Merge remote-tracking branch 'refs/remotes/origin/master' into live

2025-05-21 09:47:22 +00:00 · 2017-01-24 10:39:02 -08:00 · 2017-01-24 10:39:02 -08:00 · d1aedff819
commit d1aedff819
parent 53d09cc6ea 814fa84e53
3 changed files with 6 additions and 3 deletions
--- a/windows/deploy/images/upgrade-analytics-unsubscribe.png
+++ b/windows/deploy/images/upgrade-analytics-unsubscribe.png
--- a/windows/deploy/troubleshoot-upgrade-analytics.md
+++ b/windows/deploy/troubleshoot-upgrade-analytics.md
@ -27,6 +27,8 @@ If you want to stop using Upgrade Analytics and stop sending telemetry data to M

 1.  Unsubscribe from the Upgrade Analytics solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.

+  ![Upgrade Analytics unsubscribe](images/upgrade-analytics-unsubscribe.png)
+
 2.  Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:

  **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
--- a/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/keep-secure/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@ -26,13 +26,14 @@ The credentials are put in Credential Manager as a "`*Session`" credential.
 A "`*Session`" credential implies that it is valid for the current user session. 
 The credentials are also cleaned up when the WiFi or VPN connection is disconnected. 

-When the user tries to access a domain resource, using Edge for example, Edge has the right Enterprise Authentication capability so WinInit.exe can release the credentials that it gets from the Credential Manager to the SSP that is requesting it. 
+When the user tries to access a domain resource, using Edge for example, Edge has the right Enterprise Authentication capability so [WinInet](https://msdn.microsoft.com/library/windows/desktop/aa385483.aspx) can release the credentials that it gets from the Credential Manager to the SSP that is requesting it. 
 For more information about the Enterprise Authentication capability, see [App capability declarations](https://msdn.microsoft.com/windows/uwp/packaging/app-capability-declarations). 

-WinInit.exe will look at the device application, such as a Universal Windows Platform (UWP) application, to see if it has the right capability. 
+WinInet will look at the device application, such as a Universal Windows Platform (UWP) application, to see if it has the right capability. 
 If the app is not UWP, it does not matter. 
 But if it is a UWP app, it will look at the device capability for Enterprise Authentication. 
-If it does have that capability and if the resource that you are trying to access is in the Intranet zone in the Internet Options (ZoneMap), then the credential will be released. 
+If it does have that capability and if the resource that you are trying to access is in the Intranet zone in the Internet Options (ZoneMap), then the credential will be released.
+This behavior helps prevent credentials from being misused by untrusted third parties.  

 ## Intranet zone