diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index d96b7414ca..087db4abca 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -69,10 +69,11 @@ Now that the app is configured, you must enable it for the users in Google Works ## Configure Azure AD as a Service Provider (SP) for Google Workspace The configuration of Azure AD consists of changing the authentication method for the custom DNS domains. This configuration can be done using PowerShell.\ -Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in an elevated PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role. +Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in a PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role. ```powershell -Install-Module Microsoft.Graph +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force +Install-Module Microsoft.Graph -Scope CurrentUser Import-Module Microsoft.Graph $domainId = "" diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md index 7eccc722a0..326c71ca59 100644 --- a/education/windows/federated-sign-in.md +++ b/education/windows/federated-sign-in.md @@ -1,7 +1,7 @@ --- title: Configure federated sign-in for Windows devices description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages. -ms.date: 04/04/2023 +ms.date: 04/11/2023 ms.topic: how-to appliesto: - ✅ Windows 11 @@ -146,11 +146,16 @@ In a scenario where a user is federated and you want to change the ImmutableId, Here's a PowerShell example to update the ImmutableId for a federated user: ```powershell +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force +Install-Module Microsoft.Graph -Scope CurrentUser +Import-Module Microsoft.Graph +Connect-MgGraph -Scopes 'User.Read.All', 'User.ReadWrite.All' + #1. Convert the user from federated to cloud-only -Get-AzureADUser -SearchString alton@example.com | Set-AzureADUser -UserPrincipalName alton@example.onmicrosoft.com +Update-MgUser -UserId alton@example.com -UserPrincipalName alton@example.onmicrosoft.com #2. Convert the user back to federated, while setting the immutableId -Get-AzureADUser -SearchString alton@example.onmicrosoft.com | Set-AzureADUser -UserPrincipalName alton@example.com -ImmutableId '260051' +Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@example.com -OnPremisesImmutableId '260051' ``` ## Troubleshooting diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index 576eade6e5..22a90e7d70 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -1,7 +1,7 @@ --- title: What's new 2023 description: This article lists the 2023 feature releases and any corresponding Message center post numbers. -ms.date: 04/04/2023 +ms.date: 04/11/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: whats-new @@ -24,6 +24,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | Message center post number | Description | | ----- | ----- | +| [MC538728](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Update: Windows Autopatch quality updates release communication | | [MC536881](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Take action: Review Windows Autopatch Tenant management blade for potential action required to prevent inactive status | ## March 2023 diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md index ccdce7a3f5..f401dbbe3c 100644 --- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md +++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md @@ -89,7 +89,7 @@ The default configuration for the **Bypass traverse checking** setting is to all ### Countermeasure -Organizations that are concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users can't see any folder or file to which they don't have access. For more info about this feature, see [Access-based Enumeration](/previous-versions/windows/it-pro/windows-server-2003/cc784710(v=ws.10)). +Organizations that are concerned about security may want to remove the Everyone group from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users can't see any folder or file to which they don't have access. For more info about this feature, see [Access-based Enumeration](/previous-versions/windows/it-pro/windows-server-2003/cc784710(v=ws.10)). ### Potential impact