From d758662d056186c937c075e3b1c87402f655b7f8 Mon Sep 17 00:00:00 2001 From: Ed Gallagher Date: Tue, 12 Mar 2019 17:39:37 -0500 Subject: [PATCH 01/54] Added info for Microsoft 365 trials Hope my formatting is OK --- windows/deployment/deploy-m365.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md index 9803bd8551..21539f8910 100644 --- a/windows/deployment/deploy-m365.md +++ b/windows/deployment/deploy-m365.md @@ -32,6 +32,14 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor ## Free trial account +**If you already have a Microsoft services subscription account and access to the Microsoft 365 Admin Center** + +From the [Microsoft 365 Admin Center](https://portal.office.com), go to Billing and then Purchase services. +In the Enterprise Suites section of the service offerings, you will find Microsoft 365 E3 and Microsoft 365 E5 tiles. +There are "Start Free Trial" options available for your selection by hovering your mouse over the tiles. + +**If you do not already have a Microsoft services subscription** + You can check out the Microsoft 365 deployment advisor and other resources for free! Just follow the steps below. 1. Obtain a free EMS 90-day trial by visiting the following link. Provide your email address and answer a few simple questions. From a7a596ba80ce92d205f3a276c330dde9a21333d9 Mon Sep 17 00:00:00 2001 From: ancamartin2000 Date: Mon, 1 Apr 2019 16:44:20 +0300 Subject: [PATCH 02/54] Update deploy-enterprise-licenses.md We are getting a lot of calls generated in Support because the customers use slmgr /dli or slmgr /dlv to pull the license information when they use E3/E5 activation and get the default Windows 10 Pro key which for them is a problem and think that the client has been downgraded from Ent to Pro. We need this information public until slmgr /dli or /dlv will be able to pull the E3/E5 information so we avoid more calls being generated. --- windows/deployment/deploy-enterprise-licenses.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index bfd84c39bb..afc9f144c2 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -181,6 +181,12 @@ You can verify the Windows 10 Enterprise E3 or E5 subscription in **Settings &g If there are any problems with the Windows 10 Enterprise E3 or E5 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process. +>[!NOTE] +>If you use slmgr /dli or /dlv commands to retrieve the activation information for the Windows 10 E3 or E5 license, the license information displayed will be the following:
+>Name: Windows(R), Professional edition
+>Description: Windows(R) Operating System, RETAIL channel
+>Partial Product Key: 3V66T
+ ## Virtual Desktop Access (VDA) Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx). From 016d6f1370e8e41310637e5bd0250805a67972c5 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 2 Apr 2019 21:10:59 +0500 Subject: [PATCH 03/54] Updated the doc Under requirements, Windows 10 pro or enterprise version 1703 doesn't need to be activated before applying Win10E3 license. --- .../deployment/windows-10-enterprise-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index 767a8c0724..a8baa55101 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -63,7 +63,7 @@ The following figure illustrates how deploying Windows 10 has evolved with each For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following: -- Windows 10 (Pro or Enterprise) version 1703 or later installed and **activated** on the devices to be upgraded. +- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. - Azure Active Directory (Azure AD) available for identity management. - Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported. From f8092de5dde1cc3a26ce09262c9c75a1f81b8d2e Mon Sep 17 00:00:00 2001 From: Ken Withee Date: Tue, 2 Apr 2019 22:25:16 +0500 Subject: [PATCH 04/54] Update windows/deployment/windows-10-enterprise-subscription-activation.md Co-Authored-By: joinimran <47118050+joinimran@users.noreply.github.com> --- .../deployment/windows-10-enterprise-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index a8baa55101..e0170f19f7 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -63,7 +63,7 @@ The following figure illustrates how deploying Windows 10 has evolved with each For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following: -- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. +- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. - Azure Active Directory (Azure AD) available for identity management. - Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported. From e695aa27cc873e95147daa0312133543ed5a0c3c Mon Sep 17 00:00:00 2001 From: Ken Withee Date: Tue, 2 Apr 2019 22:27:34 +0500 Subject: [PATCH 05/54] Update windows/deployment/windows-10-enterprise-subscription-activation.md Co-Authored-By: joinimran <47118050+joinimran@users.noreply.github.com> --- .../deployment/windows-10-enterprise-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md index e0170f19f7..a8baa55101 100644 --- a/windows/deployment/windows-10-enterprise-subscription-activation.md +++ b/windows/deployment/windows-10-enterprise-subscription-activation.md @@ -63,7 +63,7 @@ The following figure illustrates how deploying Windows 10 has evolved with each For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following: -- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. +- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. - Azure Active Directory (Azure AD) available for identity management. - Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported. From 0adfcc789e14f16f7a3481906e923801c01beeeb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 5 Apr 2019 11:25:54 +0500 Subject: [PATCH 06/54] Update waas-servicing-channels-windows-10-updates.md --- .../update/waas-servicing-channels-windows-10-updates.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 7a7dfcc5d0..011ca23e5a 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -26,7 +26,7 @@ ms.topic: article > >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB, CBB and LTSB may still be displayed in some of our products. -Semi-Annual Channel (Targeted) is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition of Windows 10. +Semi-Annual Channel is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition of Windows 10. | Windows 10 edition | Semi-Annual Channel (Targeted) | Semi-Annual Channel | Long-Term Servicing Channel | Insider Program | | --- | --- | --- | --- | --- | @@ -44,6 +44,9 @@ Semi-Annual Channel (Targeted) is the default servicing channel for all Windows >[!NOTE] >The LTSB edition of Windows 10 is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). +>[!NOTE] +>Semi-Annual Channel (Targeted) should be used only by the customers that are using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). For those, who doesn't use Windows Update for Business, Semi-Annual Channel (Targeted) would be the same as Semi-Annual Channel. + ## Assign devices to Semi-Annual Channel >[!IMPORTANT] From 1dbbc8d73a0022918cbfff64d4dff2a99ff68d00 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 5 Apr 2019 16:28:47 +0500 Subject: [PATCH 07/54] update waas-servicing-channels-windows-10-updates.md --- .../update/waas-servicing-channels-windows-10-updates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index 011ca23e5a..37103745b0 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -26,7 +26,7 @@ ms.topic: article > >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB, CBB and LTSB may still be displayed in some of our products. -Semi-Annual Channel is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition of Windows 10. +Semi-Annual Channel is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each Windows 10 edition. | Windows 10 edition | Semi-Annual Channel (Targeted) | Semi-Annual Channel | Long-Term Servicing Channel | Insider Program | | --- | --- | --- | --- | --- | @@ -45,7 +45,7 @@ Semi-Annual Channel is the default servicing channel for all Windows 10 devices >The LTSB edition of Windows 10 is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). >[!NOTE] ->Semi-Annual Channel (Targeted) should be used only by the customers that are using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). For those, who doesn't use Windows Update for Business, Semi-Annual Channel (Targeted) would be the same as Semi-Annual Channel. +>Semi-Annual Channel (Targeted) should be used only by the customers that are using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). For those, who don't use Windows Update for Business, Semi-Annual Channel (Targeted) would be the same as Semi-Annual Channel. ## Assign devices to Semi-Annual Channel From 142a32d0d22b1b48de6d7e20b6c61cc66afd868f Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Sat, 6 Apr 2019 14:57:39 -0600 Subject: [PATCH 08/54] Resolution of Issue#3010 --- .../windows-autopilot/windows-autopilot-reset-remote.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md index 30fb733eb0..35e9c89940 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md @@ -34,5 +34,8 @@ To trigger a remote Windows Autopilot Reset via Intune, follow these steps: >[!NOTE] >The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher. +>[!IMPORTANT] +>To use the Autopilot Reset option your device must be enrolled in a Autopilot Device. + Once the reset is complete, the device is again ready for use. \ No newline at end of file From 158273c576ea385754927afed4484c54f0eefb0e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 8 Apr 2019 17:17:28 +0500 Subject: [PATCH 09/54] Update windows-autopilot-reset-remote.md, issue 3129 --- .../deployment/windows-autopilot/windows-autopilot-reset.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md index 1a5c9e982d..78eca0eb39 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md @@ -33,6 +33,9 @@ Windows Autopilot Reset will block the user from accessing the desktop until thi >[!IMPORTANT] >To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. +>[!NOTE] +>The Autopilot Reset does not support Hybrid Azure AD joined devices. + ## Scenarios Windows Autopilot Reset supports two scenarios: From 314077b598740c475577eba7a405d1d522dc7f88 Mon Sep 17 00:00:00 2001 From: Ken <1176431+kenjohnson03@users.noreply.github.com> Date: Mon, 8 Apr 2019 12:50:06 -0500 Subject: [PATCH 10/54] Adding information on Request Filtering Documenting the application requirement. --- mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md index 500b84672e..2d7e4cedbf 100644 --- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md +++ b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md @@ -311,7 +311,9 @@ If you already registered SPNs on the machine account rather than in an applicat -  +## Required Request Filtering Settings + + 'Allow unlisted file name extensions' is required for the application to operate as expected. This can be found by navigating to the 'Microsoft BitLocker Administration and Monitoring' -> Request Filtering -> Edit Feature Settings. ## Related topics From b830241eaca993e6e8bb2ec79ec17ed8aaf52344 Mon Sep 17 00:00:00 2001 From: mapalko Date: Thu, 11 Apr 2019 17:15:33 -0700 Subject: [PATCH 11/54] Updating typo for face FAR Updating the False Accept rate for facial recognition to add a percentage to the measure. --- .../hello-for-business/hello-biometrics-in-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index e4763d7e10..9944384ccb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -71,7 +71,7 @@ To allow fingerprint matching, you must have devices with fingerprint sensors an ### Facial recognition sensors To allow facial recognition, you must have devices with integrated special infrared (IR) sensors and software. Facial recognition sensors use special cameras that see in IR light, letting them tell the difference between a photo and a living person while scanning an employee’s facial features. These sensors, like the fingerprint sensors, must also include anti-spoofing measures (required) and a way to configure them (optional). -- False Accept Rate (FAR): <0.001 +- False Accept Rate (FAR): <0.001% - False Reject Rate (FRR) without Anti-spoofing or liveness detection: <5% From 3bf78ee0eda0f9e9cbf8e6a3c4378efacb8cb75b Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 16 Apr 2019 14:54:11 +0300 Subject: [PATCH 12/54] updated info https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3043 --- windows/security/threat-protection/auditing/event-4769.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index ea200b936f..80ecab0c4b 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -224,7 +224,7 @@ The most common values: | 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. | | 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. | | 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. | -| 0x1B | KDC\_ERR\_SVC\_UNAVAILABLE | KDC is unavailable | No information. | +| 0x1B | KDC\_ERR\_MUST\_USE\_USER2USER | Server principal valid for user2user only | This error occurs because the service is missing an SPN. | | 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. | | 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. | | 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. | From d920b413f3d6cd1b72aff64e0311b08899524b74 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Tue, 16 Apr 2019 15:10:58 +0300 Subject: [PATCH 13/54] added missing link https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2885 --- .../hello-for-business/hello-how-it-works-provisioning.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index f07f4f199a..b07e28edda 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -28,6 +28,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Azure AD joined provisioning in a Federated environment](#azure-ad-joined-provisioning-in-a-federated-environment)
[Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment)
[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-managed-environment)
+[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-federated-environment)
[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-managed-environment)
[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment)
[Domain joined provisioning in an On-premises Key Trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment)
From f55ee9850eff684a3b21e4698764aa057905a0bb Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 16 Apr 2019 17:32:45 +0500 Subject: [PATCH 14/54] update windows-update-logs.md --- windows/deployment/update/windows-update-logs.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md index b65bcc0c93..df6c14cfbf 100644 --- a/windows/deployment/update/windows-update-logs.md +++ b/windows/deployment/update/windows-update-logs.md @@ -141,3 +141,5 @@ There are different identifiers for the same update in different contexts. It’ - Small integers (especially in Datastore) can be local IDs ![Windows Update inconsisten terminology](images/update-inconsistent.png) +## Windows Setup log files analysis using SetupDiag tool +SetupDiag is a diagnostic tool that can be used for analysis of logs related to installation of Windows Updates. For detailed information, see [SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag). From 95c71345490466d1200e79fe2a232029ba151769 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Tue, 16 Apr 2019 10:08:11 -0500 Subject: [PATCH 15/54] Update windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md committed Co-Authored-By: j0rt3g4 --- .../windows-autopilot/windows-autopilot-reset-remote.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md index 35e9c89940..9c670473dc 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md @@ -35,7 +35,7 @@ To trigger a remote Windows Autopilot Reset via Intune, follow these steps: >The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher. >[!IMPORTANT] ->To use the Autopilot Reset option your device must be enrolled in a Autopilot Device. +>To use the Autopilot Reset option, your device must be enrolled in an Autopilot device. Once the reset is complete, the device is again ready for use. - \ No newline at end of file + From df7289a5adb6aa2456e15e4f5c9f5a0076cf3e50 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 17 Apr 2019 11:28:53 +0300 Subject: [PATCH 16/54] Updated article https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2741 --- .../volume-activation-management-tool.md | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index 172989517e..1880d0e682 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -15,17 +15,12 @@ ms.topic: article The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems: -- Windows® 7 -- Windows 8 -- Windows 8.1 -- Windows 10 -- Windows Server 2008 R2 -- Windows Server® 2012 -- Windows Server 2012 R2 +- Windows® 7 or above +- Windows Server 2008 R2 or above + **Important**   -VAMT is designed to manage volume activation for: Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Microsoft Office 2010, and Microsoft Office 2013. Computers installed with volume editions of -**Windows XP** or **Windows Server 2003** cannot be managed using VAMT. However, Office 2010 and Office 2013 products installed on these two operating systems can still be managed. +VAMT is designed to manage volume activation for: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 (or obove), Microsoft Office 2010 (or above). VAMT is only available in an EN-US (x86) package. @@ -42,4 +37,4 @@ VAMT is only available in an EN-US (x86) package. |[Manage VAMT Data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. | |[VAMT Step-by-Step Scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. | |[VAMT Known Issues](vamt-known-issues.md) |Lists known issues in VAMT. | -  \ No newline at end of file +  From 42391abd07e2c634d35b7c4cc362f462f8e0819b Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Wed, 17 Apr 2019 13:20:28 +0200 Subject: [PATCH 17/54] Update audit-windows-defender-exploit-guard.md Fixed typo. --- .../audit-windows-defender-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 5d82fb8254..2207d2015d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -27,7 +27,7 @@ You might want to do this when testing how the features will work in your organi While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled. -You can use Windows Defender Advanced Threat Protection to get greater deatils for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). +You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. From dc5844156b051ab77630d48561ffaae287a87aca Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 18 Apr 2019 17:20:08 +0500 Subject: [PATCH 18/54] update hello-hybrid-cert-trust-prereqs.md --- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 6f443cff4f..fe7785ecb6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind ## Directory Synchronization ## The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory. -Organizations using older directory synchronization technology, such as DirSync or Azure AD sync need to upgrade to Azure AD Connect +Organizations using older directory synchronization technology, such as DirSync or Azure AD sync need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). ### Section Review > [!div class="checklist"] From c8ff0194c9ec222cf465e678e372143986c813bc Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Thu, 18 Apr 2019 17:43:45 +0200 Subject: [PATCH 19/54] Update deploy-a-windows-10-image-using-mdt.md Change is a solution requested by community, this one was evaluated to be correct. fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/797 and https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2400 --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 1750d67101..da352844e5 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -606,7 +606,7 @@ In these steps, you generate offline media from the MDT Production deployment sh Offline media has its own rules, its own Bootstrap.ini and CustomSettings.ini files. These files are stored in the Control folder of the offline media; they also can be accessed via properties of the offline media in the Deployment Workbench. -1. On MDT01, using File Explorer, copy the CustomSettings.ini file from the **E:\\MDTBuildLab\\Control** folder to **E:\\MDTOfflineMedia\\Content\\Deploy\\Control**. Overwrite the existing files. +1. On MDT01, using File Explorer, copy the CustomSettings.ini file from the **E:\MDTProduction\Control** folder to **E:\\MDTOfflineMedia\\Content\\Deploy\\Control**. Overwrite the existing files. 2. Using Deployment Workbench, in the **MDT Production / Advanced Configuration / Media** node, right-click the **MEDIA001** media, and select **Properties**. 3. In the **General** tab, configure the following: 1. Clear the Generate x86 boot image check box. From 5ebbd331f8da75154b2f71246a672ceccd11b3d7 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Thu, 18 Apr 2019 13:50:06 -0700 Subject: [PATCH 20/54] Update windows-autopilot-and-surface-devices.md Per CI 100376 - Update list of supported autopilot devices --- .../surface/windows-autopilot-and-surface-devices.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index baef69db7c..2126074cb7 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -41,11 +41,16 @@ Support for broad deployments of Surface devices using Windows Autopilot, includ ### Surface device support Surface devices with support for out-of-box deployment with Windows Autopilot, enrolled during the purchase process with a Surface partner, include the following devices, where the devices ship from the factory with Windows 10 Version 1709: -* Surface Pro (Model 1796) + +* Surface Pro (5th gen) +* Surface Laptop(1st gen) +* Surface Studio (1st gen) +* Surface Pro 6 * Surface Book 2 -* Surface Laptop -* Surface Studio +* Surface Laptop 2 +* Surface Studio 2 * Surface Go +* Surface Go with LTE Advanced ## Surface partners enabled for Windows Autopilot Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management. From 71ea4a62698b1368f7ae820318cd5153653ec8bf Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Fri, 19 Apr 2019 13:59:58 +0300 Subject: [PATCH 21/54] Update windows/security/threat-protection/auditing/event-4769.md Co-Authored-By: VLG17 <41186174+VLG17@users.noreply.github.com> --- windows/security/threat-protection/auditing/event-4769.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index 80ecab0c4b..4387af7e0b 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -224,7 +224,7 @@ The most common values: | 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.
This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. | | 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. | | 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. | -| 0x1B | KDC\_ERR\_MUST\_USE\_USER2USER | Server principal valid for user2user only | This error occurs because the service is missing an SPN. | +| 0x1B | KDC\_ERR\_MUST\_USE\_USER2USER | Server principal valid for user2user only | This error occurs because the service is missing an SPN. | | 0x1F | KRB\_AP\_ERR\_BAD\_INTEGRITY | Integrity check on decrypted field failed | The authenticator was encrypted with something other than the session key. The result is that the client cannot decrypt the resulting message. The modification of the message could be the result of an attack or it could be because of network noise. | | 0x20 | KRB\_AP\_ERR\_TKT\_EXPIRED | The ticket has expired | The smaller the value for the “Maximum lifetime for user ticket” Kerberos policy setting, the more likely it is that this error will occur. Because ticket renewal is automatic, you should not have to do anything if you get this message. | | 0x21 | KRB\_AP\_ERR\_TKT\_NYV | The ticket is not yet valid | The ticket presented to the server is not yet valid (in relationship to the server time). The most probable cause is that the clocks on the KDC and the client are not synchronized.
If cross-realm Kerberos authentication is being attempted, then you should verify time synchronization between the KDC in the target realm and the KDC in the client realm, as well. | From b6edc22eec65f324e4cfa60000a89e6d87d7a3eb Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 20 Apr 2019 02:57:34 +0200 Subject: [PATCH 22/54] Deployment/Planning: add Sdbinst.exe usage info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Proposed changes: - add Windows Server 2016 to the **Applies to** list - insert sample output from the command Sdbinst.exe /? with description line above the code block - rearrange the command options conventions line so it matches the command output more closely - move the 2 bottom entries in the table to the top to match the command line order more closely Ref. closed issue #1259 --- .../using-the-sdbinstexe-command-line-tool.md | 47 +++++++++++++------ 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md index 5ecbefe38b..e1c1d22bc7 100644 --- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md +++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md @@ -20,6 +20,7 @@ ms.topic: article - Windows 8.1 - Windows 8 - Windows 7 +- Windows Server 2016 - Windows Server 2012 - Windows Server 2008 R2 @@ -29,10 +30,28 @@ After you deploy and store the customized databases on each of your local comput ## Command-Line Options for Deploying Customized Database Files +Sample output from the command `Sdbinst.exe /?` in an elevated CMD window: -The command-line options use the following conventions. +``` +Microsoft Windows [Version 10.0.14393] +(c) 2016 Microsoft Corporation. All rights reserved. -Sdbinst.exe \[-q\] \[-?\] \[-u\] \[-g\] \[-p\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\] +C:\Windows\system32>Sdbinst.exe /? +Usage: Sdbinst.exe [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name" + + -? - print this help text. + -p - Allow SDBs containing patches. + -q - Quiet mode: prompts are auto-accepted. + -u - Uninstall. + -g {guid} - GUID of file (uninstall only). + -n "name" - Internal name of file (uninstall only). + +C:\Windows\system32>_ +``` + +The command-line options use the following conventions: + +Sdbinst.exe \[-?\] \[-p\] \[-q\] \[-u\] \[-g\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\] The following table describes the available command-line options. @@ -49,6 +68,18 @@ The following table describes the available command-line options. +

-?

+

Displays the Help for the Sdbinst.exe tool.

+

For example,

+

sdbinst.exe -?

+ + +

-p

+

Allows SDBs installation with Patches

+

For example,

+

sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb

+ +

-q

Performs a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).

For example,

@@ -72,18 +103,6 @@ The following table describes the available command-line options.

For example,

sdbinst.exe -n "My_Database"

- -

-?

-

Displays the Help for the Sdbinst.exe tool.

-

For example,

-

sdbinst.exe -?

