From 52a05f027d0741116c7275b3aebe94f4e5063c7c Mon Sep 17 00:00:00 2001 From: anaharris-ms <61602255+anaharris-ms@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:08:25 -0400 Subject: [PATCH 01/94] edit --- ...man-protocol-over-ikev2-vpn-connections.md | 58 ++++++++++++++++--- 1 file changed, 50 insertions(+), 8 deletions(-) diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 834f56a321..809b88492a 100644 --- a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -1,19 +1,25 @@ --- -title: How to configure Diffie Hellman protocol over IKEv2 VPN connections -description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections. -ms.date: 09/23/2021 +title: How to configure cryptographic settings for IKEv2 VPN connections +description: Learn how to update the IKEv2 cryptographic settings of VPN servers and clients by running VPN cmdlets to secure connections. +ms.date: 06/28/2023 ms.topic: how-to --- -# How to configure Diffie Hellman protocol over IKEv2 VPN connections +# How to configure cryptographic settings for IKEv2 VPN connections -In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. +In IKEv2 VPN connections, the default setting for IKEv2 cryptographic settings are: + +- Encryption Algorithm : DES3 +- Integrity, Hash Algorithm : SHA1 +- Diffie Hellman Group (Key Size): DH2 + +These settings aren't secure for IKE exchanges. To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets. ## VPN server -For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. +For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. These settings are effective for all IKEv2 VPN connections. ```powershell Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy @@ -30,7 +36,43 @@ Set-VpnServerIPsecConfiguration -CustomPolicy For VPN client, you need to configure each VPN connection. For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection: - ```powershell Set-VpnConnectionIPsecConfiguration -ConnectionName -``` \ No newline at end of file +``` + +## IKEv2 Crypto Settings Example + +The following commands configure the IKEv2 cryptographic settings to: + +- Encryption Algorithm : AES128 +- Integrity, Hash Algorithm : SHA256 +- Diffie Hellman Group (Key Size): DH14 + +### IKEv2 VPN Server + +```powershell +Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PFSgroup PFS2048 -SALifeTimeSeconds 28800 -MMSALifeTimeSeconds 86400 -SADataSizeForRenegotiationKilobytes 1024000 +restart-service RemoteAccess -PassThru +``` + +If you need to switch back to the default IKEv2 settings, use this command: + +```powershell +Set-VpnServerConfiguration -TunnelType IKEv2 -RevertToDefault +restart-service RemoteAccess -PassThru +``` + +### IKEv2 VPN Client + +```powershell +Set-VpnConnectionIPsecConfiguration -ConnectionName -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 -Force +``` + +If you need to switch back to the default IKEv2 settings, use this command: + +```powershell +Set-VpnConnectionIPsecConfiguration -ConnectionName -RevertToDefault -Force +``` + +> [!TIP] +> If you're configuring a all-user VPN connection or a Device Tunnel you must use the `-AllUserConnection` parameter in the `Set-VpnConnectionIPsecConfiguration` command. \ No newline at end of file From 64edab790ff4fd06c4e62fdc36c45b3d1dfc5632 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Thu, 29 Jun 2023 15:54:58 -0500 Subject: [PATCH 02/94] Learn Editor: Update windows-upgrade-and-migration-considerations.md --- .../upgrade/windows-upgrade-and-migration-considerations.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index 9d45ea81e3..6df13ed120 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -34,6 +34,8 @@ With Windows Easy Transfer, files and settings can be transferred using a networ ### Migrate with the User State Migration Tool You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they're migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded. +Note USMT supports devices that are joined to an Active Directory domain. USMT does not support hybrid or AAD joined devices. + ## Upgrade and migration considerations Whether you're upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations: From 56e24c41f93f2871cbe00a53070a303c48f059e7 Mon Sep 17 00:00:00 2001 From: mattweberms <138896848+mattweberms@users.noreply.github.com> Date: Fri, 7 Jul 2023 10:12:19 -0600 Subject: [PATCH 04/94] Update provisioning-multivariant.md Add SocIdentifier information --- .../provisioning-packages/provisioning-multivariant.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md index a22a2e2dc5..f6bda1fbba 100644 --- a/windows/configuration/provisioning-packages/provisioning-multivariant.md +++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md @@ -66,6 +66,7 @@ The following table shows the conditions supported in Windows client provisionin | ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. | | AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. | | PowerPlatformRole | P1 | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role). | +| SocIdentifier | P1 | Supported | String | Use to target settings based on the Soc Identifier. Available since 25301 OS build version. | | Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. | | Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. | | Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). | From eef87f3a0c7b2c6e0a2e4a3c1e9e25473cfbe0ad Mon Sep 17 00:00:00 2001 From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com> Date: Fri, 7 Jul 2023 17:03:31 -0700 Subject: [PATCH 05/94] Update mcc-isp-signup.md Adding emphasis to the free aspect of the service. --- windows/deployment/do/mcc-isp-signup.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index 9ae3e9ed19..f0739c591c 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -29,6 +29,10 @@ Before you begin sign up, ensure you have the following components: 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/). +> [!NOTE] +> Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incure any charges. +> Please be aware of any additional services that may be selected as part of the Azure sign up process. + 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal. 1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. From 273f10acac0246beb704da4e6e2f5002c63b2e08 Mon Sep 17 00:00:00 2001 From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com> Date: Mon, 10 Jul 2023 10:01:14 -0700 Subject: [PATCH 06/94] Update windows/deployment/do/mcc-isp-signup.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/do/mcc-isp-signup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index f0739c591c..b83d78d4c8 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -30,8 +30,8 @@ Before you begin sign up, ensure you have the following components: 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/). > [!NOTE] -> Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incure any charges. -> Please be aware of any additional services that may be selected as part of the Azure sign up process. +> - Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. +> - Be aware, however, that any additional services that might be selected as part of the Azure sign-up process might incur charges. 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal. From d11813a895802a985d80e8769868a30ace2cfe85 Mon Sep 17 00:00:00 2001 From: Urbs3w <34245495+Urbs3w@users.noreply.github.com> Date: Mon, 24 Jul 2023 10:28:31 -0500 Subject: [PATCH 07/94] In getting-started-with-the-user-state-migration-tool.md, say to use the "/genconfig option" instead of the "ScanState Syntax option" The part that said, "use the ScanState Syntax option" didn't make sense, so--as you can probably see in the diff--I replaced that part with "use the /genconfig option" in order to make that part make sense. I also changed the link that's in that part to link directly to the "Migration rule options" section of the "ScanState syntax" article instead of the top of that article because that seems more helpful than linking to the top of the article. However, if it's Microsoft's style to link to the top of an article instead of directly to a relevant section, feel free to revert that change in order to be consistent with your prescribed style. --- .../getting-started-with-the-user-state-migration-tool.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index b550aa4d52..e7cea642e3 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -31,13 +31,13 @@ This article outlines the general process that you should follow to migrate file You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). -6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: +6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the [/genconfig](usmt-scanstate-syntax.md#migration-rule-options) option and specify the .xml files that you use with `ScanState.exe` as arguments. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: ```cmd ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log ``` -7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate. +7. Review and modify the `Config.xml` file to specify components that you don't want to migrate. Open the `Config.xml` that you generated, review the migration state of the components listed in it, and specify `migrate=no` for any components that you don't want to migrate. ## Step 2: Collect files and settings from the source computer From 28b3d4ff354228c0e5fe8cd62c4cebf07b63ee25 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 24 Jul 2023 15:26:26 -0700 Subject: [PATCH 08/94] tls-dep-8084466 --- windows/whats-new/deprecated-features-resources.md | 3 ++- windows/whats-new/deprecated-features.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 330293213d..76acf5ebcb 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -1,7 +1,7 @@ --- title: Resources for deprecated features in the Windows client description: Resources and details for deprecated features in the Windows Client. -ms.date: 02/14/2023 +ms.date: 07/31/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium @@ -21,6 +21,7 @@ appliesto: This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features: +## TLS versions 1.0 and 1.2 ## Microsoft Support Diagnostic Tool resources The [Microsoft Support Diagnostic Tool (MSDT)](/windows-server/administration/windows-commands/msdt) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been [redirected](#redirected-msdt-troubleshooters) to the Get Help platform, while the other half will be [retired](#retired-msdt-troubleshooters). diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 75692f13ab..2af291d16d 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11. -ms.date: 06/08/2023 +ms.date: 07/31/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium @@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | ----------- | --------------------- | ---- | +| TLS 1.0 and 1.1 | To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system. Starting in Windows 11 Insider Preview builds in September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | July 2023| | Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | From b4792f3d38c250598cd06829ecda3a75f30b7b6d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 24 Jul 2023 16:12:08 -0700 Subject: [PATCH 09/94] tls-dep-8084466 --- windows/whats-new/deprecated-features-resources.md | 2 +- windows/whats-new/deprecated-features.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 76acf5ebcb..be5c27d951 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -1,6 +1,6 @@ --- title: Resources for deprecated features in the Windows client -description: Resources and details for deprecated features in the Windows Client. +description: Resources and details for deprecated features in the Windows client. ms.date: 07/31/2023 ms.prod: windows-client ms.technology: itpro-fundamentals diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 2af291d16d..e9f684c5ad 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | ----------- | --------------------- | ---- | -| TLS 1.0 and 1.1 | To increase the security posture of Windows customers and encourage modern protocol adoption, TLS versions 1.0 and 1.1 will soon be disabled by default in the operating system. Starting in Windows 11 Insider Preview builds in September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. There is an option to re-enable TLS 1.0 or TLS 1.1 for users who need to maintain compatibility. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | July 2023| +| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds in September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | July 2023| | Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | From e7ca4ce2504c97c5f6cde31c5c44b03369514dbd Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 25 Jul 2023 13:56:26 -0700 Subject: [PATCH 10/94] edits --- .../deprecated-features-resources.md | 20 ++++++++++++++++++- windows/whats-new/deprecated-features.md | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index be5c27d951..41c8b74f61 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -21,7 +21,25 @@ appliesto: This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features: -## TLS versions 1.0 and 1.2 +## TLS versions 1.0 and 1.1 will be disabled by default + +Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. + +### TLS diagnostic events + +Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by reviewing the event logs. In the System EventLog, SChannel EventID 36871 may be logged with the following description: + +```log +A fatal error occurred while creating a TLS credential. The internal error state is 10013. The SSPI client process is . +``` + +### TLS 1.0 and 1.1 guidance for IT admins + +The impact of disabling TLS versions 1.0 and 1.1 depends largely on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 have already been disabled by [Microsoft 365](lifecycle/announcements/transport-layer-security-1x-disablement) products as well as [WinHTTP and WinINet API surfaces](https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e). Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to look for a newer version of the application that has TLS 1.2 or TLS 1.3 support. + + +### + ## Microsoft Support Diagnostic Tool resources The [Microsoft Support Diagnostic Tool (MSDT)](/windows-server/administration/windows-commands/msdt) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been [redirected](#redirected-msdt-troubleshooters) to the Get Help platform, while the other half will be [retired](#retired-msdt-troubleshooters). diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index e9f684c5ad..009ccb7222 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | ----------- | --------------------- | ---- | -| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds in September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | July 2023| +| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | July 2023| | Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | From 1ea282c096d107b1d97ed1e03e3bf14a0d13dc2a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 26 Jul 2023 15:54:03 -0700 Subject: [PATCH 11/94] edits and formatting --- .../deprecated-features-resources.md | 39 ++++++++++++++++--- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 41c8b74f61..b624e19ccd 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -21,24 +21,51 @@ appliesto: This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features: -## TLS versions 1.0 and 1.1 will be disabled by default +## TLS versions 1.0 and 1.1 disablement resources -Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. +Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 are disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. + +The following information can help IT professionals to: + +- Identify issues related to TLS 1.0 and 1.1 disablement +- Re-enable TLS 1.0 and 1.1, if needed + +For developer guidance and for a list of common applications known to rely on TLS 1.0 or 1.1, see the [Announcing the disablement of TLS 1.0 and TLS 1.1 in Windows](https://techcommunity.microsoft.com/) blog post. ### TLS diagnostic events -Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by reviewing the event logs. In the System EventLog, SChannel EventID 36871 may be logged with the following description: +Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by reviewing the event logs. In the System Event Log, SChannel EventID 36871 may be logged with the following description: ```log A fatal error occurred while creating a TLS credential. The internal error state is 10013. The SSPI client process is . ``` -### TLS 1.0 and 1.1 guidance for IT admins +### TLS 1.0 and 1.1 guidance for IT professionals -The impact of disabling TLS versions 1.0 and 1.1 depends largely on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 have already been disabled by [Microsoft 365](lifecycle/announcements/transport-layer-security-1x-disablement) products as well as [WinHTTP and WinINet API surfaces](https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e). Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to look for a newer version of the application that has TLS 1.2 or TLS 1.3 support. +The impact of disabling TLS versions 1.0 and 1.1 depends on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 are already disabled by [Microsoft 365](lifecycle/announcements/transport-layer-security-1x-disablement) products as well as [WinHTTP and WinINet API surfaces](https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e). Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to discover if a newer version of the application has TLS 1.2 or TLS 1.3 support. +Using the system default settings for the best balance of security and performance is recommended. Organizations that limit TLS cipher suites using [Group Policy](/windows-server/security/tls/manage-tls) or [PowerShell cmdlets](/powershell/module/tls) should also verify that [cipher suites](/windows/win32/secauthn/tls-cipher-suites-in-windows-11) needed for TLS 1.3 and TLS 1.2 are enabled. -### +If there are no alternatives available and TLS 1.0 or TLS 1.1 is needed, the protocol versions can be re-enabled with a system [registry setting](/windows-server/security/tls/tls-registry-settings). To override a system default and set a (D)TLS or SSL protocol version to the **Enabled** state: + + - **TLS 1.0**: + ```registry + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] + "Enabled" = dword:00000001 + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] + "Enabled" = dword:00000001 + ``` + + - **TLS 1.1**: + + ```registry + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] + "Enabled" = dword:00000001 + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] + "Enabled" = dword:00000001 + ``` + +Re-enabling TLS 1.0 or TLS 1.1 on machines should only be done as a last resort, and as a temporary solution until incompatible applications can be updated or replaced. Support for these legacy TLS versions may be completely removed in the future. ## Microsoft Support Diagnostic Tool resources From 436f35690f6369bdc9d97dac0b93394131a3d85a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 26 Jul 2023 15:57:30 -0700 Subject: [PATCH 12/94] edits and formatting --- windows/whats-new/deprecated-features-resources.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index b624e19ccd..8631e29767 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -36,9 +36,7 @@ For developer guidance and for a list of common applications known to rely on TL Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by reviewing the event logs. In the System Event Log, SChannel EventID 36871 may be logged with the following description: -```log -A fatal error occurred while creating a TLS credential. The internal error state is 10013. The SSPI client process is . -``` +`A fatal error occurred while creating a TLS credential. The internal error state is 10013. The SSPI client process is .` ### TLS 1.0 and 1.1 guidance for IT professionals From e0838ddafb3fee24c2985d74981ed4e61b16d9c9 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 27 Jul 2023 09:09:23 -0700 Subject: [PATCH 13/94] fix metadata --- windows/whats-new/deprecated-features-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 8631e29767..67a8a7b32c 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -40,7 +40,7 @@ Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by re ### TLS 1.0 and 1.1 guidance for IT professionals -The impact of disabling TLS versions 1.0 and 1.1 depends on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 are already disabled by [Microsoft 365](lifecycle/announcements/transport-layer-security-1x-disablement) products as well as [WinHTTP and WinINet API surfaces](https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e). Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to discover if a newer version of the application has TLS 1.2 or TLS 1.3 support. +The impact of disabling TLS versions 1.0 and 1.1 depends on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 are already disabled by [Microsoft 365](/lifecycle/announcements/transport-layer-security-1x-disablement) products as well as [WinHTTP and WinINet API surfaces](https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e). Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to discover if a newer version of the application has TLS 1.2 or TLS 1.3 support. Using the system default settings for the best balance of security and performance is recommended. Organizations that limit TLS cipher suites using [Group Policy](/windows-server/security/tls/manage-tls) or [PowerShell cmdlets](/powershell/module/tls) should also verify that [cipher suites](/windows/win32/secauthn/tls-cipher-suites-in-windows-11) needed for TLS 1.3 and TLS 1.2 are enabled. From 756b98305e6a5a96627ef3210220e40b3bc37a38 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:27:35 +0200 Subject: [PATCH 14/94] Windows security landing page update --- windows/security/index.yml | 296 ++++++++++++++++++------------------- 1 file changed, 142 insertions(+), 154 deletions(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 711ec3f94b..7ddc8b8b16 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -1,162 +1,150 @@ -### YamlMime:Landing - -title: Windows security -summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive. - metadata: - title: Windows security - description: Learn about Windows security technologies and how to use them to protect your data and devices. - ms.topic: landing-page + title: Windows client security documentation + description: Learn how to secure Windows clients for your organization. + summary: test + brand: windows + ms.topic: hub-page ms.prod: windows-client - ms.technology: itpro-security ms.collection: + - highpri - tier1 author: paolomatarazzo ms.author: paoloma - ms.date: 12/19/2022 + manager: aaroncz + ms.date: 07/28/2023 + + + productDirectory: + items: -# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new + - title: Hardware security + imageSrc: /media/common/i_usb.svg + links: + - url: /windows/security/hardware-security + text: Trusted Platform Module + - url: /windows/security/hardware-security + text: Windows Defender System Guard firmware protection + - url: /windows/security/hardware-security + text: System Guard Secure Launch and SMM protection enablement + - url: /windows/security/hardware-security + text: Virtualization-based protection of code integrity + - url: /windows/security/hardware-security + text: Kernel DMA Protection + - url: /windows/security/hardware-security + text: Learn more about hardware security > -landingContent: -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Zero Trust and Windows - linkLists: - - linkListType: overview - links: - - text: Overview - url: zero-trust-windows-device-health.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Hardware security - linkLists: - - linkListType: overview - links: - - text: Overview - url: hardware.md - - linkListType: concept - links: - - text: Trusted Platform Module - url: information-protection/tpm/trusted-platform-module-top-node.md - - text: Windows Defender System Guard firmware protection - url: hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md - - text: System Guard Secure Launch and SMM protection enablement - url: hardware-security/system-guard-secure-launch-and-smm-protection.md - - text: Virtualization-based protection of code integrity - url: hardware-security/enable-virtualization-based-protection-of-code-integrity.md - - text: Kernel DMA Protection - url: hardware-security/kernel-dma-protection-for-thunderbolt.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Operating system security - linkLists: - - linkListType: overview - links: - - text: Overview - url: operating-system-security/index.md - - linkListType: concept - links: - - text: Trusted boot - url: operating-system-security\system-security\trusted-boot.md - - text: Windows security baselines - url: operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md - - text: Virtual private network guide - url: operating-system-security/network-security/vpn/vpn-guide.md - - text: Windows Defender Firewall - url: operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md - - text: Virus & threat protection - url: threat-protection/index.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Application security - linkLists: - - linkListType: overview - links: - - text: Overview - url: application-security/index.md - - linkListType: concept - links: - - text: Application Control and virtualization-based protection - url: application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md - - text: Application Control - url: application-security/application-control/windows-defender-application-control/wdac.md - - text: Application Guard - url: application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md - - text: Windows Sandbox - url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md - - text: Microsoft Defender SmartScreen - url: operating-system-security\virus-and-threat-protection\microsoft-defender-smartscreen\index.md - - text: S/MIME for Windows - url: operating-system-security/data-protection/configure-s-mime.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: User security and secured identity - linkLists: - - linkListType: overview - links: - - text: Overview - url: identity.md - - linkListType: concept - links: - - text: Windows Hello for Business - url: identity-protection/hello-for-business/index.md - - text: Protect domain credentials - url: identity-protection/credential-guard/credential-guard.md - - text: Windows Defender Credential Guard - url: identity-protection/credential-guard/credential-guard.md - - text: Lost or forgotten passwords - url: identity-protection/password-support-policy.md - - text: Access control - url: identity-protection/access-control/access-control.md - - text: Smart cards - url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Cloud services - linkLists: - - linkListType: concept - links: - - text: Mobile device management - url: /windows/client-management/mdm/ - - text: Azure Active Directory - url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory - - text: Your Microsoft Account - url: identity-protection/access-control/microsoft-accounts.md - - text: OneDrive - url: /onedrive/onedrive - - text: Family safety - url: operating-system-security\system-security\windows-defender-security-center\wdsc-family-options.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Security foundations - linkLists: - - linkListType: overview - links: - - text: Overview - url: security-foundations/index.md - - linkListType: reference - links: - - text: Microsoft Security Development Lifecycle - url: threat-protection/msft-security-dev-lifecycle.md - - text: Microsoft Bug Bounty - url: /microsoft-365/security/intelligence/microsoft-bug-bounty-program - - text: Common Criteria Certifications - url: threat-protection/windows-platform-common-criteria.md - - text: Federal Information Processing Standard (FIPS) 140 Validation - url: threat-protection/fips-140-validation.md -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Privacy controls - linkLists: - - linkListType: reference - links: - - text: Windows and Privacy Compliance - url: /windows/privacy/windows-10-and-privacy-compliance + - title: OS security + imageSrc: /media/common/i_threat-protection.svg + links: + - url: /windows/security/operating-system-security + text: Trusted boot + - url: /windows/security/operating-system-security + text: Encryption and data protection + - url: /windows/security/operating-system-security + text: Windows security baselines + - url: /windows/security/operating-system-security + text: Network security + - url: /windows/security/operating-system-security + text: Microsoft Defender Application Guard + - url: /windows/security/operating-system-security + text: Learn more about OS security > + + - title: Identity protection + imageSrc: /media/common/i_identity-protection.svg + links: + - url: /windows/security/identity-protection + text: Access control + - url: /windows/security/identity-protection/credential-guard + text: Windows Defender Credential Guard + - url: /windows/security/identity-protection/hello-for-business + text: Windows Hello for Business + - url: /windows/security/identity-protection + text: Smart cards + - url: /windows/security/identity-protection + text: Virtual smart cards + - url: /windows/security/identity-protection + text: Learn more about identity protection > + + - title: Application security + imageSrc: /media/common/i_queries.svg + links: + - url: /windows/security/application-security + text: Feature 1 + - url: /windows/security/application-security + text: Feature 2 + - url: /windows/security/application-security + text: Feature 3 + - url: /windows/security/application-security + text: Feature 4 + - url: /windows/security/application-security + text: Feature 5 + - url: /windows/security/application-security + text: Learn more about application security > + + - title: Security foundations + imageSrc: /media/common/i_build.svg + links: + - url: /windows/security/security-foundations + text: Feature 1 + - url: /windows/security/security-foundations + text: Feature 2 + - url: /windows/security/security-foundations + text: Feature 3 + - url: /windows/security/security-foundations + text: Feature 4 + - url: /windows/security/security-foundations + text: Feature 5 + - url: /windows/security/security-foundations + text: Learn more about security foundations > + + - title: Cloud security + imageSrc: /media/common/i_cloud-security.svg + links: + - url: /windows/security/cloud-security + text: Feature 1 + - url: /windows/security/cloud-security + text: Feature 2 + - url: /windows/security/cloud-security + text: Feature 3 + - url: /windows/security/cloud-security + text: Feature 4 + - url: /windows/security/cloud-security + text: Feature 5 + - url: /windows/security/cloud-security + text: Learn more about cloud security > + +additionalContent: + sections: + - title: More Windows resources + items: + + - title: Windows Server + links: + - text: Windows Server documentation + url: /windows-server + - text: What's new in Windows Server 2022? + url: /windows-server/get-started/whats-new-in-windows-server-2022 + - text: Windows Server blog + url: https://cloudblogs.microsoft.com/windowsserver/ + + - title: Windows product site and blogs + links: + - text: Find out how Windows enables your business to do more + url: https://www.microsoft.com/microsoft-365/windows + - text: Windows blogs + url: https://blogs.windows.com/ + - text: Windows IT Pro blog + url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog + - text: Microsoft Intune blog + url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog + - text: "Windows help & learning: end-user documentation" + url: https://support.microsoft.com/windows + + - title: Participate in the community + links: + - text: Windows community + url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10 + - text: Microsoft Intune community + url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune + - text: Microsoft Support community + url: https://answers.microsoft.com/windows/forum \ No newline at end of file From 51b89772de364ee9f54e482d7f962c12cbd5a017 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:32:40 +0200 Subject: [PATCH 15/94] updates --- windows/security/index.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 7ddc8b8b16..37bb7dc18b 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -1,8 +1,9 @@ +title: Windows client security documentation +description: Learn how to secure Windows clients for your organization. +summary: test +brand: windows + metadata: - title: Windows client security documentation - description: Learn how to secure Windows clients for your organization. - summary: test - brand: windows ms.topic: hub-page ms.prod: windows-client ms.collection: From 6f76e444196862f55b4c9e2005e65cc186cc2570 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:33:55 +0200 Subject: [PATCH 16/94] update --- windows/security/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 37bb7dc18b..ea0076461d 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -15,7 +15,7 @@ metadata: ms.date: 07/28/2023 - productDirectory: +productDirectory: items: - title: Hardware security From 8bab9b08dc32d7eef9ccf8417b5075a8ad28f1bc Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:39:21 +0200 Subject: [PATCH 17/94] updates --- windows/security/index.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index ea0076461d..086f075eb9 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -1,6 +1,7 @@ +### YamlMime:Hub + title: Windows client security documentation -description: Learn how to secure Windows clients for your organization. -summary: test +summary: Learn how to secure Windows clients for your organization. brand: windows metadata: From 4dfa1fe7d8c03344bb20ec53e6345f399cb07fed Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 15:06:36 +0200 Subject: [PATCH 18/94] added highlighted content --- windows/security/index.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 086f075eb9..f3a1d6437d 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -14,7 +14,21 @@ metadata: ms.author: paoloma manager: aaroncz ms.date: 07/28/2023 - + +highlightedContent: + items: + - title: Get started with Windows 11 + itemType: get-started + url: /windows/whats-new/windows-11-overview + - title: Windows 11, version 22H2 + itemType: whats-new + url: /windows/whats-new/whats-new-windows-11-version-22H2 + - title: Windows 11, version 22H2 group policy settings reference + itemType: download + url: https://www.microsoft.com/en-us/download/details.aspx?id=104594 + - title: Windows security features licensing + itemType: overview + url: /windows/whats-new/windows-licensing productDirectory: items: From 066033b5b1e44aa590281b05d8490a0cd0da1ff2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 15:17:53 +0200 Subject: [PATCH 19/94] update --- windows/security/index.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/index.yml b/windows/security/index.yml index f3a1d6437d..d0f9301b2e 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -31,6 +31,7 @@ highlightedContent: url: /windows/whats-new/windows-licensing productDirectory: + title: Get started items: - title: Hardware security From 694dae8d83d17d070f14ac8f910517ab8dc831a4 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 15:27:56 +0200 Subject: [PATCH 20/94] update --- windows/security/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index d0f9301b2e..1eddc6da9a 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -29,7 +29,7 @@ highlightedContent: - title: Windows security features licensing itemType: overview url: /windows/whats-new/windows-licensing - + productDirectory: title: Get started items: From 006a285c4521e887529558c7ed9ffd86ad9f103c Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 15:42:52 +0200 Subject: [PATCH 21/94] updates --- windows/security/index.yml | 4 ++-- .../index.md => introduction.md} | 0 .../licensing-and-edition-requirements.md | 0 windows/security/security-foundations/toc.yml | 6 ++++- .../zero-trust-windows-device-health.md | 0 windows/security/toc.yml | 23 ++++++------------- 6 files changed, 14 insertions(+), 19 deletions(-) rename windows/security/{introduction/index.md => introduction.md} (100%) rename windows/security/{ => security-foundations}/licensing-and-edition-requirements.md (100%) rename windows/security/{ => security-foundations}/zero-trust-windows-device-health.md (100%) diff --git a/windows/security/index.yml b/windows/security/index.yml index 1eddc6da9a..19c4e2632d 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -17,9 +17,9 @@ metadata: highlightedContent: items: - - title: Get started with Windows 11 + - title: Get started with Windows security itemType: get-started - url: /windows/whats-new/windows-11-overview + url: introduction.md - title: Windows 11, version 22H2 itemType: whats-new url: /windows/whats-new/whats-new-windows-11-version-22H2 diff --git a/windows/security/introduction/index.md b/windows/security/introduction.md similarity index 100% rename from windows/security/introduction/index.md rename to windows/security/introduction.md diff --git a/windows/security/licensing-and-edition-requirements.md b/windows/security/security-foundations/licensing-and-edition-requirements.md similarity index 100% rename from windows/security/licensing-and-edition-requirements.md rename to windows/security/security-foundations/licensing-and-edition-requirements.md diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml index b842d84e0e..8487fd75a1 100644 --- a/windows/security/security-foundations/toc.yml +++ b/windows/security/security-foundations/toc.yml @@ -4,4 +4,8 @@ items: - name: Microsoft Security Development Lifecycle href: ../threat-protection/msft-security-dev-lifecycle.md - name: Certification - href: certification/toc.yml \ No newline at end of file + href: certification/toc.yml +- name: Zero Trust and Windows + href: zero-trust-windows-device-health.md +- name: Security features licensing and edition requirements + href: licensing-and-edition-requirements.md diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/security-foundations/zero-trust-windows-device-health.md similarity index 100% rename from windows/security/zero-trust-windows-device-health.md rename to windows/security/security-foundations/zero-trust-windows-device-health.md diff --git a/windows/security/toc.yml b/windows/security/toc.yml index 06b59128cd..f706e0710b 100644 --- a/windows/security/toc.yml +++ b/windows/security/toc.yml @@ -1,15 +1,8 @@ items: -- name: Windows security - href: index.yml - expanded: true -- name: Introduction - items: - - name: Windows security overview - href: introduction/index.md - - name: Zero Trust and Windows - href: zero-trust-windows-device-health.md - - name: Security features licensing and edition requirements - href: licensing-and-edition-requirements.md +- name: Introduction to Windows security + href: introduction.md +- name: Security foundations + href: security-foundations/toc.yml - name: Hardware security href: hardware-security/toc.yml - name: Operating system security @@ -18,9 +11,7 @@ items: href: application-security/toc.yml - name: Identity protection href: identity-protection/toc.yml -- name: Windows Privacy 🔗 - href: /windows/privacy -- name: Security foundations - href: security-foundations/toc.yml - name: Cloud security - href: cloud-security/toc.yml \ No newline at end of file + href: cloud-security/toc.yml +- name: Windows Privacy 🔗 + href: /windows/privacy \ No newline at end of file From 105efefe326344119eec9d9d4de9e951d9419f24 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 28 Jul 2023 15:53:46 +0200 Subject: [PATCH 22/94] updates --- .../licensing-and-edition-requirements.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/security-foundations/licensing-and-edition-requirements.md b/windows/security/security-foundations/licensing-and-edition-requirements.md index 6b192f2171..3d05e0bd26 100644 --- a/windows/security/security-foundations/licensing-and-edition-requirements.md +++ b/windows/security/security-foundations/licensing-and-edition-requirements.md @@ -18,13 +18,13 @@ This article lists the security features that are available in Windows. Select one of the two tabs to learn about licensing requirements to use the security features, or to learn about the Windows edition requirements that support them: -#### [:::image type="icon" source="images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing) +#### [:::image type="icon" source="../images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing) -[!INCLUDE [licensing-requirements](../../includes/licensing/_licensing-requirements.md)] +[!INCLUDE [licensing-requirements](../../../includes/licensing/_licensing-requirements.md)] -#### [:::image type="icon" source="images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition) +#### [:::image type="icon" source="../images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition) -[!INCLUDE [_edition-requirements](../../includes/licensing/_edition-requirements.md)] +[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)] --- From 9f04afe6e310725baa8af6fbec86bfdc4b84e343 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 10:18:38 -0400 Subject: [PATCH 23/94] Changed Microsoft Recommended Block list article --- .openpublishing.redirection.windows-security.json | 5 +++++ .../windows-defender-application-control/TOC.yml | 2 +- ...lock-rules.md => applications-that-can-bypass-wdac.md} | 8 ++++---- 3 files changed, 10 insertions(+), 5 deletions(-) rename windows/security/application-security/application-control/windows-defender-application-control/design/{microsoft-recommended-block-rules.md => applications-that-can-bypass-wdac.md} (99%) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index 998d8fad5e..b1fdc02d36 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -80,6 +80,11 @@ "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac", + "redirect_document_id": false + }, { "source_path": "windows/security/apps.md", "redirect_url": "/windows/security/application-security", diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml index 70c937a286..4db0c9a48f 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml @@ -55,7 +55,7 @@ href: design/create-wdac-policy-using-reference-computer.md - name: Create a WDAC deny list policy href: design/create-wdac-deny-policy.md - - name: Microsoft recommended block rules + - name: Applications that can bypass WDAC and how to block them href: design/microsoft-recommended-block-rules.md - name: Microsoft recommended driver block rules href: design/microsoft-recommended-driver-block-rules.md diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md index ebc63fd06e..bcce7c5578 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md @@ -1,15 +1,15 @@ --- -title: Microsoft recommended block rules +title: Applications that can bypass WDAC and how to block them description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community. ms.localizationpriority: medium ms.date: 06/14/2023 ms.topic: reference --- -# Microsoft recommended block rules +# Applications that can bypass WDAC and how to block them ->[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). +> [!NOTE] +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC. From f21715f6176866edcccc2590e775f7e2b0f7dbf8 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 10:21:51 -0400 Subject: [PATCH 24/94] Update TOC --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml index 4db0c9a48f..3815f2af27 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml @@ -56,7 +56,7 @@ - name: Create a WDAC deny list policy href: design/create-wdac-deny-policy.md - name: Applications that can bypass WDAC and how to block them - href: design/microsoft-recommended-block-rules.md + href: design/applications-that-can-bypass-wdac.md - name: Microsoft recommended driver block rules href: design/microsoft-recommended-driver-block-rules.md - name: Use the WDAC Wizard tool From 5af2f032a7d5e8c84d24ccf5dd58e64d319330fe Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 10:25:34 -0400 Subject: [PATCH 25/94] Fix redirect --- .openpublishing.redirection.windows-security.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index b1fdc02d36..7347d35cb3 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -81,7 +81,7 @@ "redirect_document_id": false }, { - "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md", + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md", "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac", "redirect_document_id": false }, From 874ec6b210c75d39136bb382034ec26e73f3f63f Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 10:27:33 -0400 Subject: [PATCH 26/94] Fix links --- .../windows-defender-application-control/index.yml | 4 ++-- .../windows-defender-application-control/wdac.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml index 116b217e84..1b1d46e536 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml @@ -33,8 +33,8 @@ landingContent: links: - text: Using code signing to simplify application control url: deployment/use-code-signing-for-better-control-and-protection.md - - text: Microsoft's Recommended Blocklist - url: design/microsoft-recommended-block-rules.md + - text: Applications that can bypass WDAC and how to block them + url: design/applications-that-can-bypass-wdac.md - text: Microsoft's Recommended Driver Blocklist url: design/microsoft-recommended-driver-block-rules.md - text: Example WDAC policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md index dee33405bb..7ee7a13013 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md @@ -47,7 +47,7 @@ Smart App Control is only available on clean installation of Windows 11 version ### Smart App Control Enforced Blocks -Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: +Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: - Infdefaultinstall.exe - Microsoft.Build.dll From 566ab39741005320d13ce90db371a8b21dcb4010 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 11:55:36 -0400 Subject: [PATCH 27/94] Update AppDefaults CSP --- .../mdm/policy-csp-applicationdefaults.md | 121 +++++++++--------- 1 file changed, 62 insertions(+), 59 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 3b93d81859..7ce0365c67 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/01/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -36,20 +36,8 @@ ms.topic: reference - -This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool. - -For example: - -Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt. - -For more information, refer to the DISM documentation on TechNet. - -If this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time. - -If the group policy isn't configured, disabled, or the client machine isn't domain-joined, no default associations will be applied at logon time. - -If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol associations. + +This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc. xml), and then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. @@ -84,54 +72,69 @@ If the policy is enabled, disabled, or not configured, users will still be able **Example**: To create the SyncML, follow these steps: -
    -
  1. Install a few apps and change your defaults.
    2. -
  2. From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"
    3. -
  3. Take the XML output and put it through your favorite base64 encoder app.
    4. -
  4. Paste the base64 encoded XML into the SyncML
    5. -
-Here's an example output from the dism default association export command: -```xml - - - - - - - - -``` +1. Install a few apps and change your defaults. +1. From an elevated prompt, run `dism /online /export-defaultappassociations:C:\appassoc.xml`. Here's an example output from the dism default association export command: -Here's the base64 encoded result: + ```xml + + + + + + + + + ``` -``` syntax -PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo= -``` -Here's the SyncML example: + Starting in Windows 11, version 22H2, two new attributes are available for further customization of the policy. These attributes can be used to change how often the policy associations are applied. -```xml - - - - - 101 - - - chr - text/plain - - - ./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration - - PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo= - - - - - - -``` + - **Version** attribute for `DefaultAssociations`. This is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time. + - **Suggested** attribute for `Association`. The default value is false. If it is false, the **Association** is applied on every logon. If it is true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next logon. + + In the following example, the **Association** for `.htm` is applied on first logon of the user, and all others are applied on every logon. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again: + + ```xml + + +    +    +    +    +    + + ``` + +1. Take the XML output and put it through your favorite base64 encoder app. Here's the base64 encoded result: + + ```text + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo= + ``` + +1. Paste the base64 encoded XML into the SyncML. Here's the SyncML example: + + ```xml + + + + + 101 + + + chr + text/plain + + + ./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration + + PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo= + + + + + + + ``` From 9480b6e0222dccc9012194f422720fc058a99741 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 12:07:40 -0400 Subject: [PATCH 28/94] Update description --- windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 7ce0365c67..eaeab33b79 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -37,7 +37,7 @@ ms.topic: reference -This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc. xml), and then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. +This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied. From cbc853fc1ab112eca183431580b37a58c2853c44 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 12:14:33 -0400 Subject: [PATCH 29/94] Acro-updates --- .../client-management/mdm/policy-csp-applicationdefaults.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index eaeab33b79..7f105c6341 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -89,10 +89,10 @@ To create the SyncML, follow these steps: Starting in Windows 11, version 22H2, two new attributes are available for further customization of the policy. These attributes can be used to change how often the policy associations are applied. - - **Version** attribute for `DefaultAssociations`. This is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time. - - **Suggested** attribute for `Association`. The default value is false. If it is false, the **Association** is applied on every logon. If it is true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next logon. + - **Version** attribute for `DefaultAssociations`. This attribute is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time. + - **Suggested** attribute for `Association`. The default value is false. If it's false, the **Association** is applied on every sign-in. If it's' true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next sign-in. - In the following example, the **Association** for `.htm` is applied on first logon of the user, and all others are applied on every logon. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again: + In the following example, the **Association** for `.htm` is applied on first sign-in of the user, and all others are applied on every sign-in. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again: ```xml From 22b8c6a9475a4caaa4d7d6fe3d317504d1ba056e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 1 Aug 2023 18:46:48 +0200 Subject: [PATCH 30/94] app security --- windows/security/index.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 19c4e2632d..1d02ae460e 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -85,16 +85,16 @@ productDirectory: - title: Application security imageSrc: /media/common/i_queries.svg links: - - url: /windows/security/application-security - text: Feature 1 - - url: /windows/security/application-security - text: Feature 2 - - url: /windows/security/application-security - text: Feature 3 - - url: /windows/security/application-security - text: Feature 4 - - url: /windows/security/application-security - text: Feature 5 + - url: /windows/security/application-security/application-control/windows-defender-application-control/wdac + text: Windows Defender Application Control (WDAC) + - url: /windows/security/application-security/application-control/user-account-control + text: User Account Control (UAC) + - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules + text: Microsoft vulnerable driver blocklist + - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview + text: Microsoft Defender Application Guard + - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview + text: Windows Sandbox - url: /windows/security/application-security text: Learn more about application security > From 306618c45efad6a6c0de86235f4eab5f4a8e1023 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 1 Aug 2023 13:57:33 -0400 Subject: [PATCH 31/94] Fix typo --- windows/client-management/mdm/policy-csp-applicationdefaults.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index 7f105c6341..b2500d8e36 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -90,7 +90,7 @@ To create the SyncML, follow these steps: Starting in Windows 11, version 22H2, two new attributes are available for further customization of the policy. These attributes can be used to change how often the policy associations are applied. - **Version** attribute for `DefaultAssociations`. This attribute is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time. - - **Suggested** attribute for `Association`. The default value is false. If it's false, the **Association** is applied on every sign-in. If it's' true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next sign-in. + - **Suggested** attribute for `Association`. The default value is false. If it's false, the **Association** is applied on every sign-in. If it's true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next sign-in. In the following example, the **Association** for `.htm` is applied on first sign-in of the user, and all others are applied on every sign-in. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again: From b2bef1b6652e2cf9bc0458935d78d19ec5598c7d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 1 Aug 2023 12:03:15 -0700 Subject: [PATCH 32/94] update doc with blog post --- windows/whats-new/deprecated-features-resources.md | 2 +- windows/whats-new/deprecated-features.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 67a8a7b32c..9e21cd86ec 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -30,7 +30,7 @@ The following information can help IT professionals to: - Identify issues related to TLS 1.0 and 1.1 disablement - Re-enable TLS 1.0 and 1.1, if needed -For developer guidance and for a list of common applications known to rely on TLS 1.0 or 1.1, see the [Announcing the disablement of TLS 1.0 and TLS 1.1 in Windows](https://techcommunity.microsoft.com/) blog post. +For developer guidance and for a list of common applications known to rely on TLS 1.0 or 1.1, see the [Announcing the disablement of TLS 1.0 and TLS 1.1 in Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/ba-p/3887947) blog post. ### TLS diagnostic events diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 009ccb7222..5d0649468d 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11. -ms.date: 07/31/2023 +ms.date: 08/01/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium @@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | ----------- | --------------------- | ---- | -| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | July 2023| +| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023| | Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | From 1da849b60b68df96a388ef4acf52d246e31319bb Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 1 Aug 2023 12:03:39 -0700 Subject: [PATCH 33/94] update doc with blog post --- windows/whats-new/deprecated-features-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md index 9e21cd86ec..3943ef84fc 100644 --- a/windows/whats-new/deprecated-features-resources.md +++ b/windows/whats-new/deprecated-features-resources.md @@ -1,7 +1,7 @@ --- title: Resources for deprecated features in the Windows client description: Resources and details for deprecated features in the Windows client. -ms.date: 07/31/2023 +ms.date: 08/01/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium From 3d420fb32648efd31ca7c7ae05db8612842bfaec Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 1 Aug 2023 12:21:26 -0700 Subject: [PATCH 34/94] Tweaks --- .../operate/windows-autopatch-device-alerts.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md index 965dc7cb8a..0f80250e80 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md @@ -17,9 +17,9 @@ ms.collection: # Device alerts -Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information will help you understand: +Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information helps you understand: -- The action(s) that have either been performed by Microsoft and/or Windows Autopatch to keep the device properly updated. +- Microsoft and/or Windows Autopatch performs the action(s) to keep the device properly updated. - The actions you must perform so the device can properly be updated. > [!NOTE] @@ -42,12 +42,12 @@ Windows Autopatch assigns alerts to either Microsoft Action or Customer Action. | Assignment | Description | | ----- | ----- | -| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. The actions are performed by Windows Autopatch automatically. | +| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. Windows Autopatch performs these actions automatically. | | Customer Action | Refers to your responsibility to carry out the appropriate action(s) to resolve the reported alert. | ## Alert resolutions -Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md) +Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md). | Alert message | Description | Windows Autopatch recommendation(s) | | ----- | ----- | ----- | @@ -79,7 +79,7 @@ Alert resolutions are provided through the Windows Update service and provide th | `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.

If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).

| | `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. | | `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.

Restart Windows, then try the installation again.

If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).

| -| `InstallSetupBlock` | There is an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.

For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).

| +| `InstallSetupBlock` | There's an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.

For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).

| | `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.

If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).

| | `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).

If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).

| | `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).

If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).

| From 60ccdd768f59742e1eb2d078de02e004aa290941 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 11:57:45 +0200 Subject: [PATCH 35/94] refresh of section files --- ...pplication-and-driver-control-overview.md} | 18 ++++++---- ...lication-application-isolation-overview.md | 18 +++++----- .../security/includes/sections/application.md | 24 +++++++------ ...protect-your-work-information-overview.md} | 18 ++++++---- .../cloud-services-update-overview.md | 20 ----------- .../includes/sections/cloud-services.md | 17 ++++----- ...ardware-hardware-root-of-trust-overview.md | 18 +++++----- .../hardware-secured-core-pc-overview.md | 20 +++++++++++ ...are-silicon-assisted-security-overview.md} | 16 ++++----- .../security/includes/sections/hardware.md | 28 +++++++++------ ...advanced-credential-protection-overview.md | 6 ++-- .../identity-passwordless-sign-in-overview.md | 6 ++-- .../security/includes/sections/identity.md | 12 +++---- ...ystem-modern-device-management-overview.md | 22 ------------ ...ncryption-and-data-protection-overview.md} | 6 ++-- ...tem-security-network-security-overview.md} | 10 +++--- ...stem-security-system-security-overview.md} | 8 +++-- ...y-virus-and-threat-protection-overview.md} | 12 +++---- ...system.md => operating-system-security.md} | 36 ++++++++----------- ...perating-systemmodern-device-management.md | 6 ++++ windows/security/includes/sections/privacy.md | 2 +- ...rity-foundations-certification-overview.md | 2 +- ...foundations-offensive-research-overview.md | 22 ++++++++++++ ...oundations-secure-supply-chain-overview.md | 22 ++++++++++++ .../includes/sections/security-foundations.md | 20 +++++++++-- 25 files changed, 217 insertions(+), 172 deletions(-) rename windows/security/includes/sections/{application-application-control-overview.md => application-application-and-driver-control-overview.md} (65%) rename windows/security/includes/sections/{cloud-services-protecting-your-work-information-overview.md => cloud-services-protect-your-work-information-overview.md} (55%) delete mode 100644 windows/security/includes/sections/cloud-services-update-overview.md create mode 100644 windows/security/includes/sections/hardware-secured-core-pc-overview.md rename windows/security/includes/sections/{hardware-silicon-assisted-security-secured-kernel-overview.md => hardware-silicon-assisted-security-overview.md} (55%) delete mode 100644 windows/security/includes/sections/operating-system-modern-device-management-overview.md rename windows/security/includes/sections/{operating-system-encryption-and-data-protection-overview.md => operating-system-security-encryption-and-data-protection-overview.md} (87%) rename windows/security/includes/sections/{operating-system-network-security-overview.md => operating-system-security-network-security-overview.md} (92%) rename windows/security/includes/sections/{operating-system-system-security-overview.md => operating-system-security-system-security-overview.md} (74%) rename windows/security/includes/sections/{operating-system-virus-and-threat-protection-overview.md => operating-system-security-virus-and-threat-protection-overview.md} (77%) rename windows/security/includes/sections/{operating-system.md => operating-system-security.md} (76%) create mode 100644 windows/security/includes/sections/operating-systemmodern-device-management.md create mode 100644 windows/security/includes/sections/security-foundations-offensive-research-overview.md create mode 100644 windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md diff --git a/windows/security/includes/sections/application-application-control-overview.md b/windows/security/includes/sections/application-application-and-driver-control-overview.md similarity index 65% rename from windows/security/includes/sections/application-application-control-overview.md rename to windows/security/includes/sections/application-application-and-driver-control-overview.md index 00b89b3535..1b9b815ef9 100644 --- a/windows/security/includes/sections/application-application-control-overview.md +++ b/windows/security/includes/sections/application-application-and-driver-control-overview.md @@ -1,22 +1,26 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Application Control features. +The following table lists the edition applicability for all Application and driver control features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| -|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes| -|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes| |[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes| +|[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)|Yes|Yes|Yes|Yes| +|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes| +|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes| +|[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Application Control features. +The following table lists the licensing applicability for all Application and driver control features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| -|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|Yes| -|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes| |[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes| +|[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)|❌|Yes|Yes|Yes|Yes| +|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes| +|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|Yes| +|[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/application-application-isolation-overview.md b/windows/security/includes/sections/application-application-isolation-overview.md index 252a6d415b..dc596ef803 100644 --- a/windows/security/includes/sections/application-application-isolation-overview.md +++ b/windows/security/includes/sections/application-application-isolation-overview.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- @@ -9,22 +9,22 @@ The following table lists the edition applicability for all Application Isolatio |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| -|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)|Yes|Yes|Yes|Yes| -|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)|❌|Yes|❌|Yes| +|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)|Yes|Yes|Yes|Yes| +|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)|❌|Yes|❌|Yes| |Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|❌|Yes| |[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|Yes|❌|Yes| |[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|❌|Yes| -|[Windows containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes| -|[Windows Sandbox](../../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)|Yes|Yes|Yes|Yes| +|[App containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes| +|[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)|Yes|Yes|Yes|Yes| The following table lists the licensing applicability for all Application Isolation features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| -|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)|❌|Yes|Yes|Yes|Yes| +|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)|Yes|Yes|Yes|Yes|Yes| +|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)|❌|Yes|Yes|Yes|Yes| |Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|Yes|Yes|Yes| |[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|❌|❌|❌|❌| |[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|Yes|Yes|Yes| -|[Windows containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|Yes| -|[Windows Sandbox](../../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)|Yes|Yes|Yes|Yes|Yes| +|[App containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|Yes| +|[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/application.md b/windows/security/includes/sections/application.md index 247d4a9ae8..34f9e6a785 100644 --- a/windows/security/includes/sections/application.md +++ b/windows/security/includes/sections/application.md @@ -1,26 +1,28 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/06/2023 +ms.date: 08/02/2023 ms.topic: include --- -## Application Control +## Application and driver control -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| -| **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. | -| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.

Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. | | **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in Windows Defender Application Control (WDAC) to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. | +| **[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)** | | +| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.

Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. | +| **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. | +| **[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)** | The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Microsoft works with the ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers.

