Merge pull request #1570 from MicrosoftDocs/FromPrivateRepo

From private repo
2025-06-28 00:33:40 +00:00 · 2018-08-31 15:35:06 -07:00
parent a93189dc2f 71eb1ac7c5
commit e9ba129845
4 changed files with 11 additions and 9 deletions
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/16/2018
+ms.date: 08/31/2018
 ---

 # BitLocker CSP
@ -257,7 +257,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.</p>

 > [!Note]  
-> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
+> In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.

 <p style="margin-left: 20px">If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.</p>

@ -347,7 +347,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.</p>

 > [!Note]  
-> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits. 
+> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. 
 >
 >In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.

--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 08/08/2018
+ms.date: 08/30/2018
 ---

 # Policy CSP - Bluetooth
@ -243,7 +243,7 @@ Added in Windows 10, version 1803. This policy allows the IT admin to block user
 The following list shows the supported values:  

 -   0 - Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios
-   1 - Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios
+-   1 - Allow (default). Allow users on these managed devices to use Swift Pair and other proximity based scenarios

 <!--/SupportedValues-->
 <!--/Policy-->
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -1510,7 +1510,7 @@ For Quality Updates, this policy specifies the deadline in days before automatic
 The system will reboot on or after the specified deadline. The reboot is prioritized over any configured Active Hours and any existing system and user busy checks.

 > [!Note]  
-> This policy is related to the default values for Update/EngagedRestartTransitionSchedule (default - 3 days) and Update/EngagedRestartSnoozeSchedule (default - 7 days). The default values for these two policies will be used unless these are set to other values.
+> If Update/EngagedDeadline is the only policy set (Update/EngagedRestartTransitionSchedule and Update/EngagedRestartSnoozeSchedule are not set), the behavior goes from reboot required -> engaged behavior -> forced reboot after deadline is reached with a 3-day snooze period.

 Value type is integer. Default is 14.

--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: jsuther1974
-ms.date: 08/16/2018
+ms.date: 08/31/2018
 ---

 # Microsoft recommended block rules
@ -137,6 +137,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
  <Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="65535.65535.65535.65535" /> 
  <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />   
+  <Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="65535.65535.65535.65535" />   
  <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/> 
  <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/> 
  <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40"/> 
@ -705,7 +706,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <Deny ID="ID_DENY_D_604" FriendlyName="PowerShellShell 604" Hash="B38E1198F82E7C2B3123984C017417F2A48BDFF5B6DBAD20B2438D7B65F6E39F"/>
  <Deny ID="ID_DENY_D_605" FriendlyName="PowerShellShell 605" Hash="DE16A6B93178B6C6FC33FBF3E9A86CFF070DA6D3"/>
  <Deny ID="ID_DENY_D_606" FriendlyName="PowerShellShell 606" Hash="A3EF9A95D1E859958DEBE44C033B4562EBB9B4C6E32005CA5C07B2E07A42E2BE"/>
-  
+
  <!-- pubprn.vbs
  --> 
  <!-- rs2 x86fre
@ -838,6 +839,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <FileRuleRef RuleID="ID_DENY_LXRUN"/> 
  <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/> 
  <FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM"/> 
+  <FileRuleRef RuleID="ID_DENY_KILL"/> 
  <FileRuleRef RuleID="ID_DENY_WMIC"/>
  <FileRuleRef RuleID="ID_DENY_MWFC" /> 
  <FileRuleRef RuleID="ID_DENY_WFC" />   
@ -1455,7 +1457,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <CiSigners /> 
  <HvciOptions>0</HvciOptions> 
  </SiPolicy>
-  
+
  ```
 <br />