- - -

-p

-

Allows SDBs installation with Patches

-

For example,

-

sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb

- From a194ffcab5c30935c2c9cf8b1759af5add184ab3 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 20 Apr 2019 05:16:19 +0200 Subject: [PATCH 23/54] Windows Autopilot: WDAP/WPAD typo correction Simple typo correction: - WPAD (Web Proxy Auto-Discovery) was misspelled as WDAP Closes #3283 --- windows/deployment/windows-autopilot/user-driven-hybrid.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md index c084916d3e..d69c5869ba 100644 --- a/windows/deployment/windows-autopilot/user-driven-hybrid.md +++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md @@ -32,7 +32,7 @@ To perform a user-driven hybrid AAD joined deployment using Windows Autopilot: - The device must be connected to the Internet and have access to an Active Directory domain controller. - The Intune Connector for Active Directory must be installed. - Note: The Intune Connector will perform an on-prem AD join, therefore users do not need on-prem AD-join permission, assuming the Connector is [configured to perform this action](https://docs.microsoft.com/intune/windows-autopilot-hybrid#increase-the-computer-account-limit-in-the-organizational-unit) on the user's behalf. -- If using Proxy, WDAP Proxy settings option must be enabled and configured. +- If using Proxy, WPAD Proxy settings option must be enabled and configured. **AAD device join**: The hybrid AAD join process uses the system context to perform device AAD join, therefore it is not affected by user based AAD join permission settings. In addition, all users are enabled to join devices to AAD by default. From 6a0c5a0b0c89e7de940fb67e9be265a58e72c88c Mon Sep 17 00:00:00 2001 From: Karam Masri <38573128+karammasri@users.noreply.github.com> Date: Sun, 21 Apr 2019 17:06:35 +0400 Subject: [PATCH 24/54] Fix typo in one header Fix typo in the header for Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment --- .../hello-for-business/hello-how-it-works-provisioning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index f07f4f199a..7a78620f74 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -56,7 +56,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, |C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration. Azure DRS validates MFA claim remains current. On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns key ID to the application which signals the end of user provisioning and the application exits.| [Return to top](#windows-hello-for-business-provisioning) -## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed envrionment +## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment ![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed ennvironment](images/howitworks/prov-haadj-keytrust-managed.png) | Phase | Description | From 917d4f4a2c24fd41ac9d152ab483519a7ae03133 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 21 Apr 2019 19:55:06 +0500 Subject: [PATCH 25/54] update hello-hybrid-cert-trust-prereqs.md --- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index fe7785ecb6..6352ba7a55 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind ## Directory Synchronization ## The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory. -Organizations using older directory synchronization technology, such as DirSync or Azure AD sync need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). +Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). ### Section Review > [!div class="checklist"] From bea32f775f477fafa2c7b26a39dae4d5ffb70bbc Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Sun, 21 Apr 2019 23:58:07 -0500 Subject: [PATCH 26/54] Rephased adding @Neckross comment --- .../windows-autopilot/windows-autopilot-reset-remote.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md index 9c670473dc..944a9d05d9 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md @@ -35,7 +35,7 @@ To trigger a remote Windows Autopilot Reset via Intune, follow these steps: >The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher. >[!IMPORTANT] ->To use the Autopilot Reset option, your device must be enrolled in an Autopilot device. +>To use the Autopilot Reset (preview) option, your device **must be** reset using Autopilot *(either using Fresh Reset or manually sysprep the device)*, in any other case the feature will stay **grayed out**. Once the reset is complete, the device is again ready for use. From 0c352a4ea552c976cf9e181532a5b797d3123516 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Mon, 22 Apr 2019 20:14:33 +0800 Subject: [PATCH 27/54] Updated metadata to new article author Based on email update from PR #3253. --- .../evaluate-attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index 93e5640492..cb40850d1e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -9,8 +9,8 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: andreabichsel -ms.author: v-anbic +author: @Justinha +ms.author: justinha ms.date: 04/02/2019 --- From 1b5ddb772d53c141bdbe05fb626bc3f076942d65 Mon Sep 17 00:00:00 2001 From: cchapin2020 <49560354+cchapin2020@users.noreply.github.com> Date: Mon, 22 Apr 2019 15:47:20 -0400 Subject: [PATCH 28/54] Update credential-guard-manage.md The Microsoft Virtual Academy site is being retired, removed references to the training video. --- .../credential-guard/credential-guard-manage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 626de0ca3e..9dad63b443 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -21,7 +21,7 @@ ms.date: 03/01/2019 - Windows 10 - Windows Server 2016 -Prefer video? See [Windows Defender Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Windows Defender Credential Guard video series. + ## Enable Windows Defender Credential Guard Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-credential-guard-by-using-group-policy), the [registry](#enable-credential-guard-by-using-the-registry), or the Windows Defender Device Guard and Windows Defender Credential Guard [hardware readiness tool](#hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. From affc48bae7141eeb7df6211a65d08bd2ebde2aa1 Mon Sep 17 00:00:00 2001 From: cchapin2020 <49560354+cchapin2020@users.noreply.github.com> Date: Mon, 22 Apr 2019 15:49:27 -0400 Subject: [PATCH 29/54] Update credential-guard-requirements.md Microsoft Virtual Academy is being site is being shutdown 4/30/19 --- .../credential-guard/credential-guard-requirements.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 01d5a2d5a7..efceecd400 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -21,9 +21,6 @@ ms.date: 01/12/2018 - Windows 10 - Windows Server 2016 -Prefer video? See -[Windows Defender Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) -in the Deep Dive into Windows Defender Credential Guard video series. For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). From 349382d69fcd3f1ce86ac791a604913c3d6779cc Mon Sep 17 00:00:00 2001 From: cchapin2020 <49560354+cchapin2020@users.noreply.github.com> Date: Mon, 22 Apr 2019 15:52:18 -0400 Subject: [PATCH 30/54] Update credential-guard-how-it-works.md Microsoft Virtual Academy site is being shut down 4/30/19, removed link to video --- .../credential-guard/credential-guard-how-it-works.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md index 0e10a79093..a588960870 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md @@ -22,8 +22,6 @@ ms.date: 08/17/2017 - Windows Server 2016 -Prefer video? See [Windows Defender Credential Guard Design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) in the **Deep Dive into Windows Defender Credential Guard** video series. - Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. @@ -46,4 +44,4 @@ Here's a high-level overview on how the LSA is isolated by using virtualization- [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) -[Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) \ No newline at end of file +[Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) From f2bdc70846d12e378e4e23f7215eb8aa57f94a4a Mon Sep 17 00:00:00 2001 From: JasonJiachengZhao <48364192+JasonJiachengZhao@users.noreply.github.com> Date: Mon, 22 Apr 2019 15:15:55 -0700 Subject: [PATCH 31/54] Adding information about Device owner to the table Adding information about Device owner to the table --- .../active-directory-security-groups.md | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 0b2f989db7..4fa0568986 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -3692,6 +3692,69 @@ This security group was introduced in Windows Server 2012, and it has not chang +### Device Owners +This group is currently unused on Windows. + +Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group. + +The Device Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
AttributeValue

Well-Known SID/RID

S-1-5-32-583

Type

BuiltIn Local

Default container

CN=BuiltIn, DC=<domain>, DC=

Default members

None

Default member of

None

Protected by ADMINSDHOLDER?

No

Safe to move out of default container?

Can be moved out but it is not recommended

Safe to delegate management of this group to non-Service admins?

No

Default User Rights

[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight

+

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

+

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

+

[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege

+
+ + ## See also - [Security Principals](security-principals.md) From ef68c23f38a3b2648ef427208e7bb73868c49454 Mon Sep 17 00:00:00 2001 From: lomayor Date: Mon, 22 Apr 2019 15:22:32 -0700 Subject: [PATCH 32/54] Update detect-block-potentially-unwanted-apps-windows-defender-antivirus.md --- ...nwanted-apps-windows-defender-antivirus.md | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md index 37859694d9..3d7368b36a 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md @@ -20,9 +20,9 @@ ms.date: 10/02/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network. +The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network. -These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation. +These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation. Typical PUA behavior includes: @@ -37,25 +37,17 @@ These applications can increase the risk of your network being infected with mal ## How it works -PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions: +Windows Defender Antivirus blocks detected PUA files and attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantined. -- The file is being scanned from the browser -- The file is in a folder with "**downloads**" in the path -- The file is in a folder with "**temp**" in the path -- The file is on the user's desktop -- The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%* - -The file is placed in the quarantine section so it won't run. - -When a PUA is detected on an endpoint, the endpoint will present a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:"). +When a PUA is detected on an endpoint, Windows Defender Antivirus presents a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:"). They will also appear in the usual [quarantine list in the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). ## View PUA events -PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune. +PUA events are reported in the Windows Event Viewer, but not in System Center Configuration Manager or Intune. -Hoever, PUA detections will be reported if you have set up email notifications for detections. +You can turn on email notifications for PUA detections. See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160. From 1bb2ae1c809f39068a8da672bae1ae30ef566f91 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 22 Apr 2019 15:39:19 -0700 Subject: [PATCH 33/54] Update active-directory-security-groups.md --- .../active-directory-security-groups.md | 209 +++++++++--------- 1 file changed, 108 insertions(+), 101 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 4fa0568986..acdc4ccc99 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -258,279 +258,286 @@ The following tables provide descriptions of the default groups that are located

Yes

+

[Device Owners](#bkmk-device-owners)

+

Yes

+

Yes

+

Yes

+

Yes

+ +

[Distributed COM Users](#bkmk-distributedcomusers)

Yes

Yes

Yes

Yes

- +

[DnsUpdateProxy](#bkmk-dnsupdateproxy)

Yes

Yes

Yes

Yes

- +

[DnsAdmins](#bkmk-dnsadmins)

Yes

Yes

Yes

Yes

- +

[Domain Admins](#bkmk-domainadmins)

Yes

Yes

Yes

Yes

- +

[Domain Computers](#bkmk-domaincomputers)

Yes

Yes

Yes

Yes

- +

[Domain Controllers](#bkmk-domaincontrollers)

Yes

Yes

Yes

Yes

- +

[Domain Guests](#bkmk-domainguests)

Yes

Yes

Yes

Yes

- +

[Domain Users](#bkmk-domainusers)

Yes

Yes

Yes

Yes

- +

[Enterprise Admins](#bkmk-entadmins)

Yes

Yes

Yes

Yes

- +

[Enterprise Key Admins](#bkmk-enterprise-key-admins)

Yes

- +

[Enterprise Read-only Domain Controllers](#bkmk-entrodc)

Yes

Yes

Yes

Yes

- +

[Event Log Readers](#bkmk-eventlogreaders)

Yes

Yes

Yes

Yes

- +

[Group Policy Creator Owners](#bkmk-gpcreatorsowners)

Yes

Yes

Yes

Yes

- +

[Guests](#bkmk-guests)

Yes

Yes

Yes

Yes

- +

[Hyper-V Administrators](#bkmk-hypervadministrators)

Yes

Yes

Yes

- +

[IIS_IUSRS](#bkmk-iis-iusrs)

Yes

Yes

Yes

Yes

- +

[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)

Yes

Yes

Yes

Yes

- +

[Key Admins](#key-admins)

Yes

- +

[Network Configuration Operators](#bkmk-networkcfgoperators)

Yes

Yes

Yes

Yes

- +

[Performance Log Users](#bkmk-perflogusers)

Yes

Yes

Yes

Yes

- +

[Performance Monitor Users](#bkmk-perfmonitorusers)

Yes

Yes

Yes

Yes

- +

[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)

Yes

Yes

Yes

Yes

- +

[Print Operators](#bkmk-printoperators)

Yes

Yes

Yes

Yes

- +

[Protected Users](#bkmk-protectedusers)

Yes

Yes

- +

[RAS and IAS Servers](#bkmk-rasandias)

Yes

Yes

Yes

Yes

- +

[RDS Endpoint Servers](#bkmk-rdsendpointservers)

Yes

Yes

Yes

- +

[RDS Management Servers](#bkmk-rdsmanagementservers)

Yes

Yes

Yes

- +

[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)

Yes

Yes

Yes

- +

[Read-only Domain Controllers](#bkmk-rodc)

Yes

Yes

Yes

Yes

- +

[Remote Desktop Users](#bkmk-remotedesktopusers)

Yes

Yes

Yes

Yes

- +

[Remote Management Users](#bkmk-remotemanagementusers)

Yes

Yes

Yes

- +

[Replicator](#bkmk-replicator)

Yes

Yes

Yes

Yes

- +

[Schema Admins](#bkmk-schemaadmins)

Yes

Yes

Yes

Yes

- +

[Server Operators](#bkmk-serveroperators)

Yes

Yes

Yes

Yes

- +

[Storage Replica Administrators](#storage-replica-administrators)

Yes

- +

[System Managed Accounts Group](#system-managed-accounts-group)

Yes

- +

[Terminal Server License Servers](#bkmk-terminalserverlic)

Yes

Yes

Yes

Yes

- +

[Users](#bkmk-users)

Yes

Yes

Yes

Yes

- +

[Windows Authorization Access Group](#bkmk-winauthaccess)

Yes

Yes

Yes

Yes

- +

[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)

Yes

@@ -1208,6 +1215,68 @@ This security group includes the following changes since Windows Server 2008: +### Device Owners +This group is not currently used in Windows. + +Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group. + +The Device Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
AttributeValue

Well-Known SID/RID

S-1-5-32-583

Type

BuiltIn Local

Default container

CN=BuiltIn, DC=<domain>, DC=

Default members

None

Default member of

None

Protected by ADMINSDHOLDER?

No

Safe to move out of default container?

Can be moved out but it is not recommended

Safe to delegate management of this group to non-Service admins?

No

Default User Rights

[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight

+

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

+

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

+

[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege

+
+   ### Distributed COM Users @@ -3692,68 +3761,6 @@ This security group was introduced in Windows Server 2012, and it has not chang -### Device Owners -This group is currently unused on Windows. - -Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group. - -The Device Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable). - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeValue

Well-Known SID/RID

S-1-5-32-583

Type

BuiltIn Local

Default container

CN=BuiltIn, DC=<domain>, DC=

Default members

None

Default member of

None

Protected by ADMINSDHOLDER?

No

Safe to move out of default container?

Can be moved out but it is not recommended

Safe to delegate management of this group to non-Service admins?

No

Default User Rights

[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight

-

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

-

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

-

[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege

-
- ## See also From a3d41c84b1845fa4d33861daaa1c671583605dfb Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 22 Apr 2019 15:40:55 -0700 Subject: [PATCH 34/54] fixed link --- .../access-control/active-directory-security-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index acdc4ccc99..9774114146 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -1215,7 +1215,7 @@ This security group includes the following changes since Windows Server 2008: -### Device Owners +### Device Owners This group is not currently used in Windows. Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group. From 766dda89285804ffbe27b800a957c40e69f96559 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 22 Apr 2019 15:41:45 -0700 Subject: [PATCH 35/54] Update active-directory-security-groups.md --- .../access-control/active-directory-security-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 9774114146..defad633eb 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -1215,7 +1215,7 @@ This security group includes the following changes since Windows Server 2008: -### Device Owners +### Device Owners This group is not currently used in Windows. Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group. From e3225ed6c03e1afd5a65678ed105ac5d2bedf634 Mon Sep 17 00:00:00 2001 From: cchapin2020 <49560354+cchapin2020@users.noreply.github.com> Date: Mon, 22 Apr 2019 21:22:29 -0400 Subject: [PATCH 36/54] Update credential-guard-manage.md --- .../credential-guard/credential-guard-manage.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 9dad63b443..188d69a0d2 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -22,7 +22,6 @@ ms.date: 03/01/2019 - Windows Server 2016 - ## Enable Windows Defender Credential Guard Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-credential-guard-by-using-group-policy), the [registry](#enable-credential-guard-by-using-the-registry), or the Windows Defender Device Guard and Windows Defender Credential Guard [hardware readiness tool](#hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The same set of procedures used to enable Windows Defender Credential Guard on physical machines applies also to virtual machines. From 49643e920b9d482ea000da75634c3598de117ce9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 23 Apr 2019 09:46:00 +0500 Subject: [PATCH 37/54] update hello-hybrid-cert-trust-prereqs.md remove locale in the link --- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 6352ba7a55..c4df1a7a09 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind ## Directory Synchronization ## The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory. -Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). +Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). ### Section Review > [!div class="checklist"] From 8aa1c792323bf9a90ce9e53913f86461b9f3149a Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 23 Apr 2019 04:25:09 -0500 Subject: [PATCH 38/54] Applying suggested change https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3191#discussion_r277222532 --- .../windows-autopilot/windows-autopilot-reset-remote.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md index 944a9d05d9..9664a998cd 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md @@ -35,7 +35,7 @@ To trigger a remote Windows Autopilot Reset via Intune, follow these steps: >The Autopilot Reset option will not be enabled in Microsoft Intune for devices not running Windows 10 build 17672 or higher. >[!IMPORTANT] ->To use the Autopilot Reset (preview) option, your device **must be** reset using Autopilot *(either using Fresh Reset or manually sysprep the device)*, in any other case the feature will stay **grayed out**. +>The feature for Autopilot Reset (preview) will stay grayed out, **unless** you reset the device using Autopilot (either using Fresh Reset or manually sysprep the device). Once the reset is complete, the device is again ready for use. From f8f32b28ec115175bf844d7bb4ad3d21ab5c05d8 Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Tue, 23 Apr 2019 11:34:40 +0200 Subject: [PATCH 39/54] Update audit-windows-defender-exploit-guard.md Added info about where to find audited entries. --- .../audit-windows-defender-exploit-guard.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 2207d2015d..1c4e998102 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -27,6 +27,8 @@ You might want to do this when testing how the features will work in your organi While the features will not block or prevent apps, scripts, or files from being modified, the Windows Event Log will record events as if the features were fully enabled. This means you can enable audit mode and then review the event log to see what impact the feature would have had were it enabled. +To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**. + You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Windows Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. From dea52100a963fe75d6ab28fbbe6cccafe96e5adc Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 24 Apr 2019 11:10:39 +0500 Subject: [PATCH 40/54] update get-started-with-microsoft-education.md --- .../get-started/get-started-with-microsoft-education.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index 6df81f8b27..c57aa58776 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -32,7 +32,7 @@ Hello, IT administrators! In this walkthrough, we'll show you how you can quickl - **Microsoft Teams** to bring conversations, content, and apps together in one place and create collaborate classrooms, connect in professional learning communities, and communicate with school staff - **Learning Tools** are moving beyond the OneNote desktop app and is now available in Office Lens, OneNote Online, Word Online, and Word desktop - **Whiteboard** to create interactive lessons on the big screen, share and collaborate real-time by connecting to Class Notebook and Classroom -- **Windows 10, version 1703 (Creators Update)** which brings 3D for everyone and other new and updated Windows features +- **Windows 10, version 1703 or later** which brings 3D for everyone and other new and updated Windows features - **Minecraft: Education Edition** which provides an open and immersive environment to promote creativity, collaboration, and problem-solving With Microsoft Education, schools can: @@ -60,11 +60,11 @@ Click the link to watch the video or follow the step-by-step guidance for each. ## Prerequisites Complete these tasks before you start the walkthrough: -- Make sure all the devices that you want to configure, such as student PCs, have the latest Windows 10, version 1703 image installed. +- Make sure all the devices that you want to configure, such as student PCs, have Windows 10 (version 1703 or later) image installed. - We recommend Windows 10, version 1703 to take advantage of all the new features and functionality that Windows supports. This version of Windows is also compatible with the latest version of the Set up School PCs app and the versions must match in order for Set up School PCs to provision the devices. + We recommend Windows 10, version 1703 or later, to take advantage of all the new features and functionality that Windows supports. This version of Windows is also compatible with the latest version of the Set up School PCs app and the versions must match in order for Set up School PCs to provision the devices. - If you don't have Windows 10, version 1703 installed on your devices, we recommend upgrading. This process takes a while so start this task before proceeding with this walkthrough. + If you don't have Windows 10, version 1703 or later, installed on your devices, we recommend upgrading. This process takes a while so start this task before proceeding with this walkthrough. - Have an education-verified tenant to qualify for an Office 365 for Education subscription. You also need to be education-verified to use School Data Sync and Intune for Education. From 68facc1d3555123b35667c849d56a3c3dd62bdc2 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 24 Apr 2019 12:19:18 +0500 Subject: [PATCH 41/54] update surface-enterprise-management-mode.md --- devices/surface/surface-enterprise-management-mode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index e42a925b72..0f888bcc93 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -154,7 +154,7 @@ Packages created with the Microsoft Surface UEFI Configurator tool are signed wi * **Key Length** – 2048 * **Hash Algorithm** – SHA-256 * **Type** – SSL Server Authentication -* **Key Usage** – Key Encipherment +* **Key Usage** – Digital signature, Key Encipherment * **Provider** – Microsoft Enhanced RSA and AES Cryptographic Provider * **Expiration Date** – 15 Months from certificate creation * **Key Export Policy** – Exportable From 6ae34f512b2ef01e000c272b1d8035a15e31facd Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Wed, 24 Apr 2019 16:21:02 +0800 Subject: [PATCH 42/54] finish --- .../windows-autopilot/windows-autopilot-reset-remote.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md index 30fb733eb0..ae2b7cd13c 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md @@ -21,7 +21,7 @@ ms.topic: article When performing a remote Windows Autopilot Reset, an MDM service such an Microsoft Intune can be used to initiate the reset process, avoiding the need for IT staff or other administrators to visit each machine to initiate the process. -To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed, joined to Azure AD, and configured to use the [enrollment status page](enrollment-status.md). +To enable a device for a remote Windows Autopilot Reset, the device must be MDM managed, joined to Azure AD, and configured to use the [enrollment status page](enrollment-status.md). This feature is not supported on devices that were enrolled using [Autopilot self deploying mode](self-deploying.md). ## Triggering a remote Windows Autopilot Reset From 7e6b1b4bd709fde0a0d7d7507cd1c37055f3a526 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 24 Apr 2019 17:20:22 +0500 Subject: [PATCH 43/54] update windows-10-1803-removed-features.md --- windows/deployment/planning/windows-10-1803-removed-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md index 8afb576298..9a42ba6489 100644 --- a/windows/deployment/planning/windows-10-1803-removed-features.md +++ b/windows/deployment/planning/windows-10-1803-removed-features.md @@ -33,7 +33,7 @@ We've removed the following features and functionalities from the installed prod |Language control in the Control Panel| Use the Settings app to change your language settings.| |HomeGroup|We are removing [HomeGroup](https://support.microsoft.com/help/17145) but not your ability to share printers, files, and folders.

When you update to Windows 10, version 1803, you won't see HomeGroup in File Explorer, the Control Panel, or Troubleshoot (**Settings > Update & Security > Troubleshoot**). Any printers, files, and folders that you shared using HomeGroup **will continue to be shared**.

Instead of using HomeGroup, you can now share printers, files and folders by using features that are built into Windows 10:
- [Share your network printer](https://www.bing.com/search?q=share+printer+windows+10)
- [Share files in File Explorer](https://support.microsoft.com/help/4027674/windows-10-share-files-in-file-explorer) | |**Connect to suggested open hotspots** option in Wi-Fi settings |We previously [disabled the **Connect to suggested open hotspots** option](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) and are now removing it from the Wi-Fi settings page. You can manually connect to free wireless hotspots with **Network & Internet** settings, from the taskbar or Control Panel, or by using Wi-Fi Settings (for mobile devices).| -|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image. If you have XPS Viewer and you update to Windows 10, version 1803, there's no action required. You'll still have XPS Viewer.

However, if you install Windows 10, version 1803, on a new device (or as a clean installation), you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| +|XPS Viewer|We're changing the way you get XPS Viewer. In Windows 10, version 1709 and earlier versions, the app is included in the installation image.