Prior to Windows 11, version 22H2, the operating system enforced a block policy when HVCI is enabled to prevent vulnerable versions of drivers from running. Starting in Windows 11, version 22H2, the block policy is enabled by default for all new Windows devices, and users can opt-in to enforce the policy from the Windows Security app. | -## Application Isolation +## Application isolation -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| -| **[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)** | Standalone mode allows Windows users to use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, user must manually start Microsoft Edge in Application Guard from Edge menu for browsing untrusted sites. | -| **[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)** | Microsoft Defender Application Guard protects users' desktop while they browse the Internet using Microsoft Edge browser. Application Guard in enterprise mode automatically redirects untrusted website navigation in an anonymous and isolated Hyper-V based container, which is separate from the host operating system. With Enterprise mode, you can define your corporate boundaries by explicitly adding trusted domains and can customizing the Application Guard experience to meet and enforce your organization needs on Windows devices. | +| **[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)** | Standalone mode allows Windows users to use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, user must manually start Microsoft Edge in Application Guard from Edge menu for browsing untrusted sites. | +| **[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)** | Microsoft Defender Application Guard protects users' desktop while they browse the Internet using Microsoft Edge browser. Application Guard in enterprise mode automatically redirects untrusted website navigation in an anonymous and isolated Hyper-V based container, which is separate from the host operating system. With Enterprise mode, you can define your corporate boundaries by explicitly adding trusted domains and can customizing the Application Guard experience to meet and enforce your organization needs on Windows devices. | | **Microsoft Defender Application Guard (MDAG) public APIs** | Enable applications using them to be isolated Hyper-V based container, which is separate from the host operating system. | | **[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)** | Application Guard protects Office files including Word, PowerPoint, and Excel. Application icons have a small shield if Application Guard has been enabled and they are under protection. | | **[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)** | The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. | -| **[Windows containers](/virtualization/windowscontainers/about/)** | Universal Windows Platform (UWP) applications run in Windows containers known as app containers. Processes that run in app containers operate with low integrity level, meaning they have limited access to resources they don't own. Because the default integrity level of most resources is medium integrity level, the UWP app can access only a subset of the filesystem, registry, and other resources. The app container also enforces restrictions on network connectivity; for example, access to a local host isn't allowed. As a result, malware or infected apps have limited footprint for escape. | -| **[Windows Sandbox](../../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. | +| **[App containers](/virtualization/windowscontainers/about/)** | Universal Windows Platform (UWP) applications run in Windows containers known as app containers. Processes that run in app containers operate with low integrity level, meaning they have limited access to resources they don't own. Because the default integrity level of most resources is medium integrity level, the UWP app can access only a subset of the filesystem, registry, and other resources. The app container also enforces restrictions on network connectivity; for example, access to a local host isn't allowed. As a result, malware or infected apps have limited footprint for escape. | +| **[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. | diff --git a/windows/security/includes/sections/cloud-services-protecting-your-work-information-overview.md b/windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md similarity index 55% rename from windows/security/includes/sections/cloud-services-protecting-your-work-information-overview.md rename to windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md index 3f4998f4bc..e8229e83bb 100644 --- a/windows/security/includes/sections/cloud-services-protecting-your-work-information-overview.md +++ b/windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md @@ -1,26 +1,30 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Protecting Your Work Information features. +The following table lists the edition applicability for all Protect your work information features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| |[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes| -|[Security baselines](/mem/intune/protect/security-baselines)|Yes|Yes|Yes|Yes| +|[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)|Yes|Yes|Yes|Yes| |[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes| -|[Manage by Mobile Device Management (MDM) and group policy](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)|Yes|Yes|Yes|Yes| +|[Modern device management through (MDM)](/windows/client-management/mdm-overview)|Yes|Yes|Yes|Yes| |[Universal Print](/universal-print/)|Yes|Yes|Yes|Yes| +|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|❌|Yes| +|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Protecting Your Work Information features. +The following table lists the licensing applicability for all Protect your work information features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| |[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes|Yes| -|[Security baselines](/mem/intune/protect/security-baselines)|Yes|Yes|Yes|Yes|Yes| +|[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)|Yes|Yes|Yes|Yes|Yes| |[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes|Yes| -|[Manage by Mobile Device Management (MDM) and group policy](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)|Yes|Yes|Yes|Yes|Yes| +|[Modern device management through (MDM)](/windows/client-management/mdm-overview)|Yes|Yes|Yes|Yes|Yes| |[Universal Print](/universal-print/)|❌|Yes|Yes|Yes|Yes| +|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|Yes|❌|❌| +|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/cloud-services-update-overview.md b/windows/security/includes/sections/cloud-services-update-overview.md deleted file mode 100644 index b20a97756d..0000000000 --- a/windows/security/includes/sections/cloud-services-update-overview.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 06/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Update features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|❌|Yes| -|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Update features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|Yes|❌|❌| -|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/cloud-services.md b/windows/security/includes/sections/cloud-services.md index 4c2d636206..07fc5b88b5 100644 --- a/windows/security/includes/sections/cloud-services.md +++ b/windows/security/includes/sections/cloud-services.md @@ -1,23 +1,18 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/06/2023 +ms.date: 08/02/2023 ms.topic: include --- -## Protecting Your Work Information +## Protect your work information -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)** | Microsoft Azure Active Directory is a comprehensive cloud-based identity management solution that helps enable secure access to applications, networks, and other resources and guard against threats. | -| **[Security baselines](/mem/intune/protect/security-baselines)** | Windows 11 supports modern device management so that IT pros can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With MDM solutions, IT can manage Windows 11 using industry-standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate MDM client.

Windows 11 can be configured with Microsoft's MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. The security baseline enables IT administrators to easily address security concerns and compliance needs for modern cloud-managed devices. | +| **[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)** | Windows 11 supports modern device management so that IT pros can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With MDM solutions, IT can manage Windows 11 using industry-standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate MDM client.

Windows 11 can be configured with Microsoft's MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. The security baseline enables IT administrators to easily address security concerns and compliance needs for modern cloud-managed devices. | | **[Remote wipe](/windows/client-management/mdm/remotewipe-csp)** | When a device is lost or stolen, IT administrators may want to remotely wipe data stored on the device. A helpdesk agent may also want to reset devices to fix issues encountered by remote workers.

With the Remote Wipe configuration service provider (CSP), an MDM solution can remotely initiate any of the following operations on a Windows device: reset the device and remove user accounts and data, reset the device and clean the drive, reset the device but persist user accounts and data. | -| **[Manage by Mobile Device Management (MDM) and group policy](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)** | Windows 11 supports modern device management so that IT pros can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With MDM solutions, IT can manage Windows 11 using industry-standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate MDM client. | -| **[Universal Print](/universal-print/)** | Unlike traditional print solutions that rely on Windows print servers, Universal Print is a
Microsoft hosted cloud subscription service that supports a zero-trust security model by
enabling network isolation of printers, including the Universal Print connector software, from
the rest of the organization's resources. | - -## Update - -| Security Measures | Features & Capabilities | -|:---|:---| +| **[Modern device management through (MDM)](/windows/client-management/mdm-overview)** | Windows 11 supports modern device management through mobile device management (MDM) protocols.

IT pros can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With MDM solutions, IT can manage Windows 11 using industry-standard protocols.

To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate MDM client. | +| **[Universal Print](/universal-print/)** | Unlike traditional print solutions that rely on Windows print servers, Universal Print is a Microsoft hosted cloud subscription service that supports a zero-trust security model by enabling network isolation of printers, including the Universal Print connector software, from the rest of the organization's resources. | | **[Windows Autopatch](/windows/deployment/windows-autopatch/)** | With the Autopatch service, IT teams can delegate management of updates to Windows 10/11, Microsoft Edge, and Microsoft 365 apps to Microsoft. Under the hood, Autopatch takes over configuration of the policies and deployment service of Windows Update for Business. What the customer gets are endpoints that are up to date, thanks to dynamically generated rings for progressive deployment that will pause and/or roll back updates (where possible) when issues arise.

The goal is to provide peace of mind to IT pros, encourage rapid adoption of updates, and to reduce bandwidth required to deploy them successfully, thereby closing gaps in protection that may have been open to exploitation by malicious actors. | | **[Windows Autopilot](/windows/deployment/windows-autopilot)** | Windows Autopilot simplifies the way devices get deployed, reset, and repurposed, with an experience that is zero touch for IT. | diff --git a/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md b/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md index cb297f9fb2..f26f101fca 100644 --- a/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md +++ b/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md @@ -1,22 +1,22 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Hardware Root-Of-Trust features. +The following table lists the edition applicability for all Hardware root-of-trust features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| -|[Windows Defender System Guard](../../hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)|Yes|Yes|Yes|Yes| -|[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes| -|[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes| +|[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)|Yes|Yes|Yes|Yes| +|[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes| +|[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Hardware Root-Of-Trust features. +The following table lists the licensing applicability for all Hardware root-of-trust features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| -|[Windows Defender System Guard](../../hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)|Yes|Yes|Yes|Yes|Yes| -|[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes|Yes| +|[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)|Yes|Yes|Yes|Yes|Yes| +|[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes|Yes| +|[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/hardware-secured-core-pc-overview.md b/windows/security/includes/sections/hardware-secured-core-pc-overview.md new file mode 100644 index 0000000000..375113899e --- /dev/null +++ b/windows/security/includes/sections/hardware-secured-core-pc-overview.md @@ -0,0 +1,20 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +The following table lists the edition applicability for all Secured-core PC features. + +|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:-:|:-:|:-:|:-:|:-:| +|[Secured-core PC firmware protection ](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes| +|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes| + +The following table lists the licensing applicability for all Secured-core PC features. + +|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:-:|:-:|:-:|:-:|:-:|:-:| +|[Secured-core PC firmware protection ](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes|Yes| +|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/hardware-silicon-assisted-security-secured-kernel-overview.md b/windows/security/includes/sections/hardware-silicon-assisted-security-overview.md similarity index 55% rename from windows/security/includes/sections/hardware-silicon-assisted-security-secured-kernel-overview.md rename to windows/security/includes/sections/hardware-silicon-assisted-security-overview.md index fb61005d36..bfa7184c12 100644 --- a/windows/security/includes/sections/hardware-silicon-assisted-security-secured-kernel-overview.md +++ b/windows/security/includes/sections/hardware-silicon-assisted-security-overview.md @@ -1,26 +1,24 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Silicon Assisted Security (Secured Kernel) features. +The following table lists the edition applicability for all Silicon assisted security features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| |[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)|Yes|Yes|Yes|Yes| -|[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)|Yes|Yes|Yes|Yes| +|[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)|Yes|Yes|Yes|Yes| |[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)|Yes|Yes|Yes|Yes| -|[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes| -|[Kernel Direct Memory Access (DMA) protection](../../hardware-security/kernel-dma-protection-for-thunderbolt.md)|Yes|Yes|Yes|Yes| +|[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Silicon Assisted Security (Secured Kernel) features. +The following table lists the licensing applicability for all Silicon assisted security features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| |[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)|Yes|Yes|Yes|Yes|Yes| -|[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)|Yes|Yes|Yes|Yes|Yes| +|[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)|Yes|Yes|Yes|Yes|Yes| |[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)|Yes|Yes|Yes|Yes|Yes| -|[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes|Yes| -|[Kernel Direct Memory Access (DMA) protection](../../hardware-security/kernel-dma-protection-for-thunderbolt.md)|Yes|Yes|Yes|Yes|Yes| +|[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/hardware.md b/windows/security/includes/sections/hardware.md index 52202f35f7..11a4f97b60 100644 --- a/windows/security/includes/sections/hardware.md +++ b/windows/security/includes/sections/hardware.md @@ -1,24 +1,30 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/06/2023 +ms.date: 08/02/2023 ms.topic: include --- -## Hardware Root-Of-Trust +## Hardware root-of-trust -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| -| **[Windows Defender System Guard](../../hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)** | In Secured-core PCs, Windows Defender System Guard Secure Launch protects bootup with a technology known as the Dynamic Root of Trust for Measurement (DRTM). With DRTM, the system initially follows the normal UEFI Secure Boot process. However, before launching, the system enters a hardware-controlled trusted state that forces the CPU(s) down a hardware-secured code path. If a malware rootkit/bootkit has bypassed UEFI Secure Boot and resides in memory, DRTM will prevent it from accessing secrets and critical code protected by the virtualization-based security environment. Firmware Attack Surface Reduction technology can be used instead of DRTM on supporting devices such as Microsoft Surface. | -| **[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)** | TPMs provide security and privacy benefits for system hardware, platform owners, and users. Windows Hello, BitLocker, Windows Defender System Guard, and other Windows features rely on the TPM for capabilities such as key generation, secure storage, encryption, boot integrity measurements, and attestation. The 2.0 version of the specification includes support for newer algorithms, which can improve driver signing and key generation performance.

Starting with Windows 10, Microsoft's hardware certification requires all new Windows PCs to include TPM 2.0 built in and enabled by default. With Windows 11, both new and upgraded devices must have TPM 2.0. | -| **[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)** | Microsoft Pluton security processors are designed by Microsoft in partnership with silicon partners. Pluton enhances the protection of Windows devices with a hardware root-of-trust that provides additional protection for cryptographic keys and other secrets. Pluton is designed to reduce the attack surface as it integrates the security chip directly into the processor. It can be used with a discreet TPM 2.0, or as a standalone security processor. When root of trust is located on a separate, discrete chip on the motherboard, the communication path between the root-of-trust and the CPU can be vulnerable to physical attack. Pluton supports the TPM 2.0 industry standard, allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPMs including BitLocker, Windows Hello, and Windows Defender System Guard.

In addition to providing root-of trust, Pluton also supports other security functionality beyond what is possible with the TPM 2.0 specification, and this extensibility allows for additional Pluton firmware and OS features to be delivered over time via Windows Update. Pluton-enabled Windows 11 devices are available and the selection of options with Pluton is growing. | +| **[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)** | In Secured-core PCs, Windows Defender System Guard Secure Launch protects bootup with a technology known as the Dynamic Root of Trust for Measurement (DRTM). With DRTM, the system initially follows the normal UEFI Secure Boot process. However, before launching, the system enters a hardware-controlled trusted state that forces the CPU(s) down a hardware-secured code path. If a malware rootkit/bootkit has bypassed UEFI Secure Boot and resides in memory, DRTM will prevent it from accessing secrets and critical code protected by the virtualization-based security environment. Firmware Attack Surface Reduction technology can be used instead of DRTM on supporting devices such as Microsoft Surface. | +| **[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)** | TPMs provide security and privacy benefits for system hardware, platform owners, and users. Windows Hello, BitLocker, Windows Defender System Guard, and other Windows features rely on the TPM for capabilities such as key generation, secure storage, encryption, boot integrity measurements, and attestation. The 2.0 version of the specification includes support for newer algorithms, which can improve driver signing and key generation performance.

Starting with Windows 10, Microsoft's hardware certification requires all new Windows PCs to include TPM 2.0 built in and enabled by default. With Windows 11, both new and upgraded devices must have TPM 2.0. | +| **[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)** | Microsoft Pluton security processors are designed by Microsoft in partnership with silicon partners. Pluton enhances the protection of Windows devices with a hardware root-of-trust that provides additional protection for cryptographic keys and other secrets. Pluton is designed to reduce the attack surface as it integrates the security chip directly into the processor. It can be used with a discreet TPM 2.0, or as a standalone security processor. When root of trust is located on a separate, discrete chip on the motherboard, the communication path between the root-of-trust and the CPU can be vulnerable to physical attack. Pluton supports the TPM 2.0 industry standard, allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPMs including BitLocker, Windows Hello, and Windows Defender System Guard.

In addition to providing root-of trust, Pluton also supports other security functionality beyond what is possible with the TPM 2.0 specification, and this extensibility allows for additional Pluton firmware and OS features to be delivered over time via Windows Update. Pluton-enabled Windows 11 devices are available and the selection of options with Pluton is growing. | -## Silicon Assisted Security (Secured Kernel) +## Silicon assisted security -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)** | In addition to a modern hardware root-of-trust, there are numerous other capabilities in the latest chips that harden the operating system against threats, such as by protecting the boot process, safeguarding the integrity of memory, isolating security sensitive compute logic, and more. Two examples include Virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI). Virtualization-based security (VBS), also known as core isolation, is a critical building block in a secure system. VBS uses hardware virtualization features to host a secure kernel separated from the operating system. This means that even if the operating system is compromised, the secure kernel remains protected.

Starting with Windows 10, all new devices are required to ship with firmware support for VBS and HCVI enabled by default in the BIOS. Customers can then enable the OS support in Windows.
With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites. | -| **[Hypervisor-protected Code Integrity (HVCI)](/windows-hardware/design/device-experiences/oem-hvci-enablement)** | Hypervisor-protected code integrity (HVCI), also called memory integrity, uses VBS to run Kernel Mode Code Integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel. This helps to prevent attacks that attempt to modify kernel mode code, such as drivers. The KMCI role is to check that all kernel code is properly signed and hasn't been tampered with before it is allowed to run. HVCI helps to ensure that only validated code can be executed in kernel-mode.

Starting with Windows 10, all new devices are required to ship with firmware support for VBS and HCVI enabled by default in the BIOS. Customers can then enable the OS support in Windows.
With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites. | +| **[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)** | Hypervisor-protected code integrity (HVCI), also called memory integrity, uses VBS to run Kernel Mode Code Integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel. This helps to prevent attacks that attempt to modify kernel mode code, such as drivers. The KMCI role is to check that all kernel code is properly signed and hasn't been tampered with before it is allowed to run. HVCI helps to ensure that only validated code can be executed in kernel-mode.

Starting with Windows 10, all new devices are required to ship with firmware support for VBS and HCVI enabled by default in the BIOS. Customers can then enable the OS support in Windows.
With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites. | | **[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)** | Hardware-enforced stack protection integrates software and hardware for a modern defense against cyberthreats such as memory corruption and zero-day exploits. Based on Control-flow Enforcement Technology (CET) from Intel and AMD Shadow Stacks, hardware-enforced stack protection is designed to protect against exploit techniques that try to hijack return addresses on the stack. | -| **[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)** | Microsoft has worked with OEM partners to offer a special category of devices called Secured-core PCs. The devices ship with additional security measures enabled at the firmware layer, or device core, that underpins Windows. Secured-core PCs help prevent malware attacks and minimize firmware vulnerabilities by launching into a clean and trusted state at startup with a hardware-enforced root of trust. Virtualization-based security comes enabled by default. And with built-in hypervisor protected code integrity (HVCI) shielding system memory, Secured-core PCs ensure that all executables are signed by known and approved authorities only. Secured-core PCs also protect against physical threats such as drive-by Direct Memory Access (DMA) attacks. | -| **[Kernel Direct Memory Access (DMA) protection](../../hardware-security/kernel-dma-protection-for-thunderbolt.md)** | Kernel DMA Protection protects against external peripherals from gaining unauthorized access to memory. Physical threats such as drive-by Direct Memory Access (DMA) attacks typically happen quickly while the system owner isn't present. PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with the plug-and-play ease of USB. Because PCI hot plug ports are external and easily accessible, devices are susceptible to drive-by DMA attacks. | +| **[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)** | Kernel DMA Protection protects against external peripherals from gaining unauthorized access to memory. Physical threats such as drive-by Direct Memory Access (DMA) attacks typically happen quickly while the system owner isn't present. PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with the plug-and-play ease of USB. Because PCI hot plug ports are external and easily accessible, devices are susceptible to drive-by DMA attacks. | + +## Secured-core PC + +| Feature name | Description | +|:---|:---| +| **[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)** | Microsoft has worked with OEM partners to offer a special category of devices called Secured-core PCs. The devices ship with additional security measures enabled at the firmware layer, or device core, that underpins Windows. Secured-core PCs help prevent malware attacks and minimize firmware vulnerabilities by launching into a clean and trusted state at startup with a hardware-enforced root of trust. Virtualization-based security comes enabled by default. And with built-in hypervisor protected code integrity (HVCI) shielding system memory, Secured-core PCs ensure that all executables are signed by known and approved authorities only. Secured-core PCs also protect against physical threats such as drive-by Direct Memory Access (DMA) attacks. | +| **[Secured-core configuration lock](/windows/client-management/config-lock)** | Secured-core configuration lock is a Secured-core PC (SCPC) feature that prevents users from making unwanted changes to security settings. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired SCPC state in seconds. | diff --git a/windows/security/includes/sections/identity-advanced-credential-protection-overview.md b/windows/security/includes/sections/identity-advanced-credential-protection-overview.md index c8f646fb31..3001baf090 100644 --- a/windows/security/includes/sections/identity-advanced-credential-protection-overview.md +++ b/windows/security/includes/sections/identity-advanced-credential-protection-overview.md @@ -1,11 +1,11 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Advanced Credential Protection features. +The following table lists the edition applicability for all Advanced credential protection features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| @@ -16,7 +16,7 @@ The following table lists the edition applicability for all Advanced Credential |[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)|❌|Yes|❌|Yes| |[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Advanced Credential Protection features. +The following table lists the licensing applicability for all Advanced credential protection features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| diff --git a/windows/security/includes/sections/identity-passwordless-sign-in-overview.md b/windows/security/includes/sections/identity-passwordless-sign-in-overview.md index c2666f968d..52ab799dbe 100644 --- a/windows/security/includes/sections/identity-passwordless-sign-in-overview.md +++ b/windows/security/includes/sections/identity-passwordless-sign-in-overview.md @@ -1,11 +1,11 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Passwordless Sign In features. +The following table lists the edition applicability for all Passwordless sign in features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| @@ -16,7 +16,7 @@ The following table lists the edition applicability for all Passwordless Sign In |[Federated sign-in](/education/windows/federated-sign-in)|❌|❌|Yes|Yes| |[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Passwordless Sign In features. +The following table lists the licensing applicability for all Passwordless sign in features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| diff --git a/windows/security/includes/sections/identity.md b/windows/security/includes/sections/identity.md index b31aaf1ca9..139daf8cd2 100644 --- a/windows/security/includes/sections/identity.md +++ b/windows/security/includes/sections/identity.md @@ -1,13 +1,13 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/06/2023 +ms.date: 08/02/2023 ms.topic: include --- -## Passwordless Sign In +## Passwordless sign in -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)** | Windows 11 devices can protect user identities by removing the need to use passwords from day one. It's easy to get started with the method that's right for your organization. A password may only need to be used once during the provisioning process, after which people use a PIN, face, or fingerprint to unlock credentials and sign into the device.

Windows Hello for Business replaces the username and password by combining a security key or certificate with a PIN or biometrics data, and then mapping the credentials to a user account during setup. There are multiple ways to deploy Windows Hello for Business, depending on your organization's needs. Organizations that rely on certificates typically use on-premises public key infrastructure (PKI) to support authentication through Certificate Trust. Organizations using key trust deployment require root-of-trust provided by certificates on domain controllers. | | **[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)** | Windows presence sensing provides another layer of data security protection for hybrid workers. Windows 11 devices can intelligently adapt to your presence to help you stay secure and productive, whether you're working at home, the office, or a public environment. Windows presence sensing combines presence detection sensors with Windows Hello facial recognition to automatically lock your device when you leave, and then unlock your device and sign you in using Windows Hello facial recognition when you return. Requires OEM supporting hardware. | @@ -16,12 +16,12 @@ ms.topic: include | **[Federated sign-in](/education/windows/federated-sign-in)** | Windows 11 Education editions support federated sign-in with third-party identity providers. Federated sign-in enables secure sign in through methods like QR codes or pictures. | | **[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)** | Organizations also have the option of using smart cards, an authentication method that pre-dates biometric sign in. Smart cards are tamper-resistant, portable storage devices that can enhance Windows security when authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Smart cards can only be used to sign into domain accounts, not local accounts. When a password is used to sign into a domain account, Windows uses the Kerberos version 5 (v5) protocol for authentication. If you use a smart card, the operating system uses Kerberos v5 authentication with X.509 v3 certificates. | -## Advanced Credential Protection +## Advanced credential protection -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Windows LAPS](/windows-server/identity/laps/laps-overview)** | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory-joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it. | -| **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | | +| **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | Account Lockout Policy settings control the response threshold for failed logon attempts and the actions to be taken after the threshold is reached. | | **[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)** | Users who are still using passwords can benefit from powerful credential protection. Microsoft Defender SmartScreen includes enhanced phishing protection to automatically detect when a user enters their Microsoft password into any app or website. Windows then identifies if the app or site is securely authenticating to Microsoft and warns if the credentials are at risk. Since users are alerted at the moment of potential credential theft, they can take preemptive action before their password is used against them or their organization. | | **[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.

Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. | | **[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)** | Enabled by default in Windows 11 Enterprise, Windows Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.

By protecting the LSA process with Virtualization-based security, Windows Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. | diff --git a/windows/security/includes/sections/operating-system-modern-device-management-overview.md b/windows/security/includes/sections/operating-system-modern-device-management-overview.md deleted file mode 100644 index b43f14f6ef..0000000000 --- a/windows/security/includes/sections/operating-system-modern-device-management-overview.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 06/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Modern Device Management features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes| -|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes| -|[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Modern Device Management features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes|Yes| -|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes|Yes| -|[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system-encryption-and-data-protection-overview.md b/windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md similarity index 87% rename from windows/security/includes/sections/operating-system-encryption-and-data-protection-overview.md rename to windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md index 68b64731f3..2e3a4bc483 100644 --- a/windows/security/includes/sections/operating-system-encryption-and-data-protection-overview.md +++ b/windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md @@ -1,11 +1,11 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Data Protection features. +The following table lists the edition applicability for all Encryption and data protection features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| @@ -15,7 +15,7 @@ The following table lists the edition applicability for all Data Protection feat |[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)|❌|Yes|❌|Yes| |[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Data Protection features. +The following table lists the licensing applicability for all Encryption and data protection features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| diff --git a/windows/security/includes/sections/operating-system-network-security-overview.md b/windows/security/includes/sections/operating-system-security-network-security-overview.md similarity index 92% rename from windows/security/includes/sections/operating-system-network-security-overview.md rename to windows/security/includes/sections/operating-system-security-network-security-overview.md index 95b71a85f8..4c80e4638c 100644 --- a/windows/security/includes/sections/operating-system-network-security-overview.md +++ b/windows/security/includes/sections/operating-system-security-network-security-overview.md @@ -1,11 +1,11 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Network Security features. +The following table lists the edition applicability for all Network security features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| @@ -14,13 +14,13 @@ The following table lists the edition applicability for all Network Security fea |[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)|Yes|Yes|Yes|Yes| |Opportunistic Wireless Encryption (OWE)|Yes|Yes|Yes|Yes| |[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)|Yes|Yes|Yes|Yes| -|[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes| +|[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes| |[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)|❌|Yes|❌|Yes| |[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)|❌|Yes|❌|Yes| |[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)|Yes|Yes|Yes|Yes| |[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Network Security features. +The following table lists the licensing applicability for all Network security features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| @@ -29,7 +29,7 @@ The following table lists the licensing applicability for all Network Security f |[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)|Yes|Yes|Yes|Yes|Yes| |Opportunistic Wireless Encryption (OWE)|Yes|Yes|Yes|Yes|Yes| |[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)|Yes|Yes|Yes|Yes|Yes| -|[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes|Yes| +|[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes|Yes| |[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)|❌|Yes|Yes|Yes|Yes| |[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)|❌|Yes|Yes|Yes|Yes| |[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system-system-security-overview.md b/windows/security/includes/sections/operating-system-security-system-security-overview.md similarity index 74% rename from windows/security/includes/sections/operating-system-system-security-overview.md rename to windows/security/includes/sections/operating-system-security-system-security-overview.md index 426c265aca..12fd22a870 100644 --- a/windows/security/includes/sections/operating-system-system-security-overview.md +++ b/windows/security/includes/sections/operating-system-security-system-security-overview.md @@ -1,22 +1,24 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all System Security features. +The following table lists the edition applicability for all System security features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| |[Secure Boot and Trusted Boot](/windows/security/trusted-boot)|Yes|Yes|Yes|Yes| |[Measured boot](/windows/compatibility/measured-boot)|Yes|Yes|Yes|Yes| |[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)|Yes|Yes|Yes|Yes| +|[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all System Security features. +The following table lists the licensing applicability for all System security features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| |[Secure Boot and Trusted Boot](/windows/security/trusted-boot)|Yes|Yes|Yes|Yes|Yes| |[Measured boot](/windows/compatibility/measured-boot)|Yes|Yes|Yes|Yes|Yes| |[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)|Yes|Yes|Yes|Yes|Yes| +|[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system-virus-and-threat-protection-overview.md b/windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md similarity index 77% rename from windows/security/includes/sections/operating-system-virus-and-threat-protection-overview.md rename to windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md index 4853fdc620..7d693fecd2 100644 --- a/windows/security/includes/sections/operating-system-virus-and-threat-protection-overview.md +++ b/windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md @@ -1,33 +1,31 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- -The following table lists the edition applicability for all Virus And Threat Protection features. +The following table lists the edition applicability for all Virus and threat protection features. |Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:-:|:-:|:-:|:-:|:-:| |[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)|Yes|Yes|Yes|Yes| -|Local Security Authority (LSA) Protection|Yes|Yes|Yes|Yes| +|[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)|Yes|Yes|Yes|Yes| |[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)|Yes|Yes|Yes|Yes| |[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)|Yes|Yes|Yes|Yes| -|[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules#microsoft-vulnerable-driver-blocklist)|Yes|Yes|Yes|Yes| |[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)|Yes|Yes|Yes|Yes| |[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)|Yes|Yes|Yes|Yes| |[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)|Yes|Yes|Yes|Yes| |[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)|Yes|Yes|Yes|Yes| -The following table lists the licensing applicability for all Virus And Threat Protection features. +The following table lists the licensing applicability for all Virus and threat protection features. |Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:-:|:-:|:-:|:-:|:-:|:-:| |[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)|Yes|Yes|Yes|Yes|Yes| -|Local Security Authority (LSA) Protection|Yes|Yes|Yes|Yes|Yes| +|[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)|Yes|Yes|Yes|Yes|Yes| |[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)|Yes|Yes|Yes|Yes|Yes| |[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules#microsoft-vulnerable-driver-blocklist)|Yes|Yes|Yes|Yes|Yes| |[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)|Yes|Yes|Yes|Yes|Yes| |[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)|Yes|Yes|Yes|Yes|Yes| |[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system.md b/windows/security/includes/sections/operating-system-security.md similarity index 76% rename from windows/security/includes/sections/operating-system.md rename to windows/security/includes/sections/operating-system-security.md index e4414bfaaf..3a748fac25 100644 --- a/windows/security/includes/sections/operating-system.md +++ b/windows/security/includes/sections/operating-system-security.md @@ -1,61 +1,53 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 07/31/2023 +ms.date: 08/02/2023 ms.topic: include --- -## System Security +## System security -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Secure Boot and Trusted Boot](/windows/security/trusted-boot)** | Secure Boot and Trusted Boot help to prevent malware and corrupted components from loading when a device starts.

Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure the system boots up safely and securely. | | **[Measured boot](/windows/compatibility/measured-boot)** | Measured Boot measures all important code and configuration settings during the boot of Windows. This includes: the firmware, boot manager, hypervisor, kernel, secure kernel and operating system. Measured Boot stores the measurements in the TPM on the machine, and makes them available in a log that can be tested remotely to verify the boot state of the client.

The Measured Boot feature provides antimalware software with a trusted (resistant to spoofing and tampering) log of all boot components that started before it. The antimalware software can use the log to determine whether components that ran before it are trustworthy, or if they are infected with malware. The antimalware software on the local machine can send the log to a remote server for evaluation. The remote server may initiate remediation actions, either by interacting with software on the client, or through out-of-band mechanisms, as appropriate. | | **[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)** | The Windows device health attestation process supports a zero-trust paradigm that shifts the focus from static, network-based perimeters, to users, assets, and resources. The attestation process confirms the device, firmware, and boot process are in a good state and have not been tampered with before they can access corporate resources. The determinations are made with data stored in the TPM, which provides a secure root of trust. The information is sent to an attestation service, such as Azure Attestation, to verify the device is in a trusted state. Then, an MDM tool like Microsoft Intune reviews device health and connects this information with Azure Active Directory for conditional access. | +| **[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)** | Microsoft provides a robust set of security settings policies that IT administrators can use to protect Windows devices and other resources in their organization. | -## Virus And Threat Protection +## Virus and threat protection -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)** | Microsoft Defender Antivirus is a protection solution included in all versions of Windows. From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help keep your device safe and protect it from threats. Microsoft Defender Antivirus includes real-time, behavior-based, and heuristic antivirus protection.

The combination of always-on content scanning, file and process behavior monitoring, and other heuristics effectively prevents security threats. Microsoft Defender Antivirus continually scans for malware and threats and also detects and blocks potentially unwanted applications (PUA) which are applications that are deemed to negatively impact your device but are not considered malware. | -| **Local Security Authority (LSA) Protection** | Windows has several critical processes to verify a user's identity. Verification processes include Local Security Authority (LSA), which is responsible for authenticating users and verifying Windows logins. LSA handles tokens and credentials such as passwords that are used for single sign-on to a Microsoft account and Azure services. To help protect these credentials, additional LSA protection only allows loading of trusted, signed code and provides significant protection against Credential theft.

LSA protection is enabled by default on new, enterprise joined Windows 11 devices with added support for non-UEFI lock and policy management controls via MDM and group policy. | +| **[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)** | Windows has several critical processes to verify a user's identity. Verification processes include Local Security Authority (LSA), which is responsible for authenticating users and verifying Windows logins. LSA handles tokens and credentials such as passwords that are used for single sign-on to a Microsoft account and Azure services. To help protect these credentials, additional LSA protection only allows loading of trusted, signed code and provides significant protection against Credential theft.

LSA protection is enabled by default on new, enterprise joined Windows 11 devices with added support for non-UEFI lock and policy management controls via MDM and group policy. | | **[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)** | Attack surface reduction (ASR) rules help to prevent software behaviors that are often abused to compromise your device or network. By reducing the number of attack surfaces, you can reduce the overall vulnerability of your organization.

Administrators can configure specific ASR rules to help block certain behaviors, such as launching executable files and scripts that attempt to download or run files, running obfuscated or otherwise suspicious scripts, performing behaviors that apps don't usually initiate during normal day-to-day work. | | **[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)** | Tamper protection is a capability in Microsoft Defender for Endpoint that helps protect certain security settings, such as virus and threat protection, from being disabled or changed. During some kinds of cyber attacks, bad actors try to disable security features on devices. Disabling security features provides bad actors with easier access to your data, the ability to install malware, and the ability to exploit your data, identity, and devices. Tamper protection helps guard against these types of activities. | -| **[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules#microsoft-vulnerable-driver-blocklist)** | The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Microsoft works with the ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers.

Prior to Windows 11, version 22H2, the operating system enforced a block policy when HVCI is enabled to prevent vulnerable versions of drivers from running. Starting in Windows 11, version 22H2, the block policy is enabled by default for all new Windows devices, and users can opt in to enforce the policy from the **Windows Security** settings. | | **[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)** | You can protect your valuable information in specific folders by managing app access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Commonly used folders, such as those used for documents, pictures, downloads, are typically included in the list of controlled folders. Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the trusted list are prevented from making any changes to files inside protected folders.

Controlled folder access helps to protect user's valuable data from malicious apps and threats, such as ransomware. | | **[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)** | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. You can enable exploit protection on an individual device, and then use MDM or group policy to distribute the configuration file to multiple devices. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors. | | **[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)** | Microsoft Defender SmartScreen protects against phishing, malware websites and applications, and the downloading of potentially malicious files. For enhanced phishing protection, SmartScreen also alerts people when they are entering their credentials into a potentially risky location. IT can customize which notifications appear via MDM or group policy. The protection runs in audit mode by default, giving IT admins full control to make decisions around policy creation and enforcement. | | **[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)** | Microsoft Defender for Endpoint is an enterprise endpoint detection and response solution that helps security teams to detect, investigate, and respond to advanced threats. Organizations can use the rich event data and attack insights Defender for Endpoint provides to investigate incidents. Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents: endpoint behavioral sensors, cloud security analytics, threat intelligence and rich response capabilities. | -## Network Security +## Network security -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)** | Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a network. TLS 1.3 is the latest version of the protocol and is enabled by default in Windows 11. This version eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the TLS handshake as possible. The handshake is more performant with one fewer round trip per connection on average, and supports only five strong cipher suites which provide perfect forward secrecy and less operational risk. | | **Bluetooth pairing and connection protection** | The number of Bluetooth devices connected to Windows continues to increase. Windows supports all standard Bluetooth pairing protocols, including classic and LE Secure connections, secure simple pairing, and classic and LE legacy pairing. Windows also implements host based LE privacy. Windows updates help users stay current with OS and driver security features in accordance with the Bluetooth Special Interest Group (SIG), Standard Vulnerability Reports, as well as issues beyond those required by the Bluetooth core industry standards. Microsoft strongly recommends that users ensure their firmware and/ or software of their Bluetooth accessories are kept up to date. | | **[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)** | Wi-Fi Protected Access (WPA) is a security certification programs designed to secure wireless networks. WPA3 is the latest version of the certification and provides a more secure and reliable connection method as compared to WPA2 and older security protocols. Windows supports three WPA3 modes: WPA3 personal with the Hash-to-Element (H2E) protocol, WPA3 Enterprise, and WPA3 Enterprise 192-bit Suite B.

Windows 11 also supports WFA defined WPA3 Enterprise that includes enhanced Server Cert validation and TLS 1.3 for authentication using EAP-TLS Authentication. | | **Opportunistic Wireless Encryption (OWE)** | Opportunistic Wireless Encryption (OWE) is a technology that allows wireless devices to establish encrypted connections to public Wi-Fi hotspots. | -| **[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)** | Windows Firewall with Advanced Security provides host-based, two-way network traffic filtering, blocking unauthorized traffic flowing into or out of the local device based on the types of networks to which the device is connected. Windows Firewall reduces the attack surface of a device with rules to restrict or allow traffic by many properties such as IP addresses, ports, or program paths. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.

With its integration with Internet Protocol Security (IPsec), Windows Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data. Windows Firewall is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API). | -| **[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)** | The Windows VPN client platform includes built in VPN protocols, configuration support, a common VPN user interface, and programming support for custom VPN protocols. VPN apps are available in the Microsoft Store for both enterprise and consumer VPNs, including apps for the most popular enterprise VPN gateways.

In Windows 11, the most commonly used VPN controls are integrated right into the Quick Actions pane. From the Quick Actions pane, users can see the status of their VPN, start and stop the VPN tunnels, and access the Settings app for more controls. | -| **[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)** | | +| **[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)** | Windows Firewall with Advanced Securityprovides host-based, two-way network traffic filtering, blocking unauthorized traffic flowing into or out of the local device based on the types of networks to which the device is connected. Windows Firewall reduces the attack surface of a device with rules to restrict or allow traffic by many properties such as IP addresses, ports, or program paths. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.

With its integration with Internet Protocol Security (IPsec), Windows Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data. Windows Firewall is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API). | +| **[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)** | The Windows VPN client platform includes built in VPN protocols, configuration support, a common VPN user interface, and programming support for custom VPN protocols. VPN apps are available in the Microsoft Store for both enterprise and consumer VPNs, including apps for the most popular enterprise VPN gateways.

In Windows 11, the most commonly used VPN controls are integrated right into the Quick Actions pane. From the Quick Actions pane, users can see the status of their VPN, start and stop the VPN tunnels, and access the Settings app for more controls. | +| **[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)** | With Always On VPN, you can create a dedicated VPN profile for the device. Unlike User Tunnel, which only connects after a user logs on to the device, Device Tunnel allows the VPN to establish connectivity before a user sign-in. Both Device Tunnel and User Tunnel operate independently with their VPN profiles, can be connected at the same time, and can use different authentication methods and other VPN configuration settings as appropriate. | | **[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)** | DirectAccess allows connectivity for remote users to organization network resources without the need for traditional Virtual Private Network (VPN) connections.

With DirectAccess connections, remote devices are always connected to the organization and there's no need for remote users to start and stop connections. | | **[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)** | SMB Encryption provides end-to-end encryption of SMB data and protects data from eavesdropping occurrences on internal networks. In Windows 11, the SMB protocol has significant security updates, including AES-256 bits encryption, accelerated SMB signing, Remote Directory Memory Access (RDMA) network encryption, and SMB over QUIC for untrusted networks. Windows 11 introduces AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 encryption. Windows administrators can mandate the use of more advanced security or continue to use the more compatible, and still-safe, AES-128 encryption. | | **[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)** | SMB Direct (SMB over remote direct memory access) is a storage protocol that enables direct memory-to-memory data transfers between device and storage, with minimal CPU usage, while using standard RDMA-capable network adapters.

SMB Direct supports encryption, and now you can operate with the same safety as traditional TCP and the performance of RDMA. Previously, enabling SMB encryption disabled direct data placement, making RDMA as slow as TCP. Now data is encrypted before placement, leading to relatively minor performance degradation while adding AES-128 and AES-256 protected packet privacy. | -## Encryption And Data Protection +## Encryption and data protection -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)** | The BitLocker CSP allows an MDM solution, like Microsoft Intune, to manage the BitLocker encryption features on Windows devices. This includes OS volumes, fixed drives and removeable storage, and recovery key management into Azure AD. | | **[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)** | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker uses AES algorithm in XTS or CBC mode of operation with 128-bit or 256-bit key length to encrypt data on the volume. Cloud storage on Microsoft OneDrive or Azure can be used to save recovery key content. BitLocker can be managed by any MDM solution such as Microsoft Intune, using a configuration service provider (CSP).

BitLocker provides encryption for the OS, fixed data, and removable data drives leveraging technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot and TPM. | | **[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)** | Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the device user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives.

By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity. | | **[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)** | Personal data encryption (PDE) works with BitLocker and Windows Hello for Business to further protect user documents and other files, including when the device is turned on and locked. Files are encrypted automatically and seamlessly to give users more security without interrupting their workflow.

Windows Hello for Business is used to protect the container which houses the encryption keys used by PDE. When the user signs in, the container gets authenticated to release the keys in the container to decrypt user content. | | **[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)** | Email encryption enables users to encrypt outgoing email messages and attachments, so only intended recipients with a digital ID (certificate) can read them. Users can digitally sign a message, which verifies the identity of the sender and confirms the message has not been tampered with. The encrypted messages can be sent by a user to other users within their organization or external contacts if they have proper encryption certificates. | - -## Modern Device Management - -| Security Measures | Features & Capabilities | -|:---|:---| -| **[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)** | Microsoft provides a robust set of security settings policies that IT administrators can use to protect Windows devices and other resources in their organization. | -| **[Secured-core configuration lock](/windows/client-management/config-lock)** | In an enterprise organization, IT administrators enforce policies on their corporate devices to protect the OS and keep devices in a compliant state by preventing users from changing configurations and creating configuration drift. Configuration drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Secured-core configuration lock (config lock) is a Secured-core PC feature that prevents users from making unwanted changes to security settings. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds. | -| **[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)** | Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use: A single-app kiosk that runs a single Universal Windows Platform (UWP) app in full screen above the lock screen, or A multi-app kiosk that runs one or more apps from the desktop.

Kiosk configurations are based on Assigned Access, a feature in Windows that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. | diff --git a/windows/security/includes/sections/operating-systemmodern-device-management.md b/windows/security/includes/sections/operating-systemmodern-device-management.md new file mode 100644 index 0000000000..dc0e80924e --- /dev/null +++ b/windows/security/includes/sections/operating-systemmodern-device-management.md @@ -0,0 +1,6 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- diff --git a/windows/security/includes/sections/privacy.md b/windows/security/includes/sections/privacy.md index cb5118754a..dc0e80924e 100644 --- a/windows/security/includes/sections/privacy.md +++ b/windows/security/includes/sections/privacy.md @@ -1,6 +1,6 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/windows/security/includes/sections/security-foundations-certification-overview.md b/windows/security/includes/sections/security-foundations-certification-overview.md index 78601c07dd..e0e2175097 100644 --- a/windows/security/includes/sections/security-foundations-certification-overview.md +++ b/windows/security/includes/sections/security-foundations-certification-overview.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/windows/security/includes/sections/security-foundations-offensive-research-overview.md b/windows/security/includes/sections/security-foundations-offensive-research-overview.md new file mode 100644 index 0000000000..31fc1398bb --- /dev/null +++ b/windows/security/includes/sections/security-foundations-offensive-research-overview.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +The following table lists the edition applicability for all Offensive research features. + +|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:-:|:-:|:-:|:-:|:-:| +|Microsoft Security Development Lifecycle (SDL)|Yes|Yes|Yes|Yes| +|OneFuzz service|Yes|Yes|Yes|Yes| +|[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)|Yes|Yes|Yes|Yes| + +The following table lists the licensing applicability for all Offensive research features. + +|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:-:|:-:|:-:|:-:|:-:|:-:| +|Microsoft Security Development Lifecycle (SDL)|Yes|Yes|Yes|Yes|Yes| +|OneFuzz service|Yes|Yes|Yes|Yes|Yes| +|[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md b/windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md new file mode 100644 index 0000000000..4192382c08 --- /dev/null +++ b/windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +The following table lists the edition applicability for all Secure supply chain features. + +|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:-:|:-:|:-:|:-:|:-:| +|Software Bill of Materials (SBOM)|Yes|Yes|Yes|Yes| +|[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)|Yes|Yes|Yes|Yes| +|[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)|Yes|Yes|Yes|Yes| + +The following table lists the licensing applicability for all Secure supply chain features. + +|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:-:|:-:|:-:|:-:|:-:|:-:| +|Software Bill of Materials (SBOM)|Yes|Yes|Yes|Yes|Yes| +|[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)|Yes|Yes|Yes|Yes|Yes| +|[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md index 8c3cd14c92..23533d333f 100644 --- a/windows/security/includes/sections/security-foundations.md +++ b/windows/security/includes/sections/security-foundations.md @@ -1,13 +1,29 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 06/06/2023 +ms.date: 08/02/2023 ms.topic: include --- +## Offensive research + +| Feature name | Description | +|:---|:---| +| **Microsoft Security Development Lifecycle (SDL)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. | +| **OneFuzz service** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released. | +| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.

Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quicky fix the issues before releasing the final Windows. | + ## Certification -| Security Measures | Features & Capabilities | +| Feature name | Description | |:---|:---| | **[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)** | Common Criteria (CC) is an international standard currently maintained by national governments who participate in the Common Criteria Recognition Arrangement. CC defines a common taxonomy for security functional requirements, security assurance requirements, and an evaluation methodology used to ensure products undergoing evaluation satisfy the functional and assurance requirements. Microsoft ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles and completes Common Criteria certifications of Microsoft Windows products. | | **[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)** | The Federal Information Processing Standard (FIPS) Publication 140 is a U.S. government standard that defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140 standard, having validated cryptographic modules against FIPS 140-2 since it was first established in 2001. Multiple Microsoft products, including Windows 11, Windows 10, Windows Server, and many cloud services, use these cryptographic modules. | + +## Secure supply chain + +| Feature name | Description | +|:---|:---| +| **Software Bill of Materials (SBOM)** | SBOMs are leveraged to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering has not taken place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers. | +| **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | Windows Defender Application Control (WDAC) enables customers to define policies for controlling what is allowed to run on their devices. WDAC policies can be remotely applied to devices using an MDM solution like Microsoft Intune.

To simplify WDAC enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing WDAC policies and apps.

Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets. | +| **[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)** | Developers have an opportunity to design highly secure applications that benefit from the latest Windows safeguards. The Windows App SDK provides a unified set of APIs and tools for developing desktop apps for Windows. To help create apps that are up-to-date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system. | From 1ad34e1e7ac6532ae26ae04db1e4afd74f2c75dc Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 12:07:31 +0200 Subject: [PATCH 36/94] landing pages --- windows/security/operating-system-security/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/operating-system-security/index.md b/windows/security/operating-system-security/index.md index 7787d87aa3..1c0cd9103b 100644 --- a/windows/security/operating-system-security/index.md +++ b/windows/security/operating-system-security/index.md @@ -1,7 +1,7 @@ --- title: Windows operating system security description: Securing the operating system includes system security, encryption, network security, and threat protection. -ms.date: 09/21/2021 +ms.date: 08/02/2023 ms.topic: article --- @@ -13,4 +13,4 @@ Watch the latest [Microsoft Mechanics Windows 11 security](https://youtu.be/tg9Q Use the links in the following sections to learn more about the operating system security features and capabilities in Windows. -[!INCLUDE [operating-system-security](../includes/sections/operating-system.md)] +[!INCLUDE [operating-system-security](../includes/sections/operating-system-security.md)] From f940ee4e34c2f03bcaf09921f291d2e381d05151 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 14:20:59 +0200 Subject: [PATCH 37/94] updates --- .../security/application-security/index.md | 14 +++----- windows/security/cloud-security/index.md | 19 ++++++++++ ...application-and-driver-control-overview.md | 26 -------------- ...lication-application-isolation-overview.md | 30 ---------------- ...-protect-your-work-information-overview.md | 30 ---------------- ...ardware-hardware-root-of-trust-overview.md | 22 ------------ .../hardware-secured-core-pc-overview.md | 20 ----------- ...ware-silicon-assisted-security-overview.md | 24 ------------- ...advanced-credential-protection-overview.md | 28 --------------- .../identity-passwordless-sign-in-overview.md | 28 --------------- .../security/includes/sections/identity.md | 2 +- ...encryption-and-data-protection-overview.md | 26 -------------- ...stem-security-network-security-overview.md | 36 ------------------- ...ystem-security-system-security-overview.md | 24 ------------- ...ty-virus-and-threat-protection-overview.md | 32 ----------------- ...perating-systemmodern-device-management.md | 6 ---- windows/security/includes/sections/privacy.md | 6 ---- ...rity-foundations-certification-overview.md | 20 ----------- ...foundations-offensive-research-overview.md | 22 ------------ ...oundations-secure-supply-chain-overview.md | 22 ------------ .../device-management/toc.yml | 6 ---- .../system-security/toc.yml | 4 +++ windows/security/toc.yml | 5 ++- 23 files changed, 31 insertions(+), 421 deletions(-) create mode 100644 windows/security/cloud-security/index.md delete mode 100644 windows/security/includes/sections/application-application-and-driver-control-overview.md delete mode 100644 windows/security/includes/sections/application-application-isolation-overview.md delete mode 100644 windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md delete mode 100644 windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md delete mode 100644 windows/security/includes/sections/hardware-secured-core-pc-overview.md delete mode 100644 windows/security/includes/sections/hardware-silicon-assisted-security-overview.md delete mode 100644 windows/security/includes/sections/identity-advanced-credential-protection-overview.md delete mode 100644 windows/security/includes/sections/identity-passwordless-sign-in-overview.md delete mode 100644 windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md delete mode 100644 windows/security/includes/sections/operating-system-security-network-security-overview.md delete mode 100644 windows/security/includes/sections/operating-system-security-system-security-overview.md delete mode 100644 windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md delete mode 100644 windows/security/includes/sections/operating-systemmodern-device-management.md delete mode 100644 windows/security/includes/sections/privacy.md delete mode 100644 windows/security/includes/sections/security-foundations-certification-overview.md delete mode 100644 windows/security/includes/sections/security-foundations-offensive-research-overview.md delete mode 100644 windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md diff --git a/windows/security/application-security/index.md b/windows/security/application-security/index.md index bcdb6b5bf2..6d2ac65456 100644 --- a/windows/security/application-security/index.md +++ b/windows/security/application-security/index.md @@ -1,18 +1,14 @@ --- title: Windows application security description: Get an overview of application security in Windows -ms.date: 03/09/2023 -ms.topic: article +ms.date: 08/02/2023 +ms.topic: conceptual --- # Windows application security -Cyber-criminals regularly gain access to valuable data by hacking applications. This can include *code injection* attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows protects your valuable data with layers of application security. +Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts, so that PCs run with least privilege to prevent malicious applications from accessing sensitive resources. -The following table summarizes the Windows security features and capabilities for apps: +Learn more about application security features in Windows. -| Security Measures | Features & Capabilities | -|:---|:---| -| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](application-control/windows-defender-application-control/wdac.md) | -| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md). | -| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-isolation/windows-sandbox/windows-sandbox-overview.md) | +[!INCLUDE [application](../includes/sections/application.md)] diff --git a/windows/security/cloud-security/index.md b/windows/security/cloud-security/index.md new file mode 100644 index 0000000000..c502322e25 --- /dev/null +++ b/windows/security/cloud-security/index.md @@ -0,0 +1,19 @@ +--- +title: Windows and cloud security +description: Get an overview of cloud security features in Windows +ms.date: 08/02/2023 +ms.topic: conceptual +--- + +# Windows application security + +Today's workforce has more freedom and mobility than ever before, and the risk of + +data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows 11 works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats. + +From identity and device management to Office apps and data storage, Windows 11 and + +integrated cloud services can help improve productivity, security, and resilience anywhere. +Learn more about application security features in Windows. + +[!INCLUDE [application](../includes/sections/cloud.md)] diff --git a/windows/security/includes/sections/application-application-and-driver-control-overview.md b/windows/security/includes/sections/application-application-and-driver-control-overview.md deleted file mode 100644 index 1b9b815ef9..0000000000 --- a/windows/security/includes/sections/application-application-and-driver-control-overview.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Application and driver control features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes| -|[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)|Yes|Yes|Yes|Yes| -|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes| -|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes| -|[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Application and driver control features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes| -|[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)|❌|Yes|Yes|Yes|Yes| -|[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)|Yes|Yes|Yes|Yes|Yes| -|[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/application-application-isolation-overview.md b/windows/security/includes/sections/application-application-isolation-overview.md deleted file mode 100644 index dc596ef803..0000000000 --- a/windows/security/includes/sections/application-application-isolation-overview.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Application Isolation features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)|Yes|Yes|Yes|Yes| -|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)|❌|Yes|❌|Yes| -|Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|❌|Yes| -|[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|Yes|❌|Yes| -|[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|❌|Yes| -|[App containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes| -|[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Application Isolation features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)|❌|Yes|Yes|Yes|Yes| -|Microsoft Defender Application Guard (MDAG) public APIs|❌|Yes|Yes|Yes|Yes| -|[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)|❌|❌|❌|❌|❌| -|[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)|❌|Yes|Yes|Yes|Yes| -|[App containers](/virtualization/windowscontainers/about/)|Yes|Yes|Yes|Yes|Yes| -|[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md b/windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md deleted file mode 100644 index e8229e83bb..0000000000 --- a/windows/security/includes/sections/cloud-services-protect-your-work-information-overview.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Protect your work information features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes| -|[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)|Yes|Yes|Yes|Yes| -|[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes| -|[Modern device management through (MDM)](/windows/client-management/mdm-overview)|Yes|Yes|Yes|Yes| -|[Universal Print](/universal-print/)|Yes|Yes|Yes|Yes| -|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|❌|Yes| -|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Protect your work information features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)|Yes|Yes|Yes|Yes|Yes| -|[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)|Yes|Yes|Yes|Yes|Yes| -|[Remote wipe](/windows/client-management/mdm/remotewipe-csp)|Yes|Yes|Yes|Yes|Yes| -|[Modern device management through (MDM)](/windows/client-management/mdm-overview)|Yes|Yes|Yes|Yes|Yes| -|[Universal Print](/universal-print/)|❌|Yes|Yes|Yes|Yes| -|[Windows Autopatch](/windows/deployment/windows-autopatch/)|❌|Yes|Yes|❌|❌| -|[Windows Autopilot](/windows/deployment/windows-autopilot)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md b/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md deleted file mode 100644 index f26f101fca..0000000000 --- a/windows/security/includes/sections/hardware-hardware-root-of-trust-overview.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Hardware root-of-trust features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)|Yes|Yes|Yes|Yes| -|[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes| -|[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Hardware root-of-trust features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)|Yes|Yes|Yes|Yes|Yes| -|[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/hardware-secured-core-pc-overview.md b/windows/security/includes/sections/hardware-secured-core-pc-overview.md deleted file mode 100644 index 375113899e..0000000000 --- a/windows/security/includes/sections/hardware-secured-core-pc-overview.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Secured-core PC features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Secured-core PC firmware protection ](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes| -|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Secured-core PC features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Secured-core PC firmware protection ](/windows-hardware/design/device-experiences/oem-highly-secure-11)|Yes|Yes|Yes|Yes|Yes| -|[Secured-core configuration lock](/windows/client-management/config-lock)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/hardware-silicon-assisted-security-overview.md b/windows/security/includes/sections/hardware-silicon-assisted-security-overview.md deleted file mode 100644 index bfa7184c12..0000000000 --- a/windows/security/includes/sections/hardware-silicon-assisted-security-overview.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Silicon assisted security features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)|Yes|Yes|Yes|Yes| -|[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)|Yes|Yes|Yes|Yes| -|[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)|Yes|Yes|Yes|Yes| -|[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Silicon assisted security features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)|Yes|Yes|Yes|Yes|Yes| -|[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)|Yes|Yes|Yes|Yes|Yes| -|[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)|Yes|Yes|Yes|Yes|Yes| -|[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/identity-advanced-credential-protection-overview.md b/windows/security/includes/sections/identity-advanced-credential-protection-overview.md deleted file mode 100644 index 3001baf090..0000000000 --- a/windows/security/includes/sections/identity-advanced-credential-protection-overview.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Advanced credential protection features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Windows LAPS](/windows-server/identity/laps/laps-overview)|Yes|Yes|Yes|Yes| -|[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)|Yes|Yes|Yes|Yes| -|[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)|Yes|Yes|Yes|Yes| -|[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)|Yes|Yes|Yes|Yes| -|[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)|❌|Yes|❌|Yes| -|[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Advanced credential protection features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Windows LAPS](/windows-server/identity/laps/laps-overview)|Yes|Yes|Yes|Yes|Yes| -|[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)|Yes|Yes|Yes|Yes|Yes| -|[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)|Yes|Yes|Yes|Yes|Yes| -|[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)|Yes|Yes|Yes|Yes|Yes| -|[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)|❌|Yes|Yes|Yes|Yes| -|[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/identity-passwordless-sign-in-overview.md b/windows/security/includes/sections/identity-passwordless-sign-in-overview.md deleted file mode 100644 index 52ab799dbe..0000000000 --- a/windows/security/includes/sections/identity-passwordless-sign-in-overview.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Passwordless sign in features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)|Yes|Yes|Yes|Yes| -|[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)|Yes|Yes|Yes|Yes| -|[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)|Yes|Yes|Yes|Yes| -|[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)|Yes|Yes|Yes|Yes| -|[Federated sign-in](/education/windows/federated-sign-in)|❌|❌|Yes|Yes| -|[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Passwordless sign in features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)|Yes|Yes|Yes|Yes|Yes| -|[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)|Yes|Yes|Yes|Yes|Yes| -|[Windows Hello for Business Enhanced Security Sign-in (ESS) ](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)|Yes|Yes|Yes|Yes|Yes| -|[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)|Yes|Yes|Yes|Yes|Yes| -|[Federated sign-in](/education/windows/federated-sign-in)|❌|❌|❌|Yes|Yes| -|[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/identity.md b/windows/security/includes/sections/identity.md index 139daf8cd2..891ad65444 100644 --- a/windows/security/includes/sections/identity.md +++ b/windows/security/includes/sections/identity.md @@ -23,6 +23,6 @@ ms.topic: include | **[Windows LAPS](/windows-server/identity/laps/laps-overview)** | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory-joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it. | | **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | Account Lockout Policy settings control the response threshold for failed logon attempts and the actions to be taken after the threshold is reached. | | **[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)** | Users who are still using passwords can benefit from powerful credential protection. Microsoft Defender SmartScreen includes enhanced phishing protection to automatically detect when a user enters their Microsoft password into any app or website. Windows then identifies if the app or site is securely authenticating to Microsoft and warns if the credentials are at risk. Since users are alerted at the moment of potential credential theft, they can take preemptive action before their password is used against them or their organization. | -| **[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.

Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. | +| **[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.

Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. | | **[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)** | Enabled by default in Windows 11 Enterprise, Windows Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.

By protecting the LSA process with Virtualization-based security, Windows Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. | | **[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)** | Window Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that is requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.

