mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 04:13:41 +00:00
Merge branch 'master' of https://github.com/microsoftdocs/windows-itpro-docs
This commit is contained in:
Patti Short
@ -8,9 +8,20 @@ author: brianlic-msft
|
||||
ms.date: 04/19/2017
|
||||
---
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, Windows Server 2016
|
||||
|
||||
|
||||
# Manage the Settings app with Group Policy
|
||||
|
||||
Starting in Windows 10, version 1703, you can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
|
||||
You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
|
||||
To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update.
|
||||
|
||||
>[!Note]
|
||||
>Each server that you want to manage access to the Settings App must be patched.
|
||||
|
||||
To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
|
||||
|
||||
This policy is available at **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility**.
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ ms.date: 08/18/2018
|
||||
- Certificate trust
|
||||
|
||||
|
||||
You're environment is federated and you are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.
|
||||
Your environment is federated and you are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment.
|
||||
@ -514,4 +514,4 @@ For your reference, below is a comprehensive list of the AD DS devices, containe
|
||||
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
|
||||
4. Configure Azure Device Registration (*You are here*)
|
||||
5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
|
||||
6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
|
||||
6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
|
||||
|
||||
@ -24,7 +24,7 @@ Windows Hello for Business deployments rely on certificates. Hybrid deployments
|
||||
|
||||
All deployments use enterprise issued certificates for domain controllers as a root of trust. Hybrid certificate trust deployments issue users sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers. Additionally, hybrid certificate trust deployments issue certificate to registration authorities to provide defense-in-depth security for issuing user authentication certificates.
|
||||
|
||||
## Certifcate Templates
|
||||
## Certificate Templates
|
||||
|
||||
This section has you configure certificate templates on your Windows Server 2012 or later issuing certificate authority.
|
||||
|
||||
@ -146,7 +146,8 @@ Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equ
|
||||
|
||||
>[!NOTE]
|
||||
>If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
|
||||
Publish Templates
|
||||
|
||||
## Publish Templates
|
||||
|
||||
### Publish Certificate Templates to a Certificate Authority
|
||||
|
||||
|
||||
@ -104,8 +104,8 @@ The following table defines which Windows features require TPM support.
|
||||
| BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required |
|
||||
| Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. |
|
||||
| Windows Defender Application Control (Device Guard) | No | Yes | Yes | |
|
||||
| Windows Defender Exploit Guard | Yes | Yes | Yes | |
|
||||
| Windows Defender System Guard | Yes | Yes | Yes | |
|
||||
| Windows Defender Exploit Guard | No | N/A | N/A | |
|
||||
| Windows Defender System Guard | Yes | No | Yes | |
|
||||
| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. |
|
||||
| Device Health Attestation| Yes | Yes | Yes | |
|
||||
| Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. |
|
||||
|
||||
Reference in New Issue
Block a user