However, if you install Windows 10, version 1803, you may need to [install XPS Viewer from **Apps and Features** in the Settings app](https://docs.microsoft.com/windows/application-management/add-apps-and-features) or through [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). If you had XPS Viewer in Windows 10, version 1709, but manually removed it before updating, you'll need to manually reinstall it.| ## Features we’re no longer developing From 79c80229763ee047828ac6629f15ef6dee22c231 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 24 Apr 2019 18:44:52 +0200 Subject: [PATCH 44/54] Update wip-learning.md Removed mention of OMS and added reference and links to Device Health (First Draft) https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3236 --- .../wip-learning.md | 48 +++++++------------ 1 file changed, 17 insertions(+), 31 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 6574cf15e2..a27df17dfa 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -24,7 +24,7 @@ ms.date: 02/26/2019 - Windows 10, version 1703 and later - Windows 10 Mobile, version 1703 and later -With WIP Learning, you can intelligently tune which apps and websites are included in your WIP policy to help reduce disruptive prompts and keep it accurate and relevant. WIP Learning generates two reports: The **App learning report** and the **Website learning report**. Both reports are accessed from Microsoft Azure Intune, and you can alternately access the App learning report from Microsoft Operations Management Suite (OMS). +With WIP Learning, you can intelligently tune which apps and websites are included in your WIP policy to help reduce disruptive prompts and keep it accurate and relevant. WIP Learning generates two reports: The **App learning report** and the **Website learning report**. Both reports can be accessed from Microsoft Azure Intune. The **App learning report** monitors your apps, not in policy, that attempt to access work data. You can identify these apps using the report and add them to your WIP policies to avoid productivity disruption before fully enforcing WIP with [“Block”](protect-enterprise-data-using-wip.md#bkmk-modes) mode. Frequent monitoring of the report will help you continuously identify access attempts so you can update your policy accordingly. @@ -44,59 +44,45 @@ In the **Website learning report**, you can view a summary of the devices that h ![Image showing the UI with for app and website learning reports](images/wip-learning-select-report.png) -Once you have the apps and websites showing up in the WIP Learning logging reports, you can decide whether to add them to your app protection policies. Next, we'll look at how to do that in Operations Management Suite (OMS). +Once you have the apps and websites showing up in the WIP Learning logging reports, you can decide whether to add them to your app protection policies. -## View the WIP app learning report in Microsoft Operations Management Suite +## Use the WIP section of Device Health -From Intune, you can open OMS by choosing **WIP in the OMS console**. Then you can view the WIP App learning blade to monitor access events per app, and devices that have reported WIP access events: +You can use Device Health to adjust your WIP protection policy. See [Using Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-using#windows-information-protection) to learn more. -![View in Intune of the link to OMS](images/wip-in-oms-console-link.png) - -If you don't have OMS linked to your Microsoft Azure Account, and want to configure your environment for Windows Analytics: Device Health, see [Get Started with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-get-started) for more information. - ->[!NOTE] ->Intune has a 14 day data retention capacity, while OMS offers better querying capabilities and longer data retention. +If you want to configure your environment for Windows Analytics: Device Health, see [Get Started with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-get-started) for more information. Once you have WIP policies in place, by using the WIP section of Device Health, you can: - Reduce disruptive prompts by adding rules to allow data sharing from approved apps. - Tune WIP rules by confirming that certain apps are allowed or denied by current policy. -![Main Windows Information Protection view](images/oms-wip-app-learning-tile.png) +>[!NOTE] +> Until January 2019 it was possible to manage WIP functions using the Microsoft Operations Management Suite (OMS) but OMS has now been retired. -The **APP LEARNING** tile shows details of app statistics that you can use to evaluate each incident and update app policies by using WIP AppIDs. +## Use Device Health and Intune to adjust WIP protection policy -![Details view](images/WIPNEW1-chart-selected-sterile.png) +The information needed for the following steps can be found using Device Health, which you will first have to set up. Learn more about how you can [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). -In this chart view, you can see apps that have been used on connected devices which, when clicked on, will open additional details on the app, including details you need to adjust your WIP Policy: - -![Details view for a specific app](images/WIPappID-sterile.png) +1. In Device Health click the app you want to add to your policy and copy the publisher information. -Here, you can copy the **WipAppid** and use it to adjust your WIP protection policies. +2. In Intune, click **App protection policies** and then choose the app policy you want to add an application to. -## Use OMS and Intune to adjust WIP protection policy +3. Click **Protected apps**, and then click **Add Apps**. -1. Click the **APP LEARNING** tile in OMS, as described above, to determine which apps are being used for work so you can add those you choose to your WIP policy. - -2. Click the app you want to add to your policy and copy the publisher information from the app details screen. - -3. Back in Intune, click **App protection policies** and then choose the app policy you want to add an application to. - -4. Click **Protected apps**, and then click **Add Apps**. - -5. In the **Recommended apps** drop down menu, choose either **Store apps** or **Desktop apps**, depending on the app you've chosen (for example, an executable (EXE) is a desktop app). +4. In the **Recommended apps** drop down menu, choose either **Store apps** or **Desktop apps**, depending on the app you've chosen (for example, an executable (EXE) is a desktop app). ![View of drop down menu for Store or desktop apps](images/wip-learning-choose-store-or-desktop-app.png) -6. In **NAME** (optional), type the name of the app, and then in **PUBLISHER** (required), paste the publisher information that you copied in step 2 above. +5. In **NAME** (optional), type the name of the app, and then in **PUBLISHER** (required), paste the publisher information that you copied in step 1 above. ![View of Add Apps app info entry boxes](images/wip-learning-app-info.png) -7. Type the name of the product in **PRODUCT NAME** (required) (this will probably be the same as what you typed for **NAME**). +6. Type the name of the product in **PRODUCT NAME** (required) (this will probably be the same as what you typed for **NAME**). -8. Back in OMS, copy the name of the executable (for example, snippingtool.exe) and then go back to Intune and paste it in **FILE** (required). +7. Copy the name of the executable (for example, snippingtool.exe) and paste it in **FILE** (required). -9. Go back to OMS one more time and note the version number of the app and type it in **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny** +8. Go back to OMS one more time and note the version number of the app and type it in **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny** When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes) From 8dcbc60a408b69eb8a6632f72589aae6c88ac434 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 24 Apr 2019 19:42:52 +0200 Subject: [PATCH 45/54] Update wip-learning.md removed note --- .../windows-information-protection/wip-learning.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index a27df17dfa..2a1fdf6a4b 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -57,9 +57,6 @@ Once you have WIP policies in place, by using the WIP section of Device Health, - Reduce disruptive prompts by adding rules to allow data sharing from approved apps. - Tune WIP rules by confirming that certain apps are allowed or denied by current policy. ->[!NOTE] -> Until January 2019 it was possible to manage WIP functions using the Microsoft Operations Management Suite (OMS) but OMS has now been retired. - ## Use Device Health and Intune to adjust WIP protection policy The information needed for the following steps can be found using Device Health, which you will first have to set up. Learn more about how you can [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). From a072fd77bcfe6b7f178de956f13a56a172b9b3e6 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 24 Apr 2019 19:51:56 +0200 Subject: [PATCH 46/54] Update wip-learning.md line 64 added emphasis --- .../windows-information-protection/wip-learning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 2a1fdf6a4b..583322bce4 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -61,7 +61,7 @@ Once you have WIP policies in place, by using the WIP section of Device Health, The information needed for the following steps can be found using Device Health, which you will first have to set up. Learn more about how you can [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). -1. In Device Health click the app you want to add to your policy and copy the publisher information. +1. In **Device Health** click the app you want to add to your policy and copy the publisher information. 2. In Intune, click **App protection policies** and then choose the app policy you want to add an application to. From 9b4b7bdfc6d2b0a8f1fab86f44f409b22c29f28e Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 24 Apr 2019 19:56:11 +0200 Subject: [PATCH 47/54] Update wip-learning.md line 82 removed a reference to OMS --- .../windows-information-protection/wip-learning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 583322bce4..ac03b13f23 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -79,7 +79,7 @@ The information needed for the following steps can be found using Device Health, 7. Copy the name of the executable (for example, snippingtool.exe) and paste it in **FILE** (required). -8. Go back to OMS one more time and note the version number of the app and type it in **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny** +8. Tyoe the version number of the app into **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny** When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes) From 2f9ae5687b24794e0a451225d59a7761a9f7d6a6 Mon Sep 17 00:00:00 2001 From: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> Date: Thu, 25 Apr 2019 14:11:45 +0200 Subject: [PATCH 48/54] Update windows/security/information-protection/windows-information-protection/wip-learning.md Co-Authored-By: nenonix <39884432+nenonix@users.noreply.github.com> --- .../windows-information-protection/wip-learning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index ac03b13f23..bb80483994 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -79,7 +79,7 @@ The information needed for the following steps can be found using Device Health, 7. Copy the name of the executable (for example, snippingtool.exe) and paste it in **FILE** (required). -8. Tyoe the version number of the app into **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny** +8. Type the version number of the app into **MIN VERSION** in Intune (alternately, you can specify the max version, but one or the other is required), and then select the **ACTION**: **Allow** or **Deny** When working with WIP-enabled apps and WIP-unknown apps, it is recommended that you start with **Silent** or **Allow overrides** while verifying with a small group that you have the right apps on your allowed apps list. After you're done, you can change to your final enforcement policy, **Block**. For more information about WIP modes, see: [Protect enterprise data using WIP: WIP-modes](protect-enterprise-data-using-wip.md#bkmk-modes) From a373d504eb8a37c597a58a6c8958e70ce45fc96a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Apr 2019 08:51:00 -0700 Subject: [PATCH 49/54] added RMS and link --- .../create-wip-policy-using-sccm.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index bc6a097de4..5df397e284 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/22/2019 +ms.date: 04/26/2019 --- # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager @@ -480,6 +480,8 @@ After you've decided where your protected apps can access enterprise data on you - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions. + - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information, see [Choose to set up Azure Rights Management with WIP](create-wip-policy-using-intune-azure.md#choose-to-set-up-azure-rights-management-with-wip). + 2. After you pick all of the settings you want to include, click **Summary**. ## Review your configuration choices in the Summary screen From cd05923491cf120ac4b788804336f3c70ef4b536 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Apr 2019 09:28:43 -0700 Subject: [PATCH 50/54] added links to sections --- .../enable-attack-surface-reduction.