Administrator credentials are highly privileged and must be protected. When you use Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, your credential and credential derivatives are never passed over the network to the target device. If the target device is compromised, your credentials aren't exposed. | diff --git a/windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md b/windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md deleted file mode 100644 index 2e3a4bc483..0000000000 --- a/windows/security/includes/sections/operating-system-security-encryption-and-data-protection-overview.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Encryption and data protection features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)|Yes|Yes|Yes|Yes| -|[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)|Yes|Yes|Yes|Yes| -|[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)|Yes|Yes|Yes|Yes| -|[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)|❌|Yes|❌|Yes| -|[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Encryption and data protection features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)|❌|Yes|Yes|Yes|Yes| -|[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)|Yes|Yes|Yes|Yes|Yes| -|[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)|Yes|Yes|Yes|Yes|Yes| -|[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)|❌|Yes|Yes|Yes|Yes| -|[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system-security-network-security-overview.md b/windows/security/includes/sections/operating-system-security-network-security-overview.md deleted file mode 100644 index 4c80e4638c..0000000000 --- a/windows/security/includes/sections/operating-system-security-network-security-overview.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Network security features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)|Yes|Yes|Yes|Yes| -|Bluetooth pairing and connection protection|Yes|Yes|Yes|Yes| -|[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)|Yes|Yes|Yes|Yes| -|Opportunistic Wireless Encryption (OWE)|Yes|Yes|Yes|Yes| -|[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)|Yes|Yes|Yes|Yes| -|[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes| -|[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)|❌|Yes|❌|Yes| -|[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)|❌|Yes|❌|Yes| -|[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)|Yes|Yes|Yes|Yes| -|[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Network security features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)|Yes|Yes|Yes|Yes|Yes| -|Bluetooth pairing and connection protection|Yes|Yes|Yes|Yes|Yes| -|[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)|Yes|Yes|Yes|Yes|Yes| -|Opportunistic Wireless Encryption (OWE)|Yes|Yes|Yes|Yes|Yes| -|[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)|Yes|Yes|Yes|Yes|Yes| -|[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)|Yes|Yes|Yes|Yes|Yes| -|[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)|❌|Yes|Yes|Yes|Yes| -|[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)|❌|Yes|Yes|Yes|Yes| -|[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)|Yes|Yes|Yes|Yes|Yes| -|[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system-security-system-security-overview.md b/windows/security/includes/sections/operating-system-security-system-security-overview.md deleted file mode 100644 index 12fd22a870..0000000000 --- a/windows/security/includes/sections/operating-system-security-system-security-overview.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all System security features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Secure Boot and Trusted Boot](/windows/security/trusted-boot)|Yes|Yes|Yes|Yes| -|[Measured boot](/windows/compatibility/measured-boot)|Yes|Yes|Yes|Yes| -|[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)|Yes|Yes|Yes|Yes| -|[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all System security features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Secure Boot and Trusted Boot](/windows/security/trusted-boot)|Yes|Yes|Yes|Yes|Yes| -|[Measured boot](/windows/compatibility/measured-boot)|Yes|Yes|Yes|Yes|Yes| -|[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)|Yes|Yes|Yes|Yes|Yes| -|[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md b/windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md deleted file mode 100644 index 7d693fecd2..0000000000 --- a/windows/security/includes/sections/operating-system-security-virus-and-threat-protection-overview.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Virus and threat protection features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)|Yes|Yes|Yes|Yes| -|[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)|Yes|Yes|Yes|Yes| -|[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)|Yes|Yes|Yes|Yes| -|[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)|Yes|Yes|Yes|Yes| -|[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)|Yes|Yes|Yes|Yes| -|[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)|Yes|Yes|Yes|Yes| -|[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)|Yes|Yes|Yes|Yes| -|[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Virus and threat protection features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)|Yes|Yes|Yes|Yes|Yes| -|[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)|Yes|Yes|Yes|Yes|Yes| -|[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)|Yes|Yes|Yes|Yes|Yes| -|[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)|Yes|Yes|Yes|Yes|Yes| -|[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)|Yes|Yes|Yes|Yes|Yes| -|[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)|❌|❌|Yes|❌|Yes| diff --git a/windows/security/includes/sections/operating-systemmodern-device-management.md b/windows/security/includes/sections/operating-systemmodern-device-management.md deleted file mode 100644 index dc0e80924e..0000000000 --- a/windows/security/includes/sections/operating-systemmodern-device-management.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- diff --git a/windows/security/includes/sections/privacy.md b/windows/security/includes/sections/privacy.md deleted file mode 100644 index dc0e80924e..0000000000 --- a/windows/security/includes/sections/privacy.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- diff --git a/windows/security/includes/sections/security-foundations-certification-overview.md b/windows/security/includes/sections/security-foundations-certification-overview.md deleted file mode 100644 index e0e2175097..0000000000 --- a/windows/security/includes/sections/security-foundations-certification-overview.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Certification features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)|Yes|Yes|Yes|Yes| -|[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Certification features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)|Yes|Yes|Yes|Yes|Yes| -|[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/security-foundations-offensive-research-overview.md b/windows/security/includes/sections/security-foundations-offensive-research-overview.md deleted file mode 100644 index 31fc1398bb..0000000000 --- a/windows/security/includes/sections/security-foundations-offensive-research-overview.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Offensive research features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|Microsoft Security Development Lifecycle (SDL)|Yes|Yes|Yes|Yes| -|OneFuzz service|Yes|Yes|Yes|Yes| -|[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Offensive research features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|Microsoft Security Development Lifecycle (SDL)|Yes|Yes|Yes|Yes|Yes| -|OneFuzz service|Yes|Yes|Yes|Yes|Yes| -|[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md b/windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md deleted file mode 100644 index 4192382c08..0000000000 --- a/windows/security/includes/sections/security-foundations-secure-supply-chain-overview.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 08/02/2023 -ms.topic: include ---- - -The following table lists the edition applicability for all Secure supply chain features. - -|Feature|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:-:|:-:|:-:|:-:|:-:| -|Software Bill of Materials (SBOM)|Yes|Yes|Yes|Yes| -|[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)|Yes|Yes|Yes|Yes| -|[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)|Yes|Yes|Yes|Yes| - -The following table lists the licensing applicability for all Secure supply chain features. - -|Feature|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:-:|:-:|:-:|:-:|:-:|:-:| -|Software Bill of Materials (SBOM)|Yes|Yes|Yes|Yes|Yes| -|[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)|Yes|Yes|Yes|Yes|Yes| -|[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml index 3fbd57294b..913340c2fb 100644 --- a/windows/security/operating-system-security/device-management/toc.yml +++ b/windows/security/operating-system-security/device-management/toc.yml @@ -1,10 +1,4 @@ items: - - name: Security policy settings - href: ../../threat-protection/security-policy-settings/security-policy-settings.md - - name: Security auditing - href: ../../threat-protection/auditing/security-auditing-overview.md - - name: Secured-core configuration lock - href: /windows/client-management/config-lock - name: Assigned Access (kiosk mode) href: /windows/configuration/kiosk-methods - name: Security baselines diff --git a/windows/security/operating-system-security/system-security/toc.yml b/windows/security/operating-system-security/system-security/toc.yml index d16f3d1e5d..2b6feab9aa 100644 --- a/windows/security/operating-system-security/system-security/toc.yml +++ b/windows/security/operating-system-security/system-security/toc.yml @@ -9,6 +9,10 @@ items: href: protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md - name: Cryptography and certificate management href: cryptography-certificate-mgmt.md +- name: Security policy settings + href: ../../threat-protection/security-policy-settings/security-policy-settings.md +- name: Security auditing + href: ../../threat-protection/auditing/security-auditing-overview.md - name: Windows Security settings href: windows-defender-security-center/windows-defender-security-center.md items: diff --git a/windows/security/toc.yml b/windows/security/toc.yml index 4beeab15eb..33f4f0946e 100644 --- a/windows/security/toc.yml +++ b/windows/security/toc.yml @@ -1,7 +1,8 @@ items: - name: Windows security href: index.yml - expanded: true +- name: Security foundations + href: security-foundations/toc.yml - name: Introduction to Windows security href: introduction.md - name: Security features licensing and edition requirements @@ -16,7 +17,5 @@ items: href: identity-protection/toc.yml - name: Windows Privacy 🔗 href: /windows/privacy -- name: Security foundations - href: security-foundations/toc.yml - name: Cloud security href: cloud-security/toc.yml \ No newline at end of file From f28b4fd02f1966b725d28bf329d56fb7ae2cd319 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 14:48:24 +0200 Subject: [PATCH 38/94] License fles update --- includes/licensing/_edition-requirements.md | 135 +++++++++--------- includes/licensing/_licensing-requirements.md | 135 +++++++++--------- includes/licensing/access-control-aclsacl.md | 22 +++ .../licensing/access-control-aclsscals.md | 2 +- includes/licensing/account-lockout-policy.md | 2 +- .../licensing/always-on-vpn-device-tunnel.md | 2 +- includes/licensing/app-containers.md | 22 +++ includes/licensing/applocker.md | 22 +++ .../licensing/assigned-access-kiosk-mode.md | 2 +- .../licensing/attack-surface-reduction-asr.md | 2 +- ...d-azure-ad-join-with-single-sign-on-sso.md | 2 +- ...ws-containers.md => azure-code-signing.md} | 6 +- includes/licensing/bitlocker-enablement.md | 2 +- includes/licensing/bitlocker-management.md | 2 +- ...tooth-pairing-and-connection-protection.md | 2 +- .../common-criteria-certifications.md | 2 +- .../licensing/controlled-folder-access.md | 2 +- .../device-health-attestation-service.md | 2 +- includes/licensing/direct-access.md | 2 +- includes/licensing/email-encryption-smime.md | 2 +- includes/licensing/encrypted-hard-drive.md | 2 +- ...ed-phishing-protection-with-smartscreen.md | 2 +- includes/licensing/exploit-protection.md | 2 +- ...fast-identity-online-fido2-security-key.md | 2 +- ...processing-standard-fips-140-validation.md | 2 +- includes/licensing/federated-sign-in.md | 6 +- .../hardware-enforced-stack-protection.md | 2 +- ...ypervisor-protected-code-integrity-hvci.md | 2 +- ...nel-direct-memory-access-dma-protection.md | 2 +- ...local-security-authority-lsa-protection.md | 2 +- ...-device-management-mdm-and-group-policy.md | 22 --- includes/licensing/measured-boot.md | 2 +- .../licensing/microsoft-defender-antivirus.md | 2 +- ...pplication-guard-mdag-configure-via-mdm.md | 2 +- ...terprise-mode-and-enterprise-management.md | 2 +- ...ion-guard-mdag-for-edge-standalone-mode.md | 2 +- ...ication-guard-mdag-for-microsoft-office.md | 2 +- ...nder-application-guard-mdag-public-apis.md | 2 +- .../microsoft-defender-for-endpoint.md | 2 +- .../microsoft-defender-smartscreen.md | 2 +- ...urity-processor.md => microsoft-pluton.md} | 6 +- ...soft-security-development-lifecycle-sdl.md | 22 +++ .../microsoft-vulnerable-driver-blocklist.md | 6 +- ...-windows-insider-preview-bounty-program.md | 22 +++ .../modern-device-management-through-mdm.md | 22 +++ includes/licensing/onefuzz-service.md | 22 +++ .../opportunistic-wireless-encryption-owe.md | 2 +- .../licensing/personal-data-encryption-pde.md | 2 +- includes/licensing/privacy-resource-usage.md | 2 +- .../privacy-transparency-and-controls.md | 2 +- includes/licensing/remote-wipe.md | 2 +- .../licensing/secure-boot-and-trusted-boot.md | 2 +- .../secured-core-configuration-lock.md | 2 +- ...=> secured-core-pc-firmware-protection.md} | 6 +- includes/licensing/security-baselines.md | 2 +- .../server-message-block-direct-smb-direct.md | 2 +- .../server-message-block-smb-file-service.md | 2 +- includes/licensing/smart-app-control.md | 2 +- .../smart-cards-for-windows-service.md | 2 +- .../software-bill-of-materials-sbom.md | 22 +++ .../tamper-protection-settings-for-mde.md | 2 +- .../licensing/transport-layer-security-tls.md | 2 +- ...m-20.md => trusted-platform-module-tpm.md} | 6 +- includes/licensing/universal-print.md | 2 +- .../licensing/user-account-control-uac.md | 2 +- .../licensing/virtual-private-network-vpn.md | 6 +- .../virtualization-based-security-vbs.md | 2 +- includes/licensing/wifi-security.md | 2 +- ...pplication-software-development-kit-sdk.md | 22 +++ includes/licensing/windows-autopatch.md | 2 +- includes/licensing/windows-autopilot.md | 2 +- ...ndows-defender-application-control-wdac.md | 2 +- .../windows-defender-credential-guard.md | 2 +- ...indows-defender-remote-credential-guard.md | 2 +- .../windows-defender-system-guard.md | 2 +- includes/licensing/windows-firewall.md | 2 +- ...-business-enhanced-security-sign-in-ess.md | 2 +- .../licensing/windows-hello-for-business.md | 2 +- includes/licensing/windows-laps.md | 2 +- .../licensing/windows-presence-sensing.md | 2 +- includes/licensing/windows-sandbox.md | 2 +- ...s-security-policy-settings-and-auditing.md | 6 +- windows/client-management/mdm-overview.md | 2 +- .../microsoft-pluton-security-processor.md | 2 +- .../tpm/trusted-platform-module-overview.md | 2 +- 85 files changed, 429 insertions(+), 239 deletions(-) create mode 100644 includes/licensing/access-control-aclsacl.md create mode 100644 includes/licensing/app-containers.md create mode 100644 includes/licensing/applocker.md rename includes/licensing/{windows-containers.md => azure-code-signing.md} (76%) delete mode 100644 includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md rename includes/licensing/{microsoft-pluton-security-processor.md => microsoft-pluton.md} (79%) create mode 100644 includes/licensing/microsoft-security-development-lifecycle-sdl.md create mode 100644 includes/licensing/microsoft-windows-insider-preview-bounty-program.md create mode 100644 includes/licensing/modern-device-management-through-mdm.md create mode 100644 includes/licensing/onefuzz-service.md rename includes/licensing/{secured-core-pc.md => secured-core-pc-firmware-protection.md} (79%) create mode 100644 includes/licensing/software-bill-of-materials-sbom.md rename includes/licensing/{trusted-platform-module-tpm-20.md => trusted-platform-module-tpm.md} (80%) create mode 100644 includes/licensing/windows-application-software-development-kit-sdk.md diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index 5f7bfddd78..f29baa12bd 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -1,80 +1,87 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education | |:---|:---:|:---:|:---:|:---:| -|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes| -|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes| -|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes| -|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes| -|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes| -|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes| -|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes| -|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes| -|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes| -|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes| -|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes| -|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes| -|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes| -|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes| -|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes| -|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes| -|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes| -|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes| -|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes| -|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes| +|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes| +|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes| +|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| +|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| +|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes| |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes| -|**[Hypervisor-protected Code Integrity (HVCI)](../../windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**|Yes|Yes|Yes|Yes| -|**[Kernel Direct Memory Access (DMA) protection](../../windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md)**|Yes|Yes|Yes|Yes| -|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes| -|**[Manage by Mobile Device Management (MDM) and group policy](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes| -|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)**|❌|Yes|❌|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes| -|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes| -|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| -|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| -|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| -|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| -|**Privacy Resource Usage**|Yes|Yes|Yes|Yes| -|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes| -|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes| -|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes| +|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes| +|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes| |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes| -|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes| -|**[Security baselines](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes| +|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes| +|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes| +|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes| +|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes| +|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes| +|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes| +|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes| +|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes| +|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| +|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes| +|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes| +|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| +|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| +|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes| +|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| +|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes| +|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes| |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes| |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes| +|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes| +|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes| +|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes| +|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| +|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes| +|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes| |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| -|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes| -|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes| -|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes| -|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes| -|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes| -|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes| -|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| -|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| -|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| -|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes| -|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes| -|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes| |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| +|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes| +|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes| +|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|❌|Yes| +|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes| +|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes| +|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes| +|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes| +|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes| +|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes| +|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes| +|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes| +|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes| +|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes| +|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes| +|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes| |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes| |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes| -|**[Windows Defender System Guard](../../windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)**|Yes|Yes|Yes|Yes| -|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes| -|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes| -|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes| -|**[Windows Sandbox](../../windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)**|Yes|Yes|Yes|Yes| -|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes| +|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes| +|**Privacy Resource Usage**|Yes|Yes|Yes|Yes| +|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes| +|**OneFuzz service**|Yes|Yes|Yes|Yes| +|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes| +|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes| +|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes| +|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes| +|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes| +|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes| +|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes| +|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes| +|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes| +|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes| +|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes| +|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes| +|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index 0f604cb58f..891923237d 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -1,80 +1,87 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---|:---:|:---:|:---:|:---:|:---:| -|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes| -|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes| -|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes| -|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes| -|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes| -|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes| -|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes| -|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes| -|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes| -|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes| -|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes| -|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes| -|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes| -|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes| -|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes| -|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes| -|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes| +|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes| +|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| +|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| +|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes| |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes| -|**[Hypervisor-protected Code Integrity (HVCI)](../../windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**|Yes|Yes|Yes|Yes|Yes| -|**[Kernel Direct Memory Access (DMA) protection](../../windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md)**|Yes|Yes|Yes|Yes|Yes| -|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes| -|**[Manage by Mobile Device Management (MDM) and group policy](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|Yes| -|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md)**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](../../windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌| -|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| -|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| -|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| -|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| -|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes| -|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes| -|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes| +|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes| |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes| -|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes| -|**[Security baselines](../../windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md)**|Yes|Yes|Yes|Yes|Yes| +|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes| +|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes| +|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes| +|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| +|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes| +|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes| +|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| +|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes| +|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| +|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes| +|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes| |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes| |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes| +|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes| +|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes| +|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| +|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes| +|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes| |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes| -|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes| -|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| -|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| -|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌| -|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes| |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| +|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|❌|Yes|Yes|Yes|Yes| +|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|Yes|Yes|Yes| +|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌| +|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes| +|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes| +|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes| +|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes| +|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes| +|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes| +|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes| |**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes| |**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Defender System Guard](../../windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Sandbox](../../windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes| +|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes| +|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| +|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes| +|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes| +|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes| +|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes| +|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|Yes| +|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|Yes| +|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes| +|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes| +|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes| +|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes| +|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌| +|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/access-control-aclsacl.md b/includes/licensing/access-control-aclsacl.md new file mode 100644 index 0000000000..8adad0309e --- /dev/null +++ b/includes/licensing/access-control-aclsacl.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Access Control (ACL/SACL): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Access Control (ACL/SACL) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md index 74b2f49090..9d8830c6cd 100644 --- a/includes/licensing/access-control-aclsscals.md +++ b/includes/licensing/access-control-aclsscals.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md index f73aa4228c..1e7a0d8661 100644 --- a/includes/licensing/account-lockout-policy.md +++ b/includes/licensing/account-lockout-policy.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md index 74b2333a3d..08d98ed800 100644 --- a/includes/licensing/always-on-vpn-device-tunnel.md +++ b/includes/licensing/always-on-vpn-device-tunnel.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/app-containers.md b/includes/licensing/app-containers.md new file mode 100644 index 0000000000..0d698a7bfb --- /dev/null +++ b/includes/licensing/app-containers.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support App containers: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +App containers license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md new file mode 100644 index 0000000000..54cc165d41 --- /dev/null +++ b/includes/licensing/applocker.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support AppLocker: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +AppLocker license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|No|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md index a2f4b745bb..066c7badc4 100644 --- a/includes/licensing/assigned-access-kiosk-mode.md +++ b/includes/licensing/assigned-access-kiosk-mode.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md index 666af08c54..7d481ce4bf 100644 --- a/includes/licensing/attack-surface-reduction-asr.md +++ b/includes/licensing/attack-surface-reduction-asr.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md index b093cd8faa..5ae19412dd 100644 --- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md +++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-containers.md b/includes/licensing/azure-code-signing.md similarity index 76% rename from includes/licensing/windows-containers.md rename to includes/licensing/azure-code-signing.md index f3f9962827..dc29a35e27 100644 --- a/includes/licensing/windows-containers.md +++ b/includes/licensing/azure-code-signing.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Windows containers: +The following table lists the Windows editions that support Azure Code Signing: |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Windows containers license entitlements are granted by the following licenses: +Azure Code Signing license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/includes/licensing/bitlocker-enablement.md b/includes/licensing/bitlocker-enablement.md index 4f0645fe52..56f85845aa 100644 --- a/includes/licensing/bitlocker-enablement.md +++ b/includes/licensing/bitlocker-enablement.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/bitlocker-management.md b/includes/licensing/bitlocker-management.md index af3034bd8b..a0c68f72ee 100644 --- a/includes/licensing/bitlocker-management.md +++ b/includes/licensing/bitlocker-management.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md index 494fee6609..171fe3f9b2 100644 --- a/includes/licensing/bluetooth-pairing-and-connection-protection.md +++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md index dbb9d1669a..528a497f37 100644 --- a/includes/licensing/common-criteria-certifications.md +++ b/includes/licensing/common-criteria-certifications.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md index 855d0cf28f..25d04b1c49 100644 --- a/includes/licensing/controlled-folder-access.md +++ b/includes/licensing/controlled-folder-access.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md index f8fdb1e381..7ed2add45f 100644 --- a/includes/licensing/device-health-attestation-service.md +++ b/includes/licensing/device-health-attestation-service.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md index f1b2da9ef5..057c5a2cea 100644 --- a/includes/licensing/direct-access.md +++ b/includes/licensing/direct-access.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md index 07e14851b2..6895c5b618 100644 --- a/includes/licensing/email-encryption-smime.md +++ b/includes/licensing/email-encryption-smime.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md index e365c0d71c..16225d6ee6 100644 --- a/includes/licensing/encrypted-hard-drive.md +++ b/includes/licensing/encrypted-hard-drive.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md index 4f4c059f8b..ae4cd8568a 100644 --- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md +++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md index c774cb4f5e..7a46f2cc0a 100644 --- a/includes/licensing/exploit-protection.md +++ b/includes/licensing/exploit-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md index b47385e2f5..9985309552 100644 --- a/includes/licensing/fast-identity-online-fido2-security-key.md +++ b/includes/licensing/fast-identity-online-fido2-security-key.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md index ff0563a439..a06133b313 100644 --- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md +++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md index 5a1a787e06..6050205a6c 100644 --- a/includes/licensing/federated-sign-in.md +++ b/includes/licensing/federated-sign-in.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- @@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in: Federated sign-in license entitlements are granted by the following licenses: -|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|Yes|No|No|Yes|Yes| +|No|No|No|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md index 50ae05045a..8a2fe75e78 100644 --- a/includes/licensing/hardware-enforced-stack-protection.md +++ b/includes/licensing/hardware-enforced-stack-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md index 8f6b16cf28..a6800d9403 100644 --- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md +++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md index 7c805915cb..52b159827e 100644 --- a/includes/licensing/kernel-direct-memory-access-dma-protection.md +++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md index af4fb5b47f..fafa59de66 100644 --- a/includes/licensing/local-security-authority-lsa-protection.md +++ b/includes/licensing/local-security-authority-lsa-protection.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md deleted file mode 100644 index 7330817deb..0000000000 --- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -author: paolomatarazzo -ms.author: paoloma -ms.date: 05/04/2023 -ms.topic: include ---- - -## Windows edition and licensing requirements - -The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy: - -|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| -|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes| - -Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses: - -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| -|:---:|:---:|:---:|:---:|:---:| -|Yes|Yes|Yes|Yes|Yes| - -For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md index 39c560d47f..407e64eefe 100644 --- a/includes/licensing/measured-boot.md +++ b/includes/licensing/measured-boot.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md index ba5bb932ea..357e6daa39 100644 --- a/includes/licensing/microsoft-defender-antivirus.md +++ b/includes/licensing/microsoft-defender-antivirus.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md index 453b5db930..bd87e59e22 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md index 36c1c33234..8e546d7248 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md index 23bf14013f..5d3024ffc9 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md index 2ccf97f2da..6284c03484 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md index bf903c766f..de70847881 100644 --- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md +++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md index be03daf05e..56edc6e24e 100644 --- a/includes/licensing/microsoft-defender-for-endpoint.md +++ b/includes/licensing/microsoft-defender-for-endpoint.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md index a946b12155..d5b7aae9bd 100644 --- a/includes/licensing/microsoft-defender-smartscreen.md +++ b/includes/licensing/microsoft-defender-smartscreen.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton.md similarity index 79% rename from includes/licensing/microsoft-pluton-security-processor.md rename to includes/licensing/microsoft-pluton.md index 2190c8a4ab..31058f139d 100644 --- a/includes/licensing/microsoft-pluton-security-processor.md +++ b/includes/licensing/microsoft-pluton.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Microsoft Pluton security processor: +The following table lists the Windows editions that support Microsoft Pluton: |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Microsoft Pluton security processor license entitlements are granted by the following licenses: +Microsoft Pluton license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/includes/licensing/microsoft-security-development-lifecycle-sdl.md b/includes/licensing/microsoft-security-development-lifecycle-sdl.md new file mode 100644 index 0000000000..7b9411b126 --- /dev/null +++ b/includes/licensing/microsoft-security-development-lifecycle-sdl.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Microsoft Security Development Lifecycle (SDL): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Microsoft Security Development Lifecycle (SDL) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md index 39e258739c..449ac22b52 100644 --- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md +++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist: +The following table lists the Windows editions that support Microsoft vulnerable driver blocklist: |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses: +Microsoft vulnerable driver blocklist license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/includes/licensing/microsoft-windows-insider-preview-bounty-program.md b/includes/licensing/microsoft-windows-insider-preview-bounty-program.md new file mode 100644 index 0000000000..c3cd9dbaf1 --- /dev/null +++ b/includes/licensing/microsoft-windows-insider-preview-bounty-program.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Microsoft Windows Insider Preview bounty program: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Microsoft Windows Insider Preview bounty program license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/modern-device-management-through-mdm.md b/includes/licensing/modern-device-management-through-mdm.md new file mode 100644 index 0000000000..f2a71b791d --- /dev/null +++ b/includes/licensing/modern-device-management-through-mdm.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Modern device management through (MDM): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Modern device management through (MDM) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/onefuzz-service.md b/includes/licensing/onefuzz-service.md new file mode 100644 index 0000000000..25e6a5ef43 --- /dev/null +++ b/includes/licensing/onefuzz-service.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support OneFuzz service: + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +OneFuzz service license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md index e0203c3e4d..4629b28a5f 100644 --- a/includes/licensing/opportunistic-wireless-encryption-owe.md +++ b/includes/licensing/opportunistic-wireless-encryption-owe.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md index 3ca149f34f..ed0e014d0e 100644 --- a/includes/licensing/personal-data-encryption-pde.md +++ b/includes/licensing/personal-data-encryption-pde.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md index 054bf054cc..080229688a 100644 --- a/includes/licensing/privacy-resource-usage.md +++ b/includes/licensing/privacy-resource-usage.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md index 711440f7a5..fd57043298 100644 --- a/includes/licensing/privacy-transparency-and-controls.md +++ b/includes/licensing/privacy-transparency-and-controls.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/remote-wipe.md b/includes/licensing/remote-wipe.md index 5f5e79eeb6..6557c69147 100644 --- a/includes/licensing/remote-wipe.md +++ b/includes/licensing/remote-wipe.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md index 8c60a8b048..b29dea38c5 100644 --- a/includes/licensing/secure-boot-and-trusted-boot.md +++ b/includes/licensing/secure-boot-and-trusted-boot.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md index 9a2f06088b..8acee3baef 100644 --- a/includes/licensing/secured-core-configuration-lock.md +++ b/includes/licensing/secured-core-configuration-lock.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc-firmware-protection.md similarity index 79% rename from includes/licensing/secured-core-pc.md rename to includes/licensing/secured-core-pc-firmware-protection.md index f22319bbdb..21a3a0651a 100644 --- a/includes/licensing/secured-core-pc.md +++ b/includes/licensing/secured-core-pc-firmware-protection.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Secured-core PC: +The following table lists the Windows editions that support Secured-core PC firmware protection: |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Secured-core PC license entitlements are granted by the following licenses: +Secured-core PC firmware protection license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/includes/licensing/security-baselines.md b/includes/licensing/security-baselines.md index a615d3af13..bda8037388 100644 --- a/includes/licensing/security-baselines.md +++ b/includes/licensing/security-baselines.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md index ba99c98579..683fa8db2e 100644 --- a/includes/licensing/server-message-block-direct-smb-direct.md +++ b/includes/licensing/server-message-block-direct-smb-direct.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md index a271907d88..cd9276809b 100644 --- a/includes/licensing/server-message-block-smb-file-service.md +++ b/includes/licensing/server-message-block-smb-file-service.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md index ff42750aab..fbc05610fb 100644 --- a/includes/licensing/smart-app-control.md +++ b/includes/licensing/smart-app-control.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md index 98f271770f..eb5061e582 100644 --- a/includes/licensing/smart-cards-for-windows-service.md +++ b/includes/licensing/smart-cards-for-windows-service.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/software-bill-of-materials-sbom.md b/includes/licensing/software-bill-of-materials-sbom.md new file mode 100644 index 0000000000..4d6f832194 --- /dev/null +++ b/includes/licensing/software-bill-of-materials-sbom.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Software Bill of Materials (SBOM): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Software Bill of Materials (SBOM) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md index 95a86ec97c..fe7d7c2314 100644 --- a/includes/licensing/tamper-protection-settings-for-mde.md +++ b/includes/licensing/tamper-protection-settings-for-mde.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md index 9af6799b44..5642121480 100644 --- a/includes/licensing/transport-layer-security-tls.md +++ b/includes/licensing/transport-layer-security-tls.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm.md similarity index 80% rename from includes/licensing/trusted-platform-module-tpm-20.md rename to includes/licensing/trusted-platform-module-tpm.md index b2e593986b..6f757d623a 100644 --- a/includes/licensing/trusted-platform-module-tpm-20.md +++ b/includes/licensing/trusted-platform-module-tpm.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0: +The following table lists the Windows editions that support Trusted Platform Module (TPM): |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses: +Trusted Platform Module (TPM) license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md index 9c6572d61e..87828b2774 100644 --- a/includes/licensing/universal-print.md +++ b/includes/licensing/universal-print.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md index 9da42619fe..c34f82f836 100644 --- a/includes/licensing/user-account-control-uac.md +++ b/includes/licensing/user-account-control-uac.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md index aa184cdbb6..eb309a2554 100644 --- a/includes/licensing/virtual-private-network-vpn.md +++ b/includes/licensing/virtual-private-network-vpn.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Virtual Private Network (VPN): +The following table lists the Windows editions that support Virtual private network (VPN): |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Virtual Private Network (VPN) license entitlements are granted by the following licenses: +Virtual private network (VPN) license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md index bab3110e7a..70827aebce 100644 --- a/includes/licensing/virtualization-based-security-vbs.md +++ b/includes/licensing/virtualization-based-security-vbs.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md index edb7a92967..3d4a3e17c3 100644 --- a/includes/licensing/wifi-security.md +++ b/includes/licensing/wifi-security.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-application-software-development-kit-sdk.md b/includes/licensing/windows-application-software-development-kit-sdk.md new file mode 100644 index 0000000000..d97a10562a --- /dev/null +++ b/includes/licensing/windows-application-software-development-kit-sdk.md @@ -0,0 +1,22 @@ +--- +author: paolomatarazzo +ms.author: paoloma +ms.date: 08/02/2023 +ms.topic: include +--- + +## Windows edition and licensing requirements + +The following table lists the Windows editions that support Windows application software development kit (SDK): + +|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| +|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes| + +Windows application software development kit (SDK) license entitlements are granted by the following licenses: + +|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|:---:|:---:|:---:|:---:|:---:| +|Yes|Yes|Yes|Yes|Yes| + +For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md index 85f7df53dc..4c866c7106 100644 --- a/includes/licensing/windows-autopatch.md +++ b/includes/licensing/windows-autopatch.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md index e187e7a3fa..1eee13f367 100644 --- a/includes/licensing/windows-autopilot.md +++ b/includes/licensing/windows-autopilot.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md index 66d6ac70dc..86ab8d5f14 100644 --- a/includes/licensing/windows-defender-application-control-wdac.md +++ b/includes/licensing/windows-defender-application-control-wdac.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/windows-defender-credential-guard.md index c134726708..adf6d74a0e 100644 --- a/includes/licensing/windows-defender-credential-guard.md +++ b/includes/licensing/windows-defender-credential-guard.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-defender-remote-credential-guard.md index b638a7c661..8d862bdc9d 100644 --- a/includes/licensing/windows-defender-remote-credential-guard.md +++ b/includes/licensing/windows-defender-remote-credential-guard.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md index 0c747b64c5..7e8c06b51d 100644 --- a/includes/licensing/windows-defender-system-guard.md +++ b/includes/licensing/windows-defender-system-guard.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md index 2e0754b3ac..8e0bc9faf0 100644 --- a/includes/licensing/windows-firewall.md +++ b/includes/licensing/windows-firewall.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md index 3d0c015bc5..56e03e6bd4 100644 --- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md +++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md index f48b9316b7..95ffbf43a9 100644 --- a/includes/licensing/windows-hello-for-business.md +++ b/includes/licensing/windows-hello-for-business.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md index d462168228..eaddd61d61 100644 --- a/includes/licensing/windows-laps.md +++ b/includes/licensing/windows-laps.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md index c6cc796c33..977c729c0c 100644 --- a/includes/licensing/windows-presence-sensing.md +++ b/includes/licensing/windows-presence-sensing.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md index 7ed933449c..a486fd64de 100644 --- a/includes/licensing/windows-sandbox.md +++ b/includes/licensing/windows-sandbox.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md index 270d3267ee..a1742270bf 100644 --- a/includes/licensing/windows-security-policy-settings-and-auditing.md +++ b/includes/licensing/windows-security-policy-settings-and-auditing.md @@ -1,19 +1,19 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 05/04/2023 +ms.date: 08/02/2023 ms.topic: include --- ## Windows edition and licensing requirements -The following table lists the Windows editions that support Windows Security policy settings and auditing: +The following table lists the Windows editions that support Windows security policy settings and auditing: |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education| |:---:|:---:|:---:|:---:| |Yes|Yes|Yes|Yes| -Windows Security policy settings and auditing license entitlements are granted by the following licenses: +Windows security policy settings and auditing license entitlements are granted by the following licenses: |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md index 65a8d393da..0e5da2dd3a 100644 --- a/windows/client-management/mdm-overview.md +++ b/windows/client-management/mdm-overview.md @@ -56,7 +56,7 @@ For more information about the MDM policies defined in the MDM security baseline For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all). -[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)] +[!INCLUDE [modern-device-management-through-mdm](../../includes/licensing/modern-device-management-through-mdm.md)] ## Frequently Asked Questions diff --git a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md index b1f7221ccc..4a94896198 100644 --- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md +++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md @@ -37,7 +37,7 @@ When the system boots, Pluton hardware initialization is performed by loading th ![Diagram showing the Microsoft Pluton Firmware load flow](../images/pluton/pluton-firmware-load.png) -[!INCLUDE [microsoft-pluton-security-processor](../../../../includes/licensing/microsoft-pluton-security-processor.md)] +[!INCLUDE [microsoft-pluton](../../../../includes/licensing/microsoft-pluton.md)] ## Related topics diff --git a/windows/security/hardware-security/tpm/trusted-platform-module-overview.md b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md index b434d6a7d8..8d35f5065b 100644 --- a/windows/security/hardware-security/tpm/trusted-platform-module-overview.md +++ b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md @@ -42,7 +42,7 @@ Anti-malware software can use the boot measurements of the operating system star The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md). -[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm-20.md)] +[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm.md)] ## New and changed functionality From f2374786ecbe581ede1888ba34638a1f277f270f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 15:04:51 +0200 Subject: [PATCH 39/94] update to cloud security --- windows/security/cloud-security/index.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/windows/security/cloud-security/index.md b/windows/security/cloud-security/index.md index c502322e25..4a758c6aa6 100644 --- a/windows/security/cloud-security/index.md +++ b/windows/security/cloud-security/index.md @@ -3,17 +3,16 @@ title: Windows and cloud security description: Get an overview of cloud security features in Windows ms.date: 08/02/2023 ms.topic: conceptual +author: paolomatarazzo +ms.author: paoloma --- -# Windows application security +# Windows and cloud security -Today's workforce has more freedom and mobility than ever before, and the risk of +Today's workforce has more freedom and mobility than ever before, and the risk of data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats. -data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows 11 works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats. +From identity and device management to Office apps and data storage, Windows and integrated cloud services can help improve productivity, security, and resilience anywhere. -From identity and device management to Office apps and data storage, Windows 11 and +Learn more about cloud security features in Windows. -integrated cloud services can help improve productivity, security, and resilience anywhere. -Learn more about application security features in Windows. - -[!INCLUDE [application](../includes/sections/cloud.md)] +[!INCLUDE [cloud-services](../includes/sections/cloud-services.md)] From cf34dbc49338306c40b1e6762f344b1f28324d66 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 15:24:40 +0200 Subject: [PATCH 40/94] updates --- includes/licensing/_edition-requirements.md | 136 +++++++++--------- includes/licensing/_licensing-requirements.md | 136 +++++++++--------- windows/security/toc.yml | 4 +- 3 files changed, 138 insertions(+), 138 deletions(-) diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index f29baa12bd..517cf27df5 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -7,81 +7,81 @@ ms.topic: include | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education | |:---|:---:|:---:|:---:|:---:| -|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes| -|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes| -|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| -|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| -|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes| -|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes| -|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes| -|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes| -|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes| -|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes| -|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes| -|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes| -|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes| -|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes| -|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes| -|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes| -|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes| -|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| -|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes| -|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes| -|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| -|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| -|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes| -|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| +|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes| +|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes| |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes| +|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes| +|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes| +|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes| +|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes| +|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes| +|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes| +|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes| +|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes| +|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes| +|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes| +|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes| +|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes| |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes| +|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes| +|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes| +|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes| +|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes| +|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes| +|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes| +|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes| +|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes| +|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes| +|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes| +|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes| +|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|❌|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes| +|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes| +|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| +|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| +|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| +|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes| +|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| +|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes| +|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes| +|**OneFuzz service**|Yes|Yes|Yes|Yes| +|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| +|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| +|**Privacy Resource Usage**|Yes|Yes|Yes|Yes| +|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes| +|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes| +|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes| +|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes| +|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes| +|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes| |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes| |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes| -|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes| -|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes| -|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| -|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes| -|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes| |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| -|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| -|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes| -|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes| -|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|❌|Yes| -|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes| -|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes| -|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes| -|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes| -|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes| -|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes| -|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes| |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes| -|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes| -|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes| -|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes| -|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes| -|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes| -|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes| -|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes| -|**Privacy Resource Usage**|Yes|Yes|Yes|Yes| -|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes| -|**OneFuzz service**|Yes|Yes|Yes|Yes| -|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes| -|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes| -|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes| |**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes| -|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes| -|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes| -|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes| -|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes| -|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes| -|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes| +|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes| +|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes| +|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes| |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes| +|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes| +|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| +|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| +|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| +|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes| |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes| |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes| +|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| +|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes| +|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes| +|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes| +|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes| +|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes| +|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes| +|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes| +|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index 891923237d..305a28bba1 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -7,81 +7,81 @@ ms.topic: include |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---|:---:|:---:|:---:|:---:|:---:| -|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes| -|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| -|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| -|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes| -|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes| -|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes| -|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes| -|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes| -|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes| -|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes| -|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes| -|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes| -|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes| -|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| -|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes| -|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes| -|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| -|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes| -|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| +|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes| +|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes| |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes| +|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes| +|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|❌|Yes|Yes|Yes|Yes| +|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes| +|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes| +|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes| +|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes| +|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes| +|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes| +|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes| +|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes| |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes| +|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes| +|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes| +|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes| +|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes| +|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes| +|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes| +|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes| +|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes| +|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes| +|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌| +|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes| +|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| +|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| +|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes| +|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes| +|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes| +|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| +|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| +|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| +|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes| +|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes| +|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes| +|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes| +|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes| +|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes| |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes| |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes| -|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes| -|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes| -|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| -|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes| -|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes| |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| -|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|❌|Yes|Yes|Yes|Yes| -|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)**|❌|Yes|Yes|Yes|Yes| -|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes| -|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌| -|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes| -|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes| -|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes| -|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes| |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes| -|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes| -|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes| -|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes| -|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes| -|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes| -|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| -|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes| -|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes| -|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes| -|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes| -|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes| |**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|Yes| -|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|Yes| -|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes| -|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes| -|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes| -|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes| +|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes| |**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes| +|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|Yes| +|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| +|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| +|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|Yes| |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌| |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes| +|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/toc.yml b/windows/security/toc.yml index 33f4f0946e..5a6713da6a 100644 --- a/windows/security/toc.yml +++ b/windows/security/toc.yml @@ -1,10 +1,10 @@ items: - name: Windows security href: index.yml -- name: Security foundations - href: security-foundations/toc.yml - name: Introduction to Windows security href: introduction.md +- name: Security foundations + href: security-foundations/toc.yml - name: Security features licensing and edition requirements href: licensing-and-edition-requirements.md - name: Hardware security From 5adfc276ea9e11796f1c962d8832450f17fb2ce7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 2 Aug 2023 15:30:53 +0200 Subject: [PATCH 41/94] updates --- windows/security/cloud-security/toc.yml | 2 ++ windows/security/toc.yml | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/windows/security/cloud-security/toc.yml b/windows/security/cloud-security/toc.yml index 4350280431..7c46b6e146 100644 --- a/windows/security/cloud-security/toc.yml +++ b/windows/security/cloud-security/toc.yml @@ -1,4 +1,6 @@ items: +- name: Overview + href: index.md - name: Join Active Directory and Azure AD with single sign-on (SSO) 🔗 href: /azure/active-directory/devices/concept-azure-ad-join - name: Security baselines with Intune 🔗 diff --git a/windows/security/toc.yml b/windows/security/toc.yml index 5a6713da6a..1234cb6efc 100644 --- a/windows/security/toc.yml +++ b/windows/security/toc.yml @@ -3,10 +3,10 @@ items: href: index.yml - name: Introduction to Windows security href: introduction.md -- name: Security foundations - href: security-foundations/toc.yml - name: Security features licensing and edition requirements href: licensing-and-edition-requirements.md +- name: Security foundations + href: security-foundations/toc.yml - name: Hardware security href: hardware-security/toc.yml - name: Operating system security @@ -15,7 +15,7 @@ items: href: application-security/toc.yml - name: Identity protection href: identity-protection/toc.yml -- name: Windows Privacy 🔗 - href: /windows/privacy - name: Cloud security - href: cloud-security/toc.yml \ No newline at end of file + href: cloud-security/toc.yml +- name: Windows Privacy 🔗 + href: /windows/privacy \ No newline at end of file From a6618def58b2cff457b395d8d38438cb90b50640 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 2 Aug 2023 14:44:13 -0400 Subject: [PATCH 42/94] 2307 CSP Updates --- windows/client-management/mdm/defender-csp.md | 326 +++++++++++++- windows/client-management/mdm/defender-ddf.md | 253 ++++++++++- windows/client-management/mdm/firewall-csp.md | 78 ++-- .../mdm/firewall-ddf-file.md | 30 +- windows/client-management/mdm/laps-csp.md | 34 +- .../mdm/passportforwork-csp.md | 52 ++- .../mdm/passportforwork-ddf.md | 41 +- ...in-policy-csp-supported-by-group-policy.md | 7 +- ...-in-policy-csp-supported-by-surface-hub.md | 10 +- .../mdm/policy-csp-abovelock.md | 4 +- .../mdm/policy-csp-applicationmanagement.md | 6 +- .../mdm/policy-csp-browser.md | 6 +- .../mdm/policy-csp-connectivity.md | 6 +- .../mdm/policy-csp-cryptography.md | 304 +++++++++++++- .../mdm/policy-csp-defender.md | 5 +- .../mdm/policy-csp-devicelock.md | 6 +- .../mdm/policy-csp-experience.md | 8 +- .../mdm/policy-csp-mixedreality.md | 298 ++++++++++++- .../mdm/policy-csp-networklistmanager.md | 4 +- .../mdm/policy-csp-privacy.md | 12 +- .../mdm/policy-csp-search.md | 4 +- .../mdm/policy-csp-security.md | 6 +- .../client-management/mdm/policy-csp-start.md | 64 ++- .../mdm/policy-csp-timelanguagesettings.md | 4 +- .../mdm/policy-csp-update.md | 396 ++++-------------- windows/client-management/mdm/vpnv2-csp.md | 10 +- .../mdm/windowslicensing-csp.md | 28 +- .../mdm/windowslicensing-ddf-file.md | 28 +- 28 files changed, 1583 insertions(+), 447 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 47a17a6165..b17f2fc049 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Defender CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -34,7 +34,9 @@ The following list shows the Defender configuration service provider nodes: - [ASROnlyPerRuleExclusions](#configurationasronlyperruleexclusions) - [DataDuplicationDirectory](#configurationdataduplicationdirectory) - [DataDuplicationLocalRetentionPeriod](#configurationdataduplicationlocalretentionperiod) + - [DataDuplicationMaximumQuota](#configurationdataduplicationmaximumquota) - [DataDuplicationRemoteLocation](#configurationdataduplicationremotelocation) + - [DaysUntilAggressiveCatchupQuickScan](#configurationdaysuntilaggressivecatchupquickscan) - [DefaultEnforcement](#configurationdefaultenforcement) - [DeviceControl](#configurationdevicecontrol) - [PolicyGroups](#configurationdevicecontrolpolicygroups) @@ -44,6 +46,7 @@ The following list shows the Defender configuration service provider nodes: - [{RuleId}](#configurationdevicecontrolpolicyrulesruleid) - [RuleData](#configurationdevicecontrolpolicyrulesruleidruledata) - [DeviceControlEnabled](#configurationdevicecontrolenabled) + - [DisableCacheMaintenance](#configurationdisablecachemaintenance) - [DisableCpuThrottleOnIdleScans](#configurationdisablecputhrottleonidlescans) - [DisableDatagramProcessing](#configurationdisabledatagramprocessing) - [DisableDnsOverTcpParsing](#configurationdisablednsovertcpparsing) @@ -58,20 +61,24 @@ The following list shows the Defender configuration service provider nodes: - [DisableSmtpParsing](#configurationdisablesmtpparsing) - [DisableSshParsing](#configurationdisablesshparsing) - [DisableTlsParsing](#configurationdisabletlsparsing) + - [EnableConvertWarnToBlock](#configurationenableconvertwarntoblock) - [EnableDnsSinkhole](#configurationenablednssinkhole) - [EnableFileHashComputation](#configurationenablefilehashcomputation) - [EngineUpdatesChannel](#configurationengineupdateschannel) + - [ExcludedIpAddresses](#configurationexcludedipaddresses) - [HideExclusionsFromLocalAdmins](#configurationhideexclusionsfromlocaladmins) - [HideExclusionsFromLocalUsers](#configurationhideexclusionsfromlocalusers) - [IntelTDTEnabled](#configurationinteltdtenabled) - [MeteredConnectionUpdates](#configurationmeteredconnectionupdates) - [OobeEnableRtpAndSigUpdate](#configurationoobeenablertpandsigupdate) - [PassiveRemediation](#configurationpassiveremediation) + - [PerformanceModeStatus](#configurationperformancemodestatus) - [PlatformUpdatesChannel](#configurationplatformupdateschannel) - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes) - [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled) - [SchedulerRandomizationTime](#configurationschedulerrandomizationtime) - [SecuredDevicesConfiguration](#configurationsecureddevicesconfiguration) + - [SecurityIntelligenceLocationUpdateAtScheduledTimeOnly](#configurationsecurityintelligencelocationupdateatscheduledtimeonly) - [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel) - [SupportLogLocation](#configurationsupportloglocation) - [TamperProtection](#configurationtamperprotection) @@ -306,7 +313,7 @@ This settings controls whether Network Protection is allowed to be configured in | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -468,6 +475,45 @@ Define the retention period in days of how much time the evidence data will be k + +### Configuration/DataDuplicationMaximumQuota + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/DataDuplicationMaximumQuota +``` + + + + +Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + + + + + + ### Configuration/DataDuplicationRemoteLocation @@ -507,6 +553,47 @@ Define data duplication remote location for device control. + +### Configuration/DaysUntilAggressiveCatchupQuickScan + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/DaysUntilAggressiveCatchupQuickScan +``` + + + + +Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If set to 0, aggressive quick scans will be disabled. By default, the value is set to 25 days. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[0,7-60]` | +| Default Value | 25 | + + + + + + + + ### Configuration/DefaultEnforcement @@ -873,6 +960,45 @@ Control Device Control feature. + +### Configuration/DisableCacheMaintenance + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/DisableCacheMaintenance +``` + + + + +Defines whether the cache maintenance idle task will perform the cache maintenance or not. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + + + + + + ### Configuration/DisableCpuThrottleOnIdleScans @@ -928,7 +1054,7 @@ Indicates whether the CPU will be throttled for scheduled scans while the device | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | @@ -1282,7 +1408,7 @@ This setting disables Inbound connection filtering for Network Protection. -When this value is set to false, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings. +When this value is set to no, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings. @@ -1304,8 +1430,8 @@ When this value is set to false, it allows a local admin the ability to specify | Value | Description | |:--|:--| -| 1 | Disable Local Admin Merge. | -| 0 (Default) | Enable Local Admin Merge. | +| 1 | Yes. | +| 0 (Default) | No. | @@ -1559,6 +1685,55 @@ This setting disables TLS Parsing for Network Protection. + +### Configuration/EnableConvertWarnToBlock + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/EnableConvertWarnToBlock +``` + + + + +This setting controls whether network protection blocks network traffic instead of displaying a warning. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 1 | Warn verdicts are converted to block. | +| 0 (Default) | Warn verdicts aren't converted to block. | + + + + + + + + ### Configuration/EnableDnsSinkhole @@ -1710,6 +1885,45 @@ Enable this policy to specify when devices receive Microsoft Defender engine upd + +### Configuration/ExcludedIpAddresses + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/ExcludedIpAddresses +``` + + + + +Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + + + + + + ### Configuration/HideExclusionsFromLocalAdmins @@ -2008,6 +2222,55 @@ Setting to control automatic remediation for Sense scans. + +### Configuration/PerformanceModeStatus + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/PerformanceModeStatus +``` + + + + +This setting allows IT admins to configure performance mode in either enabled or disabled mode for managed devices. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Performance mode is enabled (default). A service restart is required after changing this value. | +| 1 | Performance mode is disabled. A service restart is required after changing this value. | + + + + + + + + ### Configuration/PlatformUpdatesChannel @@ -2101,7 +2364,7 @@ In Microsoft Defender Antivirus, randomize the start time of the scan to any int | Value | Description | |:--|:--| | 1 (Default) | Widen or narrow the randomization period for scheduled scans. Specify a randomization window of between 1 and 23 hours by using the setting SchedulerRandomizationTime. | -| 0 | Scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler. | +| 0 | Scheduled tasks won't be randomized. | @@ -2239,6 +2502,55 @@ Defines what are the devices primary ids that should be secured by Defender Devi + +### Configuration/SecurityIntelligenceLocationUpdateAtScheduledTimeOnly + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/SecurityIntelligenceLocationUpdateAtScheduledTimeOnly +``` + + + + +This setting allows you to configure security intelligence updates according to the scheduler for VDI-configured computers. It's used together with the shared security intelligence location (SecurityIntelligenceLocation). + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 1 | If you enable this setting and configure SecurityIntelligenceLocation, updates from the configured location occur only at the previously configured scheduled update time. | +| 0 (Default) | If you either disable or don't configure this setting, updates occur whenever a new security intelligence update is detected at the location that's specified by SecurityIntelligenceLocation. | + + + + + + + + ### Configuration/SecurityIntelligenceUpdatesChannel diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 4cbf11c824..00b7d76777 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1033,6 +1033,36 @@ The following XML file contains the device description framework (DDF) for the D + + ExcludedIpAddresses + + + + + + + + Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses. + + + + + + + + + + + + + + 10.0.14393 + 1.3 + + + + + AllowNetworkProtectionOnWinServer @@ -1121,7 +1151,7 @@ The following XML file contains the device description framework (DDF) for the D 0 - When this value is set to false, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings + When this value is set to no, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings @@ -1141,11 +1171,11 @@ The following XML file contains the device description framework (DDF) for the D 1 - Disable Local Admin Merge + Yes 0 - Enable Local Admin Merge + No @@ -1827,7 +1857,7 @@ The following XML file contains the device description framework (DDF) for the D - 10.0.14393 + 10.0.16299 1.3 @@ -1842,6 +1872,45 @@ The following XML file contains the device description framework (DDF) for the D + + EnableConvertWarnToBlock + + + + + + + + 0 + This setting controls whether network protection blocks network traffic instead of displaying a warning + + + + + + + + + + + + + + 10.0.16299 + 1.3 + + + + 1 + Warn verdicts are converted to block + + + 0 + Warn verdicts are not converted to block + + + + DisableNetworkProtectionPerfTelemetry @@ -1998,6 +2067,84 @@ The following XML file contains the device description framework (DDF) for the D + + PerformanceModeStatus + + + + + + + + 0 + This setting allows IT admins to configure performance mode in either enabled or disabled mode for managed devices. + + + + + + + + + + + + + + 10.0.22000 + 1.3 + + + + 0 + Performance mode is enabled (default). A service restart is required after changing this value. + + + 1 + Performance mode is disabled. A service restart is required after changing this value. + + + + + + SecurityIntelligenceLocationUpdateAtScheduledTimeOnly + + + + + + + + 0 + This setting allows you to configure security intelligence updates according to the scheduler for VDI-configured computers. It is used together with the shared security intelligence location (SecurityIntelligenceLocation). + + + + + + + + + + + + + + 10.0.18362 + 1.3 + + + + 1 + If you enable this setting and configure SecurityIntelligenceLocation, updates from the configured location occur only at the previously configured scheduled update time. + + + 0 + If you either disable or do not configure this setting, updates occur whenever a new security intelligence update is detected at the location that is specified by SecurityIntelligenceLocation. + + + + ThrottleForScheduledScanOnly @@ -2037,6 +2184,38 @@ The following XML file contains the device description framework (DDF) for the D + + DaysUntilAggressiveCatchupQuickScan + + + + + + + + 25 + Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If set to 0, aggressive quick scans will be disabled. By default, the value is set to 25 days. + + + + + + + + + + + + + + 10.0.14393 + 1.3 + + + [0,7-60] + + + ASROnlyPerRuleExclusions @@ -2157,6 +2336,36 @@ The following XML file contains the device description framework (DDF) for the D + + DataDuplicationMaximumQuota + + + + + + + + Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. + + + + + + + + + + + + + + 10.0.17763 + 1.3 + + + + + DataDuplicationLocalRetentionPeriod @@ -2418,7 +2627,7 @@ The following XML file contains the device description framework (DDF) for the D - 10.0.14393 + 10.0.16299 1.3 @@ -2467,7 +2676,7 @@ The following XML file contains the device description framework (DDF) for the D 0 - Scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler. + Scheduled tasks will not be randomized. @@ -2511,6 +2720,36 @@ The following XML file contains the device description framework (DDF) for the D + + DisableCacheMaintenance + + + + + + + + Defines whether the cache maintenance idle task will perform the cache maintenance or not. + + + + + + + + + + + + + + 10.0.17763 + 1.3 + + + + + Scan diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index c89f214241..a5974a3137 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Firewall CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/15/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,6 +16,8 @@ ms.topic: reference # Firewall CSP +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. @@ -3061,7 +3063,7 @@ This value configures the security association idle time, in seconds. Security a | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3100,7 +3102,7 @@ A list of rules controlling traffic through the Windows Firewall for Hyper-V con | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3142,7 +3144,7 @@ Unique alpha numeric identifier for the rule. The rule name mustn't include a fo | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3194,7 +3196,7 @@ Specifies the action the rule enforces: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3249,7 +3251,7 @@ If not specified the default is OUT. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3299,7 +3301,7 @@ If not specified - a new rule is disabled by default. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3351,7 +3353,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3391,7 +3393,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3430,7 +3432,7 @@ Specifies the friendly name of the Hyper-V Firewall rule. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3470,7 +3472,7 @@ This value represents the order of rule enforcement. A lower priority rule is ev | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -3520,7 +3522,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3560,7 +3562,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [ | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3610,7 +3612,7 @@ An IPv6 address range in the format of "start address - end address" with no spa | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3650,7 +3652,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3689,7 +3691,7 @@ Provides information about the specific version of the rule in deployment for mo | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3729,7 +3731,7 @@ This field specifies the VM Creator ID that this rule is applicable to. A NULL G | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3768,7 +3770,7 @@ Settings for the Windows Firewall for Hyper-V containers. Each setting applies o | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3810,7 +3812,7 @@ VM Creator ID that these settings apply to. Valid format is a GUID. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -3859,7 +3861,7 @@ This value is used as an on/off switch. If this value is true, applicable host f | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3909,7 +3911,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -3959,7 +3961,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -3997,7 +3999,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4047,7 +4049,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4097,7 +4099,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4147,7 +4149,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4196,7 +4198,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -4245,7 +4247,7 @@ This value is an on/off switch for the Hyper-V Firewall. This value controls the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -4294,7 +4296,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4332,7 +4334,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4382,7 +4384,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4432,7 +4434,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4482,7 +4484,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4531,7 +4533,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4569,7 +4571,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4619,7 +4621,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4669,7 +4671,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | @@ -4719,7 +4721,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25398] | diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index 333baf09d9..8a398f09ae 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2815,6 +2815,10 @@ The following XML file contains the device description framework (DDF) for the F + + 10.0.22621 + 1.0 + @@ -3025,6 +3029,10 @@ The following XML file contains the device description framework (DDF) for the F + + 10.0.25398 + 1.0 + false @@ -3055,6 +3063,10 @@ The following XML file contains the device description framework (DDF) for the F + + 10.0.25398 + 1.0 + EnableFirewall @@ -3244,6 +3256,10 @@ The following XML file contains the device description framework (DDF) for the F + + 10.0.25398 + 1.0 + EnableFirewall @@ -3433,6 +3449,10 @@ The following XML file contains the device description framework (DDF) for the F + + 10.0.25398 + 1.0 + EnableFirewall @@ -4424,6 +4444,10 @@ This is a string in Security Descriptor Definition Language (SDDL) format.. + + 10.0.22621 + 1.0 + @@ -4808,6 +4832,10 @@ If not specified - a new rule is disabled by default. + + 10.0.25398 + 1.0 + 0x1 diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md index 21eb2d1b73..40cba72f64 100644 --- a/windows/client-management/mdm/laps-csp.md +++ b/windows/client-management/mdm/laps-csp.md @@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,6 +16,8 @@ ms.topic: reference # LAPS CSP +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings). @@ -54,7 +56,7 @@ The following list shows the LAPS configuration service provider nodes: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -93,7 +95,7 @@ Defines the parent interior node for all action-related settings in the LAPS CSP | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -133,7 +135,7 @@ This action invokes an immediate reset of the local administrator account passwo | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -178,7 +180,7 @@ The value returned is an HRESULT code: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -218,7 +220,7 @@ Root node for LAPS policies. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -268,7 +270,7 @@ This setting has a maximum allowed value of 12 passwords. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -313,7 +315,7 @@ Note if a custom managed local administrator account name is specified in this s | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -375,7 +377,7 @@ If not specified, this setting defaults to True. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -431,7 +433,7 @@ If the specified user or group account is invalid the device will fallback to us | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -489,7 +491,7 @@ If not specified, this setting will default to 0. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -537,7 +539,7 @@ This setting has a maximum allowed value of 365 days. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -599,7 +601,7 @@ If not specified, this setting will default to 4. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -655,7 +657,7 @@ If not specified, this setting defaults to True. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -702,7 +704,7 @@ This setting has a maximum allowed value of 64 characters. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | @@ -759,7 +761,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ [10.0.25145] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.20348.1663] and later
✅ Windows 10, version 1809 [10.0.17763.4244] and later
✅ Windows 10, version 2004 [10.0.19041.2784] and later
✅ Windows 11, version 21H2 [10.0.22000.1754] and later
✅ Windows 11, version 22H2 [10.0.22621.1480] and later
✅ Windows Insider Preview [10.0.25145] | diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index a325b44c94..153a0b2f95 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -34,6 +34,7 @@ The following list shows the PassportForWork configuration service provider node - [Policies](#devicetenantidpolicies) - [DisablePostLogonProvisioning](#devicetenantidpoliciesdisablepostlogonprovisioning) - [EnablePinRecovery](#devicetenantidpoliciesenablepinrecovery) + - [EnableWindowsHelloProvisioningForSecurityKeys](#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys) - [ExcludeSecurityDevices](#devicetenantidpoliciesexcludesecuritydevices) - [TPM12](#devicetenantidpoliciesexcludesecuritydevicestpm12) - [PINComplexity](#devicetenantidpoliciespincomplexity) @@ -265,6 +266,55 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows + +#### Device/{TenantId}/Policies/EnableWindowsHelloProvisioningForSecurityKeys + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/EnableWindowsHelloProvisioningForSecurityKeys +``` + + + + +Enable Windows Hello provisioning if users sign-in to their devices with FIDO2 security keys. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `bool` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | False | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| false (Default) | Disabled. | +| true | Enabled. | + + + + + + + + #### Device/{TenantId}/Policies/ExcludeSecurityDevices diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 3e17cfe42d..8a2ac551bc 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -814,6 +814,45 @@ If you disable or do not configure this policy setting, the PIN recovery secret + + EnableWindowsHelloProvisioningForSecurityKeys + + + + + + + + False + Enable Windows Hello provisioning if users sign-in to their devices with FIDO2 security keys. + + + + + + + + + + + + + + 99.9.99999 + 1.6 + + + + false + Disabled + + + true + Enabled + + + + DisablePostLogonProvisioning diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 9b79c99c4a..3a17aa367b 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -252,6 +252,8 @@ This article lists the policies in Policy CSP that have a group policy mapping. ## Cryptography - [AllowFipsAlgorithmPolicy](policy-csp-cryptography.md) +- [TLSCipherSuites](policy-csp-cryptography.md) +- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md) ## Defender @@ -690,6 +692,7 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [HideRecommendedSection](policy-csp-start.md) - [HideRecommendedPersonalizedSites](policy-csp-start.md) - [HideTaskViewButton](policy-csp-start.md) +- [HideCopilotButton](policy-csp-start.md) - [DisableControlCenter](policy-csp-start.md) - [ForceStartSize](policy-csp-start.md) - [DisableContextMenus](policy-csp-start.md) @@ -703,6 +706,7 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [SimplifyQuickSettings](policy-csp-start.md) - [DisableEditingQuickSettings](policy-csp-start.md) - [HideTaskViewButton](policy-csp-start.md) +- [HideCopilotButton](policy-csp-start.md) ## Storage @@ -842,6 +846,7 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [ConfigureDeadlineNoAutoReboot](policy-csp-update.md) - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md) - [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md) +- [AllowOptionalContent](policy-csp-update.md) ## UserRights diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index 4be961a69f..f3cae84c36 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Windows 10 Team author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -73,6 +73,12 @@ This article lists the policies in Policy CSP that are applicable for the Surfac ## Cryptography - [AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#allowfipsalgorithmpolicy) +- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md#configureellipticcurvecryptography) +- [ConfigureSystemCryptographyForceStrongKeyProtection](policy-csp-cryptography.md#configuresystemcryptographyforcestrongkeyprotection) +- [OverrideMinimumEnabledDTLSVersionClient](policy-csp-cryptography.md#overrideminimumenableddtlsversionclient) +- [OverrideMinimumEnabledDTLSVersionServer](policy-csp-cryptography.md#overrideminimumenableddtlsversionserver) +- [OverrideMinimumEnabledTLSVersionClient](policy-csp-cryptography.md#overrideminimumenabledtlsversionclient) +- [OverrideMinimumEnabledTLSVersionServer](policy-csp-cryptography.md#overrideminimumenabledtlsversionserver) - [TLSCipherSuites](policy-csp-cryptography.md#tlsciphersuites) ## Defender @@ -257,6 +263,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac ## Start +- [HideCopilotButton](policy-csp-start.md#hidecopilotbutton) - [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites) - [StartLayout](policy-csp-start.md#startlayout) @@ -313,6 +320,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac - [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md#allowautowindowsupdatedownloadovermeterednetwork) - [AllowMUUpdateService](policy-csp-update.md#allowmuupdateservice) - [AllowNonMicrosoftSignedUpdate](policy-csp-update.md#allownonmicrosoftsignedupdate) +- [AllowOptionalContent](policy-csp-update.md#allowoptionalcontent) - [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol) - [AllowUpdateService](policy-csp-update.md#allowupdateservice) - [BranchReadinessLevel](policy-csp-update.md#branchreadinesslevel) diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md index 06983bfbba..2bdf0cc421 100644 --- a/windows/client-management/mdm/policy-csp-abovelock.md +++ b/windows/client-management/mdm/policy-csp-abovelock.md @@ -4,7 +4,7 @@ description: Learn more about the AboveLock Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -29,7 +29,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 9286bcdf16..dc551ae734 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationManagement Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -435,7 +435,7 @@ Manages a Windows app's ability to share data between users who have installed t | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -487,7 +487,7 @@ This policy is deprecated. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 8baca30d66..ec8c6f1260 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -4,7 +4,7 @@ description: Learn more about the Browser Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -185,7 +185,7 @@ To verify AllowAutofill is set to 0 (not allowed): | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -2720,7 +2720,7 @@ Important. Discontinued in Windows 10, version 1511. Use the Browser/EnterpriseM | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
✅ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 3901124ada..1433ac91b9 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -4,7 +4,7 @@ description: Learn more about the Connectivity Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -259,7 +259,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -382,7 +382,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md index 841ae0f1bd..9410f14e41 100644 --- a/windows/client-management/mdm/policy-csp-cryptography.md +++ b/windows/client-management/mdm/policy-csp-cryptography.md @@ -4,7 +4,7 @@ description: Learn more about the Cryptography Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,6 +16,8 @@ ms.topic: reference # Policy CSP - Cryptography +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -78,6 +80,283 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy. + +## ConfigureEllipticCurveCryptography + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Cryptography/ConfigureEllipticCurveCryptography +``` + + + + +This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. + +- If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line) + +- If you disable or don't configure this policy setting, the default ECC curve order is used. + +Default Curve Order + +curve25519 +NistP256 +NistP384 + +To See all the curves supported on the system, Use the following command: + +CertUtil.exe -DisplayEccCurve. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | List (Delimiter: `;`) | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | SSLCurveOrder | +| Friendly Name | ECC Curve Order | +| Location | Computer Configuration | +| Path | Network > SSL Configuration Settings | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 | +| ADMX File Name | CipherSuiteOrder.admx | + + + + + + + + + +## ConfigureSystemCryptographyForceStrongKeyProtection + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Cryptography/ConfigureSystemCryptographyForceStrongKeyProtection +``` + + + + +System cryptography: Force strong key protection for user keys stored on the computer. Last write wins. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 2 | + + + +**Allowed values**: + +| Flag | Description | +|:--|:--| +| 8 | An app container has accessed a medium key that isn't strongly protected. For example, a key that's for user consent only, or is password or fingerprint protected. | +| 2 (Default) | Force high protection. | +| 1 | Display the strong key user interface as needed. | + + + + + + + + + +## OverrideMinimumEnabledDTLSVersionClient + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledDTLSVersionClient +``` + + + + +Override minimal enabled TLS version for client role. Last write wins. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1.0 | + + + + + + + + + +## OverrideMinimumEnabledDTLSVersionServer + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledDTLSVersionServer +``` + + + + +Override minimal enabled TLS version for server role. Last write wins. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1.0 | + + + + + + + + + +## OverrideMinimumEnabledTLSVersionClient + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledTLSVersionClient +``` + + + + +Override minimal enabled TLS version for client role. Last write wins. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1.0 | + + + + + + + + + +## OverrideMinimumEnabledTLSVersionServer + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledTLSVersionServer +``` + + + + +Override minimal enabled TLS version for server role. Last write wins. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1.0 | + + + + + + + + ## TLSCipherSuites @@ -94,8 +373,14 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy. - -Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. + +This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). + +- If you enable this policy setting, SSL cipher suites are prioritized in the order specified. + +- If you disable or don't configure this policy setting, default cipher suite order is used. + +Link for all the cipherSuites: @@ -112,6 +397,19 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is | Allowed Values | List (Delimiter: `;`) | + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | SSLCipherSuiteOrder | +| Friendly Name | SSL Cipher Suite Order | +| Location | Computer Configuration | +| Path | Network > SSL Configuration Settings | +| Registry Key Name | SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 | +| ADMX File Name | CipherSuiteOrder.admx | + + diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 1eb23bfa94..c98a296a1f 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -444,6 +444,9 @@ This policy setting allows you to manage whether or not to scan for malicious so ## AllowIntrusionPreventionSystem +> [!NOTE] +> This policy is deprecated and may be removed in a future release. + | Scope | Editions | Applicable OS | |:--|:--|:--| diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md index c2c0ede75a..9e30c4c427 100644 --- a/windows/client-management/mdm/policy-csp-devicelock.md +++ b/windows/client-management/mdm/policy-csp-devicelock.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceLock Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -121,7 +121,7 @@ Allow Administrator account lockout This security setting determines whether the | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -789,7 +789,7 @@ On HoloLens, this timeout is controlled by the device's system sleep timeout, re | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later | diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index 1cff7177e4..f2cf4e42d2 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -4,7 +4,7 @@ description: Learn more about the Experience Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -107,7 +107,7 @@ Policy change takes effect immediately. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -840,7 +840,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -956,7 +956,7 @@ Specifies whether to allow app and content suggestions from third-party software | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 6bf3263e8a..be44e6af68 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -18,6 +18,8 @@ ms.topic: reference [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + These policies are only supported on [Microsoft HoloLens 2](/hololens/hololens2-hardware). They're not supported on HoloLens (first gen) Development Edition or HoloLens (first gen) Commercial Suite devices. @@ -538,6 +540,153 @@ Windows Network Connectivity Status Indicator may get a false positive internet- + +## EnableStartMenuSingleHandGesture + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuSingleHandGesture +``` + + + + +This policy setting controls if pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu is enabled or not. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Don't allow pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu. | +| 1 (Default) | Allow pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu. | + + + + + + + + + +## EnableStartMenuVoiceCommand + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuVoiceCommand +``` + + + + +This policy setting controls if using voice commands to open the Start menu is enabled or not. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Using voice commands to open the Start menu is disabled. | +| 1 (Default) | Using voice commands to open the Start menu is enabled. | + + + + + + + + + +## EnableStartMenuWristTap + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuWristTap +``` + + + + +This policy setting controls if tapping the Star icon on your wrist to open the Start menu is enabled or not. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 1 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Don't allow tapping the Start icon on your wrist to open the Start menu. | +| 1 (Default) | Allow tapping the Start icon on your wrist to open the Start menu. | + + + + + + + + ## EyeTrackingCalibrationPrompt @@ -852,6 +1001,153 @@ The following example XML string shows the value to enable this policy: + +## PreferLogonAsOtherUser + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/PreferLogonAsOtherUser +``` + + + + +This policy configures whether the Sign-In App should prefer showing Other User panel to user. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Disabled. | +| 1 | Enabled. | + + + + + + + + + +## RequireStartIconHold + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/RequireStartIconHold +``` + + + + +This policy setting controls if it's require that the Start icon to be pressed for 2 seconds to open the Start menu. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Don't require the Start icon to be pressed for 2 seconds. | +| 1 | Require the Start icon to be pressed for 2 seconds. | + + + + + + + + + +## RequireStartIconVisible + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/MixedReality/RequireStartIconVisible +``` + + + + +This policy setting controls if it's required that the Start icon to be looked at when you tap it to open the Start menu. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Don't require the Start icon to be looked at when you tap it. | +| 1 | Require the Start icon to be looked at when you tap it. | + + + + + + + + ## SkipCalibrationDuringSetup diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index d911d882c5..5587e7c36e 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkListManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -37,7 +37,7 @@ ms.topic: reference -List of URLs (seperated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. +List of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index 28175d1f22..0fe4605294 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,6 +16,8 @@ ms.topic: reference # Policy CSP - Privacy +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -2934,7 +2936,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25000] | @@ -2994,7 +2996,7 @@ This policy setting specifies whether Windows apps can access the human presence | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25000] | @@ -3044,7 +3046,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25000] | @@ -3094,7 +3096,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ [10.0.25000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview [10.0.25000] | diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 550fbeae03..1ec7fb4c22 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -4,7 +4,7 @@ description: Learn more about the Search Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1123,7 +1123,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index e4f0dfb401..2fc3142188 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -4,7 +4,7 @@ description: Learn more about the Security Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -78,7 +78,7 @@ Specifies whether to allow the runtime configuration agent to install provisioni | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | @@ -179,7 +179,7 @@ Specifies whether to allow the runtime configuration agent to remove provisionin | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later | diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index a4e21ea68d..940e16a8c2 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -974,6 +974,68 @@ Enabling this policy hides "Change account settings" from appearing in the user + +## HideCopilotButton + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | | + + + +```User +./User/Vendor/MSFT/Policy/Config/Start/HideCopilotButton +``` + +```Device +./Device/Vendor/MSFT/Policy/Config/Start/HideCopilotButton +``` + + + + +This policy setting allows you to hide the Copilot button on the Taskbar. If you enable this policy setting, the Copilot button will be hidden and the Settings toggle will be disabled. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Copilot button shown. | +| 1 | Copilot button hidden. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | HideCopilotButton | +| Path | Taskbar > AT > StartMenu | + + + + + + + + ## HideFrequentlyUsedApps diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 1243feb131..0ecd29cb56 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -4,7 +4,7 @@ description: Learn more about the TimeLanguageSettings Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -29,7 +29,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
❌ Enterprise
❌ Education
❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later | diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 5796782a5f..9a753d25ea 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/11/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -25,6 +25,7 @@ ms.topic: reference Update CSP policies are listed below based on the group policy area: - [Windows Insider Preview](#windows-insider-preview) + - [AllowOptionalContent](#allowoptionalcontent) - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates) - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates) - [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update) @@ -106,6 +107,65 @@ Update CSP policies are listed below based on the group policy area: ## Windows Insider Preview + +### AllowOptionalContent + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/Update/AllowOptionalContent +``` + + + + +This policy enables devices to get offered optional updates and users interact with the 'Get the latest updates as soon as they're available' toggle on the Windows Update Settings page. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Device doesn't receive optional updates. | +| 1 | Device receives optional updates and user can install from WU Settings page. | +| 2 | Device receives optional updates and install them as soon as they're available. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | AllowOptionalContent | +| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat | + + + + + + + + ### ConfigureDeadlineNoAutoRebootForFeatureUpdates @@ -393,6 +453,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you | 16 (Default) | {0x10} - Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). | | 32 | 2 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16). | | 64 | {0x40} - Release Preview of Quality Updates Only. | +| 128 | {0x80} - Canary Channel. | @@ -2079,41 +2140,8 @@ Note that the default max active hours range is 18 hours from the active hours s - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to manage automatic update behavior to scan, download, and install updates. Important. This option should be used only for systems under regulatory compliance, as you won't get security updates as well. If the policy isn't configured, end-users get the default behavior (Auto install and restart). @@ -2245,41 +2273,8 @@ This policy is accessible through the Update setting in the user interface or Gr - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Allows the IT admin to manage whether to scan for app updates from Microsoft Update. @@ -2824,41 +2819,8 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2 - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to schedule the day of the update installation. The data type is a integer. @@ -2928,41 +2890,8 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to schedule the update installation on the every week. Value type is integer. @@ -3026,41 +2955,8 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. @@ -3133,41 +3029,8 @@ These policies are not exclusive and can be used in any combination. Together wi - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. @@ -3240,41 +3103,8 @@ These policies are not exclusive and can be used in any combination. Together wi - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. @@ -3347,41 +3177,8 @@ These policies are not exclusive and can be used in any combination. Together wi - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + +Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. @@ -3454,41 +3251,8 @@ These policies are not exclusive and can be used in any combination. Together wi - -Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. - -> [!NOTE] -> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%. - -This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: - -2 = Notify before downloading and installing any updates. - -When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. - -3 = (Default setting) Download the updates automatically and notify when they're ready to be installed. - -Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them. - -4 = Automatically download updates and install them on the schedule specified below. - -When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher) - -Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart). - -On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss. - -5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions) - -With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates. - -7 = Notify for install and notify for restart. (Windows Server only) - -With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually. - -If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start. - -If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel. + + the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index ff0324acd3..d9b5c73c0f 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1792,7 +1792,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet -Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. +Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. @@ -3119,7 +3119,7 @@ Type of routing policy. -Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. +Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com. @@ -6032,7 +6032,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet -Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. +Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device. @@ -7359,7 +7359,7 @@ Type of routing policy. -Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com. +Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com. diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 60dd258bf1..3b74e77e11 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsLicensing CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,6 +16,8 @@ ms.topic: reference # WindowsLicensing CSP +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + The WindowsLicensing configuration service provider is designed for licensing related management scenarios. @@ -161,7 +163,7 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -200,7 +202,7 @@ Device Based Subscription. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -239,7 +241,7 @@ Returns the last error code of Refresh/Remove Device License operation. Value wo | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -278,7 +280,7 @@ Returns last error description from Device Licensing. Value would be empty, if e | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -317,7 +319,7 @@ Returns the status of Refresh/Remove Device License operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later
✅ Windows 11, version 22H2 [10.0.22621] and later | @@ -795,7 +797,7 @@ This setting is only applicable to devices available in S mode. -Returns the status of an edition upgrade on Windows 10 desktop and mobile devices. Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown. +Returns the status of an edition upgrade on Windows 10 desktop and mobile devices. Status: 0 = Failed, 1 = Pending, 2 = In progress, 3 = Completed, 4 = Unknown. @@ -997,7 +999,7 @@ Returns the status of the subscription. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1045,7 +1047,7 @@ Disable or Enable subscription activation on a device. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1084,7 +1086,7 @@ Remove subscription uninstall subscription license. It also reset subscription t | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1123,7 +1125,7 @@ Error code of last subscription operation. Value would be empty(0) in absence of | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1162,7 +1164,7 @@ Error description of last subscription operation. Value would be empty, if error | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | @@ -1201,7 +1203,7 @@ Status of last subscription operation. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE | ✅ Windows Insider Preview | diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index 97d6ff5d83..2fc871423e 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 08/02/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -342,6 +342,10 @@ The following XML file contains the device description framework (DDF) for the W + + 99.9.99999 + 9.9 + 0 @@ -373,6 +377,10 @@ The following XML file contains the device description framework (DDF) for the W + + 99.9.99999 + 9.9 + @@ -394,6 +402,10 @@ The following XML file contains the device description framework (DDF) for the W + + 99.9.99999 + 9.9 + @@ -415,6 +427,10 @@ The following XML file contains the device description framework (DDF) for the W + + 99.9.99999 + 9.9 + @@ -436,6 +452,10 @@ The following XML file contains the device description framework (DDF) for the W + + 99.9.99999 + 9.9 + 0 @@ -467,6 +487,10 @@ The following XML file contains the device description framework (DDF) for the W + + 99.9.99999 + 9.9 + @@ -600,7 +624,7 @@ The following XML file contains the device description framework (DDF) for the W - 10.0.22621 + 10.0.22621, 10.0.22000.1165 1.4 From 604dabd8cffcdc27c5e039f0cb928682f87ac615 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 2 Aug 2023 17:01:14 -0600 Subject: [PATCH 43/94] Update wufb-reports-do.md Need to update information for the null terminator. --- windows/deployment/update/wufb-reports-do.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md index da09d3e2d2..ddb2f0861d 100644 --- a/windows/deployment/update/wufb-reports-do.md +++ b/windows/deployment/update/wufb-reports-do.md @@ -95,7 +95,7 @@ Each calculated values used in the Delivery Optimization report are listed below In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of original to encoded GroupIDs using the following PowerShell example: ```powershell -$text = "" ; +$text = "`0" ; # The `0 null terminator is required $hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64" ``` From 3c6fcc554b5c6df9521bc750acd31cd431426629 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 2 Aug 2023 18:08:51 -0700 Subject: [PATCH 44/94] delete unnecessary articles --- .openpublishing.redirection.json | 12 +- ...ishing.redirection.windows-deployment.json | 65 +++++++++++ windows/deployment/TOC.yml | 10 +- windows/deployment/add-store-apps-to-image.md | 89 --------------- windows/deployment/deploy.md | 34 ------ windows/deployment/index.yml | 2 - .../planning/act-technical-reference.md | 45 -------- windows/deployment/planning/index.md | 34 ------ windows/deployment/update/WIP4Biz-intro.md | 64 ----------- .../update/deploy-updates-configmgr.md | 21 ---- .../update/deploy-updates-intune.md | 24 ---- .../get-started-updates-channels-tools.md | 2 +- windows/deployment/update/index.md | 47 -------- .../olympia/olympia-enrollment-guidelines.md | 43 ------- windows/deployment/update/waas-morenews.md | 54 --------- .../deployment/update/windows-as-a-service.md | 106 ------------------ .../windows-10-deployment-tools-reference.md | 25 ----- .../deployment/windows-10-deployment-tools.md | 25 ----- 18 files changed, 75 insertions(+), 627 deletions(-) delete mode 100644 windows/deployment/add-store-apps-to-image.md delete mode 100644 windows/deployment/deploy.md delete mode 100644 windows/deployment/planning/act-technical-reference.md delete mode 100644 windows/deployment/planning/index.md delete mode 100644 windows/deployment/update/WIP4Biz-intro.md delete mode 100644 windows/deployment/update/deploy-updates-configmgr.md delete mode 100644 windows/deployment/update/deploy-updates-intune.md delete mode 100644 windows/deployment/update/index.md delete mode 100644 windows/deployment/update/olympia/olympia-enrollment-guidelines.md delete mode 100644 windows/deployment/update/waas-morenews.md delete mode 100644 windows/deployment/update/windows-as-a-service.md delete mode 100644 windows/deployment/windows-10-deployment-tools-reference.md delete mode 100644 windows/deployment/windows-10-deployment-tools.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 010a1f7eaf..7cc99f80b3 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2517,7 +2517,7 @@ }, { "source_path": "windows/deploy/windows-10-deployment-tools-reference.md", - "redirect_url": "/windows/deployment/windows-10-deployment-tools-reference", + "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools", "redirect_document_id": false }, { @@ -10602,7 +10602,7 @@ }, { "source_path": "windows/manage/introduction-to-windows-10-servicing.md", - "redirect_url": "/windows/deployment/update/index", + "redirect_url": "/windows/deployment/", "redirect_document_id": false }, { @@ -11037,7 +11037,7 @@ }, { "source_path": "windows/manage/waas-update-windows-10.md", - "redirect_url": "/windows/deployment/update/index", + "redirect_url": "/windows/deployment/", "redirect_document_id": false }, { @@ -11147,7 +11147,7 @@ }, { "source_path": "windows/plan/act-technical-reference.md", - "redirect_url": "/windows/deployment/planning/act-technical-reference", + "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide", "redirect_document_id": false }, { @@ -11377,7 +11377,7 @@ }, { "source_path": "windows/plan/index.md", - "redirect_url": "/windows/deployment/planning/index", + "redirect_url": "/windows/deployment/", "redirect_document_id": false }, { @@ -12617,7 +12617,7 @@ }, { "source_path": "windows/update/index.md", - "redirect_url": "/windows/deployment/update/index", + "redirect_url": "/windows/deployment/", "redirect_document_id": false }, { diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json index 5ac6d20892..291aac7fbf 100644 --- a/.openpublishing.redirection.windows-deployment.json +++ b/.openpublishing.redirection.windows-deployment.json @@ -1039,6 +1039,71 @@ "source_path": "windows/deployment/windows-autopilot/index.yml", "redirect_url": "/mem/autopilot/", "redirect_document_id": false + }, + { + "source_path": "windows/deployment/deploy.md", + "redirect_url": "/windows/deployment/", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/planning/act-technical-reference.md", + "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/planning/index.md", + "redirect_url": "/windows/deployment/", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/add-store-apps-to-image.md", + "redirect_url": "/windows/deployment/", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/deploy-updates-configmgr.md", + "redirect_url": "/mem/configmgr/osd/deploy-use/manage-windows-as-a-service", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/deploy-updates-intune.md", + "redirect_url": "/mem/intune/protect/windows-update-for-business-configure", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/index.md", + "redirect_url": "/windows/deployment/", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/olympia/olympia-enrollment-guidelines.md", + "redirect_url": "/windows-insider/business/register", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/WIP4Biz-intro.md", + "redirect_url": "/windows-insider/business/register", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/waas-morenews.md", + "redirect_url": "/windows/deployment/update/waas-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/windows-as-a-service.md", + "redirect_url": "/windows/deployment/update/waas-overview", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-10-deployment-tools.md", + "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-10-deployment-tools-reference.md", + "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools", + "redirect_document_id": false } ] } diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 128256240a..20d9752fdf 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -101,7 +101,9 @@ - name: Deploy Windows client items: - name: Deploy Windows client with Autopilot - href: windows-autopilot/index.yml + href: /autopilot/ + - name: Windows deployment scenarios and tools + href: windows-deployment-scenarios-and-tools.md - name: Deploy Windows client with Configuration Manager items: - name: Deploy to a new device @@ -136,10 +138,6 @@ items: - name: Assign devices to servicing channels href: update/waas-servicing-channels-windows-10-updates.md - - name: Deploy updates with Configuration Manager - href: update/deploy-updates-configmgr.md - - name: Deploy updates with Intune - href: update/deploy-updates-intune.md - name: Deploy updates with WSUS href: update/waas-manage-updates-wsus.md - name: Deploy updates with Group Policy @@ -170,8 +168,6 @@ href: update/waas-integrate-wufb.md - name: 'Walkthrough: use Group Policy to configure Windows Update for Business' href: update/waas-wufb-group-policy.md - - name: 'Walkupdatesthrough: use Intune to configure Windows Update for Business' - href: update/deploy-updates-intune.md - name: Windows Update for Business deployment service items: - name: Windows Update for Business deployment service overview diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md deleted file mode 100644 index 8a3e5bc940..0000000000 --- a/windows/deployment/add-store-apps-to-image.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Add Microsoft Store for Business applications to a Windows 10 image -description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. -ms.prod: windows-client -ms.localizationpriority: medium -author: frankroj -ms.author: frankroj -manager: aaroncz -ms.topic: article -ms.date: 11/23/2022 -ms.technology: itpro-deploy ---- - -# Add Microsoft Store for Business applications to a Windows 10 image - -*Applies to:* - -- Windows 10 - -This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. Adding Microsoft Store for Business applications to a Windows 10 image will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps. - -> [!IMPORTANT] -> In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment. - -## Prerequisites - -- [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md) for the tools required to mount and edit Windows images. - -- Download an offline signed app package and license of the application you would like to add through [Microsoft Store for Business](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app). -- A Windows Image. For instructions on image creation, see [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md). - -> [!NOTE] -> If you'd like to add an internal LOB Microsoft Store application, please follow the instructions on **[Sideload line of business (LOB) apps in Windows client devices](/windows/application-management/sideload-apps-in-windows-10)**. - -## Adding a Store application to your image - -On a machine where your image file is accessible: - -1. Open Windows PowerShell with administrator privileges. - -2. Mount the image. At the Windows PowerShell prompt, enter: -`Mount-WindowsImage -ImagePath c:\images\myimage.wim -Index 1 -Path C:\test` - -3. Use the Add-AppxProvisionedPackage cmdlet in Windows PowerShell to preinstall the app. Use the /PackagePath option to specify the location of the Store package and /LicensePath to specify the location of the license .xml file. In Windows PowerShell, enter: -`Add-AppxProvisionedPackage -Path C:\test -PackagePath C:\downloads\appxpackage -LicensePath C:\downloads\appxpackage\license.xml` - -> [!NOTE] -> Paths and file names are examples. Use your paths and file names where appropriate. -> -> Do not dismount the image, as you will return to it later. - -## Editing the Start Layout - -In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment. - -On a test machine: - -1. **Install the Microsoft Store for Business application you previously added** to your image. - -2. **Pin these apps to the Start screen**, by typing the name of the app, right-clicking and selecting **Pin to Start**. - -3. Open Windows PowerShell with administrator privileges. - -4. Use `Export-StartLayout -path .xml` where *\\* is the path and name of the xml file your will later import into your Windows Image. - -5. Copy the XML file you created to a location accessible by the machine you previously used to add Store applications to your image. - -Now, on the machine where your image file is accessible: - -1. Import the Start layout. At the Windows PowerShell prompt, enter: -`Import-StartLayout -LayoutPath ".xml" -MountPath "C:\test\"` - -2. Save changes and dismount the image. At the Windows PowerShell prompt, enter: -`Dismount-WindowsImage -Path c:\test -Save` - -> [!NOTE] -> Paths and file names are examples. Use your paths and file names where appropriate. -> -> For more information on Start customization, see [Windows 10 Start Layout Customization](/archive/blogs/deploymentguys/windows-10-start-layout-customization) - -## Related articles - -- [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout) -- [Export-StartLayout](/powershell/module/startlayout/export-startlayout) -- [Import-StartLayout](/powershell/module/startlayout/import-startlayout) -- [Sideload line of business (LOB) apps in Windows client devices](/windows/application-management/sideload-apps-in-windows-10) -- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) -- [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) -- [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md) diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md deleted file mode 100644 index b72a595c2a..0000000000 --- a/windows/deployment/deploy.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Deploy Windows 10 (Windows 10) -description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment. -manager: aaroncz -author: frankroj -ms.author: frankroj -ms.prod: windows-client -ms.localizationpriority: medium -ms.topic: article -ms.date: 11/23/2022 -ms.technology: itpro-deploy ---- - -# Deploy Windows 10 - -Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and articles are available. - -|Article |Description | -|------|------------| -|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |This article provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. | -|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This article provides information about support for upgrading directly to Windows 10 from a previous operating system. | -|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This article provides information about support for upgrading from one edition of Windows 10 to another. | -|[Windows 10 volume license media](windows-10-media.md) |This article provides information about updates to volume licensing media in the current version of Windows 10. | -|[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they're known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | -|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After you complete this guide, more guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md). | -|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to help Windows 10 deployment planning. | -|[Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). | -|[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) |If you have Microsoft Configuration Manager in your environment, you'll most likely want to use it to deploy Windows 10. This article will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT). | -|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. | -|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install more fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.| - -## Related articles - -[Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index c2e2672c36..b72aa8d9ad 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -60,8 +60,6 @@ landingContent: url: /mem/autopilot - text: Assign devices to servicing channels url: update/waas-servicing-channels-windows-10-updates.md - - text: Deploy Windows updates with Configuration Manager - url: update/deploy-updates-configmgr.md # Card - title: Overview diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md deleted file mode 100644 index 07cf3c224a..0000000000 --- a/windows/deployment/planning/act-technical-reference.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10) -description: The Microsoft Application Compatibility Toolkit (ACT) helps you see if the apps and devices in your org are compatible with different versions of Windows. -manager: aaroncz -ms.author: frankroj -ms.prod: windows-client -author: frankroj -ms.topic: article -ms.technology: itpro-deploy -ms.date: 10/28/2022 ---- - -# Application Compatibility Toolkit (ACT) Technical Reference - - -**Applies to** -- Windows 10, version 1607 - ->[!IMPORTANT] ->We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with [Windows Analytics](/mem/configmgr/desktop-analytics/overview), a solution in the Microsoft Operations Management Suite. Windows Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. - -Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft's experience upgrading millions of devices to Windows 10. - -With Windows diagnostic data enabled, Windows Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. - -Use Windows Analytics to get: -- A visual workflow that guides you from pilot to production -- Detailed computer and application inventory -- Powerful computer level search and drill-downs -- Guidance and insights into application and driver compatibility issues, with suggested fixes -- Data driven application rationalization tools -- Application usage information, allowing targeted validation; workflow to track validation progress and decisions -- Data export to commonly used software deployment tools, including Microsoft Configuration Manager - -The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. - -At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatibility Administrator, which helps you to resolve potential compatibility issues. - -## In this section - -|Topic |Description | -|------|------------| -|[Standard User Analyzer (SUA) User's Guide](sua-users-guide.md) |The Standard User Analyzer (SUA) helps you test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. | -|[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) |The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. | -|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. | diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md deleted file mode 100644 index 4d26878cb9..0000000000 --- a/windows/deployment/planning/index.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Plan for Windows 10 deployment (Windows 10) -description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date. -ms.prod: windows-client -ms.localizationpriority: medium -author: frankroj -ms.author: frankroj -manager: aaroncz -ms.topic: article -ms.technology: itpro-deploy -ms.date: 10/28/2022 ---- - -# Plan for Windows 10 deployment -Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. Together, these changes require that you rethink the traditional deployment process. - -## In this section -|Topic |Description | -|------|------------| -|[Windows 10 Enterprise: FAQ for IT professionals](windows-10-enterprise-faq-itpro.yml) | Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise. | -|[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. | -|[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. | -|[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. | -|[Features removed or planned for replacement](/windows/whats-new/feature-lifecycle) |Information is provided about Windows features and functionality that are removed or planned for replacement. | -|[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. | - -## Related topics -- [Windows 10 servicing options for updates and upgrades](../update/index.md) -- [Deploy Windows 10 with MDT](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) -- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) -- [Upgrade to Windows 10 with MDT](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) -- [Upgrade to Windows 10 with Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) -- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd) - diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md deleted file mode 100644 index ba129003a6..0000000000 --- a/windows/deployment/update/WIP4Biz-intro.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Introduction to the Windows Insider Program for Business -description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join. -ms.prod: windows-client -author: mestew -ms.author: mstewart -manager: aaroncz -ms.topic: article -ms.technology: itpro-updates -ms.date: 12/31/2017 ---- - -# Introduction to the Windows Insider Program for Business - -**Applies to** - -- Windows 10 - -> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - -For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the General Availability Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available. - -The Windows Insider Program for Business gives you the opportunity to: - -* Get early access to Windows Insider Preview Builds. -* Provide feedback to Microsoft in real time by using the Feedback Hub app. -* Sign in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs. -* Register your Azure Active Directory domain in the program, allowing you to cover all users within your organization with just one registration. -* Starting with Windows 10, version 1709, enable, disable, defer, and pause the installation of preview builds through policies. -* Track feedback provided through the Feedback Hub App across your organization. - -Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans, and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App. - -The Windows Insider Program doesn't replace General Availability Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft. - -[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the General Availability Channel Targeted ring for Pilot deployment, and the General Availability Channel for broad deployment.](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)
-Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. - -## Explore new Windows 10 features in Insider Previews -Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration: - -|Objective |Feature exploration| -|---------|---------| -|Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.| -|Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. | -|Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)
- Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications
- Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. | -|Feedback | - This helps us make adjustments to features as quickly as possible.
- Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)
- [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback) | - -## Validate Insider Preview builds -Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits: - -- Get a head start on your Windows validation process. -- Identify issues sooner to accelerate your Windows deployment. -- Engage Microsoft earlier for help with potential compatibility issues. -- Deploy Windows 10 General Availability Channel releases faster and more confidently. -- Maximize the support window that comes with each General Availability Channel release. - -|Objective |Feature exploration| -|---------|---------| -|Release channel |**Slow Ring:** Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production devices by skilled users.| -|Users | Application and infrastructure validation: In addition to Insiders who might have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample.| -|Tasks | Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes. | -|Feedback | Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues. | -|Guidance | Application and infrastructure validation:
- [Use Upgrade Readiness to create an app inventory and identify mission-critical apps](/mem/configmgr/desktop-analytics/overview)
- [Use Device Health to identify problem devices and device drivers](/windows/deployment/update/device-health-monitor)
- [Windows 10 application compatibility](/windows/windows-10/)| diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md deleted file mode 100644 index 3a6115792f..0000000000 --- a/windows/deployment/update/deploy-updates-configmgr.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: Deploy Windows client updates with Configuration Manager -description: Deploy Windows client updates with Configuration Manager -ms.prod: windows-client -author: mestew -ms.localizationpriority: medium -ms.author: mstewart -manager: aaroncz -ms.topic: article -ms.technology: itpro-updates -ms.date: 12/31/2017 ---- - -# Deploy Windows 10 updates with Configuration Manager - -**Applies to** - -- Windows 10 -- Windows 11 - -See the [Microsoft Configuration Manager documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates. diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md deleted file mode 100644 index 8ce126fdb1..0000000000 --- a/windows/deployment/update/deploy-updates-intune.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Deploy updates with Intune -description: Deploy Windows client updates with Intune. -ms.prod: windows-client -author: mestew -ms.localizationpriority: medium -ms.author: mstewart -manager: aaroncz -ms.topic: article -ms.technology: itpro-updates -ms.collection: - - highpri - - tier2 -ms.date: 12/31/2017 ---- - -# Deploy Windows 10 updates with Intune - -**Applies to** - -- Windows 10 -- Windows 11 - -See the Microsoft Intune [documentation](/mem/intune/protect/windows-update-for-business-configure#windows-10-feature-updates) for details about using Intune to deploy and manage Windows client updates. diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md index 0ed7fc519a..bb423208bf 100644 --- a/windows/deployment/update/get-started-updates-channels-tools.md +++ b/windows/deployment/update/get-started-updates-channels-tools.md @@ -89,7 +89,7 @@ Windows Server Update Services (WSUS): you set up a WSUS server, which downloads You can set up, control, and manage the server and update process with several tools: - A standalone Windows Server Update Services server operated directly -- [Configuration Manager](deploy-updates-configmgr.md) +- Configuration Manager - Non-Microsoft tools For more information, see [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus). diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md deleted file mode 100644 index 98552e3194..0000000000 --- a/windows/deployment/update/index.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Update Windows client in enterprise deployments -description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client. -ms.prod: windows-client -author: mestew -manager: aaroncz -ms.localizationpriority: high -ms.author: mstewart -ms.topic: article -ms.technology: itpro-updates -ms.date: 12/31/2017 ---- - -# Update Windows client in enterprise deployments - - -**Applies to** - -- Windows 10 -- Windows 11 - -> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) - -Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly. It spreads out the required effort into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. - - - - -## In this section - -| Article | Description| -| --- | --- | -| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the servicing model for Windows client. | -| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. | -| [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy. | -| [Assign devices to servicing branches for Windows client updates](waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the General Availability Channel for feature and quality updates, and how to enroll devices in Windows Insider. | -| [Monitor Windows Updates with Windows Update for Business reports](wufb-reports-overview.md) | Explains how to use Windows Update for Business reports to monitor and manage Windows Updates on devices in your organization. | -| [Optimize update delivery](../do/waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. | -| [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. | -| [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. | -| [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates. | -| [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. | -| [Manage more Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update | -| [Windows Insider Program for Business](/windows-insider/business/register) | Explains how the Windows Insider Program for Business works and how to become an insider. | - ->[!TIP] ->For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows. diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md deleted file mode 100644 index 06c5076a73..0000000000 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Olympia Corp Retirement -description: Learn about the retirement of Olympia Corp and how to back up your data prior to October 31, 2022. -ms.author: lizlong -ms.topic: article -ms.prod: windows-client -author: lizgt2000 -manager: aaroncz -ms.technology: itpro-updates -ms.date: 12/31/2017 ---- - -# Olympia Corp - -**Applies to** - -- Windows 10 -- Windows 11 - -## Retirement of Olympia Corp - -Olympia Corp, a virtual corporation was set up to reflect the IT infrastructure of real world businesses.
-Olympia will be formally retired on October 31, 2022.
-We'll begin unassigning Olympia licenses and deleting the Olympia feedback path on Feedback Hub. Olympia Corp will no longer be a part of Windows Insider Lab for Enterprise. - -> [!WARNING] -> To prevent data loss, Olympia participants need to complete the following: -> - If you're using the provided Olympia licenses, make a back up of any data as you'll lose data once we unassign the licenses. -> - Please remove your device from Olympia before October 31, 2022. - -To remove the account from Azure Active Directory, follow the steps below: - - 1. Open the **Settings** app. - 1. Go to **Accounts** > **Access work or school**. - 1. Select the connected account that you want to remove, then select **Disconnect**. - 1. To confirm device removal, select **Yes**. - -- After removing your account from Olympia, log in to your device using your local account. - -- If you're looking for another program to join, the program we recommend is the Windows Insider Program for Business. Follow the instructions below to register: -[Register for the Windows 10 Insider Program for Business](/windows-insider/business/register) - -Thank you for your participation in Olympia and email Windows Insider Lab for Enterprise [olympia@microsoft.com](mailto:olympia@microsoft.com) with any questions. diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md deleted file mode 100644 index 641b7046a9..0000000000 --- a/windows/deployment/update/waas-morenews.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Windows as a service news & resources -description: The latest news for Windows as a service with resources to help you learn more about them. -ms.prod: windows-client -ms.topic: article -author: mestew -ms.author: mstewart -manager: aaroncz -ms.localizationpriority: high -ms.technology: itpro-updates -ms.date: 12/31/2017 ---- -# Windows as a service - More news - -Here's more news about [Windows as a service](windows-as-a-service.md): - - diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md deleted file mode 100644 index 078c5cb3e0..0000000000 --- a/windows/deployment/update/windows-as-a-service.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Windows as a service -ms.prod: windows-client -ms.topic: article -author: mestew -ms.author: mstewart -description: Discover the latest news articles, videos, and podcasts about Windows as a service. Find resources for using Windows as a service within your organization. -manager: aaroncz -ms.localizationpriority: high -ms.technology: itpro-updates -ms.date: 12/31/2017 ---- - -# Windows as a service - -Find the tools and resources you need to help deploy and support Windows as a service in your organization. - -## Latest news, videos, & podcasts - -Find the latest and greatest news on Windows 10 deployment and servicing. - -**Discovering the Windows 10 Update history pages** -> [!VIDEO https://www.youtube-nocookie.com/embed/mTnAb9XjMPY] - -Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. Bookmark the [Windows release health dashboard](/windows/release-health/) for near real-time information on known issues, workarounds, and resolutions--as well as the current status of the latest feature update rollout. - -The latest news: - -- [How to get Extended Security Updates for eligible Windows devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/How-to-get-Extended-Security-Updates-for-eligible-Windows/ba-p/917807) - October 17, 2019 -- [End of service reminders for Windows 10, versions 1703 and 1803](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/End-of-service-reminders-for-Windows-10-versions-1703-and-1803/ba-p/903715) - October 9, 2019 -- [Using machine learning to improve the Windows 10 update experience](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Using-machine-learning-to-improve-the-Windows-10-update/ba-p/877860) - September 26, 2019 -- [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054) - September 24, 2019 -- [New extended support dates for MDOP tools](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-extended-support-dates-for-MDOP-tools/ba-p/837312) - September 4, 2019 -- [FastTrack for Windows 10 deployment and other migration resources](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/FastTrack-for-Windows-10-deployment-and-other-migration/ba-p/800406) - August 12, 2019 -- [Tactical considerations for creating Windows deployment rings](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) - July 10, 2019 -- [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrading-Windows-10-devices-with-installation-media-different/ba-p/746126) - July 9, 2019 -- [Moving to the next Windows 10 feature update for commercial customers](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Moving-to-the-next-Windows-10-feature-update-for-commercial/ba-p/732968) - July 1, 2019 - - -[See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog). - -## IT pro champs corner -Written by IT pros for IT pros, sharing real world examples and scenarios for Windows 10 deployment and servicing. - -Champs - -[**NEW** Tactical considerations for creating Windows deployment rings](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) - -[**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445) - -[Deployment rings: The hidden [strategic] gem of Windows as a service](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622) - -[Classifying Windows updates in common deployment tools](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Classifying-Windows-updates-in-common-deployment-tools/ba-p/331175) - -[Express updates for Windows Server 2016 re-enabled for November 2018 update](/windows-server/get-started/express-updates) - -[2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/) - -[What is Windows Update for Business?](waas-manage-updates-wufb.md) - -## Discover - -Learn more about Windows as a service and its value to your organization. - -Discover - -[Overview of Windows as a service](waas-overview.md) - -[Quick guide to Windows as a service](waas-quick-start.md) - - -[What's new in Windows 10 deployment](../deploy-whats-new.md) - -[Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios) - -## Plan - -Prepare to implement Windows as a service effectively using the right tools, products, and strategies. - -Plan - -[Simplified updates](https://www.microsoft.com/windowsforbusiness/simplified-updates) - -[Windows 10 end user readiness](https://www.microsoft.com/itpro/windows-10/end-user-readiness) - -[Ready for Windows](https://developer.microsoft.com/windows/ready-for-windows#/) - -[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) - -[Preparing your organization for a seamless Windows 10 deployment](https://www.microsoft.com/itshowcase/windows10deployment) - -## Deploy - -Secure your organization's deployment investment. - -Deploy - -[Update Windows 10 in the enterprise](index.md) - -[Deploying as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade) - -[Configure Windows Update for Business](waas-configure-wufb.md) - -[Express update delivery](../do/waas-optimize-windows-10-updates.md#express-update-delivery) - -[Windows 10 deployment considerations](../planning/windows-10-deployment-considerations.md) diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md deleted file mode 100644 index 3ee6b7d8a5..0000000000 --- a/windows/deployment/windows-10-deployment-tools-reference.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Windows 10 deployment tools reference -description: Learn about the tools available to deploy Windows 10, like Volume Activation Management Tool (VAMT) and User State Migration Tool (USMT). -manager: aaroncz -ms.author: frankroj -author: frankroj -ms.prod: windows-client -ms.date: 10/31/2022 -ms.topic: article -ms.technology: itpro-deploy ---- - -# Windows 10 deployment tools reference - -Learn about the tools available to deploy Windows 10. - -|Article |Description | -|------|------------| -|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. | -|[Convert MBR partition to GPT](mbr-to-gpt.md) |This article provides detailed instructions for using the MBR2GPT partition conversion tool. | -|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. | -|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. | -|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment. | -|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. | -|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals | diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md deleted file mode 100644 index b4187d65df..0000000000 --- a/windows/deployment/windows-10-deployment-tools.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Windows 10 deployment tools -description: Learn how to use Windows 10 deployment tools to successfully deploy Windows 10 to your organization. -manager: aaroncz -ms.author: frankroj -author: frankroj -ms.prod: windows-client -ms.date: 10/31/2022 -ms.topic: article -ms.technology: itpro-deploy ---- - -# Windows 10 deployment tools - -Learn about the tools available to deploy Windows 10. - -|Article |Description | -|------|------------| -|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. | -|[Convert MBR partition to GPT](mbr-to-gpt.md) |This article provides detailed instructions for using the MBR2GPT partition conversion tool. | -|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. | -|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. | -|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment. | -|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. | -|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals | From c24a46edc67093ffec250c9f19ce546b31007e14 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 08:26:32 +0200 Subject: [PATCH 45/94] breadcrumb updates --- windows/hub/breadcrumb/toc.yml | 20 ++++++------------- .../licensing-and-edition-requirements.md | 0 2 files changed, 6 insertions(+), 14 deletions(-) rename windows/security/{security-foundations => }/licensing-and-edition-requirements.md (100%) diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml index 66795447f6..8089687a77 100644 --- a/windows/hub/breadcrumb/toc.yml +++ b/windows/hub/breadcrumb/toc.yml @@ -40,26 +40,18 @@ items: - name: Identity protection tocHref: /windows/security/identity-protection/ topicHref: /windows/security/identity-protection/ - items: - - name: Windows Hello for Business - tocHref: /windows/security/identity-protection/hello-for-business/ - topicHref: /windows/security/identity-protection/hello-for-business - name: Security auditing tocHref: /windows/security/threat-protection/auditing/ topicHref: /windows/security/threat-protection/auditing/security-auditing-overview - name: Microsoft Defender Application Guard - tocHref: /windows/security/threat-protection/microsoft-defender-application-guard/ - topicHref: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview + tocHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/ + topicHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview - name: Security policy settings tocHref: /windows/security/threat-protection/security-policy-settings/ topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings - name: Application Control for Windows - tocHref: /windows/security/threat-protection/windows-defender-application-control/ - topicHref: /windows/security/threat-protection/windows-defender-application-control/ - - name: OS + tocHref: /windows/security/application-security/application-control/windows-defender-application-control/ + topicHref: /windows/security/application-security/application-control/windows-defender-application-control/ + - name: Operating system security tocHref: /windows/security/operating-system-security/ - topicHref: /windows/security/operating-system-security/ - - name: Windows Defender Firewall - tocHref: /windows/security/operating-system-security/network-security/windows-firewall/ - topicHref: /windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security - + topicHref: /windows/security/operating-system-security/ \ No newline at end of file diff --git a/windows/security/security-foundations/licensing-and-edition-requirements.md b/windows/security/licensing-and-edition-requirements.md similarity index 100% rename from windows/security/security-foundations/licensing-and-edition-requirements.md rename to windows/security/licensing-and-edition-requirements.md From d5705a719853037d7df7e03e740e225e5a63fc8f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 08:32:37 +0200 Subject: [PATCH 46/94] fix broken links --- windows/security/licensing-and-edition-requirements.md | 8 ++++---- windows/security/security-foundations/toc.yml | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/licensing-and-edition-requirements.md b/windows/security/licensing-and-edition-requirements.md index 3d05e0bd26..6b192f2171 100644 --- a/windows/security/licensing-and-edition-requirements.md +++ b/windows/security/licensing-and-edition-requirements.md @@ -18,13 +18,13 @@ This article lists the security features that are available in Windows. Select one of the two tabs to learn about licensing requirements to use the security features, or to learn about the Windows edition requirements that support them: -#### [:::image type="icon" source="../images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing) +#### [:::image type="icon" source="images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing) -[!INCLUDE [licensing-requirements](../../../includes/licensing/_licensing-requirements.md)] +[!INCLUDE [licensing-requirements](../../includes/licensing/_licensing-requirements.md)] -#### [:::image type="icon" source="../images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition) +#### [:::image type="icon" source="images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition) -[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)] +[!INCLUDE [_edition-requirements](../../includes/licensing/_edition-requirements.md)] --- diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml index b282849412..df6dd32a52 100644 --- a/windows/security/security-foundations/toc.yml +++ b/windows/security/security-foundations/toc.yml @@ -9,5 +9,3 @@ items: href: certification/toc.yml - name: Zero Trust and Windows href: zero-trust-windows-device-health.md -- name: Security features licensing and edition requirements - href: licensing-and-edition-requirements.md From 2a14450ab514a99051388ceb576d77f5d43638cb Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 08:49:04 +0200 Subject: [PATCH 47/94] breadcrumb updates --- windows/hub/breadcrumb/toc.yml | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml index 8089687a77..1a0289c119 100644 --- a/windows/hub/breadcrumb/toc.yml +++ b/windows/hub/breadcrumb/toc.yml @@ -37,21 +37,31 @@ items: tocHref: /windows/security/ topicHref: /windows/security/ items: + - name: Hardware security + tocHref: /windows/security/hardware-security/ + topicHref: /windows/security/hardware-security/ + - name: Operating system security + tocHref: /windows/security/os-security/ + topicHref: /windows/security/os-security/ - name: Identity protection tocHref: /windows/security/identity-protection/ topicHref: /windows/security/identity-protection/ + - name: Application security + tocHref: /windows/security/application-security/ + topicHref: /windows/security/application-security/ + items: + - name: Application Control for Windows + tocHref: /windows/security/application-security/application-control/windows-defender-application-control/ + topicHref: /windows/security/application-security/application-control/windows-defender-application-control/ + - name: Microsoft Defender Application Guard + tocHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/ + topicHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview + - name: Security foundations + tocHref: /windows/security/security-foundations/ + topicHref: /windows/security/security-foundations/ - name: Security auditing tocHref: /windows/security/threat-protection/auditing/ topicHref: /windows/security/threat-protection/auditing/security-auditing-overview - - name: Microsoft Defender Application Guard - tocHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/ - topicHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview - name: Security policy settings tocHref: /windows/security/threat-protection/security-policy-settings/ - topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings - - name: Application Control for Windows - tocHref: /windows/security/application-security/application-control/windows-defender-application-control/ - topicHref: /windows/security/application-security/application-control/windows-defender-application-control/ - - name: Operating system security - tocHref: /windows/security/operating-system-security/ - topicHref: /windows/security/operating-system-security/ \ No newline at end of file + topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings \ No newline at end of file From e4873a5d9767c2161d1bd6590b238339b138161e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 08:57:40 +0200 Subject: [PATCH 48/94] fixed breadcrumb --- windows/hub/breadcrumb/toc.yml | 4 ++-- windows/security/security-foundations/toc.yml | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml index 1a0289c119..b8fb1254fb 100644 --- a/windows/hub/breadcrumb/toc.yml +++ b/windows/hub/breadcrumb/toc.yml @@ -41,8 +41,8 @@ items: tocHref: /windows/security/hardware-security/ topicHref: /windows/security/hardware-security/ - name: Operating system security - tocHref: /windows/security/os-security/ - topicHref: /windows/security/os-security/ + tocHref: /windows/security/operating-system-security/ + topicHref: /windows/security/operating-system-security/ - name: Identity protection tocHref: /windows/security/identity-protection/ topicHref: /windows/security/identity-protection/ diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml index df6dd32a52..51e238fc1f 100644 --- a/windows/security/security-foundations/toc.yml +++ b/windows/security/security-foundations/toc.yml @@ -6,6 +6,4 @@ items: - name: Microsoft Security Development Lifecycle href: msft-security-dev-lifecycle.md - name: Certification - href: certification/toc.yml -- name: Zero Trust and Windows - href: zero-trust-windows-device-health.md + href: certification/toc.yml \ No newline at end of file From 27de67f8de8e807a1da6a04afb6ed2deabec7107 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 10:46:08 +0200 Subject: [PATCH 49/94] updates --- includes/licensing/_edition-requirements.md | 2 +- includes/licensing/_licensing-requirements.md | 2 +- .../includes/sections/security-foundations.md | 2 +- windows/security/index.yml | 42 +++++++++---------- windows/security/security-foundations/toc.yml | 8 +++- windows/security/toc.yml | 2 - 6 files changed, 29 insertions(+), 29 deletions(-) diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index 517cf27df5..2b9838f0ae 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -44,7 +44,7 @@ ms.topic: include |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes| |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes| |**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes| -|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes| +|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes| |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes| |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index 305a28bba1..aab2ad2aeb 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -44,7 +44,7 @@ ms.topic: include |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes| |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes| |**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes| -|**Microsoft Security Development Lifecycle (SDL)**|Yes|Yes|Yes|Yes|Yes| +|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|Yes| |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes| |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md index 23533d333f..3da545604f 100644 --- a/windows/security/includes/sections/security-foundations.md +++ b/windows/security/includes/sections/security-foundations.md @@ -9,7 +9,7 @@ ms.topic: include | Feature name | Description | |:---|:---| -| **Microsoft Security Development Lifecycle (SDL)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. | +| **[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. | | **OneFuzz service** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released. | | **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.

Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quicky fix the issues before releasing the final Windows. | diff --git a/windows/security/index.yml b/windows/security/index.yml index 1d02ae460e..96eb0ab2b3 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -85,14 +85,14 @@ productDirectory: - title: Application security imageSrc: /media/common/i_queries.svg links: - - url: /windows/security/application-security/application-control/windows-defender-application-control/wdac + - url: /windows/security/application-security/application-control/windows-defender-application-control/ text: Windows Defender Application Control (WDAC) - url: /windows/security/application-security/application-control/user-account-control text: User Account Control (UAC) - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules text: Microsoft vulnerable driver blocklist - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview - text: Microsoft Defender Application Guard + text: Microsoft Defender Application Guard (MDAG) - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview text: Windows Sandbox - url: /windows/security/application-security @@ -101,32 +101,30 @@ productDirectory: - title: Security foundations imageSrc: /media/common/i_build.svg links: - - url: /windows/security/security-foundations - text: Feature 1 - - url: /windows/security/security-foundations - text: Feature 2 - - url: /windows/security/security-foundations - text: Feature 3 - - url: /windows/security/security-foundations - text: Feature 4 - - url: /windows/security/security-foundations - text: Feature 5 + - url: /windows/security/security-foundations/certification/fips-140-validation + text: FIPS 140-2 validation + - url: /windows/security/security-foundations/certification/windows-platform-common-criteria + text: Common Criteria Certifications + - url: /windows/security/security-foundations/msft-security-dev-lifecycle + text: Microsoft Security Development Lifecycle (SDL) + - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview + text: Microsoft Windows Insider Preview bounty program - url: /windows/security/security-foundations text: Learn more about security foundations > - title: Cloud security imageSrc: /media/common/i_cloud-security.svg links: - - url: /windows/security/cloud-security - text: Feature 1 - - url: /windows/security/cloud-security - text: Feature 2 - - url: /windows/security/cloud-security - text: Feature 3 - - url: /windows/security/cloud-security - text: Feature 4 - - url: /windows/security/cloud-security - text: Feature 5 + - url: /mem/intune/protect/security-baselines + text: Security baselines with Intune + - url: /windows/deployment/windows-autopatch + text: Windows Autopatch + - url: /windows/deployment/windows-autopilot + text: Windows Autopilot + - url: /universal-print + text: Universal Print + - url: /windows/client-management/mdm/remotewipe-csp + text: Remote wipe - url: /windows/security/cloud-security text: Learn more about cloud security > diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml index 51e238fc1f..ae838451e0 100644 --- a/windows/security/security-foundations/toc.yml +++ b/windows/security/security-foundations/toc.yml @@ -3,7 +3,11 @@ items: href: index.md - name: Zero Trust and Windows href: zero-trust-windows-device-health.md -- name: Microsoft Security Development Lifecycle - href: msft-security-dev-lifecycle.md +- name: Offensive research + items: + - name: Microsoft Security Development Lifecycle + href: msft-security-dev-lifecycle.md + - name: Microsoft Windows Insider Preview bounty program 🔗 + href: https://www.microsoft.com/msrc/bounty-windows-insider-preview - name: Certification href: certification/toc.yml \ No newline at end of file diff --git a/windows/security/toc.yml b/windows/security/toc.yml index 1234cb6efc..74469d7972 100644 --- a/windows/security/toc.yml +++ b/windows/security/toc.yml @@ -1,6 +1,4 @@ items: -- name: Windows security - href: index.yml - name: Introduction to Windows security href: introduction.md - name: Security features licensing and edition requirements From 3d050486b7bacb361c6f1f8f4923b8329e8cb708 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 12:00:56 +0200 Subject: [PATCH 50/94] updates --- includes/licensing/_edition-requirements.md | 2 +- includes/licensing/_licensing-requirements.md | 2 +- includes/licensing/federated-sign-in.md | 4 +- .../includes/sections/security-foundations.md | 2 +- windows/security/index.yml | 50 ++++++++++--------- windows/security/security-foundations/toc.yml | 2 + 6 files changed, 33 insertions(+), 29 deletions(-) diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index 2b9838f0ae..b7a06b9836 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -48,7 +48,7 @@ ms.topic: include |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes| |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes| |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes| -|**OneFuzz service**|Yes|Yes|Yes|Yes| +|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes| |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes| |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes| |**Privacy Resource Usage**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index aab2ad2aeb..0021be3c39 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -48,7 +48,7 @@ ms.topic: include |**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes| |**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes| |**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes| -|**OneFuzz service**|Yes|Yes|Yes|Yes|Yes| +|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|Yes| |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes| |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes| |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md index 6050205a6c..0d01c1968f 100644 --- a/includes/licensing/federated-sign-in.md +++ b/includes/licensing/federated-sign-in.md @@ -15,8 +15,8 @@ The following table lists the Windows editions that support Federated sign-in: Federated sign-in license entitlements are granted by the following licenses: -|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| +|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5| |:---:|:---:|:---:|:---:|:---:| -|No|No|No|Yes|Yes| +|Yes|No|No|Yes|Yes| For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing). diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md index 3da545604f..5853836fff 100644 --- a/windows/security/includes/sections/security-foundations.md +++ b/windows/security/includes/sections/security-foundations.md @@ -10,7 +10,7 @@ ms.topic: include | Feature name | Description | |:---|:---| | **[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. | -| **OneFuzz service** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released. | +| **[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released. | | **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.

Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quicky fix the issues before releasing the final Windows. | ## Certification diff --git a/windows/security/index.yml b/windows/security/index.yml index 96eb0ab2b3..4d4e6ace90 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -37,16 +37,16 @@ productDirectory: - title: Hardware security imageSrc: /media/common/i_usb.svg links: - - url: /windows/security/hardware-security + - url: /windows/security/hardware-security/tpm/trusted-platform-module-overview text: Trusted Platform Module - - url: /windows/security/hardware-security - text: Windows Defender System Guard firmware protection - - url: /windows/security/hardware-security - text: System Guard Secure Launch and SMM protection enablement - - url: /windows/security/hardware-security - text: Virtualization-based protection of code integrity - - url: /windows/security/hardware-security - text: Kernel DMA Protection + - url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor + text: Microsoft Pluton + - url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows + text: Windows Defender System Guard + - url: /windows-hardware/design/device-experiences/oem-vbs + text: Virtualization-based security (VBS) + - url: /windows-hardware/design/device-experiences/oem-highly-secure-11 + text: Secured-core PC - url: /windows/security/hardware-security text: Learn more about hardware security > @@ -55,30 +55,30 @@ productDirectory: links: - url: /windows/security/operating-system-security text: Trusted boot - - url: /windows/security/operating-system-security - text: Encryption and data protection - - url: /windows/security/operating-system-security + - url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center + text: Windows security settings + - url: /windows/security/operating-system-security/data-protection/bitlocker/ + text: BitLocker + - url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines text: Windows security baselines - - url: /windows/security/operating-system-security - text: Network security - - url: /windows/security/operating-system-security - text: Microsoft Defender Application Guard + - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/ + text: MMicrosoft Defender SmartScreen - url: /windows/security/operating-system-security text: Learn more about OS security > - title: Identity protection imageSrc: /media/common/i_identity-protection.svg links: - - url: /windows/security/identity-protection - text: Access control - - url: /windows/security/identity-protection/credential-guard - text: Windows Defender Credential Guard - url: /windows/security/identity-protection/hello-for-business text: Windows Hello for Business - - url: /windows/security/identity-protection - text: Smart cards - - url: /windows/security/identity-protection - text: Virtual smart cards + - url: /windows/security/identity-protection/credential-guard + text: Windows Defender Credential Guard + - url: /windows-server/identity/laps/laps-overview + text: Windows LAPS (Local Administrator Password Solution) + - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection + text: Enhanced phishing protection with SmartScreen + - url: /education/windows/federated-sign-in + text: Federated sign-in (EDU) - url: /windows/security/identity-protection text: Learn more about identity protection > @@ -109,6 +109,8 @@ productDirectory: text: Microsoft Security Development Lifecycle (SDL) - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview text: Microsoft Windows Insider Preview bounty program + - url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/ + text: OneFuzz service - url: /windows/security/security-foundations text: Learn more about security foundations > diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml index ae838451e0..0741c7a555 100644 --- a/windows/security/security-foundations/toc.yml +++ b/windows/security/security-foundations/toc.yml @@ -7,6 +7,8 @@ items: items: - name: Microsoft Security Development Lifecycle href: msft-security-dev-lifecycle.md + - name: OneFuzz service + href: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/ - name: Microsoft Windows Insider Preview bounty program 🔗 href: https://www.microsoft.com/msrc/bounty-windows-insider-preview - name: Certification From 9678bac5a0f7f6b8371e7d4be1557245fe5e3967 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 12:12:29 +0200 Subject: [PATCH 51/94] force refresh --- windows/security/index.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/index.yml b/windows/security/index.yml index 4d4e6ace90..3ce339b987 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -30,6 +30,7 @@ highlightedContent: itemType: overview url: /windows/whats-new/windows-licensing + productDirectory: title: Get started items: From 5b0a1df8065f6ab52c34468b4b9fd12d10ad4eef Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 13:36:28 +0200 Subject: [PATCH 52/94] Local accounts updates --- .../access-control/local-accounts.md | 99 +++++++------------ 1 file changed, 35 insertions(+), 64 deletions(-) diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index a2c64c37a0..7fad8e5639 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -1,11 +1,8 @@ --- -ms.date: 12/05/2022 +ms.date: 08/03/2023 title: Local Accounts description: Learn how to secure and manage access to the resources on a standalone or member server for services or users. ms.topic: conceptual -ms.collection: - - highpri - - tier2 appliesto: - ✅ Windows 11 - ✅ Windows 10 @@ -30,9 +27,7 @@ Default local user accounts are used to manage access to the local device's reso Default local user accounts are described in the following sections. Expand each section for more information. -
-
-Administrator +### Administrator The default local Administrator account is a user account for system administration. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation. @@ -44,13 +39,13 @@ Windows setup disables the built-in Administrator account and creates another lo Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation. -**Account group membership** +#### Account group membership By default, the Administrator account is a member of the Administrators group. It's a best practice to limit the number of users in the Administrators group because members of the Administrators group have Full Control permissions on the device. The Administrator account can't be removed from the Administrators group. -**Security considerations** +#### Security considerations Because the Administrator account is known to exist on many versions of the Windows operating system, it's a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to the server or client computer. @@ -61,39 +56,31 @@ As a security best practice, use your local (non-Administrator) account to sign Group Policy can be used to control the use of the local Administrators group automatically. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)). > [!IMPORTANT] -> -> - Blank passwords are not allowed. > -> - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. +> - Blank passwords are not allowed +> - Even when the Administrator account is disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it's disabled. -
-
-
-Guest +### Guest The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account is disabled and has a blank password. Since the Guest account can provide anonymous access, it's considered a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is necessary. -**Account group membership** +#### Guest account group membership -By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a device. +By default, the Guest account is the only member of the default Guests group `SID S-1-5-32-546`, which lets a user sign in to a device. -**Security considerations** +#### Guest account security considerations When enabling the Guest account, only grant limited rights and permissions. For security reasons, the Guest account shouldn't be used over the network and made accessible to other computers. In addition, the guest user in the Guest account shouldn't be able to view the event logs. After the Guest account is enabled, it's a best practice to monitor the Guest account frequently to ensure that other users can't use services and other resources. This includes resources that were unintentionally left available by a previous user. -
- -
-
-HelpAssistant +### HelpAssistant The HelpAssistant account is a default local account that is enabled when a Remote Assistance session is run. This account is automatically disabled when no Remote Assistance requests are pending. HelpAssistant is the primary account that is used to establish a Remote Assistance session. The Remote Assistance session is used to connect to another computer running the Windows operating system, and it's initiated by invitation. For solicited remote assistance, a user sends an invitation from their computer, through e-mail or as a file, to a person who can provide assistance. After the user's invitation for a Remote Assistance session is accepted, the default HelpAssistant account is automatically created to give the person who provides assistance limited access to the computer. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service. -**Security considerations** +#### HelpAssistant account security considerations The SIDs that pertain to the default HelpAssistant account include: @@ -105,7 +92,7 @@ For the Windows Server operating system, Remote Assistance is an optional compon For details about the HelpAssistant account attributes, see the following table. -**HelpAssistant account attributes** +#### HelpAssistant account attributes |Attribute|Value| |--- |--- | @@ -118,11 +105,7 @@ For details about the HelpAssistant account attributes, see the following table. |Safe to move out of default container?|Can be moved out, but we don't recommend it.| |Safe to delegate management of this group to non-Service admins?|No| -
- -
-
-DefaultAccount +### DefaultAccount The DefaultAccount account, also known as the Default System Managed Account (DSMA), is a well-known user account type. DefaultAccount can be used to run processes that are either multi-user aware or user-agnostic. @@ -135,19 +118,20 @@ The DSMA is a member of the well-known group **System Managed Accounts Group**, The DSMA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM). #### How Windows uses the DefaultAccount -From a permission perspective, the DefaultAccount is a standard user account. -The DefaultAccount is needed to run multi-user-manifested-apps (MUMA apps). -MUMA apps run all the time and react to users signing in and signing out of the devices. -Unlike Windows Desktop where apps run in context of the user and get terminated when the user signs off, MUMA apps run by using the DSMA. -MUMA apps are functional in shared session SKUs such as Xbox. For example, Xbox shell is a MUMA app. -Today, Xbox automatically signs in as Guest account and all apps run in this context. -All the apps are multi-user-aware and respond to events fired by user manager. +From a permission perspective, the DefaultAccount is a standard user account. +The DefaultAccount is needed to run multi-user-manifested-apps (MUMA apps). +MUMA apps run all the time and react to users signing in and signing out of the devices. +Unlike Windows Desktop where apps run in context of the user and get terminated when the user signs off, MUMA apps run by using the DSMA. + +MUMA apps are functional in shared session SKUs such as Xbox. For example, Xbox shell is a MUMA app. +Today, Xbox automatically signs in as Guest account and all apps run in this context. +All the apps are multi-user-aware and respond to events fired by user manager. The apps run as the Guest account. -Similarly, Phone auto logs in as a *DefApps* account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. +Similarly, Phone auto logs in as a *DefApps* account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. -In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users. +In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users. For this purpose, the system creates DSMA. #### How the DefaultAccount gets created on domain controllers @@ -158,35 +142,25 @@ If the domain was created with domain controllers running an earlier version of #### Recommendations for managing the Default Account (DSMA) Microsoft doesn't recommend changing the default configuration, where the account is disabled. There's no security risk with having the account in the disabled state. Changing the default configuration could hinder future scenarios that rely on this account. -
## Default local system accounts -
-
-SYSTEM +### SYSTEM - -The *SYSTEM* account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account's user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. +The *SYSTEM* account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account's user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account. > [!NOTE] > To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them. -
-
-
-NETWORK SERVICE +## NETWORK SERVICE The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account). -
-
-
-LOCAL SERVICE + +## LOCAL SERVICE The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account). -
## How to manage local user accounts @@ -203,17 +177,15 @@ You can also manage local users by using NET.EXE USER and manage local groups by ### Restrict and protect local accounts with administrative rights -An administrator can use many approaches to prevent malicious users from using stolen credentials such as a stolen password or password hash, for a local account on one computer from being used to authenticate on another computer with administrative rights. This is also called "lateral movement". +An administrator can use many approaches to prevent malicious users from using stolen credentials such as a stolen password or password hash, for a local account on one computer from being used to authenticate on another computer with administrative rights. This is also called *lateral movement*. The simplest approach is to sign in to your computer with a standard user account, instead of using the Administrator account for tasks. For example, use a standard account to browse the Internet, send email, or use a word processor. When you want to perform administrative tasks such as installing a new program or changing a setting that affects other users, you don't have to switch to an Administrator account. You can use User Account Control (UAC) to prompt you for permission or an administrator password before performing the task, as described in the next section. The other approaches that can be used to restrict and protect user accounts with administrative rights include: -- Enforce local account restrictions for remote access. - -- Deny network logon to all local Administrator accounts. - -- Create unique passwords for local accounts with administrative rights. +- Enforce local account restrictions for remote access +- Deny network logon to all local Administrator accounts +- Create unique passwords for local accounts with administrative rights Each of these approaches is described in the following sections. @@ -234,8 +206,6 @@ For more information about UAC, see [User Account Control](/windows/access-prote The following table shows the Group Policy and registry settings that are used to enforce local account restrictions for remote access. - - |No.|Setting|Detailed Description| |--- |--- |--- | ||Policy location|Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options| @@ -251,7 +221,7 @@ The following table shows the Group Policy and registry settings that are used t > [!NOTE] > You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. - + #### To enforce local account restrictions for remote access 1. Start the **Group Policy Management** Console (GPMC) @@ -286,6 +256,7 @@ The following table shows the Group Policy and registry settings that are used t 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy 1. Create links to all other OUs that contain workstations 1. Create links to all other OUs that contain servers + ### Deny network logon to all local Administrator accounts Denying local accounts the ability to perform network logons can help prevent a local account password hash from being reused in a malicious attack. This procedure helps to prevent lateral movement by ensuring that stolen credentials for local accounts from a compromised operating system can't be used to compromise other computers that use the same credentials. From 5aa99e607da0e8d4dfb1d0c5626e8237142af9cd Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 14:21:08 +0200 Subject: [PATCH 53/94] VPN articles --- .../access-control/local-accounts.md | 19 +++++++++---------- .../hello-for-business/hello-faq.yml | 2 +- ...man-protocol-over-ikev2-vpn-connections.md | 14 +++++++------- ...n-on-sso-over-vpn-and-wi-fi-connections.md | 10 +++++----- .../vpn/vpn-authentication.md | 2 +- .../vpn/vpn-auto-trigger-profile.md | 2 +- .../vpn/vpn-conditional-access.md | 2 +- .../vpn/vpn-connection-type.md | 5 +++-- .../network-security/vpn/vpn-guide.md | 2 +- .../vpn/vpn-name-resolution.md | 2 +- .../vpn/vpn-office-365-optimization.md | 2 +- .../vpn/vpn-profile-options.md | 15 +++++++-------- .../network-security/vpn/vpn-routing.md | 2 +- .../vpn/vpn-security-features.md | 2 +- 14 files changed, 40 insertions(+), 41 deletions(-) diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 7fad8e5639..101a50568b 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -17,7 +17,7 @@ This article describes the default local user accounts for Windows operating sys ## About local user accounts -Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users. +Local user accounts are defined locally on a device, and can be assigned rights and permissions on the device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users. ## Default local user accounts @@ -84,9 +84,8 @@ HelpAssistant is the primary account that is used to establish a Remote Assistan The SIDs that pertain to the default HelpAssistant account include: -- SID: `S-1-5--13`, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services. - -- SID: `S-1-5--14`, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID. +- SID: `S-1-5--13`, display name *Terminal Server User*. This group includes all users who sign in to a server with Remote Desktop Services enabled. +- SID: `S-1-5--14`, display name *Remote Interactive Logon*. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID. For the Windows Server operating system, Remote Assistance is an optional component that isn't installed by default. You must install Remote Assistance before it can be used. @@ -109,7 +108,7 @@ For details about the HelpAssistant account attributes, see the following table. The DefaultAccount account, also known as the Default System Managed Account (DSMA), is a well-known user account type. DefaultAccount can be used to run processes that are either multi-user aware or user-agnostic. -The DSMA is disabled by default on the desktop SKUs and on the Server operating systems with the desktop experience. +The DSMA is disabled by default on the desktop editions and on the Server operating systems with the desktop experience. The DSMA has a well-known RID of `503`. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: `S-1-5-21-\-503`. @@ -154,13 +153,13 @@ On the other hand, the SYSTEM account does appear on an NTFS file system volume > [!NOTE] > To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them. -## NETWORK SERVICE +### NETWORK SERVICE -The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account). +The *NETWORK SERVICE* account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account). -## LOCAL SERVICE +### LOCAL SERVICE -The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account). +The *LOCAL SERVICE* account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account). ## How to manage local user accounts @@ -196,7 +195,7 @@ Each of these approaches is described in the following sections. User Account Control (UAC) is a security feature that informs you when a program makes a change that requires administrative permissions. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change when UAC notifies you. -UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the **Run as** command. +UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the *Run as* command. In addition, UAC can require administrators to specifically approve applications that make system-wide changes before those applications are granted permission to run, even in the administrator's user session. diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index cfcd88f924..04b493aa73 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -8,7 +8,7 @@ metadata: - highpri - tier1 ms.topic: faq - ms.date: 03/09/2023 + ms.date: 08/03/2023 title: Common questions about Windows Hello for Business summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business. diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 809b88492a..d87edf7174 100644 --- a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -1,7 +1,7 @@ --- title: How to configure cryptographic settings for IKEv2 VPN connections description: Learn how to update the IKEv2 cryptographic settings of VPN servers and clients by running VPN cmdlets to secure connections. -ms.date: 06/28/2023 +ms.date: 08/03/2023 ms.topic: how-to --- @@ -9,8 +9,8 @@ ms.topic: how-to In IKEv2 VPN connections, the default setting for IKEv2 cryptographic settings are: -- Encryption Algorithm : DES3 -- Integrity, Hash Algorithm : SHA1 +- Encryption Algorithm: DES3 +- Integrity, Hash Algorithm: SHA1 - Diffie Hellman Group (Key Size): DH2 These settings aren't secure for IKE exchanges. @@ -31,9 +31,9 @@ On an earlier version of Windows Server, run [Set-VpnServerIPsecConfiguration](/ Set-VpnServerIPsecConfiguration -CustomPolicy ``` -## VPN client +## VPN client -For VPN client, you need to configure each VPN connection. +For VPN client, you need to configure each VPN connection. For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection: ```powershell @@ -44,8 +44,8 @@ Set-VpnConnectionIPsecConfiguration -ConnectionName The following commands configure the IKEv2 cryptographic settings to: -- Encryption Algorithm : AES128 -- Integrity, Hash Algorithm : SHA256 +- Encryption Algorithm: AES128 +- Integrity, Hash Algorithm: SHA256 - Diffie Hellman Group (Key Size): DH14 ### IKEv2 VPN Server diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 08b4c532c8..ae9673a74d 100644 --- a/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -1,13 +1,13 @@ --- title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. -ms.date: 12/28/2022 +ms.date: 08/03/2023 ms.topic: how-to --- # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections -This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. The following scenarios are typically used: +This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over Wi-Fi or VPN connections. The following scenarios are typically used: - Connecting to a network using Wi-Fi or VPN - Use credentials for Wi-Fi or VPN authentication to also authenticate requests to access domain resources, without being prompted for domain credentials @@ -17,15 +17,15 @@ For example, you want to connect to a corporate network and access an internal w The credentials that are used for the connection authentication are placed in *Credential Manager* as the default credentials for the **logon session**. Credential Manager stores credentials that can be used for specific domain resources. These are based on the target name of the resource: - For VPN, the VPN stack saves its credential as the **session default** -- For WiFi, Extensible Authentication Protocol (EAP) provides support +- For Wi-Fi, Extensible Authentication Protocol (EAP) provides support The credentials are placed in Credential Manager as a *session credential*: - A *session credential* implies that it is valid for the current user session -- The credentials are cleaned up when the WiFi or VPN connection is disconnected +- The credentials are cleaned up when the Wi-Fi or VPN connection is disconnected > [!NOTE] -> In Windows 10, version 21H2 and later, the *session credential* is not visible in Credential Manager. +> In Windows 10, version 21H2 and later, the *session credential* isn't visible in Credential Manager. For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from Credential Manager to the SSP that is requesting it. For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md index 5b8c8be320..b79e1c9335 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md @@ -1,7 +1,7 @@ --- title: VPN authentication options description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods. -ms.date: 06/20/2023 +ms.date: 08/03/2023 ms.topic: conceptual --- diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md b/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md index 9af27f73a3..eb532bf8d6 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md @@ -1,7 +1,7 @@ --- title: VPN auto-triggered profile options description: With auto-triggered VPN profile options, Windows can automatically establish a VPN connection based on IT admin-defined rules. Learn about the types of auto-trigger rules that you can create for VPN connections. -ms.date: 05/24/2023 +ms.date: 08/03/2023 ms.topic: conceptual --- diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md index 85ac1b4e02..af71787407 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md @@ -1,7 +1,7 @@ --- title: VPN and conditional access description: Learn how to integrate the VPN client with the Conditional Access platform, and how to create access rules for Azure Active Directory (Azure AD) connected apps. -ms.date: 05/23/2023 +ms.date: 08/03/2023 ms.topic: conceptual --- diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md b/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md index 686ae5380b..3f71587ce8 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md @@ -1,7 +1,7 @@ --- -title: VPN connection types (Windows 10 and Windows 11) +title: VPN connection types description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured. -ms.date: 05/24/2022 +ms.date: 08/03/2023 ms.topic: conceptual --- @@ -16,6 +16,7 @@ There are many options for VPN clients. In Windows, the built-in plug-in and the ## Built-in VPN client Tunneling protocols: + - [Internet Key Exchange version 2 (IKEv2)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)): configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp). - [L2TP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10)): L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp). - [PPTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687676(v=ws.10)) diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-guide.md b/windows/security/operating-system-security/network-security/vpn/vpn-guide.md index 66e09e5a4c..cd91bd8540 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-guide.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-guide.md @@ -1,7 +1,7 @@ --- title: Windows VPN technical guide description: Learn how to plan and configure Windows devices for your organization's VPN solution. -ms.date: 05/24/2023 +ms.date: 08/03/2023 ms.topic: conceptual --- diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md b/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md index 406f11946c..e727022c01 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md @@ -1,7 +1,7 @@ --- title: VPN name resolution description: Learn how name resolution works when using a VPN connection. -ms.date: 05/24/2023 +ms.date: 08/03/2023 ms.topic: conceptual --- diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md index 4ff6994bfc..5aae45f5c3 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md @@ -2,7 +2,7 @@ title: Optimize Microsoft 365 traffic for remote workers with the Windows VPN client description: Learn how to optimize Microsoft 365 traffic for remote workers with the Windows VPN client ms.topic: article -ms.date: 05/24/2023 +ms.date: 08/03/2023 --- # Optimize Microsoft 365 traffic for remote workers with the Windows VPN client diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md b/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md index 5c344676b6..f7974cce7c 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md @@ -1,22 +1,22 @@ --- title: VPN profile options description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network. -ms.date: 05/17/2018 +ms.date: 08/03/2023 ms.topic: conceptual --- # VPN profile options -Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). +Most of the VPN settings in Windows can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. VPN settings can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). >[!NOTE] >If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) first. The following table lists the VPN settings and whether the setting can be configured in Intune and Configuration Manager, or can only be configured using **ProfileXML**. -| Profile setting | Can be configured in Intune and Configuration Manager | -| --- | --- | -| Connection type | Yes | +| Profile setting | Can be configured in Intune and Configuration Manager | +| --- | --- | +| Connection type | Yes | | Routing: split-tunnel routes | Yes, except exclusion routes | | Routing: forced-tunnel | Yes | | Authentication (EAP) | Yes, if connection type is built in | @@ -33,15 +33,14 @@ The following table lists the VPN settings and whether the setting can be config | Traffic filters | Yes | | Proxy settings | Yes, by PAC/WPAD file or server and port | -> [!NOTE] +> [!NOTE] > VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections, the general proxy settings are used. The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This node is useful for deploying profiles with features that aren't yet supported by MDMs. You can get more examples in the [ProfileXML XSD](/windows/client-management/mdm/vpnv2-profile-xsd) article. - ## Sample Native VPN profile -The following sample is a sample Native VPN profile. This blob would fall under the ProfileXML node. +The following sample is a sample Native VPN profile. This blob would fall under the ProfileXML node. ```xml diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-routing.md b/windows/security/operating-system-security/network-security/vpn/vpn-routing.md index 6931f683fd..85d884162a 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-routing.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-routing.md @@ -1,5 +1,5 @@ --- -ms.date: 05/24/2023 +ms.date: 08/03/2023 title: VPN routing decisions description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations. ms.topic: conceptual diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md b/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md index 4c7d2f87b4..c07cabae8d 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md @@ -1,7 +1,7 @@ --- title: VPN security features description: Learn about security features for VPN, including LockDown VPN and traffic filters. -ms.date: 05/24/2023 +ms.date: 08/03/2023 ms.topic: conceptual --- From 59ce48a66ac5c709cc8c843bad0309a6c85f21f2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 14:31:52 +0200 Subject: [PATCH 54/94] BitLocker --- .../data-protection/bitlocker/index.md | 45 +++++++++---------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md index ac2d1d013e..04eac537fd 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/index.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md @@ -1,21 +1,21 @@ --- title: BitLocker overview -description: This article provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features. +description: Learn about BitLocker requirements, practical applications, and deprecated features. ms.collection: - highpri - tier1 -ms.topic: conceptual -ms.date: 11/08/2022 +ms.topic: overview +ms.date: 08/03/2023 --- # BitLocker overview -Bitlocker is a disk encryption feature included with Windows, designed to protect data by providing encryption for entire volumes.\ +Bitlocker is a Windows disk encryption feature, designed to protect data by providing encryption for entire volumes.\ BitLocker addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. -BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. The TPM is a hardware component installed in many devices ant it works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system is offline. +BitLocker provides maximum protection when used with a Trusted Platform Module (TPM). A TPM is a hardware component installed in many devices ant it works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system is offline. -On computers that don't have a TPM, BitLocker can still be used to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the device or resume from hibernation. An operating system volume password can be used to protect the operating system volume on a computer without TPM. Both options don't provide the pre-startup system integrity verification offered by BitLocker with a TPM. +On devices that don't have a TPM, BitLocker can still be used to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the device or resume from hibernation. An operating system volume password can be used to protect the operating system volume on a computer without TPM. Both options don't provide the pre-startup system integrity verification offered by BitLocker with a TPM. In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device (such as a USB flash drive) that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer won't start or resume from hibernation until the correct PIN or startup key is presented. @@ -27,30 +27,25 @@ Data on a lost or stolen device is vulnerable to unauthorized access, either by BitLocker has the following hardware requirements: -For BitLocker to use the system integrity check provided by a TPM, the computer must have TPM 1.2 or later versions. If a computer doesn't have a TPM, saving a startup key on a removable drive, such as a USB flash drive, becomes mandatory when enabling BitLocker. +- For BitLocker to use the system integrity check provided by a TPM, the computer must have TPM 1.2 or later versions. If a computer doesn't have a TPM, saving a startup key on a removable drive, such as a USB flash drive, becomes mandatory when enabling BitLocker +- A device with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM doesn't require TCG-compliant firmware +- The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment -A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM doesn't require TCG-compliant firmware. + > [!NOTE] + > TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature. + + > Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI. -The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment. - -> [!IMPORTANT] -> From Windows 7, an OS drive can be encrypted without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup). - -> [!NOTE] -> TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature. - -> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI. - -The hard disk must be partitioned with at least two drives: - -- The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system. -- The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker isn't enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. It's recommended that the system drive be approximately 350 MB in size. After BitLocker is turned on, it should have approximately 250 MB of free space. - -When installed on a new computer, Windows automatically creates the partitions that are required for BitLocker. +- The hard disk must be partitioned with at least two drives: + - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system + - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker isn't enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. It's recommended that the system drive be approximately 350 MB in size. After BitLocker is turned on, it should have approximately 250 MB of free space > [!IMPORTANT] +> When installed on a new device, Windows automatically creates the partitions that are required for BitLocker. +> > An encrypted partition can't be marked as active. -When installing the BitLocker optional component on a server, the Enhanced Storage feature also needs to be installed. The Enhanced Storage feature is used to support hardware encrypted drives. +> [!NOTE] +> When installing the BitLocker optional component on a server, the Enhanced Storage feature also needs to be installed. The Enhanced Storage feature is used to support hardware encrypted drives. [!INCLUDE [bitlocker](../../../../../includes/licensing/bitlocker-enablement.md)] From b76e39436d170d67d424047bf5dbe31ca5fce4e4 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 14:43:16 +0200 Subject: [PATCH 55/94] Acrolinx --- education/windows/windows-11-se-overview.md | 8 ++++---- .../network-security/vpn/vpn-conditional-access.md | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index df025d2857..2e9b989c79 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -2,7 +2,7 @@ title: Windows 11 SE Overview description: Learn about Windows 11 SE, and the apps that are included with the operating system. ms.topic: overview -ms.date: 07/25/2023 +ms.date: 08/03/2023 appliesto: - ✅ Windows 11 SE ms.collection: @@ -35,8 +35,8 @@ The following table lists the different application types available in Windows o | --- | --- | :---: | ---| |Progressive Web Apps (PWAs) | PWAs are web-based applications that can run in a browser and that can be installed as standalone apps. |✅|PWAs are enabled by default in Windows 11 SE.| | Web apps | Web apps are web-based applications that run in a browser. | ✅ | Web apps are enabled by default in Windows 11 SE. | -|Win32| Win32 applications are Windows classic applications that may require installation |⛔| If users try to install or execute Win32 applications that haven't been allowed to run, they'll fail.| -|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they'll fail.| +|Win32| Win32 applications are Windows classic applications that may require installation |⛔| If users try to install or execute Win32 applications that haven't been allowed to run, they fail.| +|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they fail.| > [!IMPORTANT] > If there are specific Win32 or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications). @@ -169,7 +169,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us ## Add your own applications -If the applications you need aren't in the [available applications list](#available-applications), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account. +If the applications you need aren't in the [available applications list](#available-applications), you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account. Microsoft reviews every app request to make sure each app meets the following requirements: diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md index af71787407..26738c946b 100644 --- a/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md +++ b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md @@ -17,10 +17,10 @@ Conditional Access Platform components used for Device Compliance include the fo - [Conditional Access Framework](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn) - [Azure AD Connect Health](/azure/active-directory/connect-health/active-directory-aadconnect-health) - [Windows Health Attestation Service](../../system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) (optional) -- Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA. +- Azure AD Certificate Authority - It's a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA can't be configured as part of an on-premises Enterprise CA. See also [Always On VPN deployment for Windows Server and Windows 10](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy). - Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When the client reconnects and determines that the certificate has expired, the client will again check with Azure AD for health validation before a new certificate is issued. -- [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things. +- [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started): Cloud-based device compliance uses Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things. - Antivirus status - Auto-update status and update compliance - Password policy compliance @@ -35,7 +35,7 @@ The following client-side components are also required: ## VPN device compliance -At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section. +At this time, the Azure AD certificates issued to users don't contain a CRL Distribution Point (CDP) and aren't suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section. Server-side infrastructure requirements to support VPN device compliance include: @@ -91,7 +91,7 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/clien - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3) - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4) -## Related topics +## Related articles - [VPN technical guide](vpn-guide.md) - [VPN connection types](vpn-connection-type.md) From cc21015e59311e7387880f027037651afacabc48 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 15:07:44 +0200 Subject: [PATCH 56/94] Acrolinx --- education/windows/windows-11-se-overview.md | 176 ++++++++++---------- 1 file changed, 88 insertions(+), 88 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 2e9b989c79..0ef3e1439d 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -35,11 +35,11 @@ The following table lists the different application types available in Windows o | --- | --- | :---: | ---| |Progressive Web Apps (PWAs) | PWAs are web-based applications that can run in a browser and that can be installed as standalone apps. |✅|PWAs are enabled by default in Windows 11 SE.| | Web apps | Web apps are web-based applications that run in a browser. | ✅ | Web apps are enabled by default in Windows 11 SE. | -|Win32| Win32 applications are Windows classic applications that may require installation |⛔| If users try to install or execute Win32 applications that haven't been allowed to run, they fail.| +|`Win32`| `Win32` applications are Windows classic applications that may require installation |⛔| If users try to install or execute `Win32` applications that haven't been allowed to run, they fail.| |Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they fail.| > [!IMPORTANT] -> If there are specific Win32 or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications). +> If there are specific `Win32` or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications). ## Applications included in Windows 11 SE @@ -50,10 +50,10 @@ The following table lists all the applications included in Windows 11 SE and the | Alarm & Clock | UWP | | | | Calculator | UWP | ✅ | | | Camera | UWP | ✅ | | -| Microsoft Edge | Win32 | ✅ | ✅ | -| Excel | Win32 | ✅ | | +| Microsoft Edge | `Win32` | ✅ | ✅ | +| Excel | `Win32` | ✅ | | | Feedback Hub | UWP | | | -| File Explorer | Win32 | | ✅ | +| File Explorer | `Win32` | | ✅ | | FlipGrid | PWA | | | | Get Help | UWP | | | | Media Player | UWP | ✅ | | @@ -61,20 +61,20 @@ The following table lists all the applications included in Windows 11 SE and the | Minecraft: Education Edition | UWP | | | | Movies & TV | UWP | | | | News | UWP | | | -| Notepad | Win32 | | | -| OneDrive | Win32 | | | -| OneNote | Win32 | ✅ | | +| Notepad | `Win32` | | | +| OneDrive | `Win32` | | | +| OneNote | `Win32` | ✅ | | | Outlook | PWA | ✅ | | -| Paint | Win32 | ✅ | | +| Paint | `Win32` | ✅ | | | Photos | UWP | | | -| PowerPoint | Win32 | ✅ | | +| PowerPoint | `Win32` | ✅ | | | Settings | UWP | ✅ | | | Snip & Sketch | UWP | | | | Sticky Notes | UWP | | | -| Teams | Win32 | ✅ | | +| Teams | `Win32` | ✅ | | | To Do | UWP | | | | Whiteboard | UWP | ✅ | | -| Word | Win32 | ✅ | | +| Word | `Win32` | ✅ | | ## Available applications @@ -82,90 +82,90 @@ The following applications can also run on Windows 11 SE, and can be deployed us | Application | Supported version | App Type | Vendor | |-------------------------------------------|-------------------|----------|-------------------------------------------| -| `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | -| `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation` | -| `AirSecure` | 8.0.0 | Win32 | `AIR` | -| `Alertus Desktop` | 5.4.48.0 | Win32 | `Alertus technologies` | -| `Brave Browser` | 106.0.5249.119 | Win32 | `Brave` | +| `3d builder` | 18.0.1931.0 | `Win32` | `Microsoft` | +| `Absolute Software Endpoint Agent` | 7.20.0.1 | `Win32` | `Absolute Software Corporation` | +| `AirSecure` | 8.0.0 | `Win32` | `AIR` | +| `Alertus Desktop` | 5.4.48.0 | `Win32` | `Alertus technologies` | +| `Brave Browser` | 106.0.5249.119 | `Win32` | `Brave` | | `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` | -| `CA Secure Browser` | 14.0.0 | Win32 | `Cambium Development` | -| `Cisco Umbrella` | 3.0.110.0 | Win32 | `Cisco` | -| `CKAuthenticator` | 3.6+ | Win32 | `ContentKeeper` | -| `Class Policy` | 116.0.0 | Win32 | `Class Policy` | -| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` | +| `CA Secure Browser` | 14.0.0 | `Win32` | `Cambium Development` | +| `Cisco Umbrella` | 3.0.110.0 | `Win32` | `Cisco` | +| `CKAuthenticator` | 3.6+ | `Win32` | `ContentKeeper` | +| `Class Policy` | 116.0.0 | `Win32` | `Class Policy` | +| `Classroom.cloud` | 1.40.0004 | `Win32` | `NetSupport` | | `Clipchamp` | 2.5.2. | `Store` | `Microsoft` | -| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` | -| `ColorVeil` | 4.0.0.175 | Win32 | `East-Tec` | -| `ContentKeeper Cloud` | 9.01.45 | Win32 | `ContentKeeper Technologies` | -| `DigiExam` | 14.0.6 | Win32 | `Digiexam` | -| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` | +| `CoGat Secure Browser` | 11.0.0.19 | `Win32` | `Riverside Insights` | +| `ColorVeil` | 4.0.0.175 | `Win32` | `East-Tec` | +| `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` | +| `DigiExam` | 14.0.6 | `Win32` | `Digiexam` | +| `Dragon Professional Individual` | 15.00.100 | `Win32` | `Nuance Communications` | | `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` | -| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | -| `Dyknow` | 7.9.13.7 | Win32 | `Dyknow` | -| `e-Speaking Voice and Speech recognition` | 4.4.0.11 | Win32 | `e-speaking` | -| `EasyReader` | 10.0.4.498 | Win32 | `Dolphin Computer Access` | -| `Easysense 2` | 1.32.0001 | Win32 | `Data Harvest` | -| `Epson iProjection` | 3.31 | Win32 | `Epson` | -| `eTests` | 4.0.25 | Win32 | `CASAS` | -| `Exam Writepad` | 22.10.14.1834 | Win32 | `Sheldnet` | -| `FirstVoices Keyboard` | 15.0.270 | Win32 | `SIL International` | -| `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` | -| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` | -| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` | -| `GoGuardian` | 1.4.4 | Win32 | `GoGuardian` | -| `Google Chrome` | 110.0.5481.178 | Win32 | `Google` | -| `GuideConnect` | 1.24 | Win32 | `Dolphin Computer Access` | -| `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` | -| `Immunet` | 7.5.8.21178 | Win32 | `Immunet` | -| `Impero Backdrop Client` | 5.0.87 | Win32 | `Impero Software` | -| `IMT Lazarus` | 2.86.0 | Win32 | `IMTLazarus` | -| `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` | -| `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` | -| `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` | -| `Keyman` | 16.0.138 | Win32 | `SIL International` | +| `Duo from Cisco` | 3.0.0 | `Win32` | `Cisco` | +| `Dyknow` | 7.9.13.7 | `Win32` | `Dyknow` | +| `e-Speaking Voice and Speech recognition` | 4.4.0.11 | `Win32` | `e-speaking` | +| `EasyReader` | 10.0.4.498 | `Win32` | `Dolphin Computer Access` | +| `Easysense 2` | 1.32.0001 | `Win32` | `Data Harvest` | +| `Epson iProjection` | 3.31 | `Win32` | `Epson` | +| `eTests` | 4.0.25 | `Win32` | `CASAS` | +| `Exam Writepad` | 22.10.14.1834 | `Win32` | `Sheldnet` | +| `FirstVoices Keyboard` | 15.0.270 | `Win32` | `SIL International` | +| `FortiClient` | 7.2.0.4034+ | `Win32` | `Fortinet` | +| `Free NaturalReader` | 16.1.2 | `Win32` | `Natural Soft` | +| `Ghotit Real Writer & Reader` | 10.14.2.3 | `Win32` | `Ghotit Ltd` | +| `GoGuardian` | 1.4.4 | `Win32` | `GoGuardian` | +| `Google Chrome` | 110.0.5481.178 | `Win32` | `Google` | +| `GuideConnect` | 1.24 | `Win32` | `Dolphin Computer Access` | +| `Illuminate Lockdown Browser` | 2.0.5 | `Win32` | `Illuminate Education` | +| `Immunet` | 7.5.8.21178 | `Win32` | `Immunet` | +| `Impero Backdrop Client` | 5.0.87 | `Win32` | `Impero Software` | +| `IMT Lazarus` | 2.86.0 | `Win32` | `IMTLazarus` | +| `Inspiration 10` | 10.11 | `Win32` | `TechEdology Ltd` | +| `JAWS for Windows` | 2022.2112.24 | `Win32` | `Freedom Scientific` | +| `Kite Student Portal` | 9.0.0.0 | `Win32` | `Dynamic Learning Maps` | +| `Keyman` | 16.0.138 | `Win32` | `SIL International` | | `Kortext` | 2.3.433.0 | `Store` | `Kortext` | -| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | Win32 | `Kurzweil Educational Systems` | -| `LanSchool Classic` | 9.1.0.46 | Win32 | `Stoneware, Inc.` | -| `LanSchool Air` | 2.0.13312 | Win32 | `Stoneware, Inc.` | -| `Lightspeed Smart Agent` | 1.9.1 | Win32 | `Lightspeed Systems` | -| `Lightspeed Filter Agent` | 2.3.4 | Win32 | `Lightspeed Systems` | +| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | `Win32` | `Kurzweil Educational Systems` | +| `LanSchool Classic` | 9.1.0.46 | `Win32` | `Stoneware, Inc.` | +| `LanSchool Air` | 2.0.13312 | `Win32` | `Stoneware, Inc.` | +| `Lightspeed Smart Agent` | 1.9.1 | `Win32` | `Lightspeed Systems` | +| `Lightspeed Filter Agent` | 2.3.4 | `Win32` | `Lightspeed Systems` | | `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` | | `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` | -| `Mozilla Firefox` | 105.0.0 | Win32 | `Mozilla` | +| `Mozilla Firefox` | 105.0.0 | `Win32` | `Mozilla` | | `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` | -| `NAPLAN` | 5.2.2 | Win32 | `NAP` | -| `Netref Student` | 23.1.0 | Win32 | `NetRef` | -| `NetSupport Manager` | 12.01.0014 | Win32 | `NetSupport` | -| `NetSupport Notify` | 5.10.1.215 | Win32 | `NetSupport` | -| `NetSupport School` | 14.00.0012 | Win32 | `NetSupport` | -| `NextUp Talker` | 1.0.49 | Win32 | `NextUp Technologies` | -| `NonVisual Desktop Access` | 2021.3.1 | Win32 | `NV Access` | -| `NWEA Secure Testing Browser` | 5.4.387.0 | Win32 | `NWEA` | -| `PC Talker Neo` | 2209 | Win32 | `Kochi System Development` | -| `PC Talker Neo Plus` | 2209 | Win32 | `Kochi System Development` | -| `PaperCut` | 22.0.6 | Win32 | `PaperCut Software International Pty Ltd` | +| `NAPLAN` | 5.2.2 | `Win32` | `NAP` | +| `Netref Student` | 23.1.0 | `Win32` | `NetRef` | +| `NetSupport Manager` | 12.01.0014 | `Win32` | `NetSupport` | +| `NetSupport Notify` | 5.10.1.215 | `Win32` | `NetSupport` | +| `NetSupport School` | 14.00.0012 | `Win32` | `NetSupport` | +| `NextUp Talker` | 1.0.49 | `Win32` | `NextUp Technologies` | +| `NonVisual Desktop Access` | 2021.3.1 | `Win32` | `NV Access` | +| `NWEA Secure Testing Browser` | 5.4.387.0 | `Win32` | `NWEA` | +| `PC Talker Neo` | 2209 | `Win32` | `Kochi System Development` | +| `PC Talker Neo Plus` | 2209 | `Win32` | `Kochi System Development` | +| `PaperCut` | 22.0.6 | `Win32` | `PaperCut Software International Pty Ltd` | | `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` | | `Project Monarch Outlook` | 1.2022.2250001 | `Store` | `Microsoft` | -| `Questar Secure Browser` | 5.0.1.456 | Win32 | `Questar, Inc` | -| `ReadAndWriteForWindows` | 12.0.74 | Win32 | `Texthelp Ltd.` | -| `Remote Desktop client (MSRDC)` | 1.2.4066.0 | Win32 | `Microsoft` | -| `Remote Help` | 4.0.1.13 | Win32 | `Microsoft` | -| `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` | -| `Safe Exam Browser` | 3.5.0.544 | Win32 | `Safe Exam Browser` | -|`SchoolYear` | 3.4.21 | Win32 |`SchoolYear` | -|`School Manager` | 3.6.8.1109 | Win32 |`School Manager` | -| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | -| `Skoolnext` | 2.19 | Win32 | `Skool.net` | -| `Smoothwall Monitor` | 2.9.2 | Win32 | `Smoothwall Ltd` | -| `SuperNova Magnifier & Screen Reader` | 22.02 | Win32 | `Dolphin Computer Access` | -| `SuperNova Magnifier & Speech` | 21.03 | Win32 | `Dolphin Computer Access` | -|`TX Secure Browser` | 15.0.0 | Win32 | `Cambium Development` | -| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | -| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | -| `WordQ` | 5.4.29 | Win32 | `WordQ` | -| `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` | -| `ZoomText Fusion` | 2023.2303.77.400 | Win32 | `Freedom Scientific` | -| `ZoomText Magnifier/Reader` | 2023.2303.33.400 | Win32 | `Freedom Scientific` | +| `Questar Secure Browser` | 5.0.1.456 | `Win32` | `Questar, Inc` | +| `ReadAndWriteForWindows` | 12.0.74 | `Win32` | `Texthelp Ltd.` | +| `Remote Desktop client (MSRDC)` | 1.2.4066.0 | `Win32` | `Microsoft` | +| `Remote Help` | 4.0.1.13 | `Win32` | `Microsoft` | +| `Respondus Lockdown Browser` | 2.0.9.03 | `Win32` | `Respondus` | +| `Safe Exam Browser` | 3.5.0.544 | `Win32` | `Safe Exam Browser` | +|`SchoolYear` | 3.4.21 | `Win32` |`SchoolYear` | +|`School Manager` | 3.6.8.1109 | `Win32` |`School Manager` | +| `Senso.Cloud` | 2021.11.15.0 | `Win32` | `Senso.Cloud` | +| `Skoolnext` | 2.19 | `Win32` | `Skool.net` | +| `Smoothwall Monitor` | 2.9.2 | `Win32` | `Smoothwall Ltd` | +| `SuperNova Magnifier & Screen Reader` | 22.02 | `Win32` | `Dolphin Computer Access` | +| `SuperNova Magnifier & Speech` | 21.03 | `Win32` | `Dolphin Computer Access` | +|`TX Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` | +| `VitalSourceBookShelf` | 10.2.26.0 | `Win32` | `VitalSource Technologies Inc` | +| `Winbird` | 19 | `Win32` | `Winbird Co., Ltd.` | +| `WordQ` | 5.4.29 | `Win32` | `WordQ` | +| `Zoom` | 5.12.8 (10232) | `Win32` | `Zoom` | +| `ZoomText Fusion` | 2023.2303.77.400 | `Win32` | `Freedom Scientific` | +| `ZoomText Magnifier/Reader` | 2023.2303.33.400 | `Win32` | `Freedom Scientific` | ## Add your own applications @@ -173,7 +173,7 @@ If the applications you need aren't in the [available applications list](#availa Microsoft reviews every app request to make sure each app meets the following requirements: -- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more +- Apps can be any native Windows app type, such as a Microsoft Store app, `Win32` app, `.MSIX`, `.APPX`, and more - Apps must be in one of the following app categories: - Content Filtering apps - Test Taking solutions From bb5540e15d64af36629748145eb6d194d6c91120 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 3 Aug 2023 16:35:54 +0200 Subject: [PATCH 57/94] fixed link header --- windows/security/index.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/index.yml b/windows/security/index.yml index 3ce339b987..e49166e1ef 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -26,9 +26,9 @@ highlightedContent: - title: Windows 11, version 22H2 group policy settings reference itemType: download url: https://www.microsoft.com/en-us/download/details.aspx?id=104594 - - title: Windows security features licensing + - title: Security features licensing and edition requirements itemType: overview - url: /windows/whats-new/windows-licensing + url: /windows/security/licensing-and-edition-requirements productDirectory: From 69c92f088809d0a8f51445b9545d21624de94e9d Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Thu, 3 Aug 2023 10:19:00 -0500 Subject: [PATCH 58/94] Update windows/security/includes/sections/security-foundations.md --- windows/security/includes/sections/security-foundations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md index 5853836fff..6cbeb13816 100644 --- a/windows/security/includes/sections/security-foundations.md +++ b/windows/security/includes/sections/security-foundations.md @@ -11,7 +11,7 @@ ms.topic: include |:---|:---| | **[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. | | **[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released. | -| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.

Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quicky fix the issues before releasing the final Windows. | +| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.

Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quickly fix the issues before releasing the final Windows. | ## Certification From 79b7a6e6c6b154b8e1cda7eefcfdd2633a23f37a Mon Sep 17 00:00:00 2001 From: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com> Date: Thu, 3 Aug 2023 11:27:46 -0400 Subject: [PATCH 59/94] pencil edit Line 36: Markdown fix --- .../data-protection/bitlocker/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md index 04eac537fd..2464ef0104 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/index.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md @@ -33,7 +33,7 @@ BitLocker has the following hardware requirements: > [!NOTE] > TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature. - + > > Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI. - The hard disk must be partitioned with at least two drives: From 1fa0a4bc9873159646fe114f873e3f42097c67df Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 3 Aug 2023 20:18:09 -0700 Subject: [PATCH 60/94] Fixed funny bullets --- windows/deployment/windows-autopatch/TOC.yml | 2 +- ...indows-quality-and-feature-update-reports-overview.md | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index c4991dd0ed..c289d933cc 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -76,7 +76,7 @@ href: operate/windows-autopatch-edge.md - name: Microsoft Teams href: operate/windows-autopatch-teams.md - - name: Windows quality and feature update reports + - name: Windows quality and feature update reports overview href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md items: - name: Windows quality update reports diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md index aca5a1a456..880f821953 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md @@ -21,9 +21,10 @@ ms.collection: The Windows quality reports provide you with information about: -Quality update device readiness -Device update health -Device update alerts +- Quality update device readiness +- Device update health +- Device update alerts + Together, these reports provide insight into the quality update state and compliance of Windows devices that are enrolled into Windows Autopatch. The Windows quality report types are organized into the following focus areas: @@ -106,4 +107,4 @@ Within each 24-hour reporting period, devices that are Not Ready are reevaluated ## Data export -Select **Export devices** to export data for each report type. Only selected columns will be exported. +Select **Export devices** to export data for each report type. Only selected columns are exported. From be95ee4bb1087118c5195d4ecc86d19e9bf878fe Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:21:45 -0400 Subject: [PATCH 61/94] meta aaron --- windows/application-management/add-apps-and-features.md | 6 +++--- windows/application-management/apps-in-windows-10.md | 6 +++--- .../enterprise-background-activity-controls.md | 7 ++++--- .../includes/app-v-end-life-statement.md | 6 +++--- .../includes/applies-to-windows-client-versions.md | 7 ++++--- windows/application-management/index.yml | 6 +++--- .../application-management/per-user-services-in-windows.md | 7 ++++--- ...private-app-repository-mdm-company-portal-windows-11.md | 6 +++--- .../remove-provisioned-apps-during-update.md | 7 ++++--- .../application-management/sideload-apps-in-windows-10.md | 6 +++--- .../application-management/svchost-service-refactoring.md | 7 ++++--- 11 files changed, 38 insertions(+), 33 deletions(-) diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index 2ae9fdd4fd..889b326553 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -1,10 +1,10 @@ --- title: Add or hide optional apps and features on Windows devices | Microsoft Docs description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz manager: aaroncz -ms.date: 08/30/2021 +ms.date: 08/04/2023 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index e54211075c..6387f6e388 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -1,10 +1,10 @@ --- title: Learn about the different app types in Windows 10/11 | Microsoft Docs description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz manager: aaroncz -ms.date: 02/09/2023 +ms.date: 08/04/2023 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md index 19c8ec6649..0e22c4f696 100644 --- a/windows/application-management/enterprise-background-activity-controls.md +++ b/windows/application-management/enterprise-background-activity-controls.md @@ -1,10 +1,11 @@ --- title: Remove background task resource restrictions description: Allow enterprise background tasks unrestricted access to computer resources. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz +manager: aaroncz +ms.date: 08/04/2023 manager: aaroncz -ms.date: 10/03/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md index 14de444ad4..faa562b953 100644 --- a/windows/application-management/includes/app-v-end-life-statement.md +++ b/windows/application-management/includes/app-v-end-life-statement.md @@ -1,8 +1,8 @@ --- -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz manager: aaroncz -ms.date: 09/20/2021 +ms.date: 08/04/2023 ms.topic: include ms.prod: w10 ms.collection: tier1 diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md index 13ec789f1d..2bde1c4e62 100644 --- a/windows/application-management/includes/applies-to-windows-client-versions.md +++ b/windows/application-management/includes/applies-to-windows-client-versions.md @@ -1,8 +1,9 @@ --- -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz +manager: aaroncz +ms.date: 08/04/2023 manager: aaroncz -ms.date: 09/28/2021 ms.topic: include ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml index da969d420b..5705397c60 100644 --- a/windows/application-management/index.yml +++ b/windows/application-management/index.yml @@ -6,10 +6,10 @@ summary: Learn about managing applications in Windows client, including how to r metadata: title: Windows application management description: Learn about managing applications in Windows 10 and Windows 11. - author: nicholasswhite - ms.author: nwhite + author: aczechowski + ms.author: aaroncz manager: aaroncz - ms.date: 08/24/2021 + ms.date: 08/04/2023 ms.topic: landing-page ms.prod: windows-client ms.collection: diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index d094fba726..d1c1ee2688 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -1,10 +1,11 @@ --- title: Per-user services in Windows 10 and Windows Server description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz +manager: aaroncz +ms.date: 08/04/2023 manager: aaroncz -ms.date: 09/14/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md index 926cb18f47..2d103039b2 100644 --- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md +++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md @@ -1,10 +1,10 @@ --- title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz manager: aaroncz -ms.date: 04/04/2023 +ms.date: 08/04/2023 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 195ee09977..7868796168 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -1,10 +1,11 @@ --- title: How to keep apps removed from Windows 10 from returning during an update description: How to keep provisioned apps that were removed from your machine from returning during an update. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz +manager: aaroncz +ms.date: 08/04/2023 manager: aaroncz -ms.date: 05/25/2018 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index 30203efdaf..cacafd251f 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -1,10 +1,10 @@ --- title: Sideload LOB apps in Windows client OS | Microsoft Docs description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz manager: aaroncz -ms.date: 12/07/2017 +ms.date: 08/04/2023 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index f5c9589209..dbffee401e 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -1,10 +1,11 @@ --- title: Service Host service refactoring in Windows 10 version 1703 description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703. -author: nicholasswhite -ms.author: nwhite +author: aczechowski +ms.author: aaroncz +manager: aaroncz +ms.date: 08/04/2023 manager: aaroncz -ms.date: 07/20/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 50ac378bbb5d77947fffddaffaf5ba961a5d6fbe Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:41:31 -0400 Subject: [PATCH 62/94] Update enterprise-background-activity-controls.md --- .../enterprise-background-activity-controls.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md index 0e22c4f696..d59d548da5 100644 --- a/windows/application-management/enterprise-background-activity-controls.md +++ b/windows/application-management/enterprise-background-activity-controls.md @@ -5,7 +5,6 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 08/04/2023 -manager: aaroncz ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 5e8ba5ed9273e8876258dba848835c5a8966e70f Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:42:18 -0400 Subject: [PATCH 63/94] Update per-user-services-in-windows.md --- windows/application-management/per-user-services-in-windows.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index d1c1ee2688..ed038c7e0d 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -5,7 +5,6 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 08/04/2023 -manager: aaroncz ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 88b0b828440ee1d6e2b6fb5464a56aa302041eff Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:42:59 -0400 Subject: [PATCH 64/94] Update remove-provisioned-apps-during-update.md --- .../remove-provisioned-apps-during-update.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 7868796168..24e4b5076d 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -5,7 +5,6 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 08/04/2023 -manager: aaroncz ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 465396aec7a64ba4743ef502003bb0480f2aee6f Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:44:28 -0400 Subject: [PATCH 65/94] Update svchost-service-refactoring.md --- windows/application-management/svchost-service-refactoring.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index dbffee401e..cdcf69903a 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -5,7 +5,6 @@ author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 08/04/2023 -manager: aaroncz ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From efc368cea89b9203cc88f72afbd8b633191a8db8 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 4 Aug 2023 08:46:45 -0700 Subject: [PATCH 66/94] Renamed Deregister a device to Exclude a device --- windows/deployment/windows-autopatch/TOC.yml | 4 +- .../windows-autopatch-deregister-devices.md | 51 ----------------- .../windows-autopatch-exclude-device.md | 56 +++++++++++++++++++ .../windows-autopatch-unenroll-tenant.md | 8 +-- .../overview/windows-autopatch-overview.md | 2 +- ...indows-autopatch-roles-responsibilities.md | 6 +- 6 files changed, 66 insertions(+), 61 deletions(-) delete mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml index c289d933cc..ad017e7f92 100644 --- a/windows/deployment/windows-autopatch/TOC.yml +++ b/windows/deployment/windows-autopatch/TOC.yml @@ -107,8 +107,8 @@ href: operate/windows-autopatch-manage-driver-and-firmware-updates.md - name: Submit a support request href: operate/windows-autopatch-support-request.md - - name: Deregister a device - href: operate/windows-autopatch-deregister-devices.md + - name: Exclude a device + href: operate/windows-autopatch-exclude-device.md - name: Unenroll your tenant href: operate/windows-autopatch-unenroll-tenant.md - name: References diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md deleted file mode 100644 index fa0d5b2cae..0000000000 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Deregister a device -description: This article explains how to deregister devices -ms.date: 06/15/2022 -ms.prod: windows-client -ms.technology: itpro-updates -ms.topic: how-to -ms.localizationpriority: medium -author: tiaraquan -ms.author: tiaraquan -manager: dougeby -ms.reviewer: andredm7 -ms.collection: - - tier2 ---- - -# Deregister a device - -To avoid end-user disruption, device deregistration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. - -**To deregister a device:** - -1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Select **Windows Autopatch** in the left navigation menu. -1. Select **Devices**. -1. In either **Ready** or **Not ready** tab, select the device(s) you want to deregister. -1. Once a device or multiple devices are selected, select **Device actions**, then select **Deregister device**. - -> [!WARNING] -> Removing devices from the Windows Autopatch Device Registration Azure AD group doesn't deregister devices from the Windows Autopatch service. - -## Excluded devices - -When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to reregister the device into the service again, since the deregistration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group. - -> [!IMPORTANT] -> The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. - -If you want to reregister a device that was previously deregistered from Windows Autopatch, you must [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team to request the removal of the "excluded" flag set during the deregistration process. After the Windows Autopatch Service Engineering Team removes the flag, you can reregister a device or a group of devices. - -## Hiding unregistered devices - -You can hide unregistered devices you don't expect to be remediated anytime soon. - -**To hide unregistered devices:** - -1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Select **Windows Autopatch** in the left navigation menu. -1. Select **Devices**. -1. In the **Not ready** tab, select an unregistered device or a group of unregistered devices you want to hide then select **Status == All**. -1. Unselect the **Registration failed** status checkbox from the list. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md new file mode 100644 index 0000000000..c1acd3c8bf --- /dev/null +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md @@ -0,0 +1,56 @@ +--- +title: Exclude a device +description: This article explains how to exclude a device from the Windows Autopatch service +ms.date: 08/04/2023 +ms.prod: windows-client +ms.technology: itpro-updates +ms.topic: how-to +ms.localizationpriority: medium +author: tiaraquan +ms.author: tiaraquan +manager: dougeby +ms.reviewer: andredm7 +ms.collection: + - tier2 +--- + +# Exclude a device + +To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. + +When you exclude a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to restore the device into the service again, since the exclusion command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** group, or any other Azure AD group, used with Autopatch groups. + +> [!IMPORTANT] +> The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. + +**To exclude a device:** + +1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Select **Windows Autopatch** in the left navigation menu. +1. Select **Devices**. +1. In either the **Ready** or **Not ready** tab, select the device(s) you want to exclude. +1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Exclude device**. + +> [!WARNING] +> Excluding devices from the Windows Autopatch Device Registration group, or any other Azure AD group, used with Autopatch groups doesn't exclude devices from the Windows Autopatch service. + +## Only view excluded devices + +You can view the excluded devices in the **Not registered** tab to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service. + +**To view only excluded devices:** + +1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Select **Windows Autopatch** in the left navigation menu. +1. Select **Devices**. +1. In the **Not registered** tab, select **Excluded** from the filter list. Leave all other filter options unselected. + +## Restore a device or multiple devices previously excluded + +**To restore a device or multiple devices previously excluded:** + +1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Select **Windows Autopatch** in the left navigation menu. +1. Select **Devices**. +1. In the **Not registered** tab, select the device(s) you want to restore. +1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Restore device**. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index 1269f66d0f..f39f8c2f8f 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -1,7 +1,7 @@ --- title: Unenroll your tenant description: This article explains what unenrollment means for your organization and what actions you must take. -ms.date: 07/27/2022 +ms.date: 08/04/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to @@ -25,7 +25,7 @@ If you're looking to unenroll your tenant from Windows Autopatch, this article d Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will: - Remove Windows Autopatch access to your tenant. -- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). +- Exclude your devices from the Windows Autopatch service. Excluding your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Exclude a device](../operate/windows-autopatch-exclude-device.md). - Delete all data that we've stored in the Windows Autopatch data storage. > [!NOTE] @@ -36,7 +36,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro | Responsibility | Description | | ----- | ----- | | Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). | -| Deregistering devices | Windows Autopatch will deregister all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). | +| Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). | ## Your responsibilities after unenrolling your tenant @@ -50,7 +50,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro **To unenroll from Windows Autopatch:** -1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. +1. [Submit a support request](../operate/windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. 1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service. 1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. 2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index a071f7e68d..5040b8ad68 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -64,7 +64,7 @@ Microsoft remains committed to the security of your data and the [accessibility] | ----- | ----- | | Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:
  • [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
  • [Configure your network](../prepare/windows-autopatch-configure-network.md)
  • [Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)
  • [Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)
  • [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)
| | Deploy | Once you've enrolled your tenant, this section instructs you to:
  • [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
  • [Register your devices](../deploy/windows-autopatch-register-devices.md)
  • [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md)
| -| Operate | This section includes the following information about your day-to-day life with the service:
  • [Update management](../operate/windows-autopatch-groups-update-management.md)
  • [Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)
  • [Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)
  • [Submit a support request](../operate/windows-autopatch-support-request.md)
  • [Deregister a device](../operate/windows-autopatch-deregister-devices.md)
+| Operate | This section includes the following information about your day-to-day life with the service:
  • [Update management](../operate/windows-autopatch-groups-update-management.md)
  • [Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)
  • [Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)
  • [Submit a support request](../operate/windows-autopatch-support-request.md)
  • [Exclude a device](../operate/windows-autopatch-exclude-device.md)
| References | This section includes the following articles:
  • [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md)
  • [Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)
  • [Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)
| ### Have feedback or would like to start a discussion? diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index 816790a4c7..851207d167 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -86,10 +86,10 @@ This article outlines your responsibilities and Windows Autopatch's responsibili | Maintain existing configurations
  • Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies
| :heavy_check_mark: | :x: | | Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are
  • [Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)
  • [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)
  • have [Device alerts](../operate/windows-autopatch-device-alerts.md)
| [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: | -| [Deregister devices](../operate/windows-autopatch-deregister-devices.md) | :heavy_check_mark: | :x: | -| [Register a device that was previously deregistered (upon customers request)](../operate/windows-autopatch-deregister-devices.md#excluded-devices) | :x: | :heavy_check_mark: | +| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: | +| [Register a device that was previously excluded (upon customers request)](../operate/windows-autopatch-exclude-devie.md) | :x: | :heavy_check_mark: | | [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: | -| [Remove Windows Autopatch data from the service and deregister devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | +| [Remove Windows Autopatch data from the service and exclude devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | | [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: | | Review and respond to Message Center and Service Health Dashboard notifications
  • [Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md)
  • [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
| :heavy_check_mark: | :x: | | Highlight Windows Autopatch management alerts that require customer action
  • [Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
  • [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
| :x: | :heavy_check_mark: | From b9db66f6e46b5fc27ee542ee521bc62b4fb559d4 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 4 Aug 2023 08:53:58 -0700 Subject: [PATCH 67/94] Fixed broken link --- .../overview/windows-autopatch-roles-responsibilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index 851207d167..adfb109577 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -1,7 +1,7 @@ --- title: Roles and responsibilities description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do -ms.date: 07/31/2023 +ms.date: 08/04/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual @@ -87,7 +87,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili | Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are
  • [Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)
  • [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)
  • have [Device alerts](../operate/windows-autopatch-device-alerts.md)
| [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: | | [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: | -| [Register a device that was previously excluded (upon customers request)](../operate/windows-autopatch-exclude-devie.md) | :x: | :heavy_check_mark: | +| [Register a device that was previously excluded (upon customers request)](../operate/windows-autopatch-exclude-device.md) | :x: | :heavy_check_mark: | | [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: | | [Remove Windows Autopatch data from the service and exclude devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | | [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: | From bda992a4426e81d7555b91d0bf63a97ae8963e52 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 4 Aug 2023 10:18:11 -0700 Subject: [PATCH 68/94] Changed date for 080823 --- .../operate/windows-autopatch-exclude-device.md | 2 +- .../operate/windows-autopatch-unenroll-tenant.md | 2 +- .../windows-autopatch/overview/windows-autopatch-overview.md | 2 +- .../overview/windows-autopatch-roles-responsibilities.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md index c1acd3c8bf..e8002779df 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md @@ -1,7 +1,7 @@ --- title: Exclude a device description: This article explains how to exclude a device from the Windows Autopatch service -ms.date: 08/04/2023 +ms.date: 08/08/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index f39f8c2f8f..168bccb66d 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -1,7 +1,7 @@ --- title: Unenroll your tenant description: This article explains what unenrollment means for your organization and what actions you must take. -ms.date: 08/04/2023 +ms.date: 08/08/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: how-to diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index 5040b8ad68..62ac288ad4 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -1,7 +1,7 @@ --- title: What is Windows Autopatch? description: Details what the service is and shortcuts to articles. -ms.date: 07/11/2023 +ms.date: 08/08/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index adfb109577..1a0e660f16 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -1,7 +1,7 @@ --- title: Roles and responsibilities description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do -ms.date: 08/04/2023 +ms.date: 08/08/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: conceptual From 542300d0d0675bb3402fe6de69e86ec9f9e27581 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Fri, 4 Aug 2023 13:42:40 -0400 Subject: [PATCH 69/94] Fixed unsigned policy valid supplemental option --- .../design/select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md index fd3133539a..7bc080da18 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md @@ -32,7 +32,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No | | **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not prerelease Windows builds. | No | | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes | -| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | Yes | +| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | No | | **7 Allowed:Debug Policy Augmented** | This option isn't currently supported. | Yes | | **8 Required:EV Signers** | This option isn't currently supported. | No | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | No | From b7217cd944ba8804c57761607b112285976f57a0 Mon Sep 17 00:00:00 2001 From: "Minsang Kim [MSFT]" <83097776+minsang-msft@users.noreply.github.com> Date: Fri, 4 Aug 2023 14:50:00 -0700 Subject: [PATCH 70/94] Update policy-csp-dmaguard.md --- windows/client-management/mdm/policy-csp-dmaguard.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md index 4d115aecee..82305ec038 100644 --- a/windows/client-management/mdm/policy-csp-dmaguard.md +++ b/windows/client-management/mdm/policy-csp-dmaguard.md @@ -46,6 +46,8 @@ This policy is intended to provide more security against external DMA capable de Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it. +This policy requires a system reboot to take effect. + This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that can't be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, check the Kernel DMA Protection field in the Summary page of MSINFO32.exe. From 7c29888fda24536e92e6051688ac887dfe282527 Mon Sep 17 00:00:00 2001 From: Office Content Publishing 5 <87502544+officedocspr5@users.noreply.github.com> Date: Sat, 5 Aug 2023 23:31:40 -0700 Subject: [PATCH 71/94] Uploaded file: education-content-updates.md - 2023-08-05 23:31:39.8481 --- education/includes/education-content-updates.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index 5d4c8be0cb..0bfa6d278a 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,6 +2,14 @@ +## Week of July 31, 2023 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 8/3/2023 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified | + + ## Week of July 24, 2023 From 40363d6cb70d84d67caafa16cbc1ee54bd048f58 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 7 Aug 2023 10:56:34 -0400 Subject: [PATCH 72/94] Update Start CSP and remove dupes --- .../mdm/policies-in-policy-csp-admx-backed.md | 424 +----------------- ...in-policy-csp-supported-by-group-policy.md | 74 +-- ...-in-policy-csp-supported-by-surface-hub.md | 1 - .../policy-configuration-service-provider.md | 2 +- .../client-management/mdm/policy-csp-start.md | 64 +-- 5 files changed, 4 insertions(+), 561 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 404381b85a..b1d980b61f 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/01/2023 +ms.date: 08/07/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -64,8 +64,6 @@ This article lists the ADMX-backed policies in Policy CSP. ## ADMX_AppXRuntime -- [AppxRuntimeBlockFileElevation](policy-csp-admx-appxruntime.md) -- [AppxRuntimeBlockProtocolElevation](policy-csp-admx-appxruntime.md) - [AppxRuntimeBlockFileElevation](policy-csp-admx-appxruntime.md) - [AppxRuntimeBlockProtocolElevation](policy-csp-admx-appxruntime.md) - [AppxRuntimeBlockHostedAppAccessWinRT](policy-csp-admx-appxruntime.md) @@ -141,7 +139,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [CPL_Personalization_PersonalColors](policy-csp-admx-controlpaneldisplay.md) - [CPL_Personalization_ForceDefaultLockScreen](policy-csp-admx-controlpaneldisplay.md) - [CPL_Personalization_StartBackground](policy-csp-admx-controlpaneldisplay.md) -- [CPL_Personalization_SetTheme](policy-csp-admx-controlpaneldisplay.md) - [CPL_Personalization_NoChangingLockScreen](policy-csp-admx-controlpaneldisplay.md) - [CPL_Personalization_NoChangingStartMenuBackground](policy-csp-admx-controlpaneldisplay.md) @@ -221,7 +218,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [NoRecycleBinIcon](policy-csp-admx-desktop.md) - [NoDesktopCleanupWizard](policy-csp-admx-desktop.md) - [NoWindowMinimizingShortcuts](policy-csp-admx-desktop.md) -- [NoDesktop](policy-csp-admx-desktop.md) ## ADMX_DeviceCompat @@ -542,7 +538,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [DisableAOACProcessing](policy-csp-admx-grouppolicy.md) - [DisableLGPOProcessing](policy-csp-admx-grouppolicy.md) - [RSoPLogging](policy-csp-admx-grouppolicy.md) -- [ProcessMitigationOptions](policy-csp-admx-grouppolicy.md) - [FontMitigation](policy-csp-admx-grouppolicy.md) ## ADMX_Help @@ -1163,10 +1158,6 @@ This article lists the ADMX-backed policies in Policy CSP. ## ADMX_PowerShellExecutionPolicy -- [EnableUpdateHelpDefaultSourcePath](policy-csp-admx-powershellexecutionpolicy.md) -- [EnableModuleLogging](policy-csp-admx-powershellexecutionpolicy.md) -- [EnableTranscripting](policy-csp-admx-powershellexecutionpolicy.md) -- [EnableScripts](policy-csp-admx-powershellexecutionpolicy.md) - [EnableUpdateHelpDefaultSourcePath](policy-csp-admx-powershellexecutionpolicy.md) - [EnableModuleLogging](policy-csp-admx-powershellexecutionpolicy.md) - [EnableTranscripting](policy-csp-admx-powershellexecutionpolicy.md) @@ -1339,7 +1330,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [Run_Logon_Script_Sync_2](policy-csp-admx-scripts.md) - [Run_Startup_Script_Sync](policy-csp-admx-scripts.md) - [Run_Computer_PS_Scripts_First](policy-csp-admx-scripts.md) -- [Run_User_PS_Scripts_First](policy-csp-admx-scripts.md) - [MaxGPOScriptWaitPolicy](policy-csp-admx-scripts.md) ## ADMX_sdiageng @@ -1509,14 +1499,7 @@ This article lists the ADMX-backed policies in Policy CSP. - [NoAutoTrayNotify](policy-csp-admx-startmenu.md) - [Intellimenus](policy-csp-admx-startmenu.md) - [NoInstrumentation](policy-csp-admx-startmenu.md) -- [StartPinAppsWhenInstalled](policy-csp-admx-startmenu.md) -- [NoSetTaskbar](policy-csp-admx-startmenu.md) -- [NoChangeStartMenu](policy-csp-admx-startmenu.md) -- [NoUninstallFromStart](policy-csp-admx-startmenu.md) -- [NoTrayContextMenu](policy-csp-admx-startmenu.md) -- [NoMoreProgramsList](policy-csp-admx-startmenu.md) - [HidePowerOptions](policy-csp-admx-startmenu.md) -- [NoRun](policy-csp-admx-startmenu.md) ## ADMX_SystemRestore @@ -1590,8 +1573,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [NoSystraySystemPromotion](policy-csp-admx-taskbar.md) - [NoBalloonFeatureAdvertisements](policy-csp-admx-taskbar.md) - [TaskbarNoThumbnail](policy-csp-admx-taskbar.md) -- [DisableNotificationCenter](policy-csp-admx-taskbar.md) -- [TaskbarNoPinnedList](policy-csp-admx-taskbar.md) ## ADMX_tcpip @@ -1849,132 +1830,13 @@ This article lists the ADMX-backed policies in Policy CSP. - [Travel](policy-csp-admx-userexperiencevirtualization.md) - [Video](policy-csp-admx-userexperiencevirtualization.md) - [Weather](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013AccessBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016AccessBackup](policy-csp-admx-userexperiencevirtualization.md) -- [Calculator](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013CommonBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016CommonBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013ExcelBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016ExcelBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013InfoPathBackup](policy-csp-admx-userexperiencevirtualization.md) -- [InternetExplorer10](policy-csp-admx-userexperiencevirtualization.md) -- [InternetExplorer11](policy-csp-admx-userexperiencevirtualization.md) -- [InternetExplorer8](policy-csp-admx-userexperiencevirtualization.md) -- [InternetExplorer9](policy-csp-admx-userexperiencevirtualization.md) -- [InternetExplorerCommon](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013LyncBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016LyncBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Access](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Access](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Access](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Excel](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Excel](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Excel](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010InfoPath](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013InfoPath](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Lync](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Lync](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Lync](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Common](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Common](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013UploadCenter](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Common](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016UploadCenter](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Access2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Access2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Common2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Common2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Excel2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Excel2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365InfoPath2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Lync2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Lync2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365OneNote2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365OneNote2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Outlook2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Outlook2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365PowerPoint2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365PowerPoint2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Project2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Project2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Publisher2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Publisher2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365SharePointDesigner2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Visio2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Visio2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Word2013](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice365Word2016](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013OneDriveForBusiness](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016OneDriveForBusiness](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010OneNote](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013OneNote](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016OneNote](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Outlook](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Outlook](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Outlook](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010PowerPoint](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013PowerPoint](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016PowerPoint](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Project](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Project](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Project](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Publisher](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Publisher](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Publisher](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010SharePointDesigner](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013SharePointDesigner](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010SharePointWorkspace](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Visio](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Visio](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Visio](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2010Word](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013Word](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016Word](policy-csp-admx-userexperiencevirtualization.md) -- [Notepad](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013OneNoteBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016OneNoteBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013OutlookBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016OutlookBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013PowerPointBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016PowerPointBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013ProjectBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016ProjectBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013PublisherBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016PublisherBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013SharePointDesignerBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013VisioBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016VisioBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2013WordBackup](policy-csp-admx-userexperiencevirtualization.md) -- [MicrosoftOffice2016WordBackup](policy-csp-admx-userexperiencevirtualization.md) -- [Wordpad](policy-csp-admx-userexperiencevirtualization.md) -- [ConfigureSyncMethod](policy-csp-admx-userexperiencevirtualization.md) - [ContactITDescription](policy-csp-admx-userexperiencevirtualization.md) - [ContactITUrl](policy-csp-admx-userexperiencevirtualization.md) -- [DisableWin8Sync](policy-csp-admx-userexperiencevirtualization.md) - [EnableUEV](policy-csp-admx-userexperiencevirtualization.md) - [FirstUseNotificationEnabled](policy-csp-admx-userexperiencevirtualization.md) -- [SyncProviderPingEnabled](policy-csp-admx-userexperiencevirtualization.md) -- [MaxPackageSizeInBytes](policy-csp-admx-userexperiencevirtualization.md) -- [SettingsStoragePath](policy-csp-admx-userexperiencevirtualization.md) - [SettingsTemplateCatalogPath](policy-csp-admx-userexperiencevirtualization.md) -- [SyncOverMeteredNetwork](policy-csp-admx-userexperiencevirtualization.md) -- [SyncOverMeteredNetworkWhenRoaming](policy-csp-admx-userexperiencevirtualization.md) - [SyncUnlistedWindows8Apps](policy-csp-admx-userexperiencevirtualization.md) -- [RepositoryTimeout](policy-csp-admx-userexperiencevirtualization.md) -- [DisableWindowsOSSettings](policy-csp-admx-userexperiencevirtualization.md) - [TrayIconEnabled](policy-csp-admx-userexperiencevirtualization.md) -- [SyncEnabled](policy-csp-admx-userexperiencevirtualization.md) -- [ConfigureVdi](policy-csp-admx-userexperiencevirtualization.md) -- [Finance](policy-csp-admx-userexperiencevirtualization.md) -- [Games](policy-csp-admx-userexperiencevirtualization.md) -- [Maps](policy-csp-admx-userexperiencevirtualization.md) -- [Music](policy-csp-admx-userexperiencevirtualization.md) -- [News](policy-csp-admx-userexperiencevirtualization.md) -- [Reader](policy-csp-admx-userexperiencevirtualization.md) -- [Sports](policy-csp-admx-userexperiencevirtualization.md) -- [Travel](policy-csp-admx-userexperiencevirtualization.md) -- [Video](policy-csp-admx-userexperiencevirtualization.md) -- [Weather](policy-csp-admx-userexperiencevirtualization.md) ## ADMX_UserProfiles @@ -2089,35 +1951,11 @@ This article lists the ADMX-backed policies in Policy CSP. - [IZ_Policy_OpenSearchPreview_Trusted](policy-csp-admx-windowsexplorer.md) - [EnableShellShortcutIconRemotePath](policy-csp-admx-windowsexplorer.md) - [EnableSmartScreen](policy-csp-admx-windowsexplorer.md) -- [DisableBindDirectlyToPropertySetStorage](policy-csp-admx-windowsexplorer.md) - [NoNewAppAlert](policy-csp-admx-windowsexplorer.md) -- [DefaultLibrariesLocation](policy-csp-admx-windowsexplorer.md) - [ShowHibernateOption](policy-csp-admx-windowsexplorer.md) - [ShowSleepOption](policy-csp-admx-windowsexplorer.md) -- [ExplorerRibbonStartsMinimized](policy-csp-admx-windowsexplorer.md) -- [NoStrCmpLogical](policy-csp-admx-windowsexplorer.md) - [ShellProtocolProtectedModeTitle_2](policy-csp-admx-windowsexplorer.md) - [CheckSameSourceAndTargetForFRAndDFS](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_Internet](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_Internet](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_Intranet](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_Intranet](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_LocalMachine](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_LocalMachine](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_InternetLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_InternetLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_IntranetLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_IntranetLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_LocalMachineLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_LocalMachineLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_RestrictedLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_RestrictedLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_TrustedLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_TrustedLockdown](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_Restricted](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_Restricted](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchQuery_Trusted](policy-csp-admx-windowsexplorer.md) -- [IZ_Policy_OpenSearchPreview_Trusted](policy-csp-admx-windowsexplorer.md) ## ADMX_WindowsMediaDRM @@ -2174,7 +2012,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [LogonHoursPolicyDescription](policy-csp-admx-winlogon.md) - [SoftwareSASGeneration](policy-csp-admx-winlogon.md) - [DisplayLastLogonInfoDescription](policy-csp-admx-winlogon.md) -- [ReportCachedLogonPolicyDescription](policy-csp-admx-winlogon.md) ## ADMX_Winsrv @@ -2204,7 +2041,6 @@ This article lists the ADMX-backed policies in Policy CSP. - [NoQuietHours](policy-csp-admx-wpn.md) - [NoToastNotification](policy-csp-admx-wpn.md) - [NoLockScreenToastNotification](policy-csp-admx-wpn.md) -- [NoToastNotification](policy-csp-admx-wpn.md) ## AppRuntime @@ -2249,9 +2085,6 @@ This article lists the ADMX-backed policies in Policy CSP. ## Autoplay -- [DisallowAutoplayForNonVolumeDevices](policy-csp-autoplay.md) -- [SetDefaultAutoRunBehavior](policy-csp-autoplay.md) -- [TurnOffAutoPlay](policy-csp-autoplay.md) - [DisallowAutoplayForNonVolumeDevices](policy-csp-autoplay.md) - [SetDefaultAutoRunBehavior](policy-csp-autoplay.md) - [TurnOffAutoPlay](policy-csp-autoplay.md) @@ -2279,7 +2112,6 @@ This article lists the ADMX-backed policies in Policy CSP. ## CredentialsUI -- [DisablePasswordReveal](policy-csp-credentialsui.md) - [DisablePasswordReveal](policy-csp-credentialsui.md) - [EnumerateAdministrators](policy-csp-credentialsui.md) @@ -2608,264 +2440,11 @@ This article lists the ADMX-backed policies in Policy CSP. - [LockedDownIntranetJavaPermissions](policy-csp-internetexplorer.md) - [RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](policy-csp-internetexplorer.md) - [DisableHTMLApplication](policy-csp-internetexplorer.md) -- [AddSearchProvider](policy-csp-internetexplorer.md) -- [DisableSecondaryHomePageChange](policy-csp-internetexplorer.md) - [DisableUpdateCheck](policy-csp-internetexplorer.md) -- [DisableProxyChange](policy-csp-internetexplorer.md) -- [DisableSearchProviderChange](policy-csp-internetexplorer.md) -- [DisableCustomerExperienceImprovementProgramParticipation](policy-csp-internetexplorer.md) -- [AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md) -- [AllowSuggestedSites](policy-csp-internetexplorer.md) -- [DisableCompatView](policy-csp-internetexplorer.md) -- [DisableFeedsBackgroundSync](policy-csp-internetexplorer.md) -- [DisableFirstRunWizard](policy-csp-internetexplorer.md) -- [DisableFlipAheadFeature](policy-csp-internetexplorer.md) -- [DisableGeolocation](policy-csp-internetexplorer.md) -- [DisableWebAddressAutoComplete](policy-csp-internetexplorer.md) -- [NewTabDefaultPage](policy-csp-internetexplorer.md) -- [PreventManagingSmartScreenFilter](policy-csp-internetexplorer.md) -- [SearchProviderList](policy-csp-internetexplorer.md) - [DoNotAllowUsersToAddSites](policy-csp-internetexplorer.md) - [DoNotAllowUsersToChangePolicies](policy-csp-internetexplorer.md) -- [AllowActiveXFiltering](policy-csp-internetexplorer.md) -- [AllowEnterpriseModeSiteList](policy-csp-internetexplorer.md) -- [SendSitesNotInEnterpriseSiteListToEdge](policy-csp-internetexplorer.md) -- [ConfigureEdgeRedirectChannel](policy-csp-internetexplorer.md) -- [KeepIntranetSitesInInternetExplorer](policy-csp-internetexplorer.md) -- [AllowSaveTargetAsInIEMode](policy-csp-internetexplorer.md) -- [DisableInternetExplorerApp](policy-csp-internetexplorer.md) -- [EnableExtendedIEModeHotkeys](policy-csp-internetexplorer.md) -- [ResetZoomForDialogInIEMode](policy-csp-internetexplorer.md) -- [EnableGlobalWindowListInIEMode](policy-csp-internetexplorer.md) -- [JScriptReplacement](policy-csp-internetexplorer.md) -- [AllowInternetExplorerStandardsMode](policy-csp-internetexplorer.md) -- [AllowInternetExplorer7PolicyList](policy-csp-internetexplorer.md) -- [DisableEncryptionSupport](policy-csp-internetexplorer.md) -- [AllowEnhancedProtectedMode](policy-csp-internetexplorer.md) -- [AllowInternetZoneTemplate](policy-csp-internetexplorer.md) -- [IncludeAllLocalSites](policy-csp-internetexplorer.md) -- [IncludeAllNetworkPaths](policy-csp-internetexplorer.md) -- [AllowIntranetZoneTemplate](policy-csp-internetexplorer.md) -- [AllowLocalMachineZoneTemplate](policy-csp-internetexplorer.md) -- [AllowLockedDownInternetZoneTemplate](policy-csp-internetexplorer.md) -- [AllowLockedDownIntranetZoneTemplate](policy-csp-internetexplorer.md) -- [AllowLockedDownLocalMachineZoneTemplate](policy-csp-internetexplorer.md) -- [AllowLockedDownRestrictedSitesZoneTemplate](policy-csp-internetexplorer.md) -- [AllowsLockedDownTrustedSitesZoneTemplate](policy-csp-internetexplorer.md) -- [AllowsRestrictedSitesZoneTemplate](policy-csp-internetexplorer.md) -- [AllowSiteToZoneAssignmentList](policy-csp-internetexplorer.md) -- [AllowTrustedSitesZoneTemplate](policy-csp-internetexplorer.md) -- [InternetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [IntranetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowAccessToDataSources](policy-csp-internetexplorer.md) -- [InternetZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [IntranetZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowFontDownloads](policy-csp-internetexplorer.md) -- [InternetZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [IntranetZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowScriptlets](policy-csp-internetexplorer.md) -- [InternetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [IntranetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [IntranetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md) -- [InternetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [IntranetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [TrustedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [LocalMachineZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [IntranetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [TrustedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [LocalMachineZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md) -- [InternetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [IntranetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md) -- [InternetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [IntranetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowSmartScreenIE](policy-csp-internetexplorer.md) -- [InternetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [IntranetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowUserDataPersistence](policy-csp-internetexplorer.md) -- [InternetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [IntranetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [LockedDownIntranetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [TrustedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [LocalMachineZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md) -- [AllowAddOnList](policy-csp-internetexplorer.md) -- [DoNotBlockOutdatedActiveXControls](policy-csp-internetexplorer.md) -- [DoNotBlockOutdatedActiveXControlsOnSpecificDomains](policy-csp-internetexplorer.md) -- [DisableEnclosureDownloading](policy-csp-internetexplorer.md) -- [DisableBypassOfSmartScreenWarnings](policy-csp-internetexplorer.md) -- [DisableBypassOfSmartScreenWarningsAboutUncommonFiles](policy-csp-internetexplorer.md) -- [AllowOneWordEntry](policy-csp-internetexplorer.md) -- [AllowEnterpriseModeFromToolsMenu](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowActiveScripting](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowBinaryAndScriptBehaviors](policy-csp-internetexplorer.md) -- [InternetZoneAllowCopyPasteViaScript](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowCopyPasteViaScript](policy-csp-internetexplorer.md) -- [AllowDeletingBrowsingHistoryOnExit](policy-csp-internetexplorer.md) -- [InternetZoneAllowDragAndDropCopyAndPasteFiles](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](policy-csp-internetexplorer.md) - [AllowFallbackToSSL3](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowFileDownloads](policy-csp-internetexplorer.md) -- [InternetZoneAllowLoadingOfXAMLFiles](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowLoadingOfXAMLFiles](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowMETAREFRESH](policy-csp-internetexplorer.md) -- [InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](policy-csp-internetexplorer.md) -- [InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](policy-csp-internetexplorer.md) -- [InternetZoneAllowScriptInitiatedWindows](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowScriptInitiatedWindows](policy-csp-internetexplorer.md) -- [AllowSoftwareWhenSignatureIsInvalid](policy-csp-internetexplorer.md) -- [InternetZoneAllowUpdatesToStatusBarViaScript](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](policy-csp-internetexplorer.md) -- [CheckServerCertificateRevocation](policy-csp-internetexplorer.md) -- [CheckSignaturesOnDownloadedPrograms](policy-csp-internetexplorer.md) -- [DisableConfiguringHistory](policy-csp-internetexplorer.md) -- [DoNotAllowActiveXControlsInProtectedMode](policy-csp-internetexplorer.md) -- [InternetZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md) -- [IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md) -- [LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md) -- [TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneDownloadSignedActiveXControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneDownloadSignedActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneDownloadUnsignedActiveXControls](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneDownloadUnsignedActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](policy-csp-internetexplorer.md) -- [InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](policy-csp-internetexplorer.md) -- [InternetZoneEnableMIMESniffing](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneEnableMIMESniffing](policy-csp-internetexplorer.md) -- [InternetZoneIncludeLocalPathWhenUploadingFilesToServer](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](policy-csp-internetexplorer.md) -- [ConsistentMimeHandlingInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [MimeSniffingSafetyFeatureInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [MKProtocolSecurityRestrictionInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [NotificationBarInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [ProtectionFromZoneElevationInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [RestrictActiveXInstallInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [RestrictFileDownloadInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](policy-csp-internetexplorer.md) -- [InternetZoneJavaPermissions](policy-csp-internetexplorer.md) -- [IntranetZoneJavaPermissions](policy-csp-internetexplorer.md) -- [LocalMachineZoneJavaPermissions](policy-csp-internetexplorer.md) -- [LockedDownInternetZoneJavaPermissions](policy-csp-internetexplorer.md) -- [LockedDownLocalMachineZoneJavaPermissions](policy-csp-internetexplorer.md) -- [LockedDownRestrictedSitesZoneJavaPermissions](policy-csp-internetexplorer.md) -- [LockedDownTrustedSitesZoneJavaPermissions](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneJavaPermissions](policy-csp-internetexplorer.md) -- [TrustedSitesZoneJavaPermissions](policy-csp-internetexplorer.md) -- [InternetZoneLaunchingApplicationsAndFilesInIFRAME](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](policy-csp-internetexplorer.md) -- [InternetZoneLogonOptions](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneLogonOptions](policy-csp-internetexplorer.md) -- [DisableDeletingUserVisitedWebsites](policy-csp-internetexplorer.md) -- [DisableIgnoringCertificateErrors](policy-csp-internetexplorer.md) -- [PreventPerUserInstallationOfActiveXControls](policy-csp-internetexplorer.md) -- [RemoveRunThisTimeButtonForOutdatedActiveXControls](policy-csp-internetexplorer.md) -- [InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneRunActiveXControlsAndPlugins](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneScriptingOfJavaApplets](policy-csp-internetexplorer.md) - [SecurityZonesUseOnlyMachineSettings](policy-csp-internetexplorer.md) -- [InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](policy-csp-internetexplorer.md) -- [SpecifyUseOfActiveXInstallerService](policy-csp-internetexplorer.md) -- [DisableCrashDetection](policy-csp-internetexplorer.md) -- [DisableInPrivateBrowsing](policy-csp-internetexplorer.md) -- [DisableSecuritySettingsCheck](policy-csp-internetexplorer.md) -- [DisableProcessesInEnhancedProtectedMode](policy-csp-internetexplorer.md) -- [AllowCertificateAddressMismatchWarning](policy-csp-internetexplorer.md) -- [InternetZoneEnableCrossSiteScriptingFilter](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneEnableCrossSiteScriptingFilter](policy-csp-internetexplorer.md) -- [InternetZoneEnableProtectedMode](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneTurnOnProtectedMode](policy-csp-internetexplorer.md) -- [InternetZoneUsePopupBlocker](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneUsePopupBlocker](policy-csp-internetexplorer.md) -- [InternetZoneAllowVBScriptToRunInInternetExplorer](policy-csp-internetexplorer.md) -- [LockedDownIntranetJavaPermissions](policy-csp-internetexplorer.md) -- [RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](policy-csp-internetexplorer.md) -- [DisableHTMLApplication](policy-csp-internetexplorer.md) ## Kerberos @@ -3024,7 +2603,6 @@ This article lists the ADMX-backed policies in Policy CSP. ## WindowsPowerShell -- [TurnOnPowerShellScriptBlockLogging](policy-csp-windowspowershell.md) - [TurnOnPowerShellScriptBlockLogging](policy-csp-windowspowershell.md) ## Related articles diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index 3a17aa367b..af5ce30ee9 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/02/2023 +ms.date: 08/07/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -40,8 +40,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [AllowDeveloperUnlock](policy-csp-applicationmanagement.md) - [AllowGameDVR](policy-csp-applicationmanagement.md) - [AllowSharedUserAppData](policy-csp-applicationmanagement.md) -- [RequirePrivateStoreOnly](policy-csp-applicationmanagement.md) -- [MSIAlwaysInstallWithElevatedPrivileges](policy-csp-applicationmanagement.md) - [MSIAllowUserControlOverInstall](policy-csp-applicationmanagement.md) - [RestrictAppDataToSystemVolume](policy-csp-applicationmanagement.md) - [RestrictAppToSystemVolume](policy-csp-applicationmanagement.md) @@ -125,59 +123,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. ## Browser -- [AllowAddressBarDropdown](policy-csp-browser.md) -- [AllowAutofill](policy-csp-browser.md) -- [AllowCookies](policy-csp-browser.md) -- [AllowDeveloperTools](policy-csp-browser.md) -- [AllowDoNotTrack](policy-csp-browser.md) -- [AllowExtensions](policy-csp-browser.md) -- [AllowFlash](policy-csp-browser.md) -- [AllowFlashClickToRun](policy-csp-browser.md) -- [AllowFullScreenMode](policy-csp-browser.md) -- [AllowInPrivate](policy-csp-browser.md) -- [AllowMicrosoftCompatibilityList](policy-csp-browser.md) -- [ConfigureTelemetryForMicrosoft365Analytics](policy-csp-browser.md) -- [AllowPasswordManager](policy-csp-browser.md) -- [AllowPopups](policy-csp-browser.md) -- [AllowPrinting](policy-csp-browser.md) -- [AllowSavingHistory](policy-csp-browser.md) -- [AllowSearchEngineCustomization](policy-csp-browser.md) -- [AllowSearchSuggestionsinAddressBar](policy-csp-browser.md) -- [AllowSideloadingOfExtensions](policy-csp-browser.md) -- [AllowSmartScreen](policy-csp-browser.md) -- [AllowWebContentOnNewTabPage](policy-csp-browser.md) -- [AlwaysEnableBooksLibrary](policy-csp-browser.md) -- [ClearBrowsingDataOnExit](policy-csp-browser.md) -- [ConfigureAdditionalSearchEngines](policy-csp-browser.md) -- [ConfigureFavoritesBar](policy-csp-browser.md) -- [ConfigureHomeButton](policy-csp-browser.md) -- [ConfigureOpenMicrosoftEdgeWith](policy-csp-browser.md) -- [DisableLockdownOfStartPages](policy-csp-browser.md) -- [EnableExtendedBooksTelemetry](policy-csp-browser.md) -- [AllowTabPreloading](policy-csp-browser.md) -- [AllowPrelaunch](policy-csp-browser.md) -- [EnterpriseModeSiteList](policy-csp-browser.md) -- [PreventTurningOffRequiredExtensions](policy-csp-browser.md) -- [HomePages](policy-csp-browser.md) -- [LockdownFavorites](policy-csp-browser.md) -- [ConfigureKioskMode](policy-csp-browser.md) -- [ConfigureKioskResetAfterIdleTimeout](policy-csp-browser.md) -- [PreventAccessToAboutFlagsInMicrosoftEdge](policy-csp-browser.md) -- [PreventFirstRunPage](policy-csp-browser.md) -- [PreventCertErrorOverrides](policy-csp-browser.md) -- [PreventSmartScreenPromptOverride](policy-csp-browser.md) -- [PreventSmartScreenPromptOverrideForFiles](policy-csp-browser.md) -- [PreventLiveTileDataCollection](policy-csp-browser.md) -- [PreventUsingLocalHostIPAddressForWebRTC](policy-csp-browser.md) -- [ProvisionFavorites](policy-csp-browser.md) -- [SendIntranetTraffictoInternetExplorer](policy-csp-browser.md) -- [SetDefaultSearchEngine](policy-csp-browser.md) -- [SetHomeButtonURL](policy-csp-browser.md) -- [SetNewTabPageURL](policy-csp-browser.md) -- [ShowMessageWhenOpeningSitesInInternetExplorer](policy-csp-browser.md) -- [SyncFavoritesBetweenIEAndMicrosoftEdge](policy-csp-browser.md) -- [UnlockHomeButton](policy-csp-browser.md) -- [UseSharedFolderForBooks](policy-csp-browser.md) - [AllowAddressBarDropdown](policy-csp-browser.md) - [AllowAutofill](policy-csp-browser.md) - [AllowCookies](policy-csp-browser.md) @@ -349,7 +294,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [EnablePerProcessDpi](policy-csp-display.md) - [TurnOnGdiDPIScalingForApps](policy-csp-display.md) - [TurnOffGdiDPIScalingForApps](policy-csp-display.md) -- [EnablePerProcessDpi](policy-csp-display.md) - [EnablePerProcessDpiForApps](policy-csp-display.md) - [DisablePerProcessDpiForApps](policy-csp-display.md) @@ -632,7 +576,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [PublishUserActivities](policy-csp-privacy.md) - [UploadUserActivities](policy-csp-privacy.md) - [AllowCrossDeviceClipboard](policy-csp-privacy.md) -- [DisablePrivacyExperience](policy-csp-privacy.md) - [LetAppsActivateWithVoice](policy-csp-privacy.md) - [LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md) @@ -666,7 +609,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [ConfigureTaskbarCalendar](policy-csp-settings.md) - [PageVisibilityList](policy-csp-settings.md) -- [PageVisibilityList](policy-csp-settings.md) - [AllowOnlineTips](policy-csp-settings.md) ## SmartScreen @@ -692,21 +634,9 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [HideRecommendedSection](policy-csp-start.md) - [HideRecommendedPersonalizedSites](policy-csp-start.md) - [HideTaskViewButton](policy-csp-start.md) -- [HideCopilotButton](policy-csp-start.md) - [DisableControlCenter](policy-csp-start.md) -- [ForceStartSize](policy-csp-start.md) -- [DisableContextMenus](policy-csp-start.md) -- [ShowOrHideMostUsedApps](policy-csp-start.md) -- [HideFrequentlyUsedApps](policy-csp-start.md) -- [HideRecentlyAddedApps](policy-csp-start.md) -- [StartLayout](policy-csp-start.md) -- [ConfigureStartPins](policy-csp-start.md) -- [HideRecommendedSection](policy-csp-start.md) -- [HideRecommendedPersonalizedSites](policy-csp-start.md) - [SimplifyQuickSettings](policy-csp-start.md) - [DisableEditingQuickSettings](policy-csp-start.md) -- [HideTaskViewButton](policy-csp-start.md) -- [HideCopilotButton](policy-csp-start.md) ## Storage @@ -725,7 +655,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [AllowBuildPreview](policy-csp-system.md) - [AllowFontProviders](policy-csp-system.md) - [AllowLocation](policy-csp-system.md) -- [AllowTelemetry](policy-csp-system.md) - [TelemetryProxy](policy-csp-system.md) - [DisableOneDriveFileSync](policy-csp-system.md) - [AllowWUfBCloudProcessing](policy-csp-system.md) @@ -771,7 +700,6 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [RestrictLanguagePacksAndFeaturesInstall](policy-csp-timelanguagesettings.md) - [BlockCleanupOfUnusedPreinstalledLangPacks](policy-csp-timelanguagesettings.md) - [MachineUILanguageOverwrite](policy-csp-timelanguagesettings.md) -- [RestrictLanguagePacksAndFeaturesInstall](policy-csp-timelanguagesettings.md) ## Troubleshooting diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md index f3cae84c36..87431a694c 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md @@ -263,7 +263,6 @@ This article lists the policies in Policy CSP that are applicable for the Surfac ## Start -- [HideCopilotButton](policy-csp-start.md#hidecopilotbutton) - [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites) - [StartLayout](policy-csp-start.md#startlayout) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 47182cc12f..e675d6434b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4,7 +4,7 @@ description: Learn more about the Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 05/10/2023 +ms.date: 08/07/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 940e16a8c2..0559e8b5ec 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/02/2023 +ms.date: 08/07/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -974,68 +974,6 @@ Enabling this policy hides "Change account settings" from appearing in the user - -## HideCopilotButton - - -| Scope | Editions | Applicable OS | -|:--|:--|:--| -| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE | | - - - -```User -./User/Vendor/MSFT/Policy/Config/Start/HideCopilotButton -``` - -```Device -./Device/Vendor/MSFT/Policy/Config/Start/HideCopilotButton -``` - - - - -This policy setting allows you to hide the Copilot button on the Taskbar. If you enable this policy setting, the Copilot button will be hidden and the Settings toggle will be disabled. - - - - - - - -**Description framework properties**: - -| Property name | Property value | -|:--|:--| -| Format | `int` | -| Access Type | Add, Delete, Get, Replace | -| Default Value | 0 | - - - -**Allowed values**: - -| Value | Description | -|:--|:--| -| 0 (Default) | Copilot button shown. | -| 1 | Copilot button hidden. | - - - -**Group policy mapping**: - -| Name | Value | -|:--|:--| -| Name | HideCopilotButton | -| Path | Taskbar > AT > StartMenu | - - - - - - - - ## HideFrequentlyUsedApps From e1af64575308a309ccc52a83a19805c51375d549 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Tue, 8 Aug 2023 08:38:41 -0700 Subject: [PATCH 73/94] Tweaks --- .openpublishing.redirection.windows-deployment.json | 5 +++++ .../operate/windows-autopatch-exclude-device.md | 2 +- .../operate/windows-autopatch-unenroll-tenant.md | 10 +++++----- .../whats-new/windows-autopatch-whats-new-2023.md | 3 ++- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json index 5ac6d20892..e14d8c5108 100644 --- a/.openpublishing.redirection.windows-deployment.json +++ b/.openpublishing.redirection.windows-deployment.json @@ -1039,6 +1039,11 @@ "source_path": "windows/deployment/windows-autopilot/index.yml", "redirect_url": "/mem/autopilot/", "redirect_document_id": false + }, + { + "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md", + "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device", + "redirect_document_id": true } ] } diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md index e8002779df..e3b0793469 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md @@ -18,7 +18,7 @@ ms.collection: To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity. -When you exclude a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to restore the device into the service again, since the exclusion command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** group, or any other Azure AD group, used with Autopatch groups. +When you exclude a device from the Windows Autopatch service, the device is flagged as **excluded** so Windows Autopatch doesn't try to restore the device into the service again, since the exclusion command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** group, or any other Azure AD group, used with Autopatch groups. > [!IMPORTANT] > The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues. diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md index 168bccb66d..ecc8f356a9 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md @@ -36,7 +36,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro | Responsibility | Description | | ----- | ----- | | Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). | -| Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). | +| Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record is deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). | ## Your responsibilities after unenrolling your tenant @@ -51,9 +51,9 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro **To unenroll from Windows Autopatch:** 1. [Submit a support request](../operate/windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service. -1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service. - 1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. +1. The Windows Autopatch Service Engineering Team communicates with your IT Administrator to confirm your intent to unenroll from the service. + 1. You have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team. 2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner. -1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment). -1. The Windows Autopatch Service Engineering Team will inform you when unenrollment is complete. +1. The Windows Autopatch Service Engineering Team proceeds with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment). +1. The Windows Autopatch Service Engineering Team informs you when unenrollment is complete. 1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant). diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index dbeb0cc232..30b2c45a91 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -1,7 +1,7 @@ --- title: What's new 2023 description: This article lists the 2023 feature releases and any corresponding Message center post numbers. -ms.date: 08/01/2023 +ms.date: 08/08/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: whats-new @@ -27,6 +27,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | Article | Description | | ----- | ----- | +| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | Renamed Deregister a device to [Exclude a device](../operate/windows-autopatch-exclude-device.md). Added the [Restore device](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) feature | | [Device alerts](../operate/windows-autopatch-device-alerts.md) | Added `'InstallSetupBlock'` to the [Alert resolutions section](../operate/windows-autopatch-device-alerts.md#alert-resolutions) | ## July 2023 From 28f48003691b659d8f6641f40622a4195afc9de9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 8 Aug 2023 10:51:19 -0700 Subject: [PATCH 74/94] fix 11646 --- windows/application-management/apps-in-windows-10.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index e54211075c..30bd681931 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -45,14 +45,15 @@ There are different types of apps that can run on your Windows client devices. T - **Windows Presentation Foundation (WPF)**: Using .NET, you can create a WPF desktop app that runs on the device, or create a WPF web app. This app is commonly used by organizations that create line of business (LOB) desktop apps. For more information, see [WPF Application Development](/dotnet/desktop/wpf/app-development). - **Windows Forms (WinForm)**: Using .NET, you can create a Windows Forms desktop app that runs on the device, and doesn't require a web browser or internet access. Just like Win32 apps, WinForm apps can access the local hardware and file system of the computer where the app is running. For more information, see [Desktop Guide (Windows Forms .NET)](/dotnet/desktop/winforms/overview). -- **Windows apps**: +- **Windows apps**: > [!TIP] > Starting with Windows 10, you can use the **Windows UI Library (WinUI 3)** to create .NET, Win32 desktop, and UWP apps. This library includes native Windows UI controls and other user interface elements familiar to Windows users. For more information, see [Windows UI Library (WinUI)](/windows/apps/winui/). - **Apps**: All apps installed in `C:\Program Files\WindowsApps`. There are two classes of apps: - - **Provisioned**: Installed in user account the first time you sign in with a new user account. For a list of some common provisioned apps, see [Provisioned apps installed with the Windows client OS](provisioned-apps-windows-client-os.md). + - **Provisioned**: Installed in user account the first time you sign in with a new user account. To get a list of all the provisioned apps, use Windows PowerShell: `Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName` The output lists all the provisioned apps, and their package names. For more information, see [Get-AppxProvisionedPackage](/powershell/module/dism/get-appxprovisionedpackage). + - **Installed**: Installed as part of the OS. - **Universal Windows Platform (UWP) apps**: These apps run and can be installed on many Windows platforms, including tablets, Microsoft HoloLens, Xbox, and more. All UWP apps are Windows apps. Not all Windows apps are UWP apps. @@ -63,7 +64,7 @@ There are different types of apps that can run on your Windows client devices. T For more information, see [Get started developing apps for Windows desktop](/windows/apps/get-started) and [Make your apps great on Windows 11](/windows/apps/get-started/make-apps-great-for-windows). - - **System apps**: Apps installed in the `C:\Windows\` directory. These apps are part of the Windows OS. For a list of some common system apps, see [System apps installed with the Windows client OS](system-apps-windows-client-os.md). + - **System apps**: Apps installed in the `C:\Windows\` directory. These apps are part of the Windows OS. To get a list of all the system apps, use Windows PowerShell: `Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation` The output lists all the system apps, and their installation location. For more information, see [Get-AppxPackage](/powershell/module/appx/get-appxpackage). - **Web apps** and **Progressive web apps (PWA)**: These apps run on a server, and don't run on the end user device. To use these apps, users must use a web browser and have internet access. **Progressive web apps** are designed to work for all users, work with any browser, and work on any platform. From 054d5ce553850e027ab7c78ac291c98929929988 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 8 Aug 2023 12:18:20 -0700 Subject: [PATCH 75/94] Update mcc-isp-signup.md updated for formatting --- windows/deployment/do/mcc-isp-signup.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index b83d78d4c8..9e9eaa8bd4 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -29,9 +29,9 @@ Before you begin sign up, ensure you have the following components: 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/). -> [!NOTE] -> - Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. -> - Be aware, however, that any additional services that might be selected as part of the Azure sign-up process might incur charges. + > [!NOTE] + > - Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. + > - Be aware, however, that any additional services that might be selected as part of the Azure sign-up process might incur charges. 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal. From 9e5044b2606e728d9f11d19f7559360bb018376d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 8 Aug 2023 12:21:25 -0700 Subject: [PATCH 76/94] Update mcc-isp-signup.md tweaks --- windows/deployment/do/mcc-isp-signup.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md index 9e9eaa8bd4..fc6cf1cc8d 100644 --- a/windows/deployment/do/mcc-isp-signup.md +++ b/windows/deployment/do/mcc-isp-signup.md @@ -30,8 +30,7 @@ Before you begin sign up, ensure you have the following components: 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/). > [!NOTE] - > - Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. - > - Be aware, however, that any additional services that might be selected as part of the Azure sign-up process might incur charges. + > Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. However, be aware that any additional services that might be selected as part of the Azure sign-up process might incur charges. 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal. From 6f4be5c5630e43cc4c14de8b344554fd1fc5dc37 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 9 Aug 2023 08:42:23 +0200 Subject: [PATCH 77/94] Fixed broken links --- includes/licensing/_edition-requirements.md | 4 ++-- includes/licensing/_licensing-requirements.md | 4 ++-- windows/security/includes/sections/security-foundations.md | 2 +- windows/security/index.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md index b7a06b9836..e803e8009d 100644 --- a/includes/licensing/_edition-requirements.md +++ b/includes/licensing/_edition-requirements.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 08/02/2023 +ms.date: 08/09/2023 ms.topic: include --- @@ -71,7 +71,7 @@ ms.topic: include |**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes| |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes| |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes| -|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes| +|**[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)**|Yes|Yes|Yes|Yes| |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes| |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes| |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes| diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md index 0021be3c39..28ea87e8e0 100644 --- a/includes/licensing/_licensing-requirements.md +++ b/includes/licensing/_licensing-requirements.md @@ -1,7 +1,7 @@ --- author: paolomatarazzo ms.author: paoloma -ms.date: 08/02/2023 +ms.date: 08/09/2023 ms.topic: include --- @@ -71,7 +71,7 @@ ms.topic: include |**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes| |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes| |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes| -|**[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)**|Yes|Yes|Yes|Yes|Yes| +|**[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)**|Yes|Yes|Yes|Yes|Yes| |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌| |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes| |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes| diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md index 6cbeb13816..61eb75d6e8 100644 --- a/windows/security/includes/sections/security-foundations.md +++ b/windows/security/includes/sections/security-foundations.md @@ -26,4 +26,4 @@ ms.topic: include |:---|:---| | **Software Bill of Materials (SBOM)** | SBOMs are leveraged to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering has not taken place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers. | | **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | Windows Defender Application Control (WDAC) enables customers to define policies for controlling what is allowed to run on their devices. WDAC policies can be remotely applied to devices using an MDM solution like Microsoft Intune.

To simplify WDAC enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing WDAC policies and apps.

Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets. | -| **[Windows application software development kit (SDK)](/windows/security/security-foundations/certification/windows-platform-common-criteria%23security-and-privacy)** | Developers have an opportunity to design highly secure applications that benefit from the latest Windows safeguards. The Windows App SDK provides a unified set of APIs and tools for developing desktop apps for Windows. To help create apps that are up-to-date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system. | +| **[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)** | Developers have an opportunity to design highly secure applications that benefit from the latest Windows safeguards. The Windows App SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows. To help create apps that are up-to-date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system. | diff --git a/windows/security/index.yml b/windows/security/index.yml index e49166e1ef..8c8d647a5a 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -72,7 +72,7 @@ productDirectory: links: - url: /windows/security/identity-protection/hello-for-business text: Windows Hello for Business - - url: /windows/security/identity-protection/credential-guard + - url: /windows/security/identity-protection/credential-guard/credentail-guard text: Windows Defender Credential Guard - url: /windows-server/identity/laps/laps-overview text: Windows LAPS (Local Administrator Password Solution) From 8376b00f3ebf62d867ee7abb4710f58118b9eee8 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 9 Aug 2023 11:56:57 -0700 Subject: [PATCH 78/94] update manager metadata --- education/windows/change-home-to-edu.md | 2 +- windows/application-management/app-v/appv-about-appv.md | 2 +- ...dd-or-remove-an-administrator-with-the-management-console.md | 2 +- .../appv-add-or-upgrade-packages-with-the-management-console.md | 2 +- .../app-v/appv-administering-appv-with-powershell.md | 2 +- ...istering-virtual-applications-with-the-management-console.md | 2 +- .../appv-allow-administrators-to-enable-connection-groups.md | 2 +- .../app-v/appv-application-publishing-and-client-interaction.md | 2 +- ...v-apply-the-deployment-configuration-file-with-powershell.md | 2 +- .../appv-apply-the-user-configuration-file-with-powershell.md | 2 +- .../application-management/app-v/appv-auto-batch-sequencing.md | 2 +- .../application-management/app-v/appv-auto-batch-updating.md | 2 +- .../app-v/appv-auto-clean-unpublished-packages.md | 2 +- .../application-management/app-v/appv-auto-provision-a-vm.md | 2 +- .../application-management/app-v/appv-available-mdm-settings.md | 2 +- windows/application-management/app-v/appv-capacity-planning.md | 2 +- .../app-v/appv-client-configuration-settings.md | 2 +- ...-configure-access-to-packages-with-the-management-console.md | 2 +- ...configure-connection-groups-to-ignore-the-package-version.md | 2 +- ...-the-client-to-receive-updates-from-the-publishing-server.md | 2 +- .../app-v/appv-connect-to-the-management-console.md | 2 +- .../application-management/app-v/appv-connection-group-file.md | 2 +- .../app-v/appv-connection-group-virtual-environment.md | 2 +- ...v-convert-a-package-created-in-a-previous-version-of-appv.md | 2 +- ...group-with-user-published-and-globally-published-packages.md | 2 +- .../app-v/appv-create-a-connection-group.md | 2 +- ...e-a-custom-configuration-file-with-the-management-console.md | 2 +- .../app-v/appv-create-a-package-accelerator-with-powershell.md | 2 +- .../app-v/appv-create-a-package-accelerator.md | 2 +- ...-create-a-virtual-application-package-package-accelerator.md | 2 +- .../app-v/appv-create-and-use-a-project-template.md | 2 +- .../appv-creating-and-managing-virtualized-applications.md | 2 +- ...irtual-application-extensions-with-the-management-console.md | 2 +- .../app-v/appv-delete-a-connection-group.md | 2 +- .../app-v/appv-delete-a-package-with-the-management-console.md | 2 +- .../app-v/appv-deploy-appv-databases-with-sql-scripts.md | 2 +- ...-packages-with-electronic-software-distribution-solutions.md | 2 +- .../app-v/appv-deploy-the-appv-server-with-a-script.md | 2 +- .../application-management/app-v/appv-deploy-the-appv-server.md | 2 +- windows/application-management/app-v/appv-deploying-appv.md | 2 +- .../app-v/appv-deploying-microsoft-office-2010-wth-appv.md | 2 +- .../app-v/appv-deploying-microsoft-office-2013-with-appv.md | 2 +- .../app-v/appv-deploying-microsoft-office-2016-with-appv.md | 2 +- ...-packages-with-electronic-software-distribution-solutions.md | 2 +- .../app-v/appv-deploying-the-appv-sequencer-and-client.md | 2 +- .../app-v/appv-deploying-the-appv-server.md | 2 +- .../application-management/app-v/appv-deployment-checklist.md | 2 +- .../application-management/app-v/appv-dynamic-configuration.md | 2 +- ...-packages-with-electronic-software-distribution-solutions.md | 2 +- .../appv-enable-reporting-on-the-appv-client-with-powershell.md | 2 +- .../app-v/appv-enable-the-app-v-desktop-client.md | 2 +- windows/application-management/app-v/appv-evaluating-appv.md | 2 +- windows/application-management/app-v/appv-for-windows.md | 2 +- windows/application-management/app-v/appv-getting-started.md | 2 +- .../app-v/appv-high-level-architecture.md | 2 +- ...nvert-the-associated-security-identifiers-with-powershell.md | 2 +- ...-management-and-reporting-databases-on-separate-computers.md | 2 +- ...pv-install-the-management-server-on-a-standalone-computer.md | 2 +- .../appv-install-the-publishing-server-on-a-remote-computer.md | 2 +- ...ppv-install-the-reporting-server-on-a-standalone-computer.md | 2 +- .../application-management/app-v/appv-install-the-sequencer.md | 2 +- .../appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md | 2 +- windows/application-management/app-v/appv-maintaining-appv.md | 2 +- ...ackages-running-on-a-stand-alone-computer-with-powershell.md | 2 +- ...nnection-groups-on-a-stand-alone-computer-with-powershell.md | 2 +- .../app-v/appv-managing-connection-groups.md | 2 +- .../app-v/appv-migrating-to-appv-from-a-previous-version.md | 2 +- .../appv-modify-an-existing-virtual-application-package.md | 2 +- .../app-v/appv-modify-client-configuration-with-powershell.md | 2 +- .../app-v/appv-move-the-appv-server-to-another-computer.md | 2 +- windows/application-management/app-v/appv-operations.md | 2 +- .../application-management/app-v/appv-performance-guidance.md | 2 +- windows/application-management/app-v/appv-planning-checklist.md | 2 +- .../app-v/appv-planning-folder-redirection-with-appv.md | 2 +- .../app-v/appv-planning-for-appv-server-deployment.md | 2 +- windows/application-management/app-v/appv-planning-for-appv.md | 2 +- .../app-v/appv-planning-for-high-availability-with-appv.md | 2 +- .../app-v/appv-planning-for-sequencer-and-client-deployment.md | 2 +- .../app-v/appv-planning-for-using-appv-with-office.md | 2 +- ...ploy-appv-with-electronic-software-distribution-solutions.md | 2 +- .../app-v/appv-planning-to-deploy-appv.md | 2 +- .../app-v/appv-preparing-your-environment.md | 2 +- windows/application-management/app-v/appv-prerequisites.md | 2 +- .../app-v/appv-publish-a-connection-group.md | 2 +- .../appv-publish-a-packages-with-the-management-console.md | 2 +- ...nregister-a-publishing-server-with-the-management-console.md | 2 +- .../app-v/appv-release-notes-for-appv-for-windows-1703.md | 2 +- .../app-v/appv-release-notes-for-appv-for-windows.md | 2 +- windows/application-management/app-v/appv-reporting.md | 2 +- ...cally-installed-applications-inside-a-virtual-environment.md | 2 +- .../app-v/appv-security-considerations.md | 2 +- .../app-v/appv-sequence-a-new-application.md | 2 +- .../app-v/appv-sequence-a-package-with-powershell.md | 2 +- .../app-v/appv-supported-configurations.md | 2 +- .../application-management/app-v/appv-technical-reference.md | 2 +- ...-another-version-of-a-package-with-the-management-console.md | 2 +- windows/application-management/app-v/appv-troubleshooting.md | 2 +- ...ing-to-app-v-for-windows-10-from-an-existing-installation.md | 2 +- .../app-v/appv-using-the-client-management-console.md | 2 +- ...irtual-application-extensions-with-the-management-console.md | 2 +- .../app-v/appv-viewing-appv-server-publishing-metadata.md | 2 +- windows/client-management/index.yml | 2 +- .../configuration/cortana-at-work/cortana-at-work-feedback.md | 2 +- windows/configuration/cortana-at-work/cortana-at-work-o365.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-overview.md | 2 +- .../cortana-at-work/cortana-at-work-policy-settings.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-1.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-2.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-3.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-4.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-5.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-6.md | 2 +- .../configuration/cortana-at-work/cortana-at-work-scenario-7.md | 2 +- .../cortana-at-work/cortana-at-work-testing-scenarios.md | 2 +- .../cortana-at-work/cortana-at-work-voice-commands.md | 2 +- .../cortana-at-work/set-up-and-test-cortana-in-windows-10.md | 2 +- windows/configuration/cortana-at-work/test-scenario-1.md | 2 +- windows/configuration/cortana-at-work/test-scenario-2.md | 2 +- windows/configuration/cortana-at-work/test-scenario-3.md | 2 +- windows/configuration/cortana-at-work/test-scenario-4.md | 2 +- windows/configuration/cortana-at-work/test-scenario-5.md | 2 +- windows/configuration/cortana-at-work/test-scenario-6.md | 2 +- .../testing-scenarios-using-cortana-in-business-org.md | 2 +- .../configuration/includes/multi-app-kiosk-support-windows11.md | 2 +- windows/configuration/index.yml | 2 +- .../uev-administering-uev-with-windows-powershell-and-wmi.md | 2 +- windows/configuration/ue-v/uev-administering-uev.md | 2 +- .../ue-v/uev-application-template-schema-reference.md | 2 +- .../ue-v/uev-changing-the-frequency-of-scheduled-tasks.md | 2 +- .../ue-v/uev-configuring-uev-with-group-policy-objects.md | 2 +- ...-configuring-uev-with-system-center-configuration-manager.md | 2 +- windows/configuration/ue-v/uev-deploy-required-features.md | 2 +- .../ue-v/uev-deploy-uev-for-custom-applications.md | 2 +- windows/configuration/ue-v/uev-for-windows.md | 2 +- windows/configuration/ue-v/uev-getting-started.md | 2 +- .../ue-v/uev-manage-administrative-backup-and-restore.md | 2 +- windows/configuration/ue-v/uev-manage-configurations.md | 2 +- ...tings-location-templates-using-windows-powershell-and-wmi.md | 2 +- ...ng-uev-agent-and-packages-with-windows-powershell-and-wmi.md | 2 +- windows/configuration/ue-v/uev-migrating-settings-packages.md | 2 +- windows/configuration/ue-v/uev-prepare-for-deployment.md | 2 +- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- windows/configuration/ue-v/uev-security-considerations.md | 2 +- windows/configuration/ue-v/uev-sync-methods.md | 2 +- windows/configuration/ue-v/uev-sync-trigger-events.md | 2 +- .../ue-v/uev-synchronizing-microsoft-office-with-uev.md | 2 +- windows/configuration/ue-v/uev-technical-reference.md | 2 +- windows/configuration/ue-v/uev-troubleshooting.md | 2 +- .../ue-v/uev-upgrade-uev-from-previous-releases.md | 2 +- ...ev-using-uev-with-application-virtualization-applications.md | 2 +- windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md | 2 +- .../uev-working-with-custom-templates-and-the-uev-generator.md | 2 +- windows/configuration/wcd/wcd-accountmanagement.md | 2 +- windows/configuration/wcd/wcd-accounts.md | 2 +- windows/configuration/wcd/wcd-admxingestion.md | 2 +- windows/configuration/wcd/wcd-assignedaccess.md | 2 +- windows/configuration/wcd/wcd-browser.md | 2 +- windows/configuration/wcd/wcd-cellcore.md | 2 +- windows/configuration/wcd/wcd-cellular.md | 2 +- windows/configuration/wcd/wcd-certificates.md | 2 +- windows/configuration/wcd/wcd-changes.md | 2 +- windows/configuration/wcd/wcd-cleanpc.md | 2 +- windows/configuration/wcd/wcd-connections.md | 2 +- windows/configuration/wcd/wcd-connectivityprofiles.md | 2 +- windows/configuration/wcd/wcd-countryandregion.md | 2 +- windows/configuration/wcd/wcd-desktopbackgroundandcolors.md | 2 +- windows/configuration/wcd/wcd-developersetup.md | 2 +- windows/configuration/wcd/wcd-deviceformfactor.md | 2 +- windows/configuration/wcd/wcd-devicemanagement.md | 2 +- windows/configuration/wcd/wcd-deviceupdatecenter.md | 2 +- windows/configuration/wcd/wcd-dmclient.md | 2 +- windows/configuration/wcd/wcd-editionupgrade.md | 2 +- windows/configuration/wcd/wcd-firewallconfiguration.md | 2 +- windows/configuration/wcd/wcd-firstexperience.md | 2 +- windows/configuration/wcd/wcd-folders.md | 2 +- windows/configuration/wcd/wcd-hotspot.md | 2 +- windows/configuration/wcd/wcd-kioskbrowser.md | 2 +- windows/configuration/wcd/wcd-licensing.md | 2 +- windows/configuration/wcd/wcd-location.md | 2 +- windows/configuration/wcd/wcd-maps.md | 2 +- windows/configuration/wcd/wcd-networkproxy.md | 2 +- windows/configuration/wcd/wcd-networkqospolicy.md | 2 +- windows/configuration/wcd/wcd-oobe.md | 2 +- windows/configuration/wcd/wcd-personalization.md | 2 +- windows/configuration/wcd/wcd-policies.md | 2 +- windows/configuration/wcd/wcd-privacy.md | 2 +- windows/configuration/wcd/wcd-provisioningcommands.md | 2 +- windows/configuration/wcd/wcd-sharedpc.md | 2 +- windows/configuration/wcd/wcd-smisettings.md | 2 +- windows/configuration/wcd/wcd-start.md | 2 +- windows/configuration/wcd/wcd-startupapp.md | 2 +- windows/configuration/wcd/wcd-startupbackgroundtasks.md | 2 +- windows/configuration/wcd/wcd-storaged3inmodernstandby.md | 2 +- windows/configuration/wcd/wcd-surfacehubmanagement.md | 2 +- windows/configuration/wcd/wcd-tabletmode.md | 2 +- windows/configuration/wcd/wcd-takeatest.md | 2 +- windows/configuration/wcd/wcd-time.md | 2 +- windows/configuration/wcd/wcd-unifiedwritefilter.md | 2 +- windows/configuration/wcd/wcd-universalappinstall.md | 2 +- windows/configuration/wcd/wcd-universalappuninstall.md | 2 +- windows/configuration/wcd/wcd-usberrorsoemoverride.md | 2 +- windows/configuration/wcd/wcd-weakcharger.md | 2 +- windows/configuration/wcd/wcd-windowshelloforbusiness.md | 2 +- windows/configuration/wcd/wcd-windowsteamsettings.md | 2 +- windows/configuration/wcd/wcd-wlan.md | 2 +- windows/configuration/wcd/wcd-workplace.md | 2 +- windows/configuration/wcd/wcd.md | 2 +- windows/deployment/do/index.yml | 2 +- .../windows-information-protection/app-behavior-with-wip.md | 2 +- .../collect-wip-audit-event-logs.md | 2 +- .../create-and-verify-an-efs-dra-certificate.md | 2 +- .../create-vpn-and-wip-policy-using-intune-azure.md | 2 +- .../create-wip-policy-using-configmgr.md | 2 +- .../create-wip-policy-using-intune-azure.md | 2 +- .../deploy-wip-policy-using-intune-azure.md | 2 +- .../enlightened-microsoft-apps-and-wip.md | 2 +- .../guidance-and-best-practices-wip.md | 2 +- .../windows-information-protection/how-to-disable-wip.md | 2 +- .../windows-information-protection/limitations-with-wip.md | 2 +- .../mandatory-settings-for-wip.md | 2 +- .../overview-create-wip-policy-configmgr.md | 2 +- .../overview-create-wip-policy.md | 2 +- .../protect-enterprise-data-using-wip.md | 2 +- .../recommended-network-definitions-for-wip.md | 2 +- .../windows-information-protection/testing-scenarios-for-wip.md | 2 +- .../windows-information-protection/using-owa-with-wip.md | 2 +- .../wip-app-enterprise-context.md | 2 +- .../windows-information-protection/wip-learning.md | 2 +- .../threat-protection/block-untrusted-fonts-in-enterprise.md | 2 +- windows/security/threat-protection/index.md | 2 +- ...ride-mitigation-options-for-app-related-security-policies.md | 2 +- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- windows/whats-new/index.yml | 2 +- 234 files changed, 234 insertions(+), 234 deletions(-) diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md index df5e41eb07..92e4894f78 100644 --- a/education/windows/change-home-to-edu.md +++ b/education/windows/change-home-to-edu.md @@ -6,7 +6,7 @@ ms.topic: how-to author: scottbreenmsft ms.author: scbree ms.reviewer: paoloma -manager: jeffbu +manager: aaroncz ms.collection: - tier3 - education diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md index cc656aafd4..e92126877b 100644 --- a/windows/application-management/app-v/appv-about-appv.md +++ b/windows/application-management/app-v/appv-about-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md index 58897cdf6e..db32a71242 100644 --- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md index fa08c35781..d9607a39ca 100644 --- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md index 03cecb9d0e..e11cff3d2f 100644 --- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md +++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md index e211ca7e51..b73a1de7c6 100644 --- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md +++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md index 26f95c80b5..80ab1602b9 100644 --- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md +++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 74ab14397b..5782b539d8 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index 567e7032c1..ec704a9bfe 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/15/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md index cdf4c28c91..134f74c8d0 100644 --- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/15/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md index 4939b6ebf8..ccec12eeac 100644 --- a/windows/application-management/app-v/appv-auto-batch-sequencing.md +++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md index e7258a8130..3cfc4a25e9 100644 --- a/windows/application-management/app-v/appv-auto-batch-updating.md +++ b/windows/application-management/app-v/appv-auto-batch-updating.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md index 3355376c09..ef08860114 100644 --- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md +++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/15/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md index 7ceed272a7..960c96a092 100644 --- a/windows/application-management/app-v/appv-auto-provision-a-vm.md +++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 771a738982..1e7968c63d 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/15/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md index a6a532e8a3..87702c1df2 100644 --- a/windows/application-management/app-v/appv-capacity-planning.md +++ b/windows/application-management/app-v/appv-capacity-planning.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md index 326585e719..2b4f017846 100644 --- a/windows/application-management/app-v/appv-client-configuration-settings.md +++ b/windows/application-management/app-v/appv-client-configuration-settings.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md index 41d37e769a..1160f2c0de 100644 --- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md index 8a69ae36a5..b472e767b9 100644 --- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md +++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md index 6c2f01bc3f..ef9a170375 100644 --- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md +++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/25/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md index 07b3d731e9..d5f427090d 100644 --- a/windows/application-management/app-v/appv-connect-to-the-management-console.md +++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/25/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md index e39efd3b64..dbd81a5419 100644 --- a/windows/application-management/app-v/appv-connection-group-file.md +++ b/windows/application-management/app-v/appv-connection-group-file.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/25/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md index f1f55c9cd9..eb01f08fd1 100644 --- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md +++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 06/25/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md index 860483ff03..eb35d19690 100644 --- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md +++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md index 96b3e97312..fe8a0c0ac9 100644 --- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md +++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md index 497e3ea71b..b67e058e20 100644 --- a/windows/application-management/app-v/appv-create-a-connection-group.md +++ b/windows/application-management/app-v/appv-create-a-connection-group.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md index 4c8acf525d..4d6aef98c4 100644 --- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md +++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index ddd0de127f..206a2c4dc9 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md index c753f09372..cd1a5e6314 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md index 49e3724b94..c5d16599a9 100644 --- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md +++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md index 70650f1456..8fad7898e7 100644 --- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md +++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md index adb044d34a..41a9ea4ae0 100644 --- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md +++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md index 0326ed9cec..5d28a86d19 100644 --- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md +++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 07/10/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md index 32cb6660b7..018b8c8984 100644 --- a/windows/application-management/app-v/appv-delete-a-connection-group.md +++ b/windows/application-management/app-v/appv-delete-a-connection-group.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md index 21b928cfbb..6c7fbb6ee0 100644 --- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md +++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md index 2f34d49a3a..580eebc9fd 100644 --- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md +++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md index 4005389caf..5088aaaf0f 100644 --- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md index f643e3540b..16db5ceeae 100644 --- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md +++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md index 417e6a9dbd..3b942f6fc7 100644 --- a/windows/application-management/app-v/appv-deploy-the-appv-server.md +++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md index 9b93a5cd57..e4abca5b4d 100644 --- a/windows/application-management/app-v/appv-deploying-appv.md +++ b/windows/application-management/app-v/appv-deploying-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md index c1a212d4a9..1db6409588 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md index 2361c92d00..482e1e96be 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index 871ad80c8d..5f5a47faf9 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md index 19ddffc329..baaaf62754 100644 --- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md index 23364f226c..bbba1c8a0a 100644 --- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md +++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md index a65e0f099d..623e3ef07e 100644 --- a/windows/application-management/app-v/appv-deploying-the-appv-server.md +++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md index a7c3a33ae3..6b89ffcb68 100644 --- a/windows/application-management/app-v/appv-deployment-checklist.md +++ b/windows/application-management/app-v/appv-deployment-checklist.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md index 2f5070263e..f782e22867 100644 --- a/windows/application-management/app-v/appv-dynamic-configuration.md +++ b/windows/application-management/app-v/appv-dynamic-configuration.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md index c8554bb768..ca51b3b8f9 100644 --- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.technology: itpro-apps ms.date: 05/02/2022 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: how-to --- diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md index 2b56810126..3e0f982303 100644 --- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md +++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md index c90e3f24f7..d23763d372 100644 --- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md +++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md index 5324043e75..7ef67197bc 100644 --- a/windows/application-management/app-v/appv-evaluating-appv.md +++ b/windows/application-management/app-v/appv-evaluating-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md index c0190e9ad0..2798d2e4cf 100644 --- a/windows/application-management/app-v/appv-for-windows.md +++ b/windows/application-management/app-v/appv-for-windows.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md index 0ac943721e..500a015467 100644 --- a/windows/application-management/app-v/appv-getting-started.md +++ b/windows/application-management/app-v/appv-getting-started.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md index d14f1d6594..3d480833f0 100644 --- a/windows/application-management/app-v/appv-high-level-architecture.md +++ b/windows/application-management/app-v/appv-high-level-architecture.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md index ca6176f530..604d4ca93a 100644 --- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md +++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md index 262b132cdd..ec07a9f2a4 100644 --- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md +++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md index 1628f2e74c..077dfe70f2 100644 --- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md +++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md index 72db9c5275..62b5f49184 100644 --- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md +++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md index f76835b49c..995af4a7b2 100644 --- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md +++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md index 7d6a6fafc5..eeeb9120d7 100644 --- a/windows/application-management/app-v/appv-install-the-sequencer.md +++ b/windows/application-management/app-v/appv-install-the-sequencer.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md index cd63df0b5f..22fab6a3b5 100644 --- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md +++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md index fc8dfc21e0..8892ec9047 100644 --- a/windows/application-management/app-v/appv-maintaining-appv.md +++ b/windows/application-management/app-v/appv-maintaining-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index 90dbde5bfe..fc381bb0f9 100644 --- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.prod: windows-client ms.date: 09/24/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md index 9cc33e59c4..4765157af7 100644 --- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md index 92205f0970..789d7cc976 100644 --- a/windows/application-management/app-v/appv-managing-connection-groups.md +++ b/windows/application-management/app-v/appv-managing-connection-groups.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md index 4a56597185..78d3d9b6a6 100644 --- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md +++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md index 5b3828c3ce..0322083aa8 100644 --- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md +++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md index 221a09536f..f707da5e2e 100644 --- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md +++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md index 7a455cd752..7eb6a6ee5d 100644 --- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md +++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md index 224a4490ae..bca6d21d80 100644 --- a/windows/application-management/app-v/appv-operations.md +++ b/windows/application-management/app-v/appv-operations.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 5675d15eff..3d32c1834d 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md index 7616cad1e5..4ba8df6b30 100644 --- a/windows/application-management/app-v/appv-planning-checklist.md +++ b/windows/application-management/app-v/appv-planning-checklist.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md index de5a689d74..7f9891e8dc 100644 --- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md +++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md index 9279268e38..d586c7d002 100644 --- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md +++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md index f05793311f..88d29b3939 100644 --- a/windows/application-management/app-v/appv-planning-for-appv.md +++ b/windows/application-management/app-v/appv-planning-for-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md index 90d0eb2de4..f83a6efb92 100644 --- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md +++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md index c42918e88b..6249fb1463 100644 --- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md +++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md index 451e113eaa..c0d76e731a 100644 --- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md +++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md index ad7565277d..2faf00ec3f 100644 --- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md +++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md index 9a682b9c47..8aeafdf96d 100644 --- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md +++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md index cf0f423e87..7960a6176f 100644 --- a/windows/application-management/app-v/appv-preparing-your-environment.md +++ b/windows/application-management/app-v/appv-preparing-your-environment.md @@ -5,7 +5,7 @@ ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: author: aczechowski -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md index d63f666cfa..e25a1a1ee7 100644 --- a/windows/application-management/app-v/appv-prerequisites.md +++ b/windows/application-management/app-v/appv-prerequisites.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md index 67936bfc06..5f377d48e3 100644 --- a/windows/application-management/app-v/appv-publish-a-connection-group.md +++ b/windows/application-management/app-v/appv-publish-a-connection-group.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md index 3401984dac..2c52dce04b 100644 --- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 09/27/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md index 0bd4777e42..55b03dee3e 100644 --- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md +++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md index 5bfd8497af..9c0c3225bb 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md index fa7f9d3364..523b7ad256 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index 5464c1fdcc..cd42eb1ffc 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/16/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md index 49b68f3ed9..6b551661d4 100644 --- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 03/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md index 23e9dce8a5..9482c32049 100644 --- a/windows/application-management/app-v/appv-security-considerations.md +++ b/windows/application-management/app-v/appv-security-considerations.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/16/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md index 7e0b19b428..6950c97d05 100644 --- a/windows/application-management/app-v/appv-sequence-a-new-application.md +++ b/windows/application-management/app-v/appv-sequence-a-new-application.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/16/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md index 65cccc4561..04be00dcbf 100644 --- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md +++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index e9168ea779..ffb10c4b02 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/16/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-apps diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md index 80859782c4..bb3c4874f4 100644 --- a/windows/application-management/app-v/appv-technical-reference.md +++ b/windows/application-management/app-v/appv-technical-reference.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md index b0a1c0a587..74aec2aba2 100644 --- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md +++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md index 9bba519134..5678e04c06 100644 --- a/windows/application-management/app-v/appv-troubleshooting.md +++ b/windows/application-management/app-v/appv-troubleshooting.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md index 192f9f4b66..bb291a0484 100644 --- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md +++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md index c327a058bb..66b4aa8372 100644 --- a/windows/application-management/app-v/appv-using-the-client-management-console.md +++ b/windows/application-management/app-v/appv-using-the-client-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md index 858f0dcbad..c0d29c01af 100644 --- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md +++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md index f5fad71c85..d51f9556a1 100644 --- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md +++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md @@ -5,7 +5,7 @@ author: aczechowski ms.prod: windows-client ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-apps --- diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml index 8b288e7905..9501d46c0a 100644 --- a/windows/client-management/index.yml +++ b/windows/client-management/index.yml @@ -14,7 +14,7 @@ metadata: - tier1 author: aczechowski ms.author: aaroncz - manager: dougeby + manager: aaroncz ms.date: 04/13/2023 localization_priority: medium diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md index ae511d78a9..d238ab8539 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index 8e06273c57..5dc0aa37ec 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -10,7 +10,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md index 02f381c39f..2f8c615755 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md @@ -1,7 +1,7 @@ --- title: Configure Cortana in Windows 10 and Windows 11 ms.reviewer: -manager: dougeby +manager: aaroncz description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments. ms.prod: windows-client ms.collection: tier3 diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md index fca7d43916..8cfe781f37 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md @@ -7,7 +7,7 @@ author: aczechowski ms.localizationpriority: medium ms.author: aaroncz ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 ms.topic: article diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md index 661a84faa2..421e8959d9 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md @@ -7,7 +7,7 @@ author: aczechowski ms.localizationpriority: medium ms.author: aaroncz ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 ms.topic: article diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md index 99c60d8373..c107c97a64 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md index 3975696457..50fb4c4d32 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md index 8dcfcc91c7..997bd2f471 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md index efac6821ae..67d77779e6 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md index 8fdc30830e..a940f6be39 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md index e60c202497..88e5901e0c 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md index 6f2a30aa8b..6a8fa6528d 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 06/28/2021 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md index c7b3eac2bc..21f168168d 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md index c280af5397..01d6c2db85 100644 --- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md +++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md @@ -1,7 +1,7 @@ --- title: Set up and test Cortana in Windows 10, version 2004 and later ms.reviewer: -manager: dougeby +manager: aaroncz description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments. ms.prod: windows-client ms.collection: tier3 diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md index 81d3d89d7c..6f3ffd8173 100644 --- a/windows/configuration/cortana-at-work/test-scenario-1.md +++ b/windows/configuration/cortana-at-work/test-scenario-1.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md index df3d6c02ec..f69b1c2789 100644 --- a/windows/configuration/cortana-at-work/test-scenario-2.md +++ b/windows/configuration/cortana-at-work/test-scenario-2.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md index 2c23f88711..b57dded7f3 100644 --- a/windows/configuration/cortana-at-work/test-scenario-3.md +++ b/windows/configuration/cortana-at-work/test-scenario-3.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md index 14eb9842c3..081ea5877a 100644 --- a/windows/configuration/cortana-at-work/test-scenario-4.md +++ b/windows/configuration/cortana-at-work/test-scenario-4.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md index 18c3c99f7a..17a27dc786 100644 --- a/windows/configuration/cortana-at-work/test-scenario-5.md +++ b/windows/configuration/cortana-at-work/test-scenario-5.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md index 50e009cc49..8915d4300d 100644 --- a/windows/configuration/cortana-at-work/test-scenario-6.md +++ b/windows/configuration/cortana-at-work/test-scenario-6.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md index 973e56ee5e..a7ad523655 100644 --- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md +++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.date: 10/05/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md index efe346ced6..7f90909404 100644 --- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md +++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md @@ -3,7 +3,7 @@ author: aczechowski ms.author: aaroncz ms.date: 09/21/2021 ms.reviewer: -manager: dougeby +manager: aaroncz ms.prod: w10 ms.topic: include --- diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml index 2891f614c0..0eace6a656 100644 --- a/windows/configuration/index.yml +++ b/windows/configuration/index.yml @@ -13,7 +13,7 @@ metadata: - tier1 author: aczechowski ms.author: aaroncz - manager: dougeby + manager: aaroncz ms.date: 08/05/2021 #Required; mm/dd/yyyy format. localization_priority: medium diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md index 852b3e4500..f6909fdc31 100644 --- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md index b4bfc496ca..02bb612d1b 100644 --- a/windows/configuration/ue-v/uev-administering-uev.md +++ b/windows/configuration/ue-v/uev-administering-uev.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index a26af56567..d0d7b3db53 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md index d6cb847dc1..28f57b767c 100644 --- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md +++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md index 5942fc45be..f18438c0c3 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md index 60273009e8..efd9497722 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md index 479a729676..04a273fdd4 100644 --- a/windows/configuration/ue-v/uev-deploy-required-features.md +++ b/windows/configuration/ue-v/uev-deploy-required-features.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md index 1d05d369d0..76987da15a 100644 --- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md +++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md index f1604d6359..7b140aa669 100644 --- a/windows/configuration/ue-v/uev-for-windows.md +++ b/windows/configuration/ue-v/uev-for-windows.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 05/02/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md index 36ce63717c..32db93baee 100644 --- a/windows/configuration/ue-v/uev-getting-started.md +++ b/windows/configuration/ue-v/uev-getting-started.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 03/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index 22bf076b54..34a9229f65 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md index 1e594846ab..51a1e724fe 100644 --- a/windows/configuration/ue-v/uev-manage-configurations.md +++ b/windows/configuration/ue-v/uev-manage-configurations.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md index 04dae12024..78252752e3 100644 --- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md index 4d07a6a09a..079e034324 100644 --- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md index 9c3cebd1a1..27fcbea39e 100644 --- a/windows/configuration/ue-v/uev-migrating-settings-packages.md +++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 5e13281dc1..f498b6600b 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 47dfe6e7e7..42571c453b 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md index a91444675f..2bde66cad7 100644 --- a/windows/configuration/ue-v/uev-security-considerations.md +++ b/windows/configuration/ue-v/uev-security-considerations.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md index 7d1eeeccb0..bff2257777 100644 --- a/windows/configuration/ue-v/uev-sync-methods.md +++ b/windows/configuration/ue-v/uev-sync-methods.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md index b9571cdf2a..a080d46d6e 100644 --- a/windows/configuration/ue-v/uev-sync-trigger-events.md +++ b/windows/configuration/ue-v/uev-sync-trigger-events.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md index 7851418fe8..a28147ecb1 100644 --- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md +++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md index 9d161c1889..c4f15d65ce 100644 --- a/windows/configuration/ue-v/uev-technical-reference.md +++ b/windows/configuration/ue-v/uev-technical-reference.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md index d2a350b63d..0f96a38a1b 100644 --- a/windows/configuration/ue-v/uev-troubleshooting.md +++ b/windows/configuration/ue-v/uev-troubleshooting.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md index 78cfb2f9c0..495602a3d7 100644 --- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md +++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md index 5d02d042ce..4d2e9541ec 100644 --- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md +++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md index 157f473f1f..147230cb37 100644 --- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md +++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md index 827c6ad3ff..1c94036b4c 100644 --- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md +++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md @@ -6,7 +6,7 @@ ms.prod: windows-client ms.collection: tier3 ms.date: 04/19/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.author: aaroncz ms.topic: article ms.technology: itpro-configure diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md index 2e7840f541..3d883a1d2b 100644 --- a/windows/configuration/wcd/wcd-accountmanagement.md +++ b/windows/configuration/wcd/wcd-accountmanagement.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index 43031314a1..2f26418dde 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index b393f8b184..b1c2aad0d0 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index be108dc758..17322a4076 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index 918836b846..abcc63d261 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 10/02/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index af88e9f060..4d48caa562 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 10/02/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index 7b97d13b21..d39280a5fe 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -1,7 +1,7 @@ --- title: Cellular (Windows 10) ms.reviewer: -manager: dougeby +manager: aaroncz description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: windows-client author: aczechowski diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index 0fac2bb393..8a15c48f5b 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md index a4f21e84f9..6788558d33 100644 --- a/windows/configuration/wcd/wcd-changes.md +++ b/windows/configuration/wcd/wcd-changes.md @@ -1,7 +1,7 @@ --- title: Changes to settings in Windows Configuration Designer (Windows 10) ms.reviewer: -manager: dougeby +manager: aaroncz description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809. ms.prod: windows-client author: aczechowski diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index 7c9b872efe..3bb2b66098 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index e8fb9cfb34..0434a57ba2 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 1692de1889..88daab22bd 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index e008f9285f..9c1e5b2b70 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index 4c51c6e3ef..b7d4eee9d8 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/21/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index 496b0b07bd..f93fe468a8 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index be7bfcda42..d47c6a0d97 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index b7f1546197..fd933e1cb7 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md index 9d0ab9779d..4d5c9d8f2f 100644 --- a/windows/configuration/wcd/wcd-deviceupdatecenter.md +++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md @@ -5,7 +5,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: medium ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: article ms.technology: itpro-configure ms.date: 12/31/2017 diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index 7c7fe21043..218f3f2102 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index c2261d1d6c..696a33078b 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index ed8813b347..3bfedb1fc5 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index 317e860a92..d17727272b 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 08/08/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index d65f38e718..d59d40f6a3 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md index 6e0bfbe99c..e838a329d8 100644 --- a/windows/configuration/wcd/wcd-hotspot.md +++ b/windows/configuration/wcd/wcd-hotspot.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 12/18/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md index d1904f8a39..600809d119 100644 --- a/windows/configuration/wcd/wcd-kioskbrowser.md +++ b/windows/configuration/wcd/wcd-kioskbrowser.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 10/02/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index 7308c531a1..f03737f546 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md index 9b1e501fec..94fe50a11b 100644 --- a/windows/configuration/wcd/wcd-location.md +++ b/windows/configuration/wcd/wcd-location.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index 37b93da96d..a371f05731 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index 0b8561c8cf..f12104c539 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 2be6c377ba..71560b301f 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index df4078b569..f8af613b82 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -1,7 +1,7 @@ --- title: OOBE (Windows 10) ms.reviewer: -manager: dougeby +manager: aaroncz description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: windows-client author: aczechowski diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 249dc446a7..b89c45755d 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index b2ac514b17..902475d894 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -1,7 +1,7 @@ --- title: Policies (Windows 10) ms.reviewer: -manager: dougeby +manager: aaroncz description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: windows-client author: aczechowski diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md index df2b29c1ff..65d872fe1b 100644 --- a/windows/configuration/wcd/wcd-privacy.md +++ b/windows/configuration/wcd/wcd-privacy.md @@ -5,7 +5,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: medium ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: article ms.technology: itpro-configure ms.date: 12/31/2017 diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 1015406211..d523106679 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index f0574a44c2..80275970c1 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 10/16/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index 5f29ebedfd..5ce6d3c4b1 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 03/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index 098c9bbb9c..53ff39614a 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 7ebe657816..44ae8f59c7 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 0ef9b010e5..b04f726240 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md index 61f8c30b69..d9a2c856ff 100644 --- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md +++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md @@ -6,7 +6,7 @@ author: aczechowski ms.localizationpriority: medium ms.author: aaroncz ms.topic: article -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index 12bd766d54..92dd641460 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index 15758077ad..13b9e9a810 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index 1def53b033..1001238225 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 09/06/2017 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md index 659eef75c7..320b7fa6a5 100644 --- a/windows/configuration/wcd/wcd-time.md +++ b/windows/configuration/wcd/wcd-time.md @@ -5,7 +5,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: medium ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: article ms.technology: itpro-configure ms.date: 12/31/2017 diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index 55abb9002a..6bc7634cfb 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index bbd3749ad5..98f1fd3fd3 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index ab0005120f..4f40efa1fb 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index 3a53cca460..8dbef10171 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index 2270de3845..a7eafa43c9 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md index 8c42614eca..1a414d570f 100644 --- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md +++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index 9db59248ff..e37dc898a4 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index c691224077..a44a635cf6 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -1,7 +1,7 @@ --- title: WLAN (Windows 10) ms.reviewer: -manager: dougeby +manager: aaroncz description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. ms.prod: windows-client author: aczechowski diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index 2055154e19..b36b0cd090 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -8,7 +8,7 @@ ms.author: aaroncz ms.topic: article ms.date: 04/30/2018 ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure --- diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index 1c7d6d423c..8c1f2f6053 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -7,7 +7,7 @@ ms.localizationpriority: medium ms.author: aaroncz ms.topic: article ms.reviewer: -manager: dougeby +manager: aaroncz ms.technology: itpro-configure ms.date: 12/31/2017 --- diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index cdbe9ad071..3d120dad99 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -14,7 +14,7 @@ metadata: - tier3 author: aczechowski ms.author: aaroncz - manager: dougeby + manager: aaroncz ms.date: 03/07/2022 #Required; mm/dd/yyyy format. localization_priority: medium diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index c18264a48d..3db313bdd3 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -3,7 +3,7 @@ title: Unenlightened and enlightened app behavior while using Windows Informatio description: Learn how unenlightened and enlightened apps might behave, based on Windows Information Protection (WIP) network policies, app configuration, and other criteria author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 717a6630bd..3d7152aa4c 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -3,7 +3,7 @@ title: How to collect Windows Information Protection (WIP) audit event logs description: How to collect & understand Windows Information Protection audit event logs via the Reporting configuration service provider (CSP) or Windows Event Forwarding. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index c40a6f49b7..303f8c3057 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -3,7 +3,7 @@ title: Create an EFS Data Recovery Agent certificate description: Follow these steps to create, verify, and perform a quick recovery by using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.reviewer: rafals ms.topic: how-to ms.date: 07/15/2022 diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index b599da46cc..709de2a54d 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -3,7 +3,7 @@ title: Associate and deploy a VPN policy for Windows Information Protection (WIP description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index b6b7dac0ab..01f7c3b238 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -3,7 +3,7 @@ title: Create and deploy a WIP policy in Configuration Manager description: Use Microsoft Configuration Manager to create and deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.reviewer: rafals ms.topic: how-to ms.date: 07/15/2022 diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 1f361f1d46..6cb50dc76b 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -3,7 +3,7 @@ title: Create a WIP policy in Intune description: Learn how to use the Microsoft Intune admin center to create and deploy your Windows Information Protection (WIP) policy to protect data on your network. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.reviewer: rafals ms.topic: how-to ms.date: 07/15/2022 diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 38b528117e..0269f73fe5 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -3,7 +3,7 @@ title: Deploy your Windows Information Protection (WIP) policy using the Azure p description: After you've created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 03/05/2019 ms.reviewer: diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index a2b9598ab5..1660b49f10 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -4,7 +4,7 @@ description: Learn the difference between enlightened and unenlightened apps. Fi ms.reviewer: author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 05/02/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index e6f007eb70..f98f1a7125 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -3,7 +3,7 @@ title: General guidance and best practices for Windows Information Protection (W description: Find resources about apps that can work with Windows Information Protection (WIP) to protect data. Enlightened apps can tell corporate and personal data apart. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md index 5d1fd5f71f..f30aaac954 100644 --- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md +++ b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md @@ -6,7 +6,7 @@ ms.topic: how-to author: lizgt2000 ms.author: lizlong ms.reviewer: aaroncz -manager: dougeby +manager: aaroncz --- # How to disable Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index bb9dd3ec92..783f627a5c 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -3,7 +3,7 @@ title: Limitations while using Windows Information Protection (WIP) description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP). author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.reviewer: rafals ms.topic: conceptual ms.date: 04/05/2019 diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 90f438a6ae..c849026e4b 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -3,7 +3,7 @@ title: Mandatory tasks and settings required to turn on Windows Information Prot description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 05/25/2022 --- diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md index a3e74b015d..25099e224a 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md @@ -3,7 +3,7 @@ title: Create a Windows Information Protection (WIP) policy using Microsoft Conf description: Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 2478ede777..794a46361f 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -3,7 +3,7 @@ title: Create a Windows Information Protection (WIP) policy using Microsoft Intu description: Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 03/11/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index d052a94ac2..4135a203b8 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -3,7 +3,7 @@ title: Protect your enterprise data using Windows Information Protection description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.reviewer: rafals ms.topic: overview ms.date: 07/15/2022 diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 921f111a75..fc9dfc237c 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -3,7 +3,7 @@ title: Recommended URLs for Windows Information Protection description: Recommended URLs to add to your Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP). author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 03/25/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 1daeec1865..30c94d76be 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -4,7 +4,7 @@ description: A list of suggested testing scenarios that you can use to test Wind ms.reviewer: author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 03/05/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 21f5c309e3..43f6497a22 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -3,7 +3,7 @@ title: Using Outlook on the web with WIP description: Options for using Outlook on the web with Windows Information Protection (WIP). author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index bea9a21501..02730fbed2 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -3,7 +3,7 @@ title: Determine the Enterprise Context of an app running in Windows Information description: Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 --- diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index b7ff5f992d..08963510aa 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -3,7 +3,7 @@ title: Fine-tune Windows Information Policy (WIP) with WIP Learning description: How to access the WIP Learning report to monitor and apply Windows Information Protection in your company. author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.date: 02/26/2019 --- diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index 76f980c27e..005fb7d07d 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -5,7 +5,7 @@ ms.reviewer: ms.prod: windows-client author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.date: 08/14/2017 ms.localizationpriority: medium ms.technology: itpro-security diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 850102843d..ffc754aaf6 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -4,7 +4,7 @@ description: Describes the security capabilities in Windows client focused on th ms.prod: windows-client author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.topic: conceptual ms.technology: itpro-security ms.date: 12/31/2017 diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index 9ce8d9bfcc..682b246cfa 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -4,7 +4,7 @@ description: How to use Group Policy to override individual Process Mitigation O ms.prod: windows-client author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.localizationpriority: medium ms.technology: itpro-security ms.date: 12/31/2017 diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 51a9ad4ad2..365c09f330 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -5,7 +5,7 @@ ms.prod: windows-client ms.localizationpriority: medium author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.technology: itpro-security ms.date: 12/31/2017 ms.topic: article diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 08153aa0d5..3b1d1fd82f 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -4,7 +4,7 @@ description: Learn about an approach to collect events from devices in your orga ms.prod: windows-client author: aczechowski ms.author: aaroncz -manager: dougeby +manager: aaroncz ms.date: 02/28/2019 ms.localizationpriority: medium ms.technology: itpro-security diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml index b99c54cd1c..193ffc24a8 100644 --- a/windows/whats-new/index.yml +++ b/windows/whats-new/index.yml @@ -14,7 +14,7 @@ metadata: - tier1 author: aczechowski ms.author: aaroncz - manager: dougeby + manager: aaroncz ms.date: 11/14/2022 localization_priority: medium From e9e01d209e6151bbee1e7096cbf8f9236f9a0b8d Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 9 Aug 2023 15:22:46 -0400 Subject: [PATCH 79/94] Editing for style and grammar Make a few changes to the contribution to make some of the points clearer and to account for style and grammar. --- ...rted-with-the-user-state-migration-tool.md | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index e7cea642e3..9eebdd0921 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -18,37 +18,41 @@ This article outlines the general process that you should follow to migrate file 1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md). -2. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys. +1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys. -3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). +1. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). -4. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) +1. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) -5. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. +1. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. > [!IMPORTANT] > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files. You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). -6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the [/genconfig](usmt-scanstate-syntax.md#migration-rule-options) option and specify the .xml files that you use with `ScanState.exe` as arguments. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: +1. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options: + - [/genconfig](usmt-scanstate-syntax.md#migration-rule-options). + - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the .xml files that you plan to use with `ScanState.exe`. + + For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: ```cmd ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log ``` -7. Review and modify the `Config.xml` file to specify components that you don't want to migrate. Open the `Config.xml` that you generated, review the migration state of the components listed in it, and specify `migrate=no` for any components that you don't want to migrate. +1. Open the `Config.xml` that was generated in the previous step. Review the migration state of each of the components listed in the `Config.xml` file. If necessary, edit the `Config.xml` file and specify `migrate=no` for any components that you don't want to migrate. ## Step 2: Collect files and settings from the source computer 1. Back up the source computer. -2. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +1. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!NOTE] > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. -3. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example, +1. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example, ```cmd ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log @@ -57,23 +61,23 @@ This article outlines the general process that you should follow to migrate file > [!NOTE] > If the source computer is running Windows 7, or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). -4. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. +1. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. ## Step 3: Prepare the destination computer and restore files and settings 1. Install the operating system on the destination computer. -2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. +1. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. > [!NOTE] > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft Office, which USMT can migrate from an older version to a newer version. -3. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +1. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!NOTE] > Use `/C` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. -4. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +1. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: From d51f05b4eba07d4688e04aeb123b3027cc6313c0 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 9 Aug 2023 15:37:42 -0400 Subject: [PATCH 80/94] Update that Azure AD isn't supported Made changes to initial contribution. Removed mention of hybrid AAD and just mentioned that AAD isn't supported. Will wait to get further clarification on hybrid AAD before adding info on hybrid AAD. --- .../windows-upgrade-and-migration-considerations.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md index 6df13ed120..81fcb592e6 100644 --- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md +++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md @@ -7,7 +7,7 @@ ms.prod: windows-client author: frankroj ms.topic: article ms.technology: itpro-deploy -ms.date: 10/28/2022 +ms.date: 08/09/2023 --- # Windows upgrade and migration considerations @@ -29,12 +29,15 @@ Windows Easy Transfer is a software wizard for transferring files and settings f With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you can't use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store. > [!NOTE] +> > Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10). ### Migrate with the User State Migration Tool You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they're migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded. -Note USMT supports devices that are joined to an Active Directory domain. USMT does not support hybrid or AAD joined devices. +> [!IMPORTANT] +> +> USMT only supports devices that are joined to a local Active Directory domain. USMT doesn't support Azure AD joined devices. ## Upgrade and migration considerations Whether you're upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations: @@ -66,4 +69,4 @@ This feature is disabled if this registry key value exists and is configured to ## Related articles [User State Migration Tool (USMT) Overview Topics](../usmt/usmt-topics.md)
[Windows 10 upgrade paths](windows-10-upgrade-paths.md)
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md) \ No newline at end of file +[Windows 10 edition upgrade](windows-10-edition-upgrades.md) From 8694942120d67ba321f32eeedc07c2186e6b9e81 Mon Sep 17 00:00:00 2001 From: MeeraDi <97992368+MeeraDi@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:29:58 -0600 Subject: [PATCH 81/94] Updates to country and countries --- windows/deployment/do/delivery-optimization-workflow.md | 2 +- windows/deployment/do/mcc-isp-faq.yml | 6 +++--- windows/deployment/update/wufb-reports-schema-ucclient.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md index b994ac956f..b0a7f34819 100644 --- a/windows/deployment/do/delivery-optimization-workflow.md +++ b/windows/deployment/do/delivery-optimization-workflow.md @@ -35,7 +35,7 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r |Endpoint hostname | Port|Name|Description|Data sent from the computer to the endpoint |--------------------------------------------|--------|---------------|-----------------------|------------------------| | geover-prod.do.dsp.mp.microsoft.com
geo-prod.do.dsp.mp.microsoft.com
geo.prod.do.dsp.mp.microsoft.com
geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox)
**doClientVersion**: The version of the DoSvc client
**groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) | -| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services and device configs. | **countryCode**: The country the client is connected from
**doClientVersion**: The version of the DoSvc client
**Profile**: The device type (for example, PC or Xbox)
**eId**: Client grouping ID
**CacheHost**: Cache host ID | +| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services and device configs. | **countryCode**: The country or region the client is connected from
**doClientVersion**: The version of the DoSvc client
**Profile**: The device type (for example, PC or Xbox)
**eId**: Client grouping ID
**CacheHost**: Cache host ID | | cp\*.prod.do.dsp.mp.microsoft.com
| 443 | Content Policy | Provides content specific policies and as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox)
**ContentId**: The content identifier
**doClientVersion**: The version of the DoSvc client
**countryCode**: The country the client is connected from
**altCatalogID**: If ContentID isn't available, use the download URL instead
**eID**: Client grouping ID
**CacheHost**: Cache host ID | | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | **Profile**: The device type (for example, PC or Xbox)
**ContentID**: The content identifier
**doClientVersion**: The version of the DoSvc client
**partitionID**: Client partitioning hint
**altCatalogID**: If ContentID isn't available, use the download URL instead
**eID**: Client grouping ID | | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox)
**ContentID**: The content identifier
**doClientVersion**: The version of the DoSvc client
**altCatalogID**: If ContentID isn't available, use the download URL instead
**PeerID**: Identity of the device running DO client
**ReportedIp**: The internal / private IP Address
**IsBackground**: Is the download interactive or background
**Uploaded**: Total bytes uploaded to peers
**Downloaded**: Total bytes downloaded from peers
**DownloadedCdn**: Total bytes downloaded from CDN
**Left**: Bytes left to download
**Peers Wanted**: Total number of peers wanted
**Group ID**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies)
**Scope**: The Download mode
**UploadedBPS**: The upload speed in bytes per second
**DownloadBPS**: The download speed in Bytes per second
**eID**: Client grouping ID | diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index ce711ad5b5..61cf0eeef2 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -54,8 +54,8 @@ sections: answer: You can choose to route your traffic using manual CIDR blocks or BGP. If you have multiple Microsoft Connected Cache(s), you can allocate subsets of CIDR blocks to each cache node if you wish. However, since Microsoft Connected Cache has automatic load balancing, we recommend adding all of your traffic to all of your cache nodes. - question: Should I add any load balancing mechanism? answer: You don't need to add any load balancing. Our service will take care of routing traffic if you have multiple cache nodes serving the same CIDR blocks based on the reported health of the cache node. - - question: How many Microsoft Connected Cache instances will I need? How do we set up if we support multiple countries? - answer: As stated in the table above, the recommended configuration will achieve near the maximum possible egress of 40 Gbps with a two-port link aggregated NIC and four cache drives. We have a feature coming soon that will help you estimate the number of cache nodes needed. If your ISP spans multiple countries, you can set up separate cache nodes per country. + - question: How many Microsoft Connected Cache instances will I need? How do we set up if we support multiple countries or regions? + answer: As stated in the table above, the recommended configuration will achieve near the maximum possible egress of 40 Gbps with a two-port link aggregated NIC and four cache drives. We have a feature coming soon that will help you estimate the number of cache nodes needed. If your ISP spans multiple countries or regions, you can set up separate cache nodes per country or region. - question: Where should we install Microsoft Connected Cache? answer: You are in control of your hardware and you can pick the location based on your traffic and end customers. You can choose the location where you have your routers or where you have dense traffic or any other parameters. - question: How long would a piece of content live within the Microsoft Connected Cache? Is content purged from the cache? @@ -67,7 +67,7 @@ sections: - question: Is IPv6 supported? answer: No, we don't currently support IPV6. We plan to support it in the future. - question: Is Microsoft Connected Cache stable and reliable? - answer: We have already successfully onboarded ISPs in many countries around the world and have received positive feedback! However, you can always start off with a portion of your CIDR blocks to test out the performance of MCC before expanding to more customers. + answer: We have already successfully onboarded ISPs in many countries and regions around the world and have received positive feedback! However, you can always start off with a portion of your CIDR blocks to test out the performance of MCC before expanding to more customers. - question: How does Microsoft Connected Cache populate its content? answer: Microsoft Connected Cache is a cold cache warmed by client requests. The client requests content and that is what fills up the cache. There's no off-peak cache fill necessary. Microsoft Connected Cache will reach out to different CDN providers just like a client device would. The traffic flow from Microsoft Connected Cache will vary depending on how you currently transit to each of these CDN providers. The content can come from third party CDNs or from AFD. - question: What CDNs will Microsoft Connected Cache pull content from? diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md index 3b460f113f..45ad832a0a 100644 --- a/windows/deployment/update/wufb-reports-schema-ucclient.md +++ b/windows/deployment/update/wufb-reports-schema-ucclient.md @@ -20,7 +20,7 @@ UCClient acts as an individual device's record. It contains data such as the cur |---|---|---|---| | **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID | | **AzureADTenantId** | [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Azure AD Tenant ID | -| **Country** | [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country), based on IP address. Shown as country code. | +| **Country** | [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country or region), based on IP address. Shown as country code. | | **DeviceFamily** | [string](/azure/kusto/query/scalar-data-types/string) | `PC, Phone` | The device family such as PC, Phone. | | **DeviceName** | [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name | | **GlobalDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier | From d9714bc952eb3a7768f4f753281df94d7b1660ad Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 9 Aug 2023 14:08:21 -0700 Subject: [PATCH 82/94] ucclient-schema-edits --- .../update/wufb-reports-schema-ucclient.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md index 3b460f113f..0662b5090b 100644 --- a/windows/deployment/update/wufb-reports-schema-ucclient.md +++ b/windows/deployment/update/wufb-reports-schema-ucclient.md @@ -6,7 +6,7 @@ ms.prod: windows-client author: mestew ms.author: mstewart ms.topic: reference -ms.date: 06/06/2022 +ms.date: 08/09/2023 ms.technology: itpro-updates --- @@ -27,29 +27,29 @@ UCClient acts as an individual device's record. It contains data such as the cur | **LastCensusScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. | | **LastWUScanTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. | | **OSArchitecture** | [string](/azure/kusto/query/scalar-data-types/string) | `x86` | The architecture of the operating system (not the device) this device is currently on. | -| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full operating system build installed on this device, such as Major.Minor.Build.Revision | -| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `da` | The major build number, in int format, the device is using. | +| **OSBuild** | [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision | +| **OSBuildNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `22621` | The major build number, in int format, the device is using. | | **OSEdition** | [string](/azure/kusto/query/scalar-data-types/string) | `Professional` | The Windows edition | -| **OSFeatureUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest feature update being offered by the Windows Update for Business deployment service, else NotApplicable. | +| **OSFeatureUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. | | **OSFeatureUpdateEOSTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. | | **OSFeatureUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. | | **OSFeatureUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available feature update, for its feature update. | -| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update being offered by the Windows Update for Business deployment service, else NotApplicable. | +| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. | | **OSQualityUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. | | **OSQualityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest` | Whether or not the device is on the latest available quality update, for its feature update. | | **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. | -| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) being offered by the Windows Update for Business deployment service, else NotApplicable. | +| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. | | **OSSecurityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available security update, for its feature update. | | **OSServicingChannel** | [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 servicing channel of the device. | | **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. | | **SCCMClientId** | [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID, if available. | -| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. | +| **TimeGenerated** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This field is to determine to which batch snapshot this record belongs. | | **Type** | [string](/azure/kusto/query/scalar-data-types/string) | `DeviceEvent` | The EntityType. | -| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows update feature update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. | -| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The Windows update feature update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the policy setting. | -| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. | +| **WUFeatureDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows update feature update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. | +| **WUFeatureDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The Windows update feature update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the policy setting. | +| **WUFeatureGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. | | **WUFeaturePauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for feature updates, possible values are Paused, NotPaused, NotConfigured. | -| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. | -| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. | -| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. | +| **WUQualityDeadlineDays** | [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. | +| **WUQualityDeferralDays** | [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values greater than `0` indicate the policy setting. | +| **WUQualityGracePeriodDays** | [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. `-1` indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. | | **WUQualityPauseState** | [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for quality updates, possible values are Paused, NotPaused, NotConfigured. | From bc72e9f38e0e0ae62cac1de0dbc3f984e8e77ff7 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 9 Aug 2023 14:35:31 -0700 Subject: [PATCH 83/94] Changed "being offered" to "offered" to raise Acrolinx score --- windows/deployment/update/wufb-reports-schema-ucclient.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md index 45ad832a0a..6ba2f4117a 100644 --- a/windows/deployment/update/wufb-reports-schema-ucclient.md +++ b/windows/deployment/update/wufb-reports-schema-ucclient.md @@ -34,11 +34,11 @@ UCClient acts as an individual device's record. It contains data such as the cur | **OSFeatureUpdateEOSTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. | | **OSFeatureUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. | | **OSFeatureUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available feature update, for its feature update. | -| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update being offered by the Windows Update for Business deployment service, else NotApplicable. | +| **OSQualityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update offered by the Windows Update for Business deployment service, else NotApplicable. | | **OSQualityUpdateReleaseTime** | [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. | | **OSQualityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest` | Whether or not the device is on the latest available quality update, for its feature update. | | **OSRevisionNumber** | [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. | -| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) being offered by the Windows Update for Business deployment service, else NotApplicable. | +| **OSSecurityUpdateComplianceStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) offered by the Windows Update for Business deployment service, else NotApplicable. | | **OSSecurityUpdateStatus** | [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available security update, for its feature update. | | **OSServicingChannel** | [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 servicing channel of the device. | | **OSVersion** | [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. | From a71a6ef44b3fbbd14d1666202010c68c305499e5 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:04:25 -0400 Subject: [PATCH 84/94] Update add-apps-and-features.md set date correctly --- windows/application-management/add-apps-and-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index 889b326553..bc31b8b6e5 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -4,7 +4,7 @@ description: Learn how to add Windows 10 and Windows 11 optional features using author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 08/30/2021 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 7dbb1d9dffb256a5e06f3b131412e1328aa66233 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:04:50 -0400 Subject: [PATCH 85/94] Update apps-in-windows-10.md 02/09/2023 --- windows/application-management/apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 6387f6e388..340e639b2e 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -4,7 +4,7 @@ description: Learn more and understand the different types of apps that run on W author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 02/09/2023 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From d6febce25746795a8addba9f505fa243ae8f89fa Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:05:24 -0400 Subject: [PATCH 86/94] Update enterprise-background-activity-controls.md correct date --- .../enterprise-background-activity-controls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md index d59d548da5..1ed95c362a 100644 --- a/windows/application-management/enterprise-background-activity-controls.md +++ b/windows/application-management/enterprise-background-activity-controls.md @@ -4,7 +4,7 @@ description: Allow enterprise background tasks unrestricted access to computer r author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 10/03/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From ac657de4bc8a092681b1cb6994181649a1dcbf32 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:05:48 -0400 Subject: [PATCH 87/94] Update app-v-end-life-statement.md correct date --- .../application-management/includes/app-v-end-life-statement.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md index faa562b953..f9844e71b1 100644 --- a/windows/application-management/includes/app-v-end-life-statement.md +++ b/windows/application-management/includes/app-v-end-life-statement.md @@ -2,7 +2,7 @@ author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 09/20/2021 ms.topic: include ms.prod: w10 ms.collection: tier1 From eb401c290e70b8729229a85d32fb619268a7acf9 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:06:21 -0400 Subject: [PATCH 88/94] Update applies-to-windows-client-versions.md correct date --- .../includes/applies-to-windows-client-versions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md index 2bde1c4e62..35084641c6 100644 --- a/windows/application-management/includes/applies-to-windows-client-versions.md +++ b/windows/application-management/includes/applies-to-windows-client-versions.md @@ -2,7 +2,7 @@ author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 09/28/2021 manager: aaroncz ms.topic: include ms.prod: windows-client From 165e22c325c05c4dee388a1d0b4561b74a5533e7 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:06:50 -0400 Subject: [PATCH 89/94] Update index.yml correct date --- windows/application-management/index.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml index 5705397c60..adca0baba0 100644 --- a/windows/application-management/index.yml +++ b/windows/application-management/index.yml @@ -9,7 +9,7 @@ metadata: author: aczechowski ms.author: aaroncz manager: aaroncz - ms.date: 08/04/2023 + ms.date: 08/24/2021 ms.topic: landing-page ms.prod: windows-client ms.collection: @@ -63,4 +63,4 @@ landingContent: - text: Per-user services in Windows url: per-user-services-in-windows.md - text: Per-user services in Windows - url: per-user-services-in-windows.md \ No newline at end of file + url: per-user-services-in-windows.md From 7c7c1b2c77676cd2e57557c4cf43585d0f4185d9 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:07:14 -0400 Subject: [PATCH 90/94] Update per-user-services-in-windows.md correct date --- windows/application-management/per-user-services-in-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index ed038c7e0d..1b840ef5a8 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -4,7 +4,7 @@ description: Learn about per-user services, how to change the template service S author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 09/14/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From edcdb56dc150d385a2648f59267c93a72e5c5dfa Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:07:37 -0400 Subject: [PATCH 91/94] Update private-app-repository-mdm-company-portal-windows-11.md correct date --- .../private-app-repository-mdm-company-portal-windows-11.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md index 2d103039b2..93ceaacb2c 100644 --- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md +++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md @@ -4,7 +4,7 @@ description: Use the Company Portal app in Windows 11 devices to access the priv author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 04/04/2023 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From e07068d4408686f2e147b565b2c396ccea4e16fe Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:08:03 -0400 Subject: [PATCH 92/94] Update remove-provisioned-apps-during-update.md correct date --- .../remove-provisioned-apps-during-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index 24e4b5076d..a7d6df5901 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -4,7 +4,7 @@ description: How to keep provisioned apps that were removed from your machine fr author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 05/25/2018 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 427018219ff0767c934a4610029c036219797f1f Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:08:25 -0400 Subject: [PATCH 93/94] Update sideload-apps-in-windows-10.md correct date --- windows/application-management/sideload-apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index cacafd251f..70f3c50177 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -4,7 +4,7 @@ description: Learn how to sideload line-of-business (LOB) apps in Windows client author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 12/07/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps From 81d552edbd600d40e7a19a0131adda4fba17c433 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 10 Aug 2023 07:08:48 -0400 Subject: [PATCH 94/94] Update svchost-service-refactoring.md correct date --- windows/application-management/svchost-service-refactoring.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index cdcf69903a..eef38fed3e 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -4,7 +4,7 @@ description: Learn about the SvcHost Service Refactoring introduced in Windows 1 author: aczechowski ms.author: aaroncz manager: aaroncz -ms.date: 08/04/2023 +ms.date: 07/20/2017 ms.topic: article ms.prod: windows-client ms.technology: itpro-apps