generate_intellisense": false,
"enable_incremental_build": true,
"docsets_to_publish": [
{
"docset_name": "education",

13
CONTRIBUTING.md
View File

@ -18,7 +18,7 @@ We've tried to make editing an existing, public file as simple as possible.
**To edit a topic**
1. Go to the page on TechNet that you want to update, and then click **Edit**.
1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**.
![GitHub Web, showing the Edit link](images/contribute-link.png)
@ -62,14 +62,23 @@ We've tried to make editing an existing, public file as simple as possible.
The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
- [Windows 10](https://docs.microsoft.com/windows/windows-10)
- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
- [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
- [Surface](https://docs.microsoft.com/surface)
- [Surface Hub](https://docs.microsoft.com/surface-hub)
- [HoloLens](https://docs.microsoft.com/hololens)
- [Microsoft Store](https://docs.microsoft.com/microsoft-store)
- [Windows 10 for Education](https://docs.microsoft.com/education/windows)
- [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
- [Internet Explorer 11](https://docs.microsoft.com/internet-explorer)
- [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack)

4
windows/access-protection/credential-guard/credential-guard-manage.md
View File

@ -143,8 +143,8 @@ For client machines that are running Windows 10 1703, LSAIso is running whenever
- **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard.
- **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\]
- **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]
You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
- **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.
You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
- **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.
## Disable Credential Guard

2
windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md
View File

@ -49,7 +49,7 @@ The Windows Hello for Business PIN is subject to the same set of IT management p
## What if someone steals the laptop or phone?
To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the users biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
You can provide additional protection for laptops that don't have TPM by enablng BitLocker and setting a policy to limit failed sign-ins.
You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins.
**Configure BitLocker without TPM**
1. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy:

2
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -25,7 +25,7 @@ If you want to minimize connections from Windows to Microsoft services, or confi
You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.