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 7a4da07a33..c4e2d4430f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -11,14 +11,31 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic +ms.date: 04/26/2019 --- # Enable attack surface reduction rules [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) help prevent actions and apps that malware often uses to infect computers. You can set attack surface reduction rules for computers running Windows 10 or Windows Server 2019. +Each ASR rule contains three settings: + +* Not configured: Disable the ASR rule +* Block: Enable the ASR rule +* Audit: Evaluate how the ASR rule would impact your organization if enabled + To use ASR rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). These advanced capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules. +You can enable attack surface reduction rules by using any of the these methods: + +- [Microsoft Intune](#intune) +- [Mobile Device Management (MDM)](#mdm) +- [System Center Configuration Manager (SCCM)](#sccm) +- [Group Policy](#group-policy) +- [PowerShell](#powershell) + +Enterprise-level management such as Intune or SCCM is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup. + ## Exclude files and folders from ASR rules You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if an ASR rule determines the file or folder contains malicious behavior, it will not block the file from running. This could potentially allow unsafe files to run and infect your devices. @@ -43,24 +60,7 @@ ASR rules support environment variables and wildcards. For information about usi The following procedures for enabling ASR rules include instructions for how to exclude files and folders. -## Enable and audit attack surface reduction rules - -It's best to use an enterprise-level management platform like Intune or System Center Configuration Manager (SCCM) to configure ASR rules, but you can also use Group Policy, PowerShell, or third-party mobile device management (MDM) CSPs. - ->[!WARNING] ->If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy or PowerShell settings on startup. - -For a complete list of ASR rules, see [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md). - -Each ASR rule contains three settings: - -* Not configured: Disable the ASR rule -* Block: Enable the ASR rule -* Audit: Evaluate how the ASR rule would impact your organization if enabled - -For further details on how audit mode works and when to use it, see [Audit Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md). - -### Intune +## Intune 1. In Intune, select **Device configuration** > **Profiles**. Choose an existing endpoint protection profile or create a new one. To create a new one, select **Create profile** and enter information for this profile. For **Profile type**, select **Endpoint protection**. If you've chosen an existing profile, select **Properties** and then select **Settings**. @@ -72,7 +72,7 @@ For further details on how audit mode works and when to use it, see [Audit Windo 4. Select **OK** on the three configuration panes and then select **Create** if you're creating a new endpoint protection file or **Save** if you're editing an existing one. -### SCCM +## SCCM 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**. 1. Click **Home** > **Create Exploit Guard Policy**. @@ -81,7 +81,7 @@ For further details on how audit mode works and when to use it, see [Audit Windo 1. Review the settings and click **Next** to create the policy. 1. After the policy is created, click **Close**. -### Group Policy +## Group Policy >[!WARNING] >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy settings on startup. @@ -102,7 +102,7 @@ For further details on how audit mode works and when to use it, see [Audit Windo 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. -### PowerShell +## PowerShell >[!WARNING] >If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. @@ -153,7 +153,7 @@ For further details on how audit mode works and when to use it, see [Audit Windo >[!IMPORTANT] >Use `Add-MpPreference` to append or add apps to the list. Using the `Set-MpPreference` cmdlet will overwrite the existing list. -### MDM +## MDM Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule. From fe060b8d65eef37c053aa40a3af574482f3bdc8f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Apr 2019 11:15:34 -0700 Subject: [PATCH 51/54] added images and sccm steps --- ...-first-sight-windows-defender-antivirus.md | 19 +++++++++++++++++- .../defender/sccm-advanced-settings.png | Bin 0 -> 48212 bytes .../sccm-cloud-protection-service.png | Bin 0 -> 36313 bytes .../defender/sccm-real-time-protection.png | Bin 0 -> 39349 bytes 4 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png create mode 100644 windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png create mode 100644 windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index b5d15d6b55..863519b8c2 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 09/03/2018 +ms.date: 04/26/2019 --- # Enable block at first sight @@ -68,6 +68,23 @@ For more information about configuring Windows Defender Antivirus device restric For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus). +### Enable block at first sight with SCCM + +1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**. +1. Click **Home** > **Create Antimalware Policy**. +1. Enter a name and a description, and add these settings: + - **Real time protection** + - **Advanced** + - **Cloud Protection Service** +1. In the left column, click **Real time protection**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**. + ![Enable real-time protection](images/defender/wdav-protection-settings-wdsc.png) +1. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**. + ![Enable Advanced settings](images/defender/sccm-advanced-settings.png) +1. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds. + ![Enable Cloud Protection Service](images/defender/sccm-cloud-protection-service.png) +1. Click **OK** to create the policy. + + ### Confirm block at first sight is enabled with Group Policy 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**. diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png new file mode 100644 index 0000000000000000000000000000000000000000..1fb1745a5f0383cff1587117c289fdf04b382c08 GIT binary patch literal 48212 zcmb@u2UL?!w=b+BpdcVhQIH}aprBD{(yJ7u_l`<00@6ZF1f(cR6%hnNM`}Qt5Fi47 z>Agb;p|?;&O(4ma@V@7qubsQjUF&8oNb+Rz%*>wM_iyK;uC^K-4I9mc3m51#)K&B^ zT%aJmzSMbzigX3#LH&UAbkSR1P3b~;|DAQxo6C-hT8bAgRL0Ssy{06+zv`)O=6&J9 z4IlE~#aRa~{|gsj>l!MGhW^%@c)E1n2`hm>qLc^U+)V1_Z(4Kp6BG&4*}SWi41DUs zE%e&Dbr+xT@zBB$ApZK{OM5SXnOn%iDtrJ=jqER6~Mx#P6F_IsLud@`+uY}wZyiUHL$MxS2 zxzyzO@HiXnxYC}~gy#Aod4A6{(E!Ei2wGOpo`-eczgox19^KN;l(|m_PI@}24zN6} z1pX7HtrNUg-wYuXtC!HI-`l)zC026Ka0~OW>e(;kw!DJa+cAl6Y9+~PZsyC;f3P}x z{^X@Qt!TvWDpzuiUkv?`*CjROz!XXmQ3wsTU-Q8^f`0F;zS3Jtd&@CZ{X=q;b)>ip zhN2Q{7;E^;qi<2%jJW+l>9$*4UBcDWG376lSzMA}z%?E+LFlFHlXi=?9I zhl_uTs7Sp>-hLY6_N&(tiea~$AMfv+{gpW7mxu40O!QeQjM025GTJFwZJ>=cVZAq` zB)3wh-O21*Qx2vqUf%|d2Tu7hJ|B&zgB`D1v5usyWtgDLus%`+m?UZ5?LfM23xAF% z5%Ax4oNutfJ5obF<#lL@pPJ-3r8Lu9THV7gKhe+Hl|TiTdnCFmvl0+oih3p zBxub5w@Z9E13GB=2aZ_u|N167-l0sbgQ*;Dj=pcOQZP%pB-A$5bU-A^LZy0b$)v~~3nh*{_7g)HAap-JqF ziRU^1p2J?|5sdHi4_WdJ3`8C`8B<@eIh`H}M84{OLPKkMyzvq>t!O3Yd()3y;%kdb zaipq2U!AyKd49#l$VYgi8zp1&mTl0hU(FkGSM~T(G_6``qghz{lJOTJ-vU%L?ZzPz>h8ztLEU9V0SXLVvPqmi2)gSCeFJHK+XJEi22EUfi9@jj@9s1&C{Z9=D zlk9b~@-qPXm7Nn5qE{zCp2f>EPQx?K?A91*lA1zD%UB_#-5cdkH2_k^8-|8mrZ}3j z54up5hv$OtMh;z~3<3VJ&8pyBvQ+u&{;Y(G5I8jRda&g=BRbP$K3Dx)Z6zh7hOM;hf2(;GsRRt1PPQxx0UR zPFlh6&u{{|=cEU2IASAP6doG5I52p!FK}?6Qk6flq}{fw(DFp}uBGa)^+UnIXEcG9 zVcxK?7tD9N}@#^FeK7A;0eSJnRnl~Zs&m2m- zu0Zlb72}Aki^6OsLb_bsp3xb_us(VgyB~U&K_XRn zKYQs56@{x1uyr9~zaR1x-|k^_;;`ZzUv4l@Wo$oJtwAOzPuk`B$Fjp55ky_=GZ4B( z&9`E=QVlSd1U~Q=;P%w{)mL%hL%RvG(+{RiR%47>rgPFXuoh{Wq*t;u;)vTX6Ixkz z_{l16h-vN7-p1;nLMVAf(Xp`!FwXO@3=RGH_ch#OU2gKEIda#S&IkQupr9mQ;Mr*V z{|v#&(xd=vYQLQiTSBA zHj?t&yyf0>Xk0alPJ*2AHRHyhX=ELh({$Kv(tJZ6!z=&hTbLy1?8HA*DPLcaC*ko+ z711@I()dFF;K#p48a+r>b%*Kj>H4p~wE5(L{pK;Wuc8)l8q0RR|1_gTDjFDD?jP>Z z*azz_d?+ya{%tNMp_jrhOLd>%Nz9+q_E|@kXF7tl@jYCLWLkWlRVFL{k4;PgmtZv} zy07nbf99Kj>fYieljnhtBF_j$@5$s{Q~2(l#jU9H`?Fou7e7Q=Ef1Y&p9}e1c+#{C zt}&T+0vs8qrd9dv62JOqzyF0fH6OhmM*NfYGpo=-pUo)4seyWVBxC!< z6Gxlui>G-bmD=WFZ#{Ags%x0fnSoLSS*|uj`JvBE2=K+<`8UG$vf<+F)I(=l)1Awg z#q8LxCS@u;gbmSMq1rUC5iIgS$3Aa-RjbFI{|S93<=m!XfPc-ZPTq4LOO_}s<|#^0aSi?+Q-ZP#}6>=G-7IunOg z)TJv8I#r=*$SsYyP5N+KmuL`2 zQpbKO)SVESk380qmJ7^(Y~(-o0aAU)+;smth~$#o+`Wc@@AK^n6WGK%%&QR*G_T;WN~XH?-y*$7H=IKK%1jEs#F^u8d)X2v{C7uMJ4C}xsnFz1%`^n?;ynDcj|lQi(_Pq@C};QvLo@qfw5$Q7DR+z z8oD@$TNKbUxTv)7W!!5`3#wo!_G==DO6+AguBvkZHYhw3R;zhG%dK5ZVaw)(GS2;_ z-*pTvD(3g)tFAT|Za}M!CPt2V4kv6Beiw#9&xTejKJSPj8tLnIKx|WQB(i>H8u((- zCa+48;?nv-tT`_514t)}K58KQ#6gA69%mSrZ+u`r4NDq8^163*2qmh zAs?2TBD8P(&;*-m7w{OuCmWo)mx)WRN`nQWE`+`osilUTFweP2=%msVTgM@h8r z%<#RFWV_K+qDbPvpf9A=X^QM93^ebOI-=rFG+Y} zvS~2}FpqnsCE0-cyl4b4Xo>bU$x5lWc(<)V#1TIFuBx;@xh%&|)+*0P8eF7w#1nY9 zSoarhGu)T8A^~Fc8YU8f4HTc2i&PpA@iDVIadL$d`97R1u-DcETQv$Bv6&{!tsPkPi zrwv_;a2N6ZlPqN7iN_uG?|fi2t7~j@J2z%W#zlshw}mHUlVL|enUfoN9yIhdyrZD> zlO-$N|CxdO?`^22gznFRClV5l1)|0LQx?qY_2)ssx2%BA2IG7iYGgwBJk|v0IxRC= zT&|sdTW#<1=#`^q-oIiNkvD;%N>!oeJ{MnCMe9n0wo2gLz?e8x~n+z7r z6WGh)JH!3bbbT^!_+?jSOty8uA7r{~#vYi0I{0XSCfOIQqE!14T|1_YBPHwZ)0U35 z26e%8CC0~-)agR!8@->pa4X^&%@%*+az#m~5FP4qcUQsKJq@jh{)|YrUnJjmxK974 zy@Y12l~`VzJ>QQ4_7Rqfa`xfG%;$DJF96w}b7nzIuwGb0sGD8Sw29VuQE7uqivvbxd} zOi{8GMsqKHsTe24l7{H~VA)e~1YO_y{MAJUy2)KzdMRe>+QB2)fNPxt_3ovOzF~jw zuzP8_A%uL=CZ0Ta`X^|JUNXm}?yj%cA-W6V(Ek7AfYN47UfgIQQHYapBG5ZLdosj@ zecia+C;y(cY3;dx3vIz^DFulx)9m^BU3D1?t0#Ml2B3|EhhG)%vp%o<^#deQwEf2^ zl|Rrqgf*bV7GZq)wL+%RHU9GTjEl2cKMkJF2x3RFF>3-`e+LLN@=6PiAY-krkJ>h8 z?L9JJ0zrUy-D`esy2iDDh0FtnS^(XjD;!7{^GV@}>sD7vB6n^i4&|)R-qdyCWc1(U zT_<_Knv3!d*tg{ zRu6wmQ0bml)LSm~o9HuIY7R|#hw<}l6yiz$^2&GcNxMnBGRtcX3wQ1tOR-^&1Ro|# z*pUoR!WH*`#l91Qgi8B&_jYz0qEsVcg|boZjh2V*e&P|om}Fh@)7jm2i489Zm=J)> z_(U=lv9(RNa}|8lwY)#KLfy_D5HwaERaHxfi_1j=;poD>4HGyU0F3R?dO*^+9ClT* zs-e;Cm<84s!VEK~Q8xeJiCaCtcUn;ksFL*=FrGbFMT?670EZI|wEoKD*qKHTcI5E# zyRHZ#1t37tLI)CZrXy3xS_@rYw*}J%Z}trCllfPhB=rv8nfWh(SD8_txPrHU3oC=b zxf;~|))hPe`p*{>o+kJh*mMbeY}B#ay>kZf+?2MCWw*w9HLjh|ogm=&rowiT`%}>N_K?iE`_thQT*;_nj7WT zO|c~pJmXvX2Z~?Kr#eE>7ZynWi?|ok=y^VD3IQ41o6V?1OCXHs!u{A*S_p^*;2#Mj zhX_Bp$hSN?@E*5)0WJD7w=uTrd)*VuJ}@6+6U3I%jMK8jbxZ7_AZPr|K3M0otqI6q z6G$MvjRCsmD7`soH+3L*9A{PslG+iJA@(_X;@9VaOvTRVE{hNY;Yd^AIA#2xbpWyJ zwS4=<%>j_hj^`A5U)mM23gUp<)F*BeWVx32QE~fdz15-+o8vZ6`iS0ELF{QrF!lV| zHZR$XZQ>4V3D_C$iCvQik58%qmMu4Ja8!gBlvh%qGEs$)`cJEwO_3!oc(K%S^Q3%a zeUfJteq_d|LY8>o?ZO69yK7xxqy9VM>po>fe%{oZ?sRY`enr4p0?Qc*_L1t)eV*?W zGOLVImh65@sOx|bEA9b|@bqSrbF&S>5Y=_pEh-67%DRMp>iX9In4V9dS0#2eLg z65RgK_A9=iX6xC}Li(^SiF4@R146dUg0(5Hm^244Z@EtFwyr{ZXc;bu@V7{IJ)?{f zQ&rsN3vMSkZ$FqUw+f&!ffMMed@gkT=&2K#LpY%uU=mt{6a*uwkUL{r+b@8|7DX6wbr%}O5VHHN!A z4Ktaz{Or1lxR)M9zf-<6+YTa%yqUb01p>R@fjEuwq}Nv_edM0})4F16DCZ2vAvUGb zAeoQ|mff>y?7A6z;KdMvQqn=K!Ev_Ifl+(i{`?``6aP5sBl+OpsmGXvHRkpm{gFB@))y={9Ow>&|}Woj(D zCli^p_Wb%zHcg+<1Cj#FOlyz_ri1$r6dsR=iIis}spR%k2eJrLs*Y}9vQwmx)nl$i zN6!9RdmbU%iEpOvY?&+JX`+_2>_?2(G1twP%$HEVl>Qs?iU-Co4hy&i4gcugH>k2%@8^t)H-BiWMM2cyu` z65AmxU_wEzL$|~>d#Qh5XJ2={^7&8A-gj;nV>Y;6hujzcn3xVg<|}6a2XLpB=zU3> zZ*!{?PuHrR2FFQu)*s4IOMjg2KoGG%0)xgK6&ikt?w&Oam{r*Bm!TeS>|c>)GstLn zk4IIOeeG9bKlWZ1>L4B$x0$V0;L1}rcfMIgF>f9uBMzQH6~Q{+LXDtObkCYYQQq@L zvG~)qB@-R{wR+m!Q#*E3R2IC0Vq-(JqExZN72LexF*=A+JLK4vhI1}QsbPNrqo0r{ z?QEQv6@GETio%uPvdUOAQQp0%Z#1`Cx*nK!DMEr|JDOov`=x1!$HZf`-S=sJ&+*EY z3)}FSX_b0oWpOuR+e4Gg?#WH;#NE#kPK+@wA#UDR5gQC4Gahj6kSk{!7vp@Ozxvp8 ztOICQjUJu8D2C`#l@#$jz(BQY!rnZ1%>m5?W#{wd9A*%}Dzex+%Az0d?R%v5>kzW{ zrJ+X0*pIn`v#RYS&;%2FnHc`8KLrwspgt)*izQKW>ooSe_jLx(Mi2yU5@Oc^u=?x; zqToVYLFot_1{}odRlqGcAxWoa5v-bz%Risif5zb%Wqpkyko$E8QQXVj;xN4IZNvVG zMK8!pxYyaneXu}OCXA7A^aUsB|8~d3K+r@l&I0K?|SLnm)lemE_OY3Tw4}1u8-_5wQ zZ9z>fr>k8*>u>NLByt4sB5xUvC66Jo|I!!MkEQQ8O<7N5E8pS;!F%B+5Q|481y zuYFgjcJH$O-{->Peaw$c@a8}4M|t+I)Kl9AE^ql>!?6Sc;qD;0)ta3%b)prtoIVmp z2)f(pxD4#IUL7~z#7I-?w+}8JV$Yg3cxgfFwOOkYYn5Mc_&ZT1R;5$OkVi=@d6rWS zb#MWgWOLT?$=HZ6J=4;$bE2PtiN%~uWH2f`)20xA@%a!dJmo~kW z%-HeiK)%+)7r;`s6nfg8pnh>^Dbe}a!8pKDJEsVuyxtwuGz<3aMc-PY`GJc9BR41d zNUFm#e?WtXR5am79&(KcLgp(5UYu}Lt=9YQOHwy{R_s9UV`&F)*VK1z=~@p+(t5d3 zY)E{5)UoMUFsa&B>f=4}d<;b*(dxp};hiQ{h!=9z_bV#tw@F63j9gz~dNWE59*Fbg zw2emfrE&FfJD!tMX82-52o_`SdOzz$ewYeRsBK4VDihaO z^P{B=UCuUh^q(PL*r^E-XX3d6?wN}K1TxMZXR}%3 z7FZXi_lt+1AXjJ))r~8i3^!@l5M?gd9|Kk$Q3TY!|KGioMG*+zd+OIfUqUnukKwEA zOLPGyZRykd_fR-5H@D#HJD>@j#W5&I%$k5n`BBEei2Y%xk;QSswXKl^el-fTHwV)$ zd!*oslh3Gvx2M0Nz42cYMW-YJ2!v~D?bvD|S0UL_J z-L#X!Tm7`-I2dQwPX3t_T0spJ@a*dn5YZgSXOenU2`RdK-#g~#sxkeF{4?q%Lhdwr zQPyQO#c6yGsQ<${iyPmTPLX1`DBT7JsqhAbeq?IKERFbMTnFZUY1)9PY+#scnTGQA zX2bS`E~tDAH0`Yl3?D|Ca%NL(9C99>GsCQcXF!gFydc@As_X1YI&I|G8EIr7cBYI5f z+_sV2DPx-~AZlI4WXf`D;H8~o**<7K0+@;GkJPAAJ$?y_5p0!l5z6p;*c00?eNDL= zxWv`7%5jPvjdHr&P?GQq+q3frj*s}Umu(X)yKOWAB@VOe`lHx&8_{$pyYc}PaybRw zsS*p#o9uf(h-asVa$bdhnsd43m;bt=jzge-wV+K`O`ujINp8I0E95NNOu@77X5~v_ z3Bo;#b?J2W&I&yj(hA(OI_-e0+s$_zXp0saa$VzH{*kyb-cZKmVhy-bbY5FpE@Hz5 zmWFl#X-x;BjG7Dy(L4g{5n--V=-Mb7Y$Evh?}K|^jsCp$ACGbp^=cvB1Ejan+6=bW z!7V$&jBPE`Nz4vDV)8{B}?u)$6gL<0$bUcM{>2MQKteH%D`^J!u%sZdoW(zu~4n&Tl8M8|M;#QPhL(Ku^gDfA>_ z)%Fhd0j(4aJNqrkqu7Ujuz}JWV^u%9GEVuKQp=G4^2M zrPR^JaI;59bQqSL9Y_}&aM<*U9@1 zzy9@=i4aKh$ZiMaPSZxo={4_tRbti>0b+0dqbeny{`OF98PuE$kZ5Qv^yhmh5+ zEK-JX*daJ>7AmrXSlIdHApChWyT)LVtpW=$AjF;1Fu3czUC5f znf6dGzP^B9*?rE#Diq`0Mhx2N5X{nDVEfs0wYB|E@aI3i6%8&MUVW15w^IrVn)d;L z-`FR2f5Hmtew-aEP7J-vSNj%F_&qxI6Nxl?0iv6a zZ4~J-4AC!0iG`;d91+@e`R5h7n)|Uz25_^ys(xHJ05IrDZ|w)5&c~2yw@%ixm8B%F zwOlRp@Gi~vb3kAMC~~jF`tSkXI=tz7p74Ex?%9k7;-kmbsJ;<+ICF1`SG20P(?&_1 zvF#WqYUC^H@+3T{MvCRd5eWTW)@F9|?Jb%hM5YYY5>mPSRm@Jg|oPnw<3JAdCj%IOafipun|JNs&{ z07}EL&+MBC7SAKqClRZCQ{WGrqvI*5lU# z+1*0My^e0a84DdR&{Op=P!R=ETR>>Y2DwB}b>)8)}Eljzg2C_(OZ!hT{(<7L#*TT}rQv-6kF zUL&>1Dz2TeU8(vfD)BbLQXd{(j=C6<()y&?@%~4rkPa6H+Lv=Ui~Va| zk}Ir#rxpoNMNRp9em88=)-&n$1?;xREIs!GS#QS+_u_kX+vm~DVahu_%t+mAppZvw zr7?#h=5`JJ_T4xALik@_G&m8W%?$6Z?tU7Sbu3|KGPp{R70BVW{S?|dWPsEq4)&Q7 zEpm{F+hN65#VWF=3fWJf;!ClaC9sZa&9mbHv33m`zRACpQ>(uoe9?DoL*=GhaYUOm z^%W;<@k8X`St@MScRO^BV_ljjVJMzK`O#EWw!v{eZ6AB% z2(U##Sd!XcqZPueV`(jr51qU6;@4nDUf3n5tv8h(MUTX)*ArU4lu}W+S8omg>SgCJ zb2byURE3uME?v<|*j}r&;Y1a27wm<^4;W|qnOOewMs_O5Br19>o>W&Cirv-^e8b8s zm41+QW;eyAoF`BM0N&*!xq8^zkqPv;(R{qjx~5okTjHY~t^0Rx)=?2HD9p-07|f*I zl#YC0O<~X*h2n%}_wMZ#Mo|wezJ_yuT9$v+$YUZf$nf6pL2}r4**FC1f~xIz;5xM+ao7(YjGOwl|`Fd zbJ|G?Zw9fvJW?ksqod8i*k3hFy61J;Kb5u}nlwX0KFi(Act6`yU~5dNg|)T#OVKA@ z$>tg3H+B{hzHb~WhFv<8?vGJa@li;AaS!G9i7Vju)$>v`c1WkfLPfT&l{+*#_6{i* zk?b(1B z7EI-KgU^@{z$8_+gZK2iPY|qeT|d9TT|yWr$)8GcVWOS5wiaJGjQP{2Bvixr-(Eyx zAJe$-+cyZm{UIm2r&M>UU;JB6Ng~Hz2ehR$lLrh~efZ^=Tp2K%P`xWB43Nwe<{7qs zapb(BYvV)p=)oT+zEWR{`=h_uT^RDuD*<}3v*ZF_w3E%2a@MN`<{CfUI%t2-*uh^O zmoEi1AAiXHHnSOmJcc$}{1BYbH|4P34VBAey5Xlx(v>7+%=X=)3$}ktKMRb0^W9Xx z&S(GD$~R5X4Q>6d(-T_*vao|iJf5@+4ASghW2B1$RfGKxP`UiY=Egc_^D z5pyYZw_iS~cGq6TPpHMgA1e-VXO!!BUvcEk^#zjoi6<>lQmh7G)9m(;(y+)dUY*Z#bMi@&l8>lW zy%*&K)Mn>Q+dsj#r>Do^99HJ>FX4bJcEs(h8pNIN*~yrcKRIVkxy?Y8YTA*_zyk~T zp@l;%>0|nEU=!NP!QJBv;xL+2VtnNJnJg-FysX3{A@%Eba{pEB4?hx7pQQUgg7_ed zlTqI4%H!4V!$wsuc8Mm}u;0w?6p#>dU$+>-bNzeCA|Wbf(42eydHIwotgN7n=~ImJ z*b;=wgqyMZ6|CutW~cB#9%DE}j(YDqdEaYUldy6%Qhfi@Hp--td?ngpc9!H;(R>=> z`?e`G+fecu`LHOcFgwl9$Ao6oM5DYEkQ2@J>va&<>X@I1&DJ-8AJv#jZOJFA_92i! z-^0}jB+5KR`{k?yD)Ve}+r-+}IJn3CE|>Spd=0!P#fo{rD`M&qWV;kC2|7P0`|i*% z=gt@5)rks0(iB44x?jdTZ+B_e@x4Nd8ZS~N72GiRdw9XhdqJ?X)=#34Bv8^tfu$7r z+N?h%g>y&OZy5Ese^;#sHw8*!Tvy(2{>sf18)fC&2`f%rN+DI*mI`aj055E3OZq|f zFXOM1p>4xshS3bt4sfqNmm;uo2xr5c)xDc!*)ThD_#Ec)Q#B^p-L|?Wyg?+|R5)kc z$sApLl(zAX#({zrP@8)Iz=HiF?}hIGijI|1l3ef7z$ zljgS^XWi~^b1YxJ_WjyIt=waDX!As9>fUEEjb%2qCV0nmA1-f{m+aqnOBGrQOe|Tr zaap)EPa+{EO)KLd%PL5|-bLP-^N{UlL`Fj@vPQ3mTzlq8i1z205Q^9DF{wU0OK z4Y)4Tfud&ZQtMMFG!H%6v}gjA6Zhp)CGNmI?@dt41Bj+8)6^zE&elA zQBs@WGP&l#7%&NI>5aC14qP3`y|+l?gCbO{E9LRue#`zZF$|~=jh^73)Op9JUx3gC zj&9!y-WU`3q;5N94(+&ff}Eg>yPNx{csjjT(xqxKn1BvYTR$tAWmPcQjg)7AheZ|8Reb!LECeVWJ7Vr>IwdF z>1o%~rQ7%``SFIPx$DhkbDEMxzi9>lx4Gp({mm>A&dEgU@B{KYy?sSmarTgCkNyC2 z)zeH}i}A|E{_c`%8BpF^<|JwB^SLay{E{$qXVWOVx7ghAnzX|?7g;^KW6N|f_o{xO zS*FSTS+jj!g?;%3+8O$2Yv=D1viJ@q)G&mGt$Xp|eOU6P6K|L+JvILa_orm>wXg~Y z@M3YYyTlz{QrTC8^*J&`np-q3db;6_M1e&>DJuu?mg=BEWEar038;vH+E>2bKz2i^ z<^MhPWZM&(r?=`p1-mgG&d@Auz>_UGVgesm$@<-$nW`ny)K5EzMJ(iWL3t)Hbhnw_ z9??4Ta$0>~5L|nA)xk!#{LeNGbG+ki@5zH%XjUCS_B?6Wz^`w$`d%AO3@q z>1osFu)#~kh7Z*FZankb{H~ELdsjz+MxtW+_KxD|d4>*z4_y6EcaO~dK_!L{u(bwf zcjQ55@t^gc@f5S0jpoo^`C)%fI_K9}k4FMg$rYxWsU2PCg0IC&5s}JoD{)81@J-4& zZ%*_6_d-Cb*qqb^xh$T)+YtCl8JF>KE2N*VPsCpOIjNsY&cTJCh$f zJ5~lq42sg)Erp@SW61BD4Ea?F>zrRr5WX1iZ+6ShQ1s@CAlUs;nb#8;^z-Vv%^jih zwJiMOd{o%x)Igf~rafQw!sVapihapLO+{I3$MdAh)7xsq+pnVyIob?&tJ0Jzhrcit zC-dl++^(UDW-Z-9Y(32T)W5As#tyn7jcIB&Bb`tFWu`<=YxJUDHhhJ;Oo(DhUZ#`? zJdkngAyi%ox&GSDn&8zqBiXbyu@^A#RzNz0Fo7DsFS1{8EDp=qd^&rCh8$bU3ymli z37oGojo@=jOH8+-f#cyiRrBQwUIuqzuP?nHr{5U5W9*Y_Rn}L^W8YWo#GM`X{*&{X ziCz(~ZUo4BK>cgY<&RoIl|&+5uOqhl^qy%^enncP%h28Bm!6E`T)U*qm8!RAQ?x_t zs^`wzLQn0!3^^iGX5hyCbonwCLXUh0n%Jcr7}FJag}4;S?%761ROyrbFe6U{JlLY% z6N;0M0H6A~(xzQr4WR!;!X1iQkuaOZlbz$bJ(1E0#-LS*}E0(qHeEp@2t<#If?7WJmMDK z$7zRZb7(fm6g@3-e@?I8{9s5VM4>7A=+gw(U00g<8jpmB{qu!8fs-}cuV)V5q9Q%K zwLD7t(n2KQT9y*mvNWCj0lOGYi*dHnO-7Fc^dok9>)$<^p z#Hk7W$G<#i=1Ey2)ez<9w5vBx#y#-Ht_@mj!NYdU9xbYPXBoT?<&NG<2*Hskw2e>q zF?;dTp|EM&+0ZV(d$Bf%OCRkXSsjG>r8j~0A&^G>#@5=XDz9Rt&SKO`&$0+`%t4cX zhxB$0Mz@}@t?cc;1}rPs3VPs@Q8Jqi;~c_HC-vKG9rrZ26`9nz3F$nKJ#1qyZZCeY zD*tI9WIOj66tS|?0{<-}$~{mZ$xtpcws!`lh%*u!q|W4p2Oe>j(5ryVJc{<$A0niQ zHiYIcnchJ=P37K5tXo-XOUHzT4!Tj$8$53Skd9yahpcE8wWEecFHzq1Y24yu%_4<8 z$VYN}N~`W|e*ED|LF`DYywII(db?pe$T{ZqsQ4YK3Oey?N=GY0SoyY_^lmcPOxQAlTBcrz0EGNcB2oxHR|% z1gT)POzb>;JSTGE?drhS5(^btG60a^yCjGjDO6H{E%?^729eGlR@UB7RXJtlabvV$ zU?cT-t_~7FHSnxZ1m!p$kmBk+fL`wa>o5NdUgE7-_yGAQ4uO^$At{nFMs;a|Ec|UU zc8cM9WSO}K+8w2#OQe0hm(fp!wb%_6kuM+a=&kbROh@+~)PEyNHXI8avJD{%ljhW` z3b^1Co5zTaP4#%*mfkYBj6OjeYX76DJW13p!?9`hINsKRY(^GD`+aVaVmzr=goOzZ z6Ch;$<=!wCUhFI)Im{*q?rVmVm3Nj9myap1#y*+Z*ICA3EOz@v9ADMc$%h>i(`r^b zKpM-r7~GJ{Zx5@w^kX2~`0Q*bqf)*9 z6ny^))_I~HEw%?Nmi8)M z%|O1{cPkXe%FQFuz#!`Fu`l{CYvYWEca4rb(6Ad^*dq6gphkXown=@JJI0LRm^&)n z`_kh083BGEv$6Zyko8~tq6&YC-4PlMAIM;7D`F`GiF zBy@QCjDWLEbMTZo%}@Oz?gaI@$x7S6fbH#fxbYhtZd=E27L#(zmP7P}H2kKu9TJ22 zWky2+bY+To=bi|H)-6CZT}+Js1+ojqLHMkX!Tm1feC&|F3(HKO1#)2~`r?;&}TP^Uy5j z!17w)QH9Gg(ti3X+X<|G{+FQ@pZezdE3}ulQ}NTB3RHi~lJCRlfSssWw9%Jli|;Oglr$ekGb7 zej6krLJbvamb5|h7&Om~XCe%h- zB?$B)6~sz!9)NYqn%%riZZCY@Iog zI3*1+bDHRv;nJkeDdz@tw~Oe4Lk_?slD{_oL3xR40I7vejY)E<`T7LHSHs#&rM4GD zg1*HJfB(0KSf*H`ui_#WKKPy#YOU9}p&!iHM8b6@OfO!1FFp~qC#ZaYxT|Y(r_dNo`Uzo_}3-9%c46H%4Z}5HS(GcxB)&s3p{O)N--ulvA zl$MO^Rg#Syd;P|@G)G_abqsisM1bLQ0@x%*{=T8}vps}EIs@#Rqy8vWPO^-nrhVpa zyijV)^HDY}*9^ANqXlTQ660@j6hzVU~r|&&HphA>!l;zS(8q z2&PR}%gV-%yXu>6C)y3)K@{Ofi5fZdmvA)|W~#@>MoC%eUtr2F@o#5l{Xnw@IYjYC z+-@u%qn&E+#CPPHo1|}+ph=FK<&gOY4G$hxu^+JyW0NhdZ2CNwC-ih4NfHtc1i?8n zm=y5OvEZvcQt#*9Vsq7+X{~NNFr5z@>!b$l!>wCWGDGM+7(!rUbC9ZLc_oke8LPsQ z!|}v79)+M{{Ah|M;P{(!wYZ+@4eKWrzV?z|s<-)5RE@sfn;SEzLuZ`ccUpI$#V!lG z)Cjj8B|AexGI0A(gzltUiU0`of@QIH#m1f?2I zZ;{#ukCFwQJ4bysUhzY<8F&vF`U5M2qV86Iz1+<{DX3QA68H2-2+Wiih3oKa`zjQw zzDnO2f2MriYG}AK>z>V*pg8}WH-(h@v~o9rk#9>EKg zVKELiAyE)^U`W%(&{pka?^vZ1wd}?Ipt$~{{$Q#l4+Aia?W(i~bf7=KfY4ADn7mlN zNN;QilHx*Id53ib8d}Lj8AxQd*2g%QsZSSqd-5|fQudB-nD@51qI3{VYgNKkW?HM(hWoF zC4cSRUI_IEFq;k^#?pr$`LcauXf=&ysr)(KA)Zq4kWLr*chHjir?IYP*G^rBpD`5+ z9H$OdKJ}0Ap6wa*zL~|j0kA4WEa=}D!o`j~ruUl7xZ^v9Ro@jA1pjd9M4&0&xuFbV zQP^rNjA>kThv(5X3JRXI&$3sT43&Rxfv)|O?yKLdY+8@Zg>rZ0!3ZDXr^I^@luWg- zQ=f9FKwrjJ|I-fm#~2%UBm<#|eQ$xaNnPx4%+Cb@B%YBV9e$0ctD^&uAZd_s0i5W^cjyDl zoV_;!17F+0O>tEnjg+1}FVqy^P@sPMxt>I!oqE?l&6dx_EsinM6Q#ppOCxw##dQ1} zVx#$njwyrCPvecw^>06q{hDMps!I9~tUFlqI7z5GAm@>bn?hl_M#jLC*h9g3dpcK% zjOX)=RlzDUgp);wa#WVDisfE+3f~KL(_v*8b27Q888{+Lb5$^> z$?Eh?Mx@8(eLq|62D-GV*w9lcx-PXH$3u%aR=dr_0QE4CX$ubvnxsDBw$e@NC?*8B z;b&o^6tV6x=g7T{oA0iePnc8qjb{XhEy+KCdqs}DOY8{z2l>sq?IsuIcS#nE9~sSl z=p#Y@Qh0CFKxdwCy3?V|AZw@Jz^66dC9WbWMFx&{yH^9lE*vge$uqSRs}A0p5~)3u zYY5L}zhh%3K!r8d32!;>hRa;h0GaOpYG1lzlzwdtF`_qW>^AIy-l6Q&jxZEXzlGdG1h8_7Q~ z5E-pn_=9mIL_}n0UaU_-gouL@r9gYEV7+Bxqj_4J*x`NzK)15VWdwW#2j4D|2T{Ry z7Y626QG3Uufysizk-Dn~+f6{~(O^f7l`SWw8}`yQXTvEVq5e$S5_I6gKUZDx*>`~o zqmDj?u)VHi;32c{)?Z#7=YfN!RI}|{=@+*p!E6G%SGMI21M+q*_N%Ai4WQm0LC-p^ zD6s5)r(1RCWktnHs9sIAz7}$-jdHX-NDh}0_;`QB1p2ycuTktf_U+T}Q#6-Ai=nfM zy~vgxhQ(t!f`$xkjmva|)KvosHY||;BOs5Z{=GZNRnk<}*#bikT`c6fRuLWO9$}KX zex;syU7GWs)UYZ5Vt%Eu>W}nQm82F@x0-4_`_|L%*aTP9$2$D1#KEf-hO=E_7%O}& zA~0h{JzlZ*>3d16_xKo~}ww`3Q z$=rH%Dj4UVOwGUR-kRXOaA5U&J(QXoYWL4ageP?aGT{+uK~ctU8p4J z(c7fNrGueI)?hmf#Qhmeu+o`daC|h+F>rR<`m{;Fb3>kZPwt?S78m&*nV}wMHNNiv zPS$~iaDY!Gz~KPm7HV$BRz4QI*9Fnopd=XIImk9qDvt zoar1u=y2fN&@swooa50A?#JrfY1c@?Kppz&(u(0C(aIyWgCq-OrbH}a_XlgKgb0cg zM?dw4=1Qq#Q&Y_=Iu8&5OX>mH9f}Ll1jNLFG^y}4hf-^;MpTDvXKt*9tSRX}=`E-1Yt zN=HBx2pyE(JD~*>L=mJ(la6!JJ+R}iZ2h%SY;V)w~ks@GRWa}4bKhn9>)8Q_fm-&9QCXDBK@q{-8+L{7n-7A7r&|ySR3<9sI=N6q{~tM` zE0#81y|ucXPgHV6R~%pe);v|yU=Mwd0w9#-FM611`o9)t%&=PasMQujX8YNC4r#L` zeb|S(6tz9olcpn@Z@4#_9g5D5O(J}X%{t3ci8J;_d}wk5jn8`rvtnHGu`8o~7qf<3 z-QPpAU9^$ZfYtR5>x1jfE)h1*M*SBI_!6Irq_ppi2rI|1U%G?J7NRoh--+`3mqn7T zYU2$vK$!N}O@?F-`0LW`m)>3;8-{iwzv4fj1_HN@d7)#?V55IYxf^?>;fhPjZ{fbmaZYsC!?SDP(Qv zGgayE@o}rLglY$5AvyZ-s~mJQc577jV9=aIYH3=DNEb zY^J#=z$*`x?kJm|XMM2$3_ERIf=;sD$k0qdr));0VvjcY1JHrhg9y+I*_N@3Rx04` z$nK)$@_=fFQ5VyE((k-hd9l)Rmbf_>c(Lc(oSkH^l-=Mp%Ij4>x@l<*oAi%9e+Po~ zv5wD=(2CU`3D>?L=W3`!+U1ivqBbIwxH`M@`_j*(_HI6JzLyY%JhY0z#q1QMEsCmq zD#tgDT3$~_)ak0H$#ji;m?%ST*PrcfY$|Oak={|=6yH=P6Xr(Jk+ZIf= zTpT?Aeicwk2I#0CovoJ@S=yie#NYmoZ*lq!e@9LjVzv}KHFf;QMSsimb6L?}JT1G< z5~KW=yDb1+GLd$@H?^6NWm^-lz*!%hwOmYI!kbfm6@i)v_&q=Q4Lwm)W(kiNNbEjK z|0>#4qp$ctfN{gltK_rno*J4_KidGd^ zL|qKaj>L{{ssvp_f4U}hzCQ{W0IWUU{8AU@FC0NAvvYMek55rNu`)bG&R!|-?_S1c zj;M)`sr%Na%2$z=gBtA`%TnId!cFOT1Wdl?43QiT_wx$=V>+-I{mAKl$K5PdFgc0$)wcmxRn!f(=o&bXCD~>UyRRgJo>_p8_jcuC-N_mT>d24Dbx%k(3C#7d!c>(R_C|`u2)xw z_L2_c13Vl7Oyi_Pk_>wsQP;M;?19Sr6MMy2L#qB$$k&|R=-HD1 z&zMdkCuU3VtC2bt3&T!x!n!w}#96Q*1OD?9b2Pst(S4nCY6Og*(d%V4~?8Bld*c>GIA zCWr)jf;{dQkjYv_7EWw(p?f;uw}72f&>8kN$lYv_39u6C+=00t$qBOoT!zs5O5w$Q9S2oud#=!#{0Dh|J*WHbrB)(OI;JEH2ER`QM}?{JK52~>nn_WXOah_=^HEaxWo;Xd>}pKCNrzC z{swfWR+qsC{EJCbSZ;giaw7b2{NN#FRwNH*T(!M&9lnjUz>O{FZ8C60D2C0j5{HhN5lZ~-4qj^Y;)8Bpw~ z6I4_3OakGX`szoF({;72^RyfBw9ow+h`J3EsTD;kE$3A+AWf3f=?#UuthX{M&!Zl= zP~$!*p}o9gZ|$tM?Mx{KTs~T4sViet4*+PX06Z`pARc(pn3V0BD&g7FM@A1YnxThR z0F*PsPtKVtO+aMGk0DWSM1& z3(Y!KAB_EIh1p7Nfr5R@deU-#T7G$D8EKTy&E0;tcFfx39(psXI*_4lTJZMmP#Xc< zTeYoLE;Z5{k9o(Yc1~|yo_W~vKRG9 z7*QK~G9thN7uspERR6p)Uu%`8xm()!BO3v{+fI--_h~%CG0JG-I_-Q!JrrAR{oz zHs|2PJylYYf6v_}?fnY9$ZU$hnXFpI9xA?teb&!^Rfw!Eck1{wPCCF#RE&OoIvLY0uJ&JlCCu11B6a}sJr#RVjh-nVI)`0+hgwh_XMoT$PQF?XZSo2yHiI(LdToGs%&Y1`ki9XcO40rnv|>l`iW?#VTNfe$ zJ}QqFbPl_u29VzbV)bb5zP$|{74z|fBm|&HWKKv$%S2~@*{*hL zbdqYGM&8~yH$g>MrgPn2w$T5blF1#+w{6dhA40u!_qWMpdLvcR{b>42l#x4319wlI zBIpeU%-+gf9k%!#08+xE;yV+3QE+OPSjD(ez>aX%-L1kbeL;FkTc_>Sqg_5b-Pf1b z1=1hrkeGVA)a4w*&lkk<51pOI96Yu;yN+)N&d%^=QzmV%Qs9I@^6eLvV?I$kaB4Qj z=^OeE9_0N;lZfVIy|lh5;;Jce4igl~9q!Ryz0Rc_{nNA-+ljQR;;yHBbNk=$yr1#U zy_X!?jP%&KL$X+r(u~hh-2SwUnDQPQsd~r$)$1opa$v)nGMNWv)-#t+y6(tIfQs{` z^$?cx(g#vS_ny&-`96ozAAcCu^OP2N2`N(>sgZFg;pb3Wmjv|YpJdCA40)3yLdN?Q zN7`1{lADs4s~$iQ{Q;+{wNOpClM5Js#+NV}pg_e>+EzR*rIk&Hn-AR6Vh>=Rmh*dO z5qhf+r9Ekcom&P+P-jHN@Usg+n=j3VF(&Z#zKm~ZzlmQz(k9GS>twv~86Yj_4<230 zZ-BTi8-f3%%nQSBNGWfA*!s8`aN>ndR1DGO%JE?f%xNXM_-y6}HaiLjp$;pN-Qe^`fI5g9R)P%wasrY`56~46kxb}zi+@{2nuV0$7-rwp-F@N}!;3TNJoBjd^b$ucLAvOUi3w)M3l&|qa! znFMB?vkG<3>seMVDkcmj@EJ7ZzUI#RdlS%kNtex}*=)n2pCIQma3kH0ZQXDvPi+Jj z(vmvD6gRusKk%*2%=u~wF6eMpa{H?Cw4pL{SZdtME+(9uXH;KzJnMyg&veU7tX-D~ zd0sl#*!~g$!bhzzp!4p#jTD6+QU>MkD(xQ6-dMrth%SH`z%P|jxZRBvaw`L0o+|T# zgKr|upJyln$F|-`F*z>7n%cI0qcY|}l`N7NK-2QopuDp&R&;g|jrVTjrUF1r#lG0! z>2{0vt_U^AE*x3W^5rUyoFlm(w*1Zd8jahB?7ic5Zter7C_!x^eLvP|)A2c)RP-YF zncNyjrw4|-r?|-N)7z8NvHoqTt-MJ3qQ1|!N}o^{=h+SE-#_7wiN2GnmG)c}9;CF$xiPH(190ehjD zQ^?JBsiLwL$xn^%x{Mkq$HOjl(9FxZ8l28%*`Lh7%t5=7c}#sTl{b_KRY^z1n_YJg zB%|K$(s-5HbIv-e34r;?$?bu6;PWo)+~2<`N@G(rC*W(JNHTX%f#3WHGmAvB#dE&= zVGb4ojdWk35f3Ef2%Qn^So4zGx!Y8;@Ih>;ko#r<3N{acb#ryra@D9;r`fMlMEVTF z8{;dF&>lg#rq8nh$l0o8g`fYhQ7ITP2p={{-d_w*SS!Q`nTg>qihiNI&^8B@Ee_-*?@p=xHtv(G?ww3rX)h4K9|~} zm55Ra+$k-OT@JlQu&RHyd#sKvlorfBlD-lSfP=%$`<}laPhchI{L)!nYh5w>$yn4c zxrR?k#OLS=9Cr|8^b|@^4DJV@=i#<|L-39|IlkbX{|1Mah^?%EMmHeMYa@c%$?Kh|;CVlbjD^%<^`cB>q6^uw?1u zLKCkRusqNtvIm}t>wwzEOFT^_`aa-KLE-cHOOZRXl-1K=LDS^=CW*SGgto!-&`2hL zZ4)xG$3L(kS37)J2E@4zZrp+0EzFRz(wm%ZO#GoSO8d!{+-K-w(OOyl?v#8dr~l%e zjEC;>A0{2^5LT;^BloWRAeHW|Slj^u>6UwRbUkgll_{sQ;^SrnoMjR{7kKS-xog?V zfefm;oAxFxn}%t11C5w|BymXfbt(X;8cQe+J z!xWuYZNtG`Si(*@fjCK)YK(M#oMw1(uT_Gzy9XmBLaHUqU8J7X@PMs195y#lE4`u+ zBZ%tZF)gdUFyE6%45PC~?hx^nDFI1CgW>I`0cZz$l+Up>vIN8*H3-_`?6yW>sgoOj z>VPJX%oMK@MQYt+?BpEMYWvk1>QeWzaIXg;nw8PVIp zJrh#i^VIpxvzI~dUpuo7O#dMmQUA@SY{O%(yv|dUK>DzbCcczO;ZwAdCcP9!DvC&w z^K&&o?MOTp@JRO9tQ;&fZ+@AcUa>Cr5P6L|xQ9IL+!&R`A#LL`&{(pq{A+LVv~g1? ztqy6ut;4S*Q!3#hgDhd|!Pw0XpwO|2#Yfz;C(_Xl){jjyU3Ta+nhxaVcGi4SWfqhr z@#fqwgf`d!af1>G?u3gIHzBU4kn@_}pNw2B&!V*;E>VvgRwsFIpR8oNVDsshsIeiN zqE*A($T?l&162wekvGdP0`VMj8u8pVk$VDiws&XnYIV$qVIv!_p3^t3e*!8N1>Pcm z^AxptL~W`uJaz9$4|F`5NOD~lfJ-a!Wt#dXofBZbPcc32_f8sb|2&%Zo9Hd3f^=HQ zm?AFwzVq`RAm|!O1y>%WO1l$N;r2QwKo^@e+UVl3c^p&C2@U2=_KFhq zg$1G-=dQHNx%bjcI7x)JvRa*ldY|od_8YaxVM1*l;?Dj!59TCy8PjS5xnTyjjr-N_ z*ea(U!mCAk3lvsMByVtcg<4b}Dx+^;4;%@@dc}C%Wf7yJEG??yo+*NZ%7v zl;+Rgg(m8cokn*1H*Xb)D4XDqIiiK7c9^5!1S3S~4qDgj^sSCpAMfMjpL2ni=iX~y zKRi=S{Hu@B30&~+2`pB}jsTw~e`GX_)gBt4nc=S@f;;iqBAtlkmi&=fqpvf7G{jP%NA!1KLXr1b>*xTECA1{3H z3%Z_^D5TFZOFFzJ_9e-N>e$LkLVLMTJO0{?9PLqcnH0Vt_y(VB5F8-V(SC0PKU-Z^ z;|nvk$_=9=#Q1jZoW)$hq(I?P}6a3a63y zu6Yj!l(T}neXQSt$wS$LfdXeZ=Dy}NH=@MW<39@)YL!)7<}cK%ESVUzJ&9g<7g1$-D&s^|`me%Sk| zpA)%Hf^Ma@#BxDnH-G@tZ-Q8Wh%N)8@{a&>KRf^6(yty48()<4?av!pO8rZ82g{oU z`RbFCJ83%-{Hytw*5(y(3Lod}W-7PahgkBB#{L-%eSkDxD^FPjcBo{`Umca1tAXq0;Q&Ltd`EqA)Ib6G?;_?>7)l~`*F}>TJ`v2gOiy&jPQ<fRPh4e}Rp13ixXE<+sa|GYcAO)Nr&OzYuG z;=8xcXD$nt!kUGj7rX0NYbt*Fy|BTlO3ozKy;$Fd9wL&Y`++SITcVTn zn{r?d;y-+<9_H_Gu+TUG5t+iFqoLZ~ie|8zLpI7&L%L%^zv*yNzDS9Aax9)pPDPyRa zm1H0Cr^*IGPb~$y{~mO9XEdvszdGL z{V8J$%1oPX~A zOzKJx*E^D_jn+%Un;h1d0LWOM|^Q;#!U0+~s=- z1HhuTW)tm7>L2Xna(J?c8!3Sg;0}-dKD%J=)En4x$4>DHeQ8;sGR+4FMza1e*AC}r z=6(2`F{ETMt+-9zZpD1UeR=#Yrtz+pNuyOde;GU0^ZxG5*ODc%PNmOL^q7rJ>4q|! z+1^uY8e1Q+w*#F!rC0T>chd>2CHXtn%QOj3fK>VPCFjJ2xyeS(zWzPB<1Lh{(}sDu z$QmCeBhvh{kJ90!g=Kk`MOy?54y{55WEod~;UkbxSOSrwQmU$|6;NUD1 zXj}>*Hb#C-ceh{XduH4;m;&fJ))MwMJeqMGPsN(Vp8C6()x~CE?w3z zUGiyB!v+sOX;qy{R^vu#%AokKxk1#NhsiePy9|3g_%5NI>llAk)@nG#=y3^7N;$q= zcpHN9PBr&*O9L6pN+LKI2M4E7snuSfj4f1|M>AC^RsTV%A!F>R6FC{Z0Iuk|=~LyZ z)siMs+wjiOHnc`W>-}CDo9o?;{4nvdV~Ns@r^31%yTq|Tk(8H4XP{~jVFQM=5+W48 znnD~Zo%JcYnnZ*8z`M@pz-5vW}`0j8^?cLp@o+#&F$&v;{CZRV*LCc#?3hK*Qo*QPjR4ginKiNj>>Gf4b&juS@-caaz=_bczttSZda_4ZLGi zks4~w?As%vJDN;7xLk;D<2!OebkLW`ihJ;ZP8kk(Z~oqiVR$gnDKI%8h69JY^*Dn+ zd-Rg19Yq6PesTfkhE~4wKJ~;HadaRbC}>G9CSXZIT|HbOwwr0h22f8KpA=8R!B@3e zA&8t0fS{JpEyQ?SNvG0j{SF_rf4@WKU^t=!=qVaaR;)>qmIiFe4aixyyg_yNJadvh zxC8V!M#8PQ^s=XH$ILf}{Y*S3nIs`&{!)Y8nf{H_|Jj%E^~qQ{CG2(|Sf?{5}|w z^%6dA)|O%24mvSpf+W$YibUj=;1!H*%dpR~x!dgKqxDiHFT^H?ntrP1Mjz_vXDU#9 z#o*>LyubO1i&_EF>Ev5m&ZSB5S?QhEXD>j*{_)o*kryldKhm}Y)p?6a2>&P+W$N8K zKeCuBWxPecPZ*(&Sm|$nC8_5!G5n|{=V&g42{2|83*)|LZ5x>&1D{bLi4+^AkK=65 zYfZoM4CW+?-e3%UbZwO^1%pR3On!XZKW5g%hPlN=Y2ai^OT5L9%wk31>VSmr_z`C$ ziisubBTlK`)=k*5k*K4?!>PDRX8I!LNt-W3$38z2xDN7WKox*g7foyqj;avR#XK`O zYB&oML~Kpuz!6i%sX2bJ?(?upC(q!@!*Frz%I!t}6J5=Q&-p!u>nr|Ia!3(&M^NWl zA4i18vk^K(g8`5PLB}6n6+%V&fY0D$T_Rb)cOIVk<@EXmuMr{{SlxloU+a%oykANc z$?xWnyFx3Bk#cJ19L6!9w?H?b@9kM%fs-oAe%1kP9F|H;Ai3IVX?{Pi@t&GN)eZ&b zLD$He_&*fR^O1|tvdmt?Fz8g5VsWW>(QOM+7}3hxjing3mHVc7G9xwCKKMM`Wd&QM zY@ofS+DBkkMH$5w|8<~K0>en(G64%OH?oG5Xwcv1w}wa`PmJcv0L&Bt&|V{W+`-jF zbd85IIt3qA5g{OAs4mo4>JJ!_WGyYwD)IVB^*Kr6X(`|^rA-{qDeHrpS31S%?Z-nh92KP%k^XFJ zF%d=^a0U%usjkqob+itnA}|Tb0$0^Pwn%+aQTer#LodSMj+8^ud*~<4AwzYOzadyW zZQa&uZSZ>NS{K{9zFJQO{~9t~A`_*_6gl71eZ$~42Rfe8j;y0#YS}IkxlhrWHn&tz zZ(LKP8Gi6?MJhoWuTlatdp_g7l7|8sU-ib8?rhZN5HnQjV=3EQMvfII1t>v4O|N?i zDf58S={U*9YfXYl|3XnrO&P^9hkzQ&`|I>(o=`NJraDwcY9uGW>t z<5TuBtK5*?wdr#Ex$imiky36DAn~C9H{9upiYOymWcwxooA=}DK>r~Ay&qo{pl~%k zhN|_Xbor`1qZd#k3~`X>hbxB^2hVTViH<^WQHjeCg*k?OX#PVQ=%KmhO5_hpv!1k< z6si�y)>GJ8Zu_ij0e5akiX*iybA6>0HVkxDwL=t9bT*44fyWSO0JR9$fEv#_*p3 z;(r_e&;NDxz!91Mt7%o+T1+$7o0R|@-5V%znF(}s8~4WOts>Wc(H=RbbNtD}AuJ(knM?Kh?HihFupN)p#qEYG{6dDTfNsdQVia za=@n_KM-&p`I9eO4|&?=Q}Mf?PJ@ze5&*8xat}{O%bSpzOb5zoz*D=tK|b%-yoz%w#Zr z38V*-`^Dh>LeEAzg=g)*k_x?NQ#qQ+)QUOpRl_AUXz z7ccA|A6Z00F=*tW7JbSC(OWn#~)mnevnOLu{I4a0}&_ zCem@YOL8I?S}HNS;_bvk@#y4Bb-KA*9`wC&Kbv8ZvRZN+E5c#JtmGP z&QzdGs%1MV;cn8}smGwHW^j{%+@tt%nnIb*wS%NJp-$tg`U$6gj8Pt6xw5iEtwC)0 z&#erF-*dRsZU1pHmMD(`d+z?bgZ;tOGR%ZF z2_`x%7d&kNCkCLsT*8>KD>w)us9V>9bazqPZ+c z;!sdzCJnXH!wW&bzLr*@*%VRVkKh6$QiTY=OJ&b5~XSIa{^c&bLKV#bXxH2N7( zcOoJgW#>i3Cwu??avvJ2=?dNq0Wwx*ARU(RMvuIN*58*39Zy}PD#f~MnP z-tg%6Jq@3T-MVX$@(A}$vW64I&d=~h>E@X>pXLikGMU)0Sj)0hb>8fxSr&9fdw5cN zf0FSG<%s6ydtH%Uy`_6wjKS+G8nrP}vl)8B7v_szTW~?sr6f1+#+QB34(FBp$3cBx zyHb|d+huewV!YOK{DtXBytQt!=V@3)RZ8ffFXEdhp4W#}=H=lpF;1W_2e1YjdYsoD zUU2)FDewB239yr_74AI@=*$^e`KZNid_T&Ys%_ifDzj1;rBuqDXatJFqr-G%d<=Km z=+(n(F{ji10N7#B|!pRb6n)~S<<6WH!Uk=d`z$%<_IbjUyKt{)d% zjGo{FfsNoVx!EhgQce@FeH1|Qd&1R=pp#_|*}_h4sk0qfu}V~AWZs|VPgcZ{H?TW| zva`qOU#C=R?BS2NY)}|;=LrtJc8i^I1>$s@yvyxief;mmUgAsMIg0?z=)EZ32r7>{ zQfs8Ivp*g8!LBc;HS_P4K9rd5C|fgFL;fxuVENp{`96mOVjd9)$wX>pW?RfX`p3?L z%e^4B`dy`GeZ(zoxEs#e`46Cs`^7)Ex&#=a+cfWhH7&M?XEHt+&V1zZlsX=rBxRm@x(i7y_~Ugop;nZz#-E8 zo+uzs5_*JtK_;cwIu{$kE%}}lzu76NPX>|&N>ro?C(m!p0%I5V!&qOFcWy|10G{rO zd-|6N_MVt)i$(giZv_0Exx3;Q#i5d2b4D~UrO>TPi`DVVe7{wC*&1l*)x1=hRBq&VzzX36XTv9(^DcZw6*^{2 zHW@`$dc3SsE_TP+&;tjpCKIyoPQcE;fsrUP=`3xBs*I?^$L z12LD=LhSYcrNAcrRuLIcODgaeiLhR)dG1%>_&WSKwSi@A-J5o&>?wEC@h^^SeTPNF z2M6@U1sSk8FS+ZcwewOIvjzG~Q1?`xsU1nGWUO9%vv2ny-hi#r(BSJkYH0$5ob|nR zCllsF4WZdgwrTD_%=s*;%cqp&YdFefz2l`Ac$k+^MbeXafQ=<9^LLr>z#+k&lg|KT z-!@HSXM%`YF2!@xdsI>p9mbh;Kwo2g6JSYc)IZ)??{X~c$do7OzY%S;?kIGM8?*8w zi(B?LF|n`WQv*bWxl`zyzTz`~86T|i$6`eWo8L}JORzmH!pzZ`HTVj)sKWt_y>hxs z{7puq#eMjQS=@V^=eZ1P0A<_pxOtrW!c6ng89tFBN$}q$Go0l@C{?JH#c(3tSXx*o zme-7RD3s$x!S=FNAym=OpMh*V6uLD=mP9fWM95s_7~g`^C>04`=rLXaW{HB9GV6R(QfEh1d+k^OdFR6a~s4_JZB4JldDmv>>LR zH5o{qL%D;xhT37s%KgB?-g3wXbnomhNe+$5?Q(ZA`Dp)+b6&*-FyC2yEhFZPk^KLt zh9hD=AI|;o+&NYa=9Q`EA*@#t@XHe({zCkt6{;bA#Q1ueI{ngHj1m6{oj858liOsp@;YGJ7@Y?E0NE*HQQeE=K!2UsQ~a_iJCb&5|PNBxoDO%?R{p)SkSW2&;#D4YC^!; zq#iHzpy>1C6#iR38-5KPSy?rhyWFTpo!O>-W39)Ip<1MUF0UUpOgbq@z3_-Us7zx*=V82C$srg%@;R6A5*ixpF-C<&Yqy32c5!X`adH?nU z0eNI2CCX)p*Q=U8_oeN<7d7l3?in&R;zc!I>Q-&J#QgDF=!OIM*(&KhqkDO#YU7Q} z^{CBn471k-9FT}*^<^(0o&w%MmnsHfNZb(85A3Gtn^R$Bp?L$Kv3?orVBew$3^%s| z#`uqrU$=!8k2dN79{3ce6%D>0_x;f8#!GbR{EVD5?2q$~P}>B-NPQ>?K%n~q%dd@C zL-MBo)d-_$FVh7t-dO~ALj}Avj2Tt#WK%!iN3cgVnj6Dro&<=8Crbq)^-EE;FUVq} zR8j=_Z(!86{rCbYY*nf<_M8*VC+q@FBu?TVIUt)4WI7RbB|aQ)^|yUw_V2t4YJ>v= z8VkaK<0WDy()IC4@Hy?%?a9H0Q_*Qcap{+$L~}S3unK?XPq;c|#5+OA-z@4D&pKpQ zm7(-hB$ktZ77du>pZOwPe`r1TS##4qKV|%ZPArQxrEWVsFxUpqHCYO+C^&e@|MZc0 zCneW~!G&j@?EvK)+=b1go*h)AbD-vBK5oJ%N1vz!|FCQwATHQU~n_o zA=^6_f0~j@Cny~7h-kUziSNoOsJy-g%v8(z z{$ww7tY@kk+bu*p5$~Kf{}|O&<^`kt-Uy+Fb07fdZ4N9+)DN;o1WlMDivA5wT50X^ zm`^p!?biCllO>^y0n5|x`E^3_bRi`-D_;pJdo@KCsF=oF>>OqqwCuNMX>3wh(Bjj_ zeUa;6?>4=ewE3W*ucWbUJu^>=|47SsfC*+dJ7^_URS&wD?HM2}}*}n{A4W zE)RjEuZT!Kk|a-%Old@caE& zan-z4>&YIfpDtnvr!M>t#XK-;+BU)FE)|~N(CPCbLQWhEkI6y zUye%eMV3Bmg@hn0=6X7xH3NBpk_U0tyCc|~m`HukF2BwEn!i-n4vA=;K+z}x&qN9k zgYFT9xT2pSNR-xCbK88Ai?w*YK=ip(&(;ge?pimg7hv#3t99U@JH`y$UBLmNW4{D0 zc+Et5KR@epVUYCw!h9136oOy2Y-#v_VE05aB5(_!M|u7Q|AhXHe-`Nf1^-0;JN|L9 z>7kgz;h)-)-}vXrf5JaoxR%O)!