From c9766eefa956eaeeaa14ccc4ce920e47d13af587 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:02:03 +0200 Subject: [PATCH 1/5] Add info about next version https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10051 --- ...e-guard-signing-portal-in-microsoft-store-for-business.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index 7311563492..cc73221cbc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -26,6 +26,9 @@ ms.technology: windows-sec - Windows 11 - Windows Server 2016 and above +> [!IMPORTANT] +> The existing web-based mechanism for the Device Guard Signing service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). More details can be found [here](https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing) and [here](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). + > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). @@ -47,4 +50,4 @@ Before you get started, be sure to review these best practices: 4. After the files are uploaded, click **Sign** to sign the code integrity policy. 5. Click **Download** to download the signed code integrity policy. - When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. \ No newline at end of file + When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. From 25d4a0950f71c2e502a375619ff982e6ea4613a0 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:31:25 +0200 Subject: [PATCH 2/5] add info https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10070 --- .../hello-hybrid-cert-new-install.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 893bb67c67..7fc2f3cb26 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -55,15 +55,17 @@ Windows Hello for Business must have a public key infrastructure regardless of t This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. +More details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [here](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). + +>[!NOTE] +>Never install a certificate authority on a domain controller in a production environment. + ### Lab-based public key infrastructure The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment. Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. ->[!NOTE] ->Never install a certificate authority on a domain controller in a production environment. - 1. Open an elevated Windows PowerShell prompt. 2. Use the following command to install the Active Directory Certificate Services role. ```PowerShell @@ -148,4 +150,4 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation 3. New Installation Baseline (*You are here*) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) -6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) \ No newline at end of file +6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) From 5c669bde762a84a0779e938a257c1e568a497a28 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 6 Jan 2022 10:22:46 +0200 Subject: [PATCH 3/5] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 7fc2f3cb26..c93d1abad1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -55,7 +55,7 @@ Windows Hello for Business must have a public key infrastructure regardless of t This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. -More details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [here](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). +For more details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services, see [Follow the Windows Hello for Business hybrid key trust deployment guide](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [Install the Certification Authority](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). >[!NOTE] >Never install a certificate authority on a domain controller in a production environment. From 618bad0a8532ac48d1b91b27b900844a7fe67dd7 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 6 Jan 2022 10:30:52 +0200 Subject: [PATCH 4/5] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-new-install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index c93d1abad1..05d4a7b317 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -57,8 +57,8 @@ This guide assumes most enterprises have an existing public key infrastructure. For more details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services, see [Follow the Windows Hello for Business hybrid key trust deployment guide](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [Install the Certification Authority](/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). ->[!NOTE] ->Never install a certificate authority on a domain controller in a production environment. +> [!NOTE] +> Never install a certificate authority on a domain controller in a production environment. ### Lab-based public key infrastructure From 03c95d0f0909232244c48b4ccd5e0204a03ed74f Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 6 Jan 2022 11:35:47 +0200 Subject: [PATCH 5/5] Update windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...vice-guard-signing-portal-in-microsoft-store-for-business.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index cc73221cbc..5956abbc56 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -27,7 +27,7 @@ ms.technology: windows-sec - Windows Server 2016 and above > [!IMPORTANT] -> The existing web-based mechanism for the Device Guard Signing service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). More details can be found [here](https://docs.microsoft.com/en-us/windows/msix/package/signing-package-device-guard-signing) and [here](https://docs.microsoft.com/en-us/microsoft-store/device-guard-signing-portal). +> The existing web-based mechanism for the Device Guard Signing Service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](/microsoft-store/device-guard-signing-portal). For more details, see [Sign an MSIX package with Device Guard signing](/windows/msix/package/signing-package-device-guard-signing) and [Device Guard signing](/microsoft-store/device-guard-signing-portal). > [!NOTE] > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).