deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #1318 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Dani Halfin 2019-10-23 11:01:07 -07:00 committed by GitHub
commit dde91ecc80
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -224,7 +224,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
```xml
<Configuration>
<Add SourcePath= ”\\Server\Office2016” OfficeClientEdition="32" >
<Add SourcePath= "\\Server\Office2016” OfficeClientEdition="32" >
<Product ID="O365ProPlusRetail ">
<Language ID="en-us" />
</Product>

4
windows/configuration/customize-and-export-start-layout.md
View File

@ -93,7 +93,7 @@ When you have the Start layout that you want your users to see, use the [Export-
`Export-StartLayout path <path><file name>.xml`
On a device running Windows 10, version 1809, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
On a device running Windows 10, version 1809 or higher, run the **Export-StartLayout** with the switch **-UseDesktopApplicationID**. For example:
```PowerShell
Export-StartLayout -UseDesktopApplicationID -Path layout.xml
@ -191,7 +191,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)

7
windows/deployment/volume-activation/active-directory-based-activation-overview.md
View File

@ -9,7 +9,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.date: 12/07/2018
ms.topic: article
---
@ -37,7 +38,7 @@ VAMT enables IT Professionals to manage and activate the ADBA object. Activation
## Related topics
- [How to Activate an Active Directory Forest Online](https://go.microsoft.com/fwlink/p/?LinkId=246565)
- [How to Proxy Activate an Active Directory Forest](https://go.microsoft.com/fwlink/p/?LinkId=246566)
- [How to Activate an Active Directory Forest Online](https://docs.microsoft.com/windows/deployment/volume-activation/activate-forest-vamt)
- [How to Proxy Activate an Active Directory Forest](https://docs.microsoft.com/windows/deployment/volume-activation/activate-forest-by-proxy-vamt)
 
 

4
windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md
View File

@ -41,7 +41,7 @@ Yes, BitLocker supports multifactor authentication for operating system drives.
For requirements, see [System requirements](bitlocker-overview.md#system-requirements).
> [!NOTE]
> Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it is cannot be protected by BitLocker.
> Dynamic disks are not supported by BitLocker. Dynamic data volumes will not be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it is a Dynamic disk, if it is a dynamic disk it cannot be protected by BitLocker.
## Why are two partitions required? Why does the system drive have to be so large?
@ -78,4 +78,4 @@ To turn on, turn off, or change configurations of BitLocker on operating system
## What is the recommended boot order for computers that are going to be BitLocker-protected?
You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such ach as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked. 
You should configure the startup options of your computer to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk is not first and you typically boot from hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause you to be prompted for your BitLocker recovery key. For the same reason, if you have a laptop with a docking station, ensure that the hard disk drive is first in the boot order both when docked and undocked. 

2
windows/security/information-protection/tpm/tpm-recommendations.md
View File

@ -123,7 +123,7 @@ The following table defines which Windows features require TPM support.
TPM Platform Crypto Provider Key Storage Provider| Yes | Yes | Yes
Virtual Smart Card | Yes | Yes | Yes
Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM.
Autopilot | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
Autopilot | Yes | No | Yes | TPM 2.0 and UEFI firmware is required for white glove and self-deploying scenarios.
SecureBIO | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
DRTM | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.

10
windows/security/threat-protection/auditing/event-5156.md
View File

@ -102,7 +102,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
- Outbound for unbound connections.
- **Source Address** \[Type = UnicodeString\]**:** local IP address on which application received the connection.
- **Source Address** \[Type = UnicodeString\]**:** IP address from which the connection was initiated.
- IPv4 Address
@ -114,9 +114,9 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
- 127.0.0.1 , ::1 - localhost
- **Source Port** \[Type = UnicodeString\]**:** port number on which application received the connection.
- **Source Port** \[Type = UnicodeString\]**:** port number from which the connection was initiated.
- **Destination Address** \[Type = UnicodeString\]**:** IP address ***from*** which connection was received or initiated.
- **Destination Address** \[Type = UnicodeString\]**:** IP address where the connection was received.
- IPv4 Address
@ -128,7 +128,7 @@ This event generates when [Windows Filtering Platform](https://msdn.microsoft.co
- 127.0.0.1 , ::1 - localhost
- **Destination Port** \[Type = UnicodeString\]**:** port number which was used from remote machine to initiate connection.
- **Destination Port** \[Type = UnicodeString\]**:** port number where the connection was received.
- **Protocol** \[Type = UInt32\]: number of protocol which was used.
@ -184,7 +184,7 @@ For 5156(S): The Windows Filtering Platform has permitted a connection.
- If you need to monitor all inbound connections to a specific local port, monitor for [5156](event-5156.md) events with that “**Source Port**.**”**
- Monitor for all connections with a “**Protocol Number”** that is not typical for this device or compter, for example, anything other than 1, 6, or 17.
- Monitor for all connections with a “**Protocol Number”** that is not typical for this device or computer, for example, anything other than 1, 6, or 17.
- If the computers communication with “**Destination Address”** should always use a specific “**Destination Port**,**”** monitor for any other “**Destination Port**.”

2
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -64,7 +64,7 @@ You can set several rule options within a WDAC policy. Table 2 describes each ru
| **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. |
| **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. |
| **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
| **11 Disabled:Script Enforcement** | This option is not currently supported. |
| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to Restricted Language Mode. NOTE: This option is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 is not supported and may have unintended results. |
| **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. |
| **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. |
| **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsofts Intelligent Security Graph (ISG). |

20
windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
View File

@ -67,8 +67,8 @@ Answering frequently asked questions about Windows Defender Application Guard (A
| | |
|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Q:** | How do I configure WDAG to work with my network proxy (IP-Literal Addresses)? |
| **A:** | WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. |
| **Q:** | How do I configure Windows Defender Application Guard to work with my network proxy (IP-Literal Addresses)? |
| **A:** | Windows Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. |
<br>
@ -76,7 +76,7 @@ Answering frequently asked questions about Windows Defender Application Guard (A
| | |
|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Q:** | Which Input Method Editors (IME) in 19H1 are not supported? |
| **A:** | The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in WDAG.<br>Vietnam Telex keyboard<br>Vietnam number key-based keyboard<br>Hindi phonetic keyboard<br>Bangla phonetic keyboard<br>Marathi phonetic keyboard<br>Telugu phonetic keyboard<br>Tamil phonetic keyboard<br>Kannada phonetic keyboard<br>Malayalam phonetic keyboard<br>Gujarati phonetic keyboard<br>Odia phonetic keyboard<br>Punjabi phonetic keyboard |
| **A:** | The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Windows Defender Application Guard.<br>Vietnam Telex keyboard<br>Vietnam number key-based keyboard<br>Hindi phonetic keyboard<br>Bangla phonetic keyboard<br>Marathi phonetic keyboard<br>Telugu phonetic keyboard<br>Tamil phonetic keyboard<br>Kannada phonetic keyboard<br>Malayalam phonetic keyboard<br>Gujarati phonetic keyboard<br>Odia phonetic keyboard<br>Punjabi phonetic keyboard |
<br>
@ -111,3 +111,17 @@ Answering frequently asked questions about Windows Defender Application Guard (A
<br>
| | |
|--------|-----------------------------------------------------------------------------------------------|
| **Q:** | Is there a size limit to the domain lists that I need to configure? |
| **A:** | Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383B limit.|
<br>
| | |
|--------|-----------------------------------------------------------------------------------------------|
| **Q:** | Why does my encryption driver break Windows Defender Application Guard? |
| **A:** | Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work. |
<br>