#@=O{_#$v=Buut=zcA3y1A?s3UxFOe;#5u3&0_T z@ox^v#r_8q*-i0oIasa*` z0+#lx+m_unPmOw<(K1?(a(Zv{AH4p+493u_HaKCT>o6>tW?st*|FrSW z8}AK{ZWDjZ_D@jW45!J|6E=7#F#2yDyxpTIsyI8_bsOWnG!G~*3(n}CdoeX*@x_z^ zK>IpvFhBqIrswDNwcC>0+38WPvX^rHgK7G*g8wG=cNtNB5n&3sucN6x?jT51`Q{&* zq$^Z7P13dBnxx>vt3cGqU#KVB^n51=AA^Hv?w$vckg12b6JqDHd*3ui_p-rh{$ zl=x>S@c}5h;XBc#bWLK$rPJU!L;ZjDz25@}F&b4E{j2ZOrviv5ZlWrOcL~w*l(c#G z*|Fm+dlU4*-dAHBC_N$g%#reJ;q4CBV4|@vm9LZ4+>m&rT=mMhX#!MT60oonM4+9+ zb4S}pYc!&;Dgw&9R+C}M6Y%`pu`d0$cMY?z5bY= z?n`il43uT?U1N?Nxo=ykQOle)jN3|?b1q@~r0Y!{+=!>od0{kfbTckt2!%qxDYmzv zhQ6AWoRU|=1-=*k`TMYwYq2t;CwiV4m{|_{Ta;_Z*H5nVL zNgWAd-Z>S|2HW9}BUg1+3A|n}Xe6>i318f+kn*idi`^j@;F*`{oB@$|jDDcsek_9} zkyP69<)Z{r*;-DquFl&s+i)?)=1z9GSx%z!KP>yh?&Q0Ikj5e5V&GL?C)hSQpE2y6 z(q#I#G%#c2^M&`cPTyu`Xcz*H7t+n-R`361;%`p+Q@NBCta_cGg1(sUr&8wO|EJ|V zxXOBP@o?68vNt&B8t^9~X@EPRHYyh*_;4zHtBwWI87%hl-YcfzE2w|k!~yn`RN{Y9 z)1!vw)XS&;uVSSez?mk|xZEwYRfi#`*9DT-8twbOe;h@*c5B2QBo=?~OA}(rx`Nwn z%p4qmd{BB70Qulp z+{)3CL=*k)N3nT_b$1}j)Q7bK=*50xVq->Ym`eh+uBT`>y{~E1>0u7EIvpmNQO7@s ztQ&>&(7P3pdbG!?|{JL6mO*43sM} zvni6i`yg}e%ii29Sk&YpHU-y@ri~*op}7V2 zJ=*M&fbit*tu5)BTAvbl(Vgtmy?kbpY_;p$OIV+yCEHWsn;YRDp>P}ep% zTKg|t1OsrR0c@lVADWc|Vw z2rR+R00~(o8S-jn$}IuQX?}zW<(7~&WYeR}(PBESMIA-9uXlgSB{!m4Hb%juUU6xO zaB_{48ZZt&xf&9ahuwl}Ub0E7H(wl-9RUg4>XloM?N?`pZAuYB;hQDew1p22SZ4-Q zvitxTCL3etoMgdo$W{HwC8flRAdhaLZ?^1NnMYN@^=Z*A5sl9>9Ti?99dkey6KCkZ z;HBXoca$lpD)cm8cQ=1Cw*MAzX%7_b1{Mrohkya0EZkl#EDd(^Xsq+W_b965E(Od~ z1$^Ew%xs=7e|nA4{U@6xOE}TXywY&t*I(DrORG&5*e-yC-iwBSZg5$k%T4U*o0@&iKg z?+>@`U7y!t%KBMk+oiMb>tsowIrkCh<4OV#_Tij7-`fdKchaOak+&?%A<;C)_$AH2 zJHx*FKSMK{-_Y#){~4O$D6TudTO`06`_Hk>1f|Ixb4IwlbEg%u@Ri}pz~tq^soqLr zm~ncxov#LDz+D-n9yD7%*vfPM(BG*l;P(Gyr2B@8UoE`Z19TW0>ilBu9%@uBh*vZg z72JI}Wml&anv$bJqdlna96DZ{+B^RrqhbE0$g=*1h~H`c2@z@B{v9G#XYP+<*br2TBXO7nDiT zIIqHt2C(GQD%_fS%go3Xk-`{;X+QFCx9oHBBr6 ze!9hN^rJ!0+I19?=z<=(F9kciw$+Grc}E~R=YlseG4bnH8_Cf%LIM7NK@)%ACKUsd ze`z2K4n)FbTS{(|SHz3IOlT=9+y!EmX87KnC=*5GRf91At@a*T?VUoz)L*4s#uGOp1+Y4K?MV{GPIuyaajvgOQX?|`xW^gY%4zrVAcV|bDcTG#) zY>}u@lycT6V#e@3*?Z7goWVx#0OaM{$}9DA_eQ%*tu@YM#1emd_KWSUw(6F5!_@34 z1NLS{O+I2vmcFj}Qs$cvXkn4#7t=&^^SFVO>nwf!%Ev**g!vWdDqf| zjzW+Da9noQfW8jRw*mMSktm5m$DoY5%*NhnzgY23w*a6;GxS#5)M9zna|2$|dAFJ8 zjw{aySSnO7ge*XXM9jMU8_w8<+xDN2=-eP2NT@~!Xxo0Vd@B0BYU<&G`-paSfwEfN z#ar@~`eO(2zr@I6cqyyM*5;o-U5~UjaWW4cG*GV(iK2(I;K(o?zT}h$M=ZI$IYS@u7YFT-@Yr0K?{;W^SD#vgV_M z;sEqTS=U~ib2I@l(@pDd$s%X%16#Ix7$pBEJoK;bLLADWd2(u|22?#1?8b694EmfI z0cv&vYjJZ7Z%CQHgxM63ev|*h?fyLzV+HM=uzjV(EoOlSl5HstFAH>2wgnci^*E^77l>#7hp@E0Ikf z27S`5mAUhRpDD_eaeKeWXOk%ANkCTk1x!4Rob@S%wD4d>zcgTUb0(c0?QyuArVC5C z<^zF4B_#82m5|P-%=7|(=Hz_(-_PSrw-&ck*>U(%h!i%%VZ_-G$EA^uBGB{=D$7a+j@Xw%YV zW<|q@FF2|tuw`ZiycUk@qX6-S^cg^w?f+tT!f6)P+wvL6Hm~Adfdv{a2znWY_(*c# z&V~_pft<6vZS9Wb=qHa@Yz+Z?Q)|i#OIp9@ZP>j2?}zrUTW?#(kMvJ!a|SR>)Yb{!OlnW^ieC2}LsY)6Ng2rc6{;`8!Vq}oDmdvp zB*8-S2{@F9K_lCNd@P(*hu*dc5l1r>I*qp7KQQ?$C5dg12Ag(FSmwn{_!OKs)oxFB zI9P9P8uNqFPyCCkWUN4DIllTQ9+4&1rm>}UgV~k=hv{vUyS@5jcKYw6OPA{!*Yn-f zQ-pX(V%Pl|88T+0J+@)0TvoKPdHEVmxh4!5g6jSMFqy#YM3)^T^Uf?l2+3OayP|1M8qVEk4=``c-{DOEpJ&_spMv{0lFWE?@vp} zi@xFZm-&0;;=KTlhOkJX*f@4XPUqFpUHVSXasYum<(3ny@UM~XW4_|O)imcZ55Tae zNb$KJFStGwcpR<6Kby9{2b}|rnvc2+n-9!}39QbdCb8~&>UBP)+tP|EQOW%}M9*!g z#x6(G#sB|0!N2cEXg!ROjc;BYC-5+NMQp7l*gdfMR82)bJbr6@6=wi!L8i0107GdVm2CLo0CX=4EQ(^SF|U5$xq{3G^p9GHFu#i_q9jGd?pxdPyV?V2D^=y3V31yu9CbaLK~K}->E~qHB3J~`%2yW z^G^dbZiz|`;vRX0qVPshSS145wo{4RV(3a*w~#l)#{rr0RUz?CjtPK*OAc^Nce7c9 zm10Ta2-qR^CrFl`)t}g-Yc6b`o@DWvT-Iv#cj|xe=tB3&`eupHR@r{{;S+BV9=47N zTH$?Q_yoWye4^B9rX%4Ys*4aVvc_Wv!atXMyBuZB?24i zqaASI9``DOu)I_2w)nh?3q5Q9`~Q*4cWE_{659CZ-ezXE^@zYd)KREUwN6YohrhXL z^Yw5JA$0cBZ&{~bdIdMAH#e|pTGNz>ajXUM?Xc)d(>!P()0g_|ZPov$y{`<5YVG^Q zKnz3$1SC}u5d@?gL@7a}q)S0UQgW!FL;-;TK|)$-hLDCKrKM{?VrHa!Mi@c{f%hKv zeqx_%Kj(VibFTC4@PUh(#agrO^}qk|i=k~(h`{-bQ!#`6>m6pFT?tC_&~= zRM)%Xc@0%gXmeg=qddnb;og(^cetw0Qa5x_$UD62^Q=<489n;is^&$+Ny_MG|E`EkFDhg9wVe$Yq?b6TjNZKH#<@o4tT5)T#Xns<7i68Y}|j2J+n z$22MM35=)7EweYA?g=p6`ZpFSsF6oE@)VDQ?eRPrgx~+5qd^R|pQU|Pt_<@01g|JJ z{pB%&0>N~dgBVf&gGvWA2*e@TIlwB(fx@NejzahH}?%c$RmBv z>$Mc$@$xW9j|PRiP^Y%J3oFCdxIETU22S~PTEiga@*P`% zaLW(itWxud{03)iG-t9D*^783xgr<7GrpbJvxuG3f;75J?_S$;@`?Pc*QEUD-~*4_ zig&WU2EOebr`l6ugFR8~*)HRM+~l^xHLP#aa)0JuQ!bgXy5+E74{EDvrAxfI3Q04{ ze=sNPC{=wZ`|Sj1{js zQ%_8GcCJ%3ns0LEthf}ktZ_D8fhqRQa-^k9vPthUOS@fi=1ER_pC*e*0aoXC@F_() z>LURQvRib0sn4I?Kh{MIX}|mcc*1-}=06Z$tDE7{wcQPaA`OJ@sh*E2EmDWD58ubC zca+)}8rlbGn~%8a(|=SHdre>XFd_-V(NUJv??9hcYl^xJb*OKn8igPX@>oR#l@m3p z3ZAcLmvKm%#YKj6u=q{&Y%`R@Le3DG46~uPqgGszAc$8-0@BAg`&eO+hMjML8fV4wK9U3$eM-Vt9G?)HFCpHo>%uT4h`w>-!*fkb zeN58FdDz!$KT`2IPA4OOV71Z|3CusjGsk7N#dj-%Urz~%dhgtIXgmPYvK&f3l87A8 zq>msOY}Zx=0{h!jT>)n)-`4&ixY?ZEai58&PvSyd%pXdZAt5uQQtDp&=~9$#{{L|k z`#&E@FUQ9pI*6%S7%ROrJ8;i*fO!(pH)*w5vu{nZeQI`gWR|Gj02c z7gY@b;b{cyzs89L+_U2pH3n)lC%Bn8xc1FTy-h(lu=UH}*NhR15wGs=ulsg3l`!J& zY}cc9xm?l1SDJk?-?k54+f|XHK1-~edfX~RFvAfoUR2Jisq&7d^Req|SjLoiuNu+f z^SeL{Om@#>R92W~sI83^ss~MWyRuVy_)$UJ61Tb}J=-Ht0K>5Dx>{&}VNnhcK-vtM zheJKL;xiyCqq-||cePxQZHuCAo++MXRca|ftljB40RH5io*{%j*x7S&m*?kw1Wy#N z?vE{9J}mHFS>HAOIXEF#V_DBuRH3El`f1-R{O1E|HzrxYoQeROCTR}6Q$&y}Qe8{n z-&L@+4PSfun(m(RY>y? zt#(HnR6RrEk(%p;c%7~Zolx4xi9EJbcyr@77=F*|hF^Wum`&!tFSd{9_GOrRhix~P z9lExau#_H)RX*J#AjggSFAo30tq8Wya*Z0sWkpj;<{oV&#Tf!*SB&1!`Zj4n_3GlD zz67};F8wwA)%)^q-Cl#enS!{_B-^wWlG|7;b5#oAEsceixh5^_2yV+!>(lQS0exj< zAYP5}&5kht&u<;YLd)zCdc&V70J)!AM;**BO_mz=#ysbZyZFB``F0?+SXLv(HZ7-# zOv`$c!+Bj;Mgyx8cCoLes_(?g_~814R^iC|NzDkaQ0l~s&jt*mf}xnVg^;rrmD=|Q zTbsT7B`%SL)QN@RW@cw%lKNBdL&t#)f1UQbA9s52Z$a-k^`o6X~fZ<=sYgX9TjDJEDD^GEFhF;q}TBrYp;2 z*qhzaH~i`}{2=H&J?0Js2eil7+Lk2KpbbU?R(Oz^se_luHg z^s}+Oga+K%C^aP^1KW$PiQ)X6$e#ST7q@{dW96AfMAy*rXo1XeZCsk6mCDSDRVO=;m+(*l7dw z?9@5UukW?p%4~+_D^2w$u{o%dp*MGWSq=RuZ1zoBA!p82#~o8cV( zG;2je19q&!`UKaXP(uefK(+*js&@n;XyaAyBJ55Zvdg>>5kDd8apN7r_v*d0{DW+8g2?>KKov9vU52%Nq!bw7Epx; z)!~&ptAN`U4dDbL@Rf1849~C1eF+2Ym_ZXF=5_e$A0l&iKabzr?h0!rM$q5H`!E5$y}|OHygcaMriJaDbmgo-xtjsz9k7qopEH)b zV!5jSVvt7`B{&M^T>NoOwhgDw zlPkwr)L(H{UFGftlG$jHL|Ze%Mnp|k=~UD2%K9|%qqR7>;7;A6#V;Q-4mP_QSB%it z#eXWVu)J(^e@C>B6;QuE5y5(eqvx{?y$cY8AboqrRrFDM)7zE9>Ajp5%c=VTM24+@ z-c4Z3$fpF1^%6P35_4_(>68oVAMgJ$BqjimTt2@%yUBP23b`aP`i?xUoE{??FpQyK zAnE}h_n%&#rT<@q3#q~H{#p{fj`jh-;2yJJQ^IqhnGK!cBD_=~-Yr2USR-;h7kWE1 zMDpJ%Bc|a153$Vv$Di87T>aLfgk(lXDNDpF;knR|Y@!t3;N4?>$9=s8;A;g2B|}`6 zow?hI$XP&+VpA@8T(RK!lBM9Gljcaf`kk?|V zZUn{wQ+r!?y?vy;4!+Em@9c_0PIbq7mK9Y=;&8E9Z+_FI!M|^Hm06jNiH*2j+q?$Q z&zj)OIOtG%6$~n{Gcn4JY>y$CmK57=@M#)eQN$gwAq_5o2J#Zn?J!fjpib{^!Ire+ z`{+Y_uP;S|=dON}GO;a`G^G2b@Qme)?un{K9}SSSe6A%Zp*tOxX18Qg!QQ-6dA!T6 z8RPWPUuGjR(l>{;9cf3R4Wsb$P|1eh(!gFl&ofpi_xFjk;Qrk%$_JKn{o25urAdtO z*R?)atz+F4h>RJHUF1{*gJT^77SM&RgN#Yz9@L!raf^0Vu}6gVE0e5P_ze4a4b&RA z%$E$=i&g?fSfb?34m`GGd~$QU-<$3mOVQ@4M18~q;NQ$`rZLY%lo*62H+00bMx%n; z#T;ESBcOG@C)aTCO`ht^F9)i@OM$~VC%M-8 zb{hXnk(m!E9!>vQ$C7kdMBzC_NyJ*K5QJ zr3sWQq+YMqhpnpNA_Cp0*8)vai)!#MU+*?<-(?==vafmu=+6EEj&1rCGjSD)wGb8x zjvCunJ8Sw=zWeK5p6XFeBA{8{A|e1#9q%L4%CL;C*?3Xt%;_g-RdG0*hV3R9roU+B zl>clqBf~uZMXm;P934DKE{$vWGZ&`^o;(<)FMhSU&(b!*t@Z;?=92Ir_%A5l#3`}r zOVz{VmcHYZVmU#$wl4miz zwhwB-5;K*QQ%7F#rcNTQ!TzzqqUgw6LgYMLNB6E&vGC|*eq9eBH*?<7%BlUJd+iCb zT)C=0GFf-AZUQY??(KMp28URzhD*+H3#D;@~&^ z1vY7yUZ@Z2+Nv%KK#>xG&!n_E0kWQ2LgD$jBQbg_wVAxLG&BK)!V~r%=j3(r2iY!8 z93zSizrt)@$oB}VdTzu!Y-j_Ghb64sdUo9>+lN_t7faFh0f7cA5eox$j^?#57WRw8 zcd?UbWwD|8ECcp>K+Eu?Qjyy8us5d<+Hq21V#IeAo!Y6BR;0+69asA9Ij?RSUw7ui z^RQx947qV(I-njoULJ)!?b*AOT(wW9I6mgKX1{ph+sKYdT8%>pnP@PK(0ak0c~l%O zO_93o7R`VA;G;JahW`uwE7N`gP&XncZadWgo?@MTCt|d-4*A_R+UY{)^Q_@_;Th@l zc!Fx((3e;yqsgGSXv?*SbQd&M3!6%MZ`rAsk3c3#rrb1SVOaL84xN#nq`+Qnw86Ec zJ_y&viFRp6m6_?o#!c@IH(B0ZfQn2n0~vp`a3eZ3QyOT zyYI!6VTarPXx{46`UQ?N*>-atv!G1#L@xeHmUSM0t`it!p-?#=do!1N2B+xSI?I`E_$0r^CAhg$0Yt(3x%PK>yv9b1N?uE zeVKy(82d^uVk(mek%(gAMR!|?I5XW`YL)42UpfHu-H)ACScnf6=jsoY*aqT}#2t3f zdhU*(6m%qIuE>9DTG;sBLZ)NYepmiP_J@ZkJ1U;rgLiYMo;GlfyJF5BH~lxqNAG~0 zg`9KUHVCo%rslzVen!K)LRijimNfgV!x+kP^5y8P#DQ#5Zh#_GCeKreGT#zdDXFcj zl5yEv1I`FqX`o9+{;uyK(3U70Zk__Q^R6UkB^lB<~&);f4eM_6PyB>>phb_ z-M&eh@_3KK3LP#*8sIk41X8;OYIPkYcE9Cz38q;ae=BqdnC?#?dURgqZjXY-P;F3 zo4q8&Zbs8d9pFbMVeD?u$=j`xHDO(a93dK((YFyhEz#_bYKCNMdz;w?ro;vncYS05 zX33VW;{v-{nJN?&>*!4?;cMZ24&K!C!8q@B$=uT5w4u(WYh%}W$4jeXX>G+YJzR@7 z!$R~iAL8F`%P~6mE?$QP;=#Gjo8g<&U1yeKf`5bn~o%(Dy z7eB(z&Ffa0W&$Jy~+ zo&7|GG*LOaVV0%(v=|wvJOqgGHR6ti@m1VoSbJG9vHP(@oY$q-)=oTqPa%P$nY%1x z>*e`jT_XK@P}U2k)m67l%070_fl_w+?_$JC=D0?5b&iz=ddm*eD_r;!^mSemwvT21 z;T(~*dv;-6!LMx4FV-)-be>bj=E_##wtZhVCnMAqIb@}-72oi^F+@=r);;^j-d%Csc zCiM3@_C63~!3rvj=T9B-NXvFn7HuxPs0+knLk)^4@*PHxg;_MCxsE{c)X}`lcuZjE zr6JDkX<;MBBl@NLGyly|J#l>XH{{KK6CwB?W8?lsTd3L$Y1_0Omr>;>{o&M?zbxkF zyBJlJ7}R3dihGQynTEhZtXGJs01!97lK1rVeDA{%$w}N9tDN7*>hKfx)H9Z-OvYad z6|+-8*RBJc#8u+jR=*&zO-=dc^v!uy;Su&fm_wh4zTl)ms{CT2{SnZHt@Gg4630hJ zM?2Wt<@sEZr+)Rz*V3JLli<=);#6`+DASl_oeJe?m8U^*=+jwhkO$s-aO3o8vLMQ3 zvyiZ79Mzon$*?XZ7yV5 zJL6$^5dKDI3;|6^GK$RJwl99^)^pK#Qn{`1{aagnx}-^q)nj24i@(S%4iY9$Pd^?) zf2K5Fy^{^wgsV)x5b&wfHFt9pip!=k7p-6q=IIz|GW(t2?)gf@f##^zP?&!>W#+vo za&Uc`%n4f8xaM1m5WLFgThH-mySJ@Vv#UQKwkIf*n+wqC4PM+OqCCCbNW}j-YVhbT|+kTTN?yVU@ROet~uD;Zy z>PWg&lFI5*O2o%`8?i?gR#u-&&ZcVxo*W2>ck*+%;XpBlo!E)sZG8a8DlX?eeB3sl zFEnPz_Aa1}C2ZYmcJ}a%N5co_X0yk=v=KcYsN+&;?dP=GCZ24yy$?v@Ga8ZcIC?7i zD5Cu-rujkmt~Mm5TcY2^sWJEV=t-rp15GC``~Jp9=G8AL#MfbiPnn^LX6cE&TPESW zJWrotF=o~x?8`LgIwp9E;lHaZxbASKp<6i~(k`Pr?nkzs>JPA>4$ z6m<2kOr0az{{43f&+9L!*hj4rYNSHL7{m!xleqP`qOsnacRqZz;Wi%0!iq*f26HBY zVIo5-iR;f&#`VH!Fwb+2?kZ2B8p9YYj zj4$mbv{8{*>Ebx9`W!R1_E|3^rP@CCmYr}pOT~eokRHThTqyp_)p6>b2Ez`YmA7fqdZL~v+tZOpD0G57JB;{wZQwAUne|i z;8f2u#R!|GE-*;F?^j?^KoGKltkb(~UYj&2qj7WpJe^!h7}~4DN=)^*@8TY$g{!uP z6&pxubJVgky?Z$CdJAz&x(v-+^1DW$uG2cuRieVT$o@Hk6^IddUmg!)#zmduV9Z9F`zLSn3* zHbc}E*_O$>pkO&`=7_*cv9z^U*mp~yRgJ?8u)2jRUF~i{>h8mM+|ycf!T1haY$xsW z{A#&V+_jcM#u?K|h23LCC>j~_ZrjnKJ_>5tS(^$|6H_wGbarK}AMMJui2kyi^WA(d zFZn4j2BERBu^y5eH~UPNVYxrQlCiY5w#xYcn>~i+2Z?HbUXr8bTl=4umhNf<`P>-{ z($bt0O}b3sx6$u6s+NeYUhC~y4*i-H!ix)6P?LPeW##v-gqM{ktCWCoHpW+?Zb%6w zBqxWf$sCj$q3^PJ2ng&)hzOi=4clCN5p3?XvU%7b&?lT6QZl?dGqgo>hO&N^KJBhY z^zlOVm?T$?f9;&++7e>KtF+&}74FL%?1+I`%{Sk65+AK)<@ST{rZOGo+NQFPAX@^X zj$h?pw<)rp!i^!WTnFMIf`%T*NBX8K=eYwEj9?Vl1u$Pj51qW#Vw zmEn~0vPZUmDMc?YK5Lt+;%kqs1xXV4n?|(Gsdf{x=yt+H@2UIoSB`(OU((2ZfZlE- zOAkADzR9+}j!$ntf?!7f*m2sXA*SK^o~IE@f$wm`;SAjQKrdW-{i6r_`^nftbH~s9#$XDu-I;XqdxdL^lio7=R<<0oet*h z>{Tr{H1{fxAEldL<6Uz9s^D~zIt8z31HYc)qV^R{uM1<_y$q!nL|7X*D!D67m3f!) zs}hbw<^i29>k8gwckGm6H$oWRI2wXWbJWIoNXlq&fk(@vFt9CAr$eT3g?X$W0{LH@xDD})OA7iA$~(~df=BCihT=~Lp$Ry5kpu-m&MadkIob)w)7vu8GLd7P$&ybw*aO@n7+vw<o3}+bkJilTWSkoQ`zxy&ZnWo)rn@gk+L0F~YVv>$-}Ck)@^ z1+@L*lZG9>SuEM<8_QZ;g-kPanWEFe-W*0UU}qW?;0We&4!G`sH>ZM`WRY%tMCDV{ z?tX1X#~+qcg}e5gRpadm0oi!N;e4zaGYOhK@Z^^obQoU}VsJMrpbE+-!p}hK9X#Vq ze@UGs-P^5X#XD`vhzpm*5Sq2jy;bd~J*FO3+F-MPlhWv}4i816ERUM@q5f&Ce`J(9G=|P2lG6onK2JGk5xd z{iugh_BiQp?={SKK9z%HEpaO--77IFd%7(FahHwcr^97x5_eTX&G1T&M)&d~WZPL1 zv~S=^5|XGZ)FdSS;prqKBri^rl8{_yjLNJv~`>}51A(|j-XJ=h-mh3}Vv-y-qHI;SV-nAUq~8?FqXY9X^d9|e$_ zt-&n5dcuj%WL}b=>pfBxR9@{%k&4@Ms$DQHR zBm=$ZrO@Vs{oPsMij*7Yzl-+f1x;OTZhJu)8J5PQL+^^yBwwn~KxyVd>zzzh5Nn{TU}ojHiDz9vSwQ#G4$f;*dtRmsq3=7QU+h{g#3S zboeeCGt;HM+V*UeorM>>ZV5GF$ZQCDMN^Q2WyU?AV$ zEWe%R3@)dofloH#3yK+*!U5C3r*}i%qc&01Erp=+Np&Jqp z&ic!wrjjU&ldZ)qouRE?u2T|dY8rY;gtH|3CCs~6iHt$5*b<>TY>bT%aptk&y{^I# zyf-xsB8d1>c%1nHoR)9nmqBu_@@FeSApFf3GwcZ$5_;9&m=Mx2Hd<-f9XDI+eTB+Y z_)H;{Q{h>19@|CmEcv6#e;ZGEyNgQO_zM2iFlDSiP_+v=A6eA8@vX(FJ0@uT(U|0u zj@$M;GZ|c~sQ04?Hf`g#mh_{AGEfg{-NY)jA!*zB^|Z_N@Z+Pom-9;JTaIn{PzS@u zhswT*`X0LTxkxm8V-fuF`iT)7qNt2&VxMW#MJ5E!Nazt1T|DV|HFp?nmzqC3kk#ACJLl;4I%?$jgl~XPHl?6ml`kbirwf_7W zQSmG0y~Z(JIaEO8{K9YwUBp)AlKx|6N724A?+xP}`NrDg(;LA*N|q+v^tEx=J1VE{ zm)`FnRKLm4*8NCjE??%#&*Nq&6IcJC$aApnsA&F{54A2#MEYC;$IXc(f*sV~OYG{2 zo8GQlSV|C&+_lxheSJmQBTe;LBBQX@X?|Cz#@AOfzaMsohI~^o9$SRswpwrJ4BxWz z;n!lYQfDw7xM#^mT4__6#qavKoluQ;O)lf3x^dk@AkKgj9df8sOxa!V=$GPAMl?NsO6Yul*CF!lswETOck7>P26ABaq;2y?xv#zcn-qB zKv!F3?M;qaT020_!?Q$Oe*TbEBZl5&a3lVFs?5Vrk_=p3F{l1+*v?T0b+-u*1iy48 zm7Ojge5C#icMd!dO)xxM5rk!xf5xL{Y5Ty`x;yXv@qxO&_EhMD!?MjBskm&l@%59) Rfa8-ql7Avs^x#?Ge*wWJ%9a2C literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png new file mode 100644 index 0000000000000000000000000000000000000000..3a47dcf6d85e10ee78eca3497f3d53890606c2f1 GIT binary patch literal 36313 zcmb5VcUV*3);|~eD8gK@7#Ir^UTa2aB|w(>#V)^s-N}wg^nuY#akBv005)9+H*Ys z;LLdd;B?1%I@*;7JvObh!zm9v)u({czT2y`le2b8+DZUGMHIuKFpmfUT`?Pu+eyJq&f#Ts(^W&U#OE-*t{Y~`yun( zx|fH>D&R8votrH;X+MHFin6nxrO$?)IynKH{8wZ)aXLZcR zE#{yOGpfxSD(jpfnXn0eYaNj@Oh3<0&Ag}BMSB0p;txJ zG53PNE@N`u#_F4*3UD4tThp>-$j8A@MmF5W0jwS-JGB76<$2NDm?doIJWt2YGUaR_OmBkK9^H7baBlPHP1O@HK)9Mt+CB|?Ags|Q~iV=^Koz? zd$G1iThD-}=0U8y1164BNeWZQ-#PcfufYP|hvmmq3UW8>i^gLh>vzd3gJcU|`=1?g z`F2m|NQJL!H6|kM$tu>s9W9+VI{LXQJLN$&BNtA-f#()avDA|n$!9(g4_8(TbEZN! zC^+*t3UZ%$s~vh6b2y*)Rnmo&N$e`nCxx6Hbsbg#!#Z1Em7$_UBPJ(5c{B;jcQAYmuTJue{*=LP~=kk{1+P}AMMXF!>TdwzM6#&@LH({ zE*dav4vM=`+G@ee<=<{3*yLJ=87$j)H{8hJ(Ke^~{WJ7Y<*5 z^8lxoBNyymxCBixlP`=DYjZt(ht}ioSBcn#wU;95a9Y@lQ#CZM2DAp9l?OLeBD!zi zkt5YR>>RH+NRzVj7jiTw>W{-k0*#tq1^mjRZ{B*%ekWkw5!dHRcQ?zU?9u|L4JnYI z-HmcLem?=~NH-k-yh58O7G2KR zd0hnoU7(v*I;6EJ1)vlfyqUGI*=pTOnfE~yRsdSk8P)0mV`fcqLLQc(E5ilzP1hrJ7c_qJVd7SmQcpcY=u5HrfoV~wPnHBntiJq~z&v}hjLDb;L=2Fkw+4W8>ZuwE=;p4hQ) z7+zXU{&;Ze>B6lKlf{?fVw_jUAL{SILstUy`3$_eH_;)UQ41js7gVSH^EE^tIp*O# z7);ZL8_oHwpS!~+XTEq+#Lgqo=Ju`1h-Qjj_<{-?B=z%_4Sye(&2HOMrM#)2n{n?A zS+m8pCpc-mRSN~4HMx7`tNeyNdJB83q;F7{aSkt^2J5RvUG-bg9O5x=?|2wu%|KZB7KZ21_ zagAyxDo#6Y^-`;fD_tgAhzUG$-;wuX<*)HGv>W2dgk5JdM>?A32LQao!r(Vg9v?gU zx4t|3&vm)eCut9XUIhW;+*pv^NT9Y@J{|zE4)nU&XZp{xu7pQ+sriL93`@fCl~%K(-yUp!DRb+!+blr&@$S+u^{`| z6Z!m)k@#=lT2^zabuDMd(^E|~3BqSHtUVF%Rdi^OJ2t=UWI7eGj-cR-7A5C5bQ+G8 zwKsA;Zd?~==sKY~q5Jjphu6usZ%1!@@$5^WKZXU$G zJ}Uvpd&xxzs=gz-bmqMco6)Kd`J53an+W}Bi39=f-lW5sOUlH!)Q+B4Nu2ZWlT~vk zd*s}C)FPfyCOk3Z51c)5xJ_?J@y>GO)}D6icw57^Xaz0}vObL+bI}UeVg8j3{U1qgJ`!v31u+qKCdFgd%(Q;EB~MdD?{ddrRzn}6d)dx9xz$Do z&ZMHLrC+VV544uMeglEkT@k;%4hmp#F=akUX2Kt#G^4GmDiGQc(RHr{W9Je`C0K-3+36p8I#&9 z&a1CETfHCf>xRXx@IWZVG`aroy=3^nqLE$q<}o6}PRfe%7$!JIRm z?9y1wXb3WOFe-lqs@?F%s2wBC-vxn<2{hq+^n+@Dm%#Yvp%^@Ons1HckXSrucs zwIn`q3Q(dH45%)00Y0cYz83>6xNus}bJzQ`_ozDJH*j_0W9IebortXr7ytgb$5Na> zo11@;l$cTby11A&=Wci)McpW2StF4lXkDfT6;04%F@mOn2NvBubW<`_!HKC`wLBzj zlyl=3utCzKQSw41%fYomz_Yhu_YOb z@b^V|nwDiheKw=l3t3(1sP3KT<~@^Ic?eI$D&Q@ReWzkYMbmOC*wA4!XGHHsJ6^bW zuL_FiEBji2<>LRrF^Io&D1WN4vBJ@c0=gZzI@Q{H6-h;v%*b%msXlTi&xJpfkwc! z4|c26)u#}q!N$G@?f_#KoWv_GfTGD=ML=y4)OSdMK4;S-?=S0M(R|+fC+VcQ5$JxN z!}%2V>1(UqTQP~z(K~iVyvmhz-}(Id*duSHMW-L!#G5#dwb(H!#7v7XeS%cBlTVodG;aJAXOYdol8l zFjSNBi{Ei^%D=XGW<&Syujl#+Gda`-mB5cA7mwv4^H&O$F8yER4Cu@dgVgFN+!?@F zI_=$Bue?jhRpon7N=e*TnW(NqT!k>1yXm{OWMb> zl#mb$`G5ljr2gHlpfUP6i=_SH%h{;p+J+mWV68@ap?9pALydN9G!Db?G!DTh9D2{9 zrj*nE(#1>uo>b0q09gtjcFib|uLrL7x^FZeP{6n?+FDP~-KVHhKUPBCWQjmdxf|*% z1W{gZS8L>f&vV4KSz3u__H|1Jv;~n$m73)Cdb`CQ&9*mOAHDXxJJRuIBx5BJDL{!T zVjr6IpAos&SJ~?|hUYta14FzF)K>l|NGZKQItBQ_`F{+kg|oBH0fk~SS_%@TA4`tp zlz)(~leUHX%p(JKbsdNR2T!YDNK?Bz8;`EHyl1$zETZb;O36#B?FCAI z?4XOh#jVeSw_df?C{2Tf zPT!mM4TCS*nS|FF?!_|qTS@2;+_xH_oa0C`s`v#qT}cfFQ^3mc&f`{5}sfhU%TTEnMk zm=>3=5dE=6!U*$fEvBu8`ya;$oFQ@Qse^LDHYmm;8!au^hHyR!H5IY%w1Wq*A|Ds8 zuxYKwR?)&A%h7BmwlC>M_q8>mP{hx|MRq))5>XjFv;vK%i%Y~GddoT+LsY;oylds7TbN8ft7tJ9EI*aiLFOjY2l zAvW3BE8Fkba+OW|R6DwS zO!-0g&zEMN6Y%a@wo`Rr(U&o~t|7ge6DrR{CN~(KMKl=|>wrMi2i>aJCyb*EjFP?R7}(m$?%8On=0jPDLL(BAwBS`k1k)uRja zVdS-UP2Vi9K=KXf-*N$dFnczub6MZlao*(DaZwzzM*WaTxq~TaG?)CYd~7qa)N_4> zd7+?#D?UH{Jo>TNVNRDnrEGU>HIz#JVvuX69LWWA4nGC>)i;#&HEyp{L%6A4(vC7n z53-iA@pVvwtA;qTRB~J=#uuPJs97h^oHma|zWBb{e8=SlUCw1eizL#wgnX}_Rlg7( zynyVzt>W-WwYqO36Mz2g@ietuU+r_JyIT>kewJV7N8HASbHhsO_TsYHFe1{k+0?hi z&%K2Va#!;CZe|lEK^*2&ULN*pT5Dw>Ky=gP92&Jx0fN(tNTYWE*jEqBl=egaGIvqJ z$~>%6tpW~1w`%K-3Y&IvMdDeTH$Muq(%fqsf*<4QU@yNBF^M4722vT4m+KgZi^XnG zN)JD)(;pwnZat1wIPk$mAHPHI;DS{1v<^hf_kmlpxyRi7L4Q)TnFCh2u42SSb;fp* ziC+Si{NK_f1bBM(ykhFb)-%yiQr2>pV?XtRG;+IRaWavbMNok3^kY_TkSP00te`2mEc+ZFu}oD(UpV zQo4ehM*0(P)AWF~968dEo8Q4|tovjRONVZ!dh7^IcKX7rt`^$OJBx4MUgRLpMlEz^ zcTCchg(58#W&cc9o>~nIbv+zPIqW=3-=XE|dblqj?R=UJ@rf+J!gJeyEspVaq`X(_ zS!RBx%?wW?c@x(oG9ZFf1Hyr94J&FY5|ZO_KjOpzpM0nZ0TXaDnRrGtP1;Zuog+nTi$$&t&=dqVznC|e@V+aIVq zx|?5Ousx64R+&D=R6tqQCM)~#tFAJ;4%w1=9T-HQiRE!R-^pCac)jawR-o=&AoH_a z4p>Z8U2Jgy-aWQH9m=f=OW=>xA!5mDxrQR(aL(hl2o{h{Y4 zK90-rrhs4PSvpmyrzveNzuTqD*n(^aD+IW1PKX99R;~BV^ZJ>_5NrXsLCp8sUZmS%~uhfHFl&N9A`>r@AreQus z$-c%~EQ?Wo^1n$hG}PUp8php)5o>!BFx>LebwYVRGOG{5TV>#*zxP_Z>!EF1>lPFK zHe=*UCl4NTx`U0ZChcy0L(|3XIhB4(>7`*vI;2THmkKYF+iCA+lq}4(4h3#8@ z=BDH>7;K05I_pt+$YEA)=nHNaa2+q!WK88*MqeT# zNJ!m9!uaN%A@8t+QVA~jx9IxL7R3>oeJD35dJp#g7DcN0NDz4n%W>-TK&k16a___X z9}t-otw$E-+TSh0wJm1Q7ks8#CsH~Sk%u+{3gvTU^5^we=z+dZgEm*@ot@HpxIV=n z?H2@6=N~^jllus&XiJZRK0p0cQ~}N5X;7&v#w8`Kj_O5CCtv7tWDUs`NZx9z;MOc4 z-K0hD?m?S??HsRg8Jj1~k-samL1nFn_MnIO(MH^YZhr&mEXYSCJU1&S_jA^c^6}f@ zxJpKp@@mTG#Khg8q{DQD#~CV9gS9`6X((?%`gSgnLy$$Bm1% z=N%D5&0z={X<$~}C%tV1y8tw?YaHFtQ|2b)D`V3!0bwQFK?yGkx$1a1H0*tKkK2XbLFHPsJ$ zYd=6Gc`tkG)`!ii_)UfOJ@Zo3x!FGuT%rmPSeVtfMD@UvygDn*((JNvvBvmjKn*g-(LPpi>x}Xo($vV#ZCyG+m=Jb2} zVAr`1eqMG=;^Pc)Fv*q>?NZctvhDGFVza5&?i~nSX3afTv5sSVlQhw$Yg+7}u4FDR zpEyy62CcLi_UPIT6~XTBoCQ0oHGJKS+1C)%bIFoW@Qvj!qJsnG(>!c-E#}Y4|57I= z5A13p_a5NASiFX&r|G7Ts}Fu}r8Yv@j{|B=W2X~GCcfcdwuUb9seiGfKOsEGP8X*>&56Hd`d*y93Q!hpqUMeIB&X48=1Xs z#c2+|m%E)h>&(%;37@&F5MK^D=rRo6tm3~(x|RvuzwlCGt7H)a*Tp@G8!q`cG~f; zj3%Jqv}uA5rc?&NQXIIw7;S{J`-uWy%p@&xVJdnP&zj}2ABKrdId{A_uZ&C_KGKkA(u74KkVAU4Qd z5hh)SJ#G4Ni9|yDQHWZQMVaHHS0f@)vUhm>fnA2Iq)uxpe6E_#WC ztV1TOZ^vg(n>}3b6Z|zrA%Z&983c5`dK4l3&#>#K_e3YtXdx-s6&Vfh=s& zA|>v1-d;`%oUdC?C86JcgvuVjlQ#70Edth7qAV+2_OGn&|2-(>Z=ZXyppC{niwL@} z!xEuGpnr78eTql+Bn}W|By7q?KhI}mVuDw!A7P+JXBv)t!WNV5e%vJ@Y>fH>M#L6> zt7FEbaAW#1p>%+Qxwim+KIBDqugvyaS>X+JSE$-4_{5qXXnCskad}d|Mo|z0sSXt| zWQ!JFm@L0B3Y9m8_u|K(YoCQv8A%n{!ff;WSq@OEe`J`jxDO! zgjEg@Lx~dXGh z=;Gz-V}qR#9?S~ok^!@Qrc2EWOVDm+IUi^DlF{nJltaE+tW0XYBw?Y$2Y-5 zJ+6#XwVKh7kB=TMMooJ)Pi}26EWC+T*h)9(8uB;i#f%~}6b_mVx;nIEo&;o0O1ftr zt`ey~Kq~#0KGsRr#%EJl8 zk+3SWoBEZEEZUYnGh5Fz+EV>7M37&8%<7-0`K?XL9|R)dSA63g zQORU6lIWtQ8J{@x-2=&V&lGMj)i{X!{=S%~<7r0z3I#>09l&uFZ2WG2z@L=Ev9HG> zeqEYSQ?o4=kr*h+s&S!18`6ags_63ntbRO^13RCG-04^_KQ5X=|Lw7x5Dn?i=v3b` zs^;dn*DsENk&49v3i%IqdWG0_-aX>-n_I4}nkG0d1$Di6<9p}lY`<<54oNuj0|Ya^ zo24nDFK(FogZXGu1MvLrdsYG6>?$f^Cn}tCkX8xZE60_mCx8Edbzf~W%A>qh-D6Ib z=4KvUNljRcH{Pq#h^-8wJlWf7laL8l?G@)QP*4m__g(uid9=LO*|Ds^4@){`C+}za zFLuS+brO68QODw|^ByoMKUh3JOu+`7qRzo5|12^MlJFUjE|j1CS1@%Xoh<10hpqpy zQGdKx`nH_kZgPL3oibWX+f3-z?XgC;`a9gdr)@$bn!Fvp4;QI6O5ILC;3VbN~n1!HwdxwCFvHP<|ig4a*#t_Vq#_LM)lKzGxZ>C{@ zfv5k<41hjVzpoG^3vb)C$Zx(C46>GoysVN(S$MFINH_8DvVg9UE+eP24X%z13vO`! zI(mOU)~Z5`tKtB_=u5?$aX%vlG#>uJPQP`LpRm8RUn7MoBOzZN;KukV)06xz<9mE$ z(g$+ZYRGnfRh?AeNLBjcJIk>SOuifsU(k+(C?_FiNUY(0Z0LdS;gznB+xRADI5Z_6 z6r>h5Ns{%J2HvJHwJ(+U-m}*m&s5_eee&KBR&6or>)iR`-t8k(G+Aqic!fRyn>Bp< z@;8TMZ{|sP5XQ2`sxYs_8^2ug2Fdy-VBr?c0nWCS)>)D{3lb$jrW6Y5H+pgksbvrT z7+A|?ZX~3Ykzw>E9i3M=IhK1K1*e_l$%vdr7aDgx7o4DnGa8#SO4p~jTWT)MMwRbu zBwiQ<-sW?0Rfe<6ht4$ed#O3+V7)9)>M()#KEZAr4&XyYvRHXLI;un$MXp&-$a`81 zh-U?`X8%3_jHkK%VcS*seX_IGJuXOcufjdk;2RM}ac%&MB!`AD4#vAhB6@t9!GX>j5^QFFtO+iF=v7ei0%cCl6ljd-SeO0P~%M zxLot2Q$j2ER5HgG19|OrI*;V9#DRL_d?OfmuwqaCQ(<$S;;G|FP^qT zb`E|jMr;Xgvzz`kyP4O5Ky&p0@3ucqLz+n!M$6nzpc?yt${O>1$#AhWep44AP$kf8 z@8^vGPNuz7l6HT?-jkJk?L=vs;FLk%-qx`euY7$WEtIrSYB115i!F>Vx~Tr#R&mk3 z$>lRi_!)A|FXLmn!Y-Mw0kRL&`aD1AHDm;}Mrisgf0@m0#;l#O&Y22Gr>@(fwqeHs z{;!~7F{PTLM&s@F@+VGpt!~YFGS0C%w1OBc|L{sfkR362;cIy4A4>)I+IuoTctocX zG8r3;ZB*NrwsC~=4t z*zOs7%qthEg1hVj`O}i^8=}ko-^5?WDlpSrU4O=@xk-nB0ZxFE=;;q$7=84{N}_ro z#D_`PyR8-@;7|WtO z;2=0-5cz+JI@VLo-->NImKbUU(CupZ%Tv)-Hg#QR&!}T>Fs8pN#Su`=SEAn|l*}d| zllFxVUl@L-ufA}z%BqZ@v9Dz__@zIzxel@iKk;jsUZuC63I=}zSWexW z%5utjc%_!#zk>S9$u;7;wvsuaVA^cFED+vySn<~NTD?Be)b>`ZbnobLdQYdTi|b3M z>-%>D%w{goV$`_F&o`dWdOF4XIws*L8*3pGB(jBIjKW@%@8(E#j`B_=`l4%Ji{ElA z!+Ezh!j+1bu$2_{E+Tt5HnhQz=8rYtGJ*-NxMtNJ>}>Oszv z3fK(bS0t^@WPzVOW$@|U@N&ykv~az)6kz@KeSv2~uaBvZILjn{jXOol z!khFfcWYm`tRS(E@xD2BVfx8-|H)exnlr*Gv_u&|lIFEPz{O)FR9E)8@)wB1n^eCocGb=aKb`SZIR;A-RIDP@OZQ4S6?860lb7>xf zhEnx;B-vedSy?KfQ2-=CIiiCzATqO>bf@;|63r7#Yb7Vld11&kuBqzmt#tEZg9PV( zV%PYDght}YH?@7V|Mm9t*D}Q8BuT2t)^I9ch?oEj_Wd|T_L@;t8XIl+CtyiwMc1kD z=9e+yZP|YzJ58JXTf=36LP@;BP4?rQEiRQgmB_yi}d=Je9(IIZ>F!-OUUrAooQoav`dO8mNOE!7xE94 z5lG(SC|P%B{njf%SaALw=VoXeE~p0O680t`EgmsI{%IK+|=_BYA6e>mEPy*pfgYCOJS{2A`` z)g8-%Xr5!KiWa-*)wCl8e29^1dc%1nV|SItlq;m>k>V%MyO2f7qMZT@!HR2gSZ!w{ z-y5#3UZ+THzd{C+U25gpE}*xMIFsx!1}9`y_hlO7A;Dn5zKg3@r2g@ z19tfzoBTgvNTXQ*%a>s?GCABaG*D$un1hkLXv3Nc-iTJIQ(3|>dCy7GR(1w2ZGYYs zVab&+G7)pgyn_jRmREqgSOLiLFiaRpu&&2M)aBBJrav%oOQmhM^6O4Itl85+0%|Xr zJU+0~7_xUvWw|5R*X0?cxErQg4^B)fr@SQhw9dWAG11FYP>1j!bn|RZ5>=vu*?4E) ziYA3L8?VZavV4BXO<=B>&G2G;B6A)iqrET1{|JG$z4^bg?L= z-fVFx_4XF#LG1}{PS%X!%-PZ4;jk4`WU&yV=4GxVm3K6JP{1B{^y5)ALYliDU)3Y| zgiHn<8bYzj(kHLLERoA*?J=L|e4~t4XGYI{sV)tISo%2KtV|<%OM?cX35|vbYgTBY z(nTdOTPivJE%A0sLc0#!3I%-*_>q}ACosr6xSWD%2=+&RP-`-x`C`I1~+!LgN zH;4z%yYVNPxXL)YuW?}1LpA7FP+5x9J@8b~wrHd2_dyk5;h&9W`o~n~dmtojpv#y8 zVU@i1GGZ^kaYTr8hREJ?j^#Wz`UeWDKa9~@m@0m``*zY*T3!R^bb(ap@S2HrY9>qq z?!12f0I`xRPJ>U1Oi1X)65u1n2f6Y3ZZGasPM18Wl{bNy%)LW|_a0o5sw#%GdV!Z@ zOdP6etzt)5yw#m|WUHqaC(yP~Ni3mppy!|(TU+y9yMZp#!}k@ut@KHne~w9BQ6n+# zjkPq6SDK?%wGX_pq+VnYZ>OSHAmJ$&wmn6PmcoZoe_#%7}=9k||j@m5bA zSEgUk9;}AfRFuFYgvgh`cZH^wl#|7vqdOVK?G@E5kyqtyhlgV1|RA#F=u~UID9GYp9v-gC4axtwYpCODe|W&sSQ1(o*R|7dlr6H zZ|ya&$kfBo7EkObkf5dV!fa4HE5xtH@^T-0na2cNmR3e=Icu*{L-qoUg5;bGp#U#E*((yvU-_*5Br zJ#!@d-Yba5Iw3VTg5SPEc;yL=Y6PfOeEbLH=K&|wV%PC~)#Y!#A5J{)ig>H)zh2St zpqWKoJs+&*@Ky*0Gpyp0=8(i0Q2V}I>&bsCI)%`=*1B5xW`J!?+u-_Q%C%CFYYDR| z51;41j$p{7I$z^V9_#M-7vu1c%=a{%#_c%@ zN9MPBc76w%+`TUa+c^{SO3K8!J|a56W?5>Up#>hgzVAKOvrsv&HwtS4F+|J3%wOX^ z^ebwBG-yyYRvfU4s7&p5>-M&tP_2N3m%ZLr9<7juW$sX$`-rvC^~8q>MaO<>rctRt zivLoAM{Ls^4q9^@4 zHcPTWuel6kr#mTQJT(&n>gxCkbs9X=si#njDS@c-I_18G`QiHD)~Di~(UmW;PY{)+ zy;49u{P)bD>u>QA$oc{;1R=S7^P8bBpVdi}1V0RtHm%u+xzwKo9^6phT}dkynLyYn z+7j5bW4TNZuPtCp^+WGv586DFsI8c8uG{%$p-yMpCKfU~)s9}X-3Ob-etg>CKfiWZ zEXb;2GsbmMdxA*_sWNU>LgIHZpt*tZ!v7`wdE&m-gz6@g0QJ-FP?a8O8<+4p#IG%ox@080;QTDKGK*jh)Oj?d3OaH zrs`_?e!VW)E?+M*6fRibM7ZK)(}1Gu&XzYX_4lP-jhT-18)rZ6F|HY@i{4XMl{K&e zy@p#u-v+*3m)|0mEOh|6{}OakIuJxJq=-a|9+O(L?~|=it0b;eS4dXQYK8l# zkR~;24&UpQOV4+}ee39^D(ohw_h?t8bDEvBdw%)kCqa?^?!&hMlp1`Tk*Xfohm#5d zQJ(SYWUZhl{gg0fEsy&19w-J<1IweHS%wEF8{EXfX1&!k#s|~%J*WcMT&f-T`}~s6 z_#l~ZR8SuZG6wytgc3U{hO7&!E2{2yOCV@rRY?lK2Vjm=GFx{!4za(>7u0ceH*mr` zFOajcm>=b?{*F)vStIn*;=jhzd5q!c>Dc-de38DvaHo$mH$~{d5$8vmu<`>{o;qw> zlbfwUk_6(Pu<0tDaSX>K+0Cu=J_`dMVBmaa^*zz@Q7s8Q97A1c^+7)3R0XwZW3Q;| z{N-D73Y~wM*$1=^<}o^~BCG9NOUn;Q9bnX_DFMNfD|JRYl5IzjFPFR+aP$;a(b*`o z!Vi^231Dm7D|4qb&dGL)KmTyF} zs>ehGEF1Hp?5w$A*>3{r@I=(~QOGrB-EPyt!@k{(XlIO}xtwX-hWtTj3<;t3^Z16N z?A1E}!XL9w_*)AQACc7jh_)+iK0^H1_8fm*S8*%uw~KuEIK-JbXVJ@|z!;9`#+$jr zB0(?RN(dL|*b{AVD{|!SMt_pM)z5bnuSSTqD1=8a&PHBh4EtL}mmSOBlL}mN@bbvE z*$7-=7vSo;mV>-|A&kVbTPbh6|Lj?};T>mW6KhMW zar5Hpiz~rPcI4)gJxYw5kvS}E*smW#$@RB>{$Jf!AP9X`7NON5k^Lb&Tj(#@=8WpJ-U#^k<{F9Npv`H?2;E#-%DH>~ySL5f zMJ&NM#!~*>LLy@>*h&)4%$n0*(!taCU~iglq$EY2s?XVZbK@O%P6QT*n;#+?HvQN{NRZWG z(RtLR5ktueg^12Ad331{-zC?V!Rar*KSdg$BW(;7N{+7l4Xl~%f4l9Klw%-B|KCF5 z|8T1-gcM=63Zwm@2LLDGAphWm|AjKqAoam%+PXw|_U&DJwTi7d1AzSn+9Td7H2>Ki zGD{t4{(kY-o8KiC`+5vuUZSKXu^^B2ilgb{99vnBZ zdZU6CSSr!Vi;dmO54jTFay4INa`ArV`*JBSlp>?Mh#uicwkz`F<;$RX&=*gNxOCPT zvRlEG=r3xSGtQb)f|{?R+FkBalE^a5GhL#(jpOUo^MGGBXlRz|3IugZ6o2n*;5tPS zn#fTqw*~T(x{O71=y1i{CB)?H8I8CBb;)LFO%SB0|&Hx z`7Z}P`Re~*(fuXdR@?=7TQcInSxQ%(YwIoY`#+U^Ii}_uUCmok(s@mVe#&_}Zd>FF z0wqFS=x^+$PqwDnlU2FS$G(cBT-hWQ2DoYwUp*?*&MTfvVo=l?s6d;i!DNsXKF9*p z&W~}<>z;wPID~nfT<$xV(*g~#n$1g3&Gw8KWa_#+Rvnp?K_mP*WRX_ z-@Ps%L<>96*`qXWlfQ2f+DIesm$q}?Kc7B(4X)_KNf9^m2Zt&MiTYl&>pwKxZV+eO z9r9y;RrI6W%uUkQoBn#1?rRAp)j7f-X31d5U((n$3O*WW2Mb9qN3=|;lsM4vY=WMT zPfr-4n@z58bUqS%qpNN08=JTniu3uGfbp~8T8$iqU;x}6Z`7dp6(9%1{Iw~`<~ zdnq@*TkQ1bwI1BRipH2yBN=n_ZWu+t!FZvFwo-M_t$-GZFJSIB?ER1r&Ps4F&J6Qu z&>2(9TqWu4Au9XgV&vJBp%*?m?QU$VWw=1bvM1FMIN${$L?8|7GKdi zAs}fXQ*^Nhhxzi#31t6VWQKgoZpy?>bu9Zv{_ns{7V()mr_%t7Wg}TyTh5Xv7F;(z zI&ot}E8DkM{7aG0wGq#>kLRS!QVda=ErM5Ag}BYktS5y<9LZne+w%<)Tqb6nsS@20 z8ph!$4ES%?4db$&72gO4npKyzk`G&=>W7; z!REd={eR9(TSRp-Bq*v4r5dIiY``VDeahh5dhK`i#p1e-bcQmBtYUEJ!t+JpEmb=j!L@6IUG?9l*imG6GiZ zA=kcGiC5AREx|$=xwH z_oaMt`#n5y<)&!vlh35nk_P*JyfnI3KMx(zm;uq45vdZr!>4eW;9-~SjBTSOqO}CpHC@#>Ip6ISLVl3-=RZYUPygp-MN6nluk@YOr0}_X4+34_@K6vp+Aa>H zbv!+cDg~;mZf@^h;?PRj_%LtK{P<@(PJX}U3wbT~1-e>A@BYoQN#b9>QJCcXHl`3R zmHxDAo}jOL^>Z}|Tdi)HaB09cP`+x;2suf@mdWB>WY3~Ic@eo5xs&PzJeFy|m*OXz zYztu)VTlx1Uc6NX>f5k9zLc}VI$EDb18Yi-&{i4RTmuJ6CNw=eudx87AV;e zz&{ok+gl{S4@XR_ymTo}!^Y;-I>O}sL`|>mPe`fJ;mHmGtbrp3-#A#egq5Zs)M$|sDcO#yG*647Ot!>fahWsl@_|>k*Pfg}yBnrkc1)z-e|kH_ zGg(rjTA%ppGLf}=bv;L9`Hq1Yu z(J?US-7w-BmY?r>2RIGsx`Npncm_*&Cdug^e%OqIT25gUO!5ZP;my8N+S0^2|6hG3 z(<)Q>T{ca}@$=V-y(M*ja7C`Tb7xvy(Lt9+uVCqNVU52byaa#RT27;_y@E&xWme9xTRF%N?O7(eX>DYkilg`Gj z{x>2S@=bGyy|J(_;HHT;6G48<;hHVaF-iT1r{-mGxC?yUFd<=h_P+Ud>QsOHGOfE8 zef*e1O4^(nmuh>}oPnC~{^fB$3fIlVEP?s- zJ&iCKse2B?RX= z+p1&1P#kouAtmI8$lNd2Hb8X6*$1p!UHwh(5>wRbps=_QUt2;7E>^e(yOHxE;E9?- z8>6^F$qxgaOhL@kMZbVBc2^9iF}OP@GAf+*d{JMuyP5HqfS{xGel$J^pSphSI;fT? zG-$Cv+Io*KtE9a|y#ngXHKweMWc;v)uf35X^lJx7+<)Bi%R?j(`pk=oH{#!venSv@ zeVt7_SO2f}-a8u3zis=Kh9p`diReN?L`(EOM6_rLiO!JdJ)@5r5~4*XI?R=** zVK7P|~O z)8K>)mvrw5o)U!#U^v`RYk4r}-pFZ3CB^bcVp9OJ?FXD^Wr?+heoa^H>mxhWm?;uY zy1i7z@`}O6-EY;n$`;rsf2z3UHgZ~l>BeNjGo)XYMeUC%EYi$@Qump(xE2J~uMdBi zPYIm*wd~UJLN^g9yfelX74CH0%pP`*Vj2_r#WMGPi^lERG^8ggSG|`DYEYg*uj|Js z1Okb8b2qJ>t-Q(A*=cV3^UL$pAV#!j%+5=VS+ zoiLy)b)KEcC@E;0gI@Z1Ptl*q?m?NyI=J%+^V5=ez7rBLw6JO~wLMq!*%eA;Nwa+^ z`G>T7f{l}#3x1E*eLh>~oDW^O%?(Yr?`stM_SkQCf~zPmjpoi1%99~-A^815uCjBP zJ|$HfmY`BHdJX1S5jgQslKv&5jtUTE?{i&!w25SaiVJ;doPj;<^xicr)8Y=wXQc;k z@Ay^U^@+&Dq<0=Mh=4=m+dW^YzbVcD#^liio$FdelgQ@&lcEDllzre(ie_1k3@uR&g%n4n+Z;05ggdal zUTkT7J<$m6R?lE!DgHmKRxPq33AjNG&}tCfrnM*9d4iic-n}aW;4M<59Gm+^VI81$%W`jM@Gg z4sfN6z1BQ$=jMzPEI9-o(9>YwujCYS3!uj&lbEEZlp(Motqn21Ugs|5z`%_2sZj46 z5o=%I-a|d;)=GQTBu(Fwc=~q;wF6N0!r%hEqOIiB%)KlZ_3j82VDKe>l-B(4pYkr< z8vX!qP`nz5qzt(zC3E&vvE)DlBPhn#`)@VMT5UPz@ULFUUoXG*L>uYP`NI~p;NA-x zqS2;1wP`J;Iu6)u!RLdh#dv;HmtQWX`It@tu; z`QhPV!>@Gk7n2VSYOQd)X_^dS?d+pO+K6DUQWZqi@Grw6wI* zzy&d88t_Uxk=X};SaXX7R#>w85Fg{#8sa9UIp(nzot4ED3o>gb!y0j{ zCEo6^!pB8&0eafzl^hIi|J2>8&u(Lw%PhC*CX1D5rDB7P z@?v#;U*&f}-*NP3A4U4^gXa_@eb71UWn7FBM^`+THx==P904xfWFYIUiL)Xpw<8n3 z=9#ycB)4)CS4|MM0-fXQ*1F!QkQ1-9i5nrF{5-N}M_6~QlBUnHNF*UDSQ5NOns*Ci z!AiF}Q4TD=qd#DtYNIq)lAlGyb1n@9xm{2cO1XXqAivqV?yG;sv0bP*E$C*O_;Xuh z60fKE{lN6<7Dz;rNo{$!; zNB#SgW*3+t5ioJEpmTnxwS3(;!WeUxdG(+>ZPf-an5Oxmt+BAc9lCR9R^vSDHnhKJ z?wuOQJxh6hcZddA1omk*Jow>IzY*ZzIdpAd6r+RP-0mhEx*ZIa@gL5=#pHfvl&}D2 z3yLCpD3m&Vn06&NeDXg2*L3hGjS)4XG_DlL-(WXLmshdgaC*wgyrD}&*Ryhk$SQj9 z4$C)%lW^gm5fi?H1$aH8^H}v-m04SkE9WyNr?Uc!o+}y>Qve;9``&8%DS$J(mRjXH3 z%Qf*8l)&u1=4ar*jmk{L@n1Q?gS!Q<|2+pL409cGgzhb#F3)|tL$arEHubO=QFyzn zHiAS7`_$?RNyGhB$s@hTgH#VlsRP=ZkQryEY+I}O=?Proe%w}z?pHII%@@A#I&Ams zm~@ja2$WffZ9k}*jVHKhFPLkyl4Avr(*Ceu*xk(}eO*MvnbJTa?|#jZ*|EV@AT_BE zXe)6W-3>p6fhm4qUN`<$=cAIc8Qync{Bzs8@OuWrCA}5)so^f3swd5EYeHThUJ%Cy zoaHo(LR#&^=eQ&gv|zGfMzfCERtxq-#=8a@=(+Ff6N{9u%nHCWkV@9s=CkOkN3JOP zm`POzx>c`F~Ob(H^}su0CBiwv(CqeDkU& z(C}lI%@$u#(BW@!1NRivKzvs%zP+ShE|ne0GIIGPKzrd~>c{T`ZX(x2GY^aBTVqn4 zOh&`I^6-5!X_NAY$o4!baI<4`O&YyO@LME;4 zP<wj*K`9ZWo+YrxrG#(R1ygo4`;a`c z-^#;w9|?LHt=8~;WX$V9v+Q)monE#TX;t_t@uWKw3x5C}xf^ zEE2hqaoWV-0|=^5b}hR)gU@7%eenyc-1F~QGY*(Dq5-288kv!d0i7}fkKu{6f%8UG z+n?)yxe@>F_RJcj9qfvr?D@26_(sHqzBECU6YX(~`3D&Ad+`2z>p zdBAzW{de2>9RrqC9Eb1o(u0-Ax#sm?R?8o3M@p(T=p<6aOO!xeqcIWnSx5hvw_t}9%S zUKBb8dl=^+wV6Z<=e)DUV&rhDS^3T&6_d0qiEe%vSWPMWOWHYXgm8dYqLiK_R#&bsb%C=i_`nL^{zvYa+x z+Z_rKU6Kk>(a)fF3=LjSkm#*{&KsYY^mCSCljGLTmpwhpPQ7H_`qw)(mt>7|xHQd9 z(&@(=d2vpWDb4Gd4B@I(hr?13Id9*)Mvg-bhQ7KPkKv{Cb3r~WlE)MiY$T`UTn`IZ zfC0X{Nf$oNb(lPFULCjP5EV$WU%%A9^BkFBXrlamC5hq!{I>(h}V6> zGatqI7n5gl%z9D$jp*)2_-$_uXP`UJ;roaDdyagGZ8Nni@?AO^$J8w@atjfkZb09& z`CJcj4dv2W_(6K@_LV?>FP`q7c8B`@Uo#P2hr9}DHE6#PAN0iSp)~8ku=DDoFGdc< ziw(Ei77}-O6HyL&L4^eBpnmm(vrAm02+RZiW5nfSvl?Z)Q5V z7}1=elH^t4SdUs*-0EVtv0Fn#+$|UC0esgnmz-x>>pQnET|cree^p^ztilYIXik< z<(wDwE}vpIfvmS#uSy`By@B%UCpiis4*NoLN645?u+mOjqu%HUbEjb9Fu9V&XjtyWN z6~=Lqz*71#xSfZVVD`N0-0qX_6NKavN3~a^Agz!3vzJIzwLF_juYavOHoF{^Sg%Y! zoKwlyrChGtwAGtnOL=Xul*_2{Z0)(Pk5$5A($!vu6>ebsOCKsSyvvIBQa|}*c$TO! z5*7#AxC!Dyi_a#xC8vw_g~jgvn)_%Qa5JX$?>{Xi->dQZwbIX3f<5InYzFX-b-%*F z4>YWpHD@l{xk9Ug?@2#ZgOe)rj_tVM!kf?d2X_#!^9*f=-5%W_jxb55pY+W}4kcbw ztS@n%GoMCcR4UjA&xDbW6PXPo%QYxMI}wX+^#a|P?1iy{uRUPBjBr?ZP9@GtZ9nm0 zc+yG(+A}FNEf=^c8KyWbsj(k4EXp22OQyKuVA3LA=dTA|4G2v8d_h!*zw|4)aaTy} zuqngakm+oT4T7&IL)P84*`d&KteXC)-uPPW zYK%l_f|uis($NBgiBU{wVa>QlNUw9q_=nw|(O%teGBXK3cC+pZK4lRd(Svce2$B92 zhXIabO232Ft%?0+kvifQ;Ummk;Vj2o7^O68*($W&dybDe>ijHi0oj5{djM2$+!0p- zESl}-Y=38#wQQuh;~vo%ozNY2r@429lw$Ek8j=PL%${L}uK2r<$;nBMM6hq6Bmmf} zQVjMb)cS_mQkBpCK@eZES44}yD3kqZ-62G}3VhYyp4FFl`k+&5Yek?p3X`@EIh*e#9*PQ3_Vekx}R8Q`XGILdd7J$G{0;C3`>>x_loa$(sd3ot$z zrS^IUOcF}32t z_|)dm-EY^&^K73IrFi70o_?GvuzCVDg(M4rH()2f_;!#p`5?9?9V7E?>C+_*)LRP= z>!q^Xvh^pPYf0$X^8@Dd?8aHf^#aMj@)me2k-;TEZV@p{_WW2MP5UYDD(RT+Ww+1` zfypi+QwT&eC^%Tn-|1I6%ePZ_EC1d`(pCV?T0(w?hoSUNr#*QZHj|VJN>PDxLTsF$NTbqW=Ur+Bmy{5?No>*z$aZXNzq>B% zj(WPNb>L-2Ot6yPUbP$mkzoqwScXxOpi-tXVS?PP$2}W6sa_r<-@Dal%v}5ukr(=i zfZh0=7OTCG7WTUPe}YY}9ohnhs9lZsYw?@`fJk^Oq2{(|Ad#SnKrf4`swxtR{E{l^ z`Rl8#*15HN^cJDP*x~&ZsrOXIMpWrieSSMbz7?x|$>V1r5NA`9PFFt2IUhLx;>8nb z&%zmvPj>PFRlj3}C6$7rB0g>1+p>pO0Xl3_>Zg`xrX)UpWNv>x-Nmc4SKJaBp3q>{ zogqakk7gxWWm_VzA(%9$?rJH!of0Wg&%h zBOGFS>C$YR1wDaZ_ zm-}{hOJjv|l8tEW8xL0*AV#vn1$TE}7||FyeH{1R?%{v-jFXvv$%6XnxVLi@U`b5D zUrCnUkUh*)X1;%(86N2;bGAX*(L<;^X<kriWU*W}!Z>B)kCw*h z^!Z7~`MI#DN2iK0t7ST^;ZEw0TJViQp8*|)sHW*8fBfC+erGxhmge& zVnLYX5!~~A_YCCox-u0bNFD8Q!|3h{cHpj2-*}8$PnbN2n2f4z#Pe(o*EYW;CMLE! z+6AAxdSbB??C0~7C-f<$_49NRlZeyW^Wi+d{q?i7lX=IpJhhh5o8%NbW?4vp@xs~h zm9gq$OJsNX{IcE^wFV|Bn^#%RkuH3ZO1&a$fcn9t`SlgAKmp<>;J9Zr-{t}Rgc;wv zwYceA0Od$iKEDI~v|$(EOGA1O7+dS`EWf)me)=NtihFD9eS4O0WgV?!w)}WnGE6~k2re;nrw@s#SV%w|JgNwKAN7+B=+It(@D=HH>!x&yBZ)2 zoy$%feznD=>Mbse*g5W~%lGpt{JfWgVpt3|worMuTRc|tRKgx?2b#7#`!C&wTf=D?NCLJ81|3yYQ%;;b*oHdUkC9EDWL-Z# zQWoG5I92_&Uppg^w+=r|1;+GlZ;H}l;&vQ;2o3k~@Q2uEN%FK^K>zIdh>*qeP#?X9 ztv9?PY*n`I-e!=DjsQ|{*sbup)UkWc%cUE*PfB%GmB!Rc)o8dILy`oJTflE zRH+Me*&(~yE;|qNTSsPY6!Im)Ktnb`vAyT^hlZ~)WZm<2i4

