From c3be617e0d73095d3242633fdd7c3ccc658d21a4 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 4 May 2017 08:48:49 -0700 Subject: [PATCH 1/5] do not apply package from system32 --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 804d9de6f8..b5b9ec5163 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -25,7 +25,7 @@ If you want to minimize connections from Windows to Microsoft services, or confi You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. -To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. +To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. You should not extract this package to the the windows\\system32 folder because it will not apply correctly. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. From 25efcdbc5450243b0db73b2c98e8c856b3687cc3 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 4 May 2017 10:41:05 -0700 Subject: [PATCH 2/5] enable incremental build --- .openpublishing.publish.config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 77e4cb1ee7..4b026cfdc9 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -2,6 +2,7 @@ "build_entry_point": "", "need_generate_pdf": false, "need_generate_intellisense": false, + "enable_incremental_build": true, "docsets_to_publish": [ { "docset_name": "education", From 0722c4926f11d2acbbaad4c061650459044bf3ae Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 4 May 2017 11:20:00 -0700 Subject: [PATCH 3/5] Removed TechNet --- CONTRIBUTING.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f5c90d0691..99dceed75d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,7 +18,7 @@ We've tried to make editing an existing, public file as simple as possible. **To edit a topic** -1. Go to the page on TechNet that you want to update, and then click **Edit**. +1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**. ![GitHub Web, showing the Edit link](images/contribute-link.png) @@ -62,14 +62,23 @@ We've tried to make editing an existing, public file as simple as possible. The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places: - [Windows 10](https://docs.microsoft.com/windows/windows-10) - - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy) + + - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy) + - [Surface](https://docs.microsoft.com/surface) + - [Surface Hub](https://docs.microsoft.com/surface-hub) + - [HoloLens](https://docs.microsoft.com/hololens) + - [Microsoft Store](https://docs.microsoft.com/microsoft-store) + - [Windows 10 for Education](https://docs.microsoft.com/education/windows) + - [Windows 10 for SMB](https://docs.microsoft.com/windows/smb) + - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer) + - [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack) From ff6cc8968a4e963406c8aa76cb21360b0de6f31b Mon Sep 17 00:00:00 2001 From: John Tobin Date: Thu, 4 May 2017 12:01:24 -0700 Subject: [PATCH 4/5] Indentation fix for Event ID 17 --- .../credential-guard/credential-guard-manage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/access-protection/credential-guard/credential-guard-manage.md b/windows/access-protection/credential-guard/credential-guard-manage.md index 9396f2dd47..05f08ab263 100644 --- a/windows/access-protection/credential-guard/credential-guard-manage.md +++ b/windows/access-protection/credential-guard/credential-guard-manage.md @@ -143,8 +143,8 @@ For client machines that are running Windows 10 1703, LSAIso is running whenever - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] - You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. + You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. ## Disable Credential Guard From 2c535a6bfb5c061d00bf4aa682b614cb7363225c Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 4 May 2017 12:48:56 -0700 Subject: [PATCH 5/5] fixing a typo enablng = enabling --- .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 1aa658b96a..208b3e6a3c 100644 --- a/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -49,7 +49,7 @@ The Windows Hello for Business PIN is subject to the same set of IT management p ## What if someone steals the laptop or phone? To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device. -You can provide additional protection for laptops that don't have TPM by enablng BitLocker and setting a policy to limit failed sign-ins. +You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins. **Configure BitLocker without TPM** 1. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy: