deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #85 from MicrosoftDocs/master

Browse Source 
Public contributions to live publish 4/30
This commit is contained in:
Dani Halfin 2019-04-30 15:04:31 -07:00 committed by GitHub
commit eeed3e28f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 42 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
browsers/edge/includes/allow-tab-preloading-include.md
View File

@ -35,8 +35,9 @@ ms:topic: include
- **Data type:** Integer
#### Registry settings
- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
- **Value name:** AllowTabPreloading
- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
- **Create Value name:** AllowPrelaunch
- **Value type:** REG_DWORD
- **DWORD Value:** 1
<hr>

1
devices/surface/windows-autopilot-and-surface-devices.md
View File

@ -7,7 +7,6 @@ ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
author: brecords
ms.date: 09/12/2018
ms.author: jdecker
ms.topic: article
---

2
mdop/mbam-v25/client-event-logs.md
View File

@ -13,7 +13,7 @@ ms.date: 06/16/2016
# Client Event Logs
MBAM Client event logs are located in Event Viewer Applications and Services Logs Microsoft Windows MBAM - Operational path.
The following table contains event IDs that can occur on the MBAM Client.
<table>

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -109,7 +109,7 @@ $sharedPC.KioskModeAUMID = ""
$sharedPC.KioskModeUserTileDisplayText = ""
$sharedPC.InactiveThreshold = 0
Set-CimInstance -CimInstance $sharedPC
Get-CimInstance -Namespace $namespaceName -ClassName MDM_SharedPC
Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName MDM_SharedPC
```
### Create a provisioning package for shared use

2
windows/deployment/windows-10-enterprise-subscription-activation.md
View File

@ -65,7 +65,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
- Azure Active Directory (Azure AD) available for identity management.
- Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported.
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
>[!NOTE]
>An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.

30
windows/hub/release-information.md
View File

@ -1,30 +0,0 @@
---
title: Windows 10 - release information
description: Learn release information for Windows 10 releases
keywords: ["Windows 10", "Windows 10 October 2018 Update"]
ms.prod: w10
layout: LandingPage
ms.topic: landing-page
ms.mktglfcycl: deploy
ms.sitesec: library
author: lizap
ms.author: elizapo
ms.localizationpriority: high
---
# Windows 10 release information
Feature updates for Windows 10 are released twice a year, targeting March and September, via the Semi-Annual Channel (SAC) and will be serviced with monthly quality updates for 18 months from the date of the release. We recommend that you begin deployment of each SAC release immediately to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
>[!NOTE]
>If you are not using Windows Update for Business today, the "Semi-Annual Channel (Targeted)" servicing option has no impact on when your devices will be updated. It merely reflects a milestone for the semi-annual release, the period of time during which Microsoft recommends that your IT team make the release available to specific, "targeted" devices for the purpose of validating and generating data in order to get to a broad deployment decision. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
<div class="m-rich-content-block" data-grid="col-12">
<div id="winrelinfo" xmlns="http://www.w3.org/1999/xhtml"><iframe width="100%" height="866px" id="winrelinfo_iframe" src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto"></iframe></div>
<script src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/iframe.js" xmlns="http://www.w3.org/1999/xhtml"></script>
<script xmlns="http://www.w3.org/1999/xhtml">/*<![CDATA[*/winrelinfo_setup("https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html")/*]]>*/</script>
</div>

31
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -116,7 +116,7 @@ Before you continue with the deployment, validate your deployment progress by re
The service account used for the device registration server depends on the domain controllers in the environment.
>[!NOTE]
>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
> Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
### Windows Server 2012 or later Domain Controllers
@ -146,7 +146,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
## Configure the Active Directory Federation Service Role
>[!IMPORTANT]
>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
> Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
### Windows Server 2012 or later Domain Controllers
@ -275,7 +275,8 @@ Sign-in a certificate authority or management workstations with _domain administ
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**. Adjust the validity and renewal period to meet your enterprises needs.
6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
> [!NOTE]
>[!NOTE]
> The preceding step is very important. Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate. You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list.
@ -360,6 +361,30 @@ Active Directory Federation Server used for Windows Hello for Business certifica
Approximately 60 days prior to enrollment agent certificates expiration, the AD FS service attempts to renew the certificate until it is successful. If the certificate fails to renew, and the certificate expires, the AD FS server will request a new enrollment agent certificate. You can view the AD FS event logs to determine the status of the enrollment agent certificate.
### Service Connection Point (SCP) in Active Directory for ADFS Device Registration Service
Now you will add the Service connection Point to ADFS device registration Service for your Active directory by running the following script:
>[!TIP]
> Make sure to change the $enrollmentService and $configNC variables before running the script.
```Powershell
# Replace this with your Device Registration Service endpoint
$enrollmentService = "enterpriseregistration.contoso.com"
# Replace this with your Active Directory configuration naming context
$configNC = "CN=Configuration,DC=corp,DC=contoso,DC=org"
$de = New-Object System.DirectoryServices.DirectoryEntry
$de.Path = "LDAP://CN=Device Registration Configuration,CN=Services," + $configNC
$deSCP = $de.Children.Add("CN=62a0ff2e-97b9-4513-943f-0d221bd30080", "serviceConnectionPoint")
$deSCP.Properties["keywords"].Add("enterpriseDrsName:" + $enrollmentService)
$deSCP.CommitChanges()
```
>[!NOTE]
> You can save the modified script in notepad and save them as "add-scpadfs.ps1" and the way to run it is just navigating into the script path folder and running .\add-scpAdfs.ps1.
>
## Additional Federation Servers
Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm.

4
windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
View File

@ -56,7 +56,7 @@ A TPM can be configured to have multiple PCR banks active. When BIOS is performi
- Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
- DWORD: TPMActivePCRBanks<br>
- Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br>
- Defines which PCR banks are currently active. (This value should be interpreted as a bitmap for which the bits are defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 21 of Revision 1.27.)<br>
Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met.
@ -64,7 +64,7 @@ You can identify which PCR bank is currently used by Windows by looking at the r
- Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
- DWORD: TPMDigestAlgID<br>
- Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br>
- Algorithm ID of the PCR bank that Windows is currently using. (This value represents an algorithm identifier as defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 3 of Revision 1.27.)<br>
Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted.

3
windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
View File

@ -143,6 +143,9 @@ If you have enabled cloud-delivered protection, Windows Defender AV will send fi
4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following:
1. Double-click **Allow real-time definition updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
> [!NOTE]
> "Allow notifications to disable definitions based reports" enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work.
## Related topics

5
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -503,7 +503,4 @@ If you can reproduce a problem, please increase the logging level, run the syste
### Installation issues
If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. You can also contact _**xplatpreviewsupport@microsoft.com**_ for support on onboarding issues.
For feedback on the preview, contact: _**mdatpfeedback@microsoft.com**_.
If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.

2
windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
View File

@ -36,6 +36,6 @@ Your environment needs the following software to run Windows Defender Applicatio
|Software|Description|
|--------|-----------|
|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Education edition, version 1709 or higher<br>Windows 10 Pro Education edition, version 1803 or higher|
|Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher|
|Browser|Microsoft Edge and Internet Explorer|
|Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[System Center Configuration Manager](https://docs.microsoft.com/sccm/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|

3
windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
View File

@ -104,8 +104,7 @@ Alternatively, the team leader might assign the alert to the **Resolved** queue
## Alert classification
You can choose not to set a classification, or specify if an alert is a true alert or a false alert.
You can choose not to set a classification, or specify whether an alert is a true alert or a false alert. It's important to provide the classification of true positive/false positive. This classification is used to monitor alert quality, and make alerts more accurate. The "determination" field defines additional fidelity for a "true positive" classification.
## Add comments and view the history of an alert
You can add comments and view historical events about an alert to see previous changes made to the alert.