%3LMsPsaBi>Cy2Z zVe3yF5|V)~oz+Q!(?E^2Z;9)a%W<_2;t9J<6e#U9$9v~Jb8KYtw8qI&v3EBaqD>W5 z?B3OkQ0dn)8M_uy1u%i_xJqtPvC{Ak!=SpMc}wHWHA!lL?_uTKT)X#%@mtiDlROwP z$sdt+FHPx2#4w7`9D{pL=mb4!NwYsIEWcaeNyPSx*b9$#*8vIw)HPcB9Ol=!-Q=IF zXWa z1i3btU8R=R&vJSa3xMUQ0DK%3BCyk1r&&o%RI88s=+8*GVQdUv-H12) z&u>Xc#a>dgLd&w1jK^ba=g@@Q`%R=mvBEeSiE+jJ{JCtc^R~tyPKL5>V24So7s;OI zli4Q5Z#;Iha@Ay?l?|MDB>%)QSX7viNe!*6BMo`z^PzM+0*Ny+ALp@zQ(Oxq=v47O zbC~#1D#$BpQxK-cMo_D=+A9I$e{`dHRhqdHjnP-r0OO=Z2Qa{vI3!aVs}U-v0Gi*h zT7WS-aMo2?6t?R2-TIZ8aqf`e=ng(zS&tlSB+Rcg zVi_jaPk=5Pq^)p*x2btC#rv!!3_X#>gJm>C_s(%s(wQ;0}C`gyyI1 z`+mEz?(lE+f@KDqAFZc_?c8uhdpIWA^`{xx;kBlK?dF2n0bakL4pJw5i<+^cuHmpp z{NAP?^`jrf05mF1b%j(}T@X-wt}eg;rJmc5w7V>eTCfgtv?ii^7w{4H2hm-6K08CO zFJL+{9!bhwcKF>hmJWmb*b;i$d4I$%$DwDeG@O)b7+~C6fq+f)(H-5f_d3R=x^xzI z=kJ>K2c@q2^52n6!n&zJT5Du!8Na&dX*PJnY*ox8$8z&H3=7`*lybwnqsVrzx_(pD z?**6~Ew}WHnW7ErdUK8x-^P{Td6L_q#VauW?}uVl6Hm+X6`?MM1k-uufl`HNUkT`Z z-uHLf!@1`P4Y~EaFN$DHnx1C_co{Nkx}p217tN1@ zU2h$i%k96C!Pa&6^;O?9_s)^<(69BGZ?Cg;Sr(8RAB3x1;g?vX`}(&zdE%>AsL%U{ zvsHjP2CY$7D$cnZc@tHGj|lk$^b+$v!T6tSWA1&|u&0fpt!gak7>iR~6=@xGE=>pc zVn#~7PNr(KwQWUj5%=klb?vp%Rp#xCL;J_x2!>L9cTQ6}&zBwY z&~SxB@}Ut0t&aG!@)dwPR*!CjN_oH9ORLtPkX~tzpI?=D+|Nxk!V65O{@jvGlJI_P z>R<-&Sl)}aGmWN4otBn`NGAckKD&8BoD{Bwx}OH1_*9tC+0i|S(^kcLIOeqIgh{{k z0orm$Ui151F>coVyFBn<%CYtzOy=qFo<3U*l#;g-23H;y?nZ_X3vCi{l!WUx1Mv8D z;vyFclvT^M*L1J$4lo(&$_?9J7t#dLBR`QJD2e1dfq_f!gxy1dzXYl-w_94vsW6}Y$x)ac*gZkEax6q+TQmp({;?dT^P8q8r{YDE{_8H!ZrY*pNByZaYDpCuKC0)0ToS|bdQK!vRLS(id<#tlWX>+g!JjRX+@ z4&%K#-rDgd4pBJ($BAQO(}Y=)L30saFOC!%+V=EAmjzo|w?Yp_vSFHQMe9d}`|3$V z@^J1DJ@5ph_5Swn%l1i=rz3(%ZM!0!~4<-SR5~e2?X} z9R#bHIFD=lkA`B*LCccL>qd5?Ch+d##5>^@dK$4t!Y(pQjgO|e16BiE5>m|v$t#WC zed%EKGn78tj6|imPb@*Y1U2%PB#CO6FZRW1(r@+po6(hlH3ohuM%x#}K1X4uIuD!3 z7v9{zWTnHrX-T$2TK~{3Z7KeAEYT32W<|$EY-A)J+;(TRA!p9a%|szcVt2)V@3s53 zjo*Q0@y*vW5QpSS^7*NmskY=@^plcskLDcr=?YaUbGO&hxi_^JHe%w4El`-ti#+Ny z!)7*RDG&bc(=@P8m1_sh>fY<`4&C4hX1ZwcLvuN6?8tLVFc;=+n!JZDg|T0Dsxy{t z3&|FVY$9QbtDP*Ddj5%~aq1dm>gOduf&_mOaFucRBFh56rq}gwma9uD)0Si__6kf$ z-%-NoW7M zd(+{w5_opEpUthOIG-S4OQ5EmaFW6rxxg<80+oU>%r-+iqQ+&f8q+COJIT9`jYiGc zaJoxCFIsVD&c-$Ny-c5ev3#5&8llyvX0c)$aSL&E&wuRNIjyZo3W#0i9P2S%3d_W( z(t-tbd8$h$T<|wR6ozv_=mc9wX%@<6sXC>@f7bjBf7GzX7YloUzCV1G6lzK4(~w6$ zq_FvPq3dG_D*f;Vnsm!df8{A~kb~c0?xgyxKJa|lJ-8Hkm4@?Jl4#@?@D3JvjuI5j zo-R>+ke6c{%T>(Cq;>TF9Vw{T5jYJ@bam84)xgIu*2~_l8}bWUqe`s$toHLaUY~{- z>c!$6G^N~fH!F>@3bAnyi}UFtxUm9aN#Z4j4*Iy~%Ezy(2t&`b%R)bhG~O?bHE9<+w!76$f!80;(|w;JVy1$fGQ!tJGK&6;-D95Bw%s2m?rIlyQvw~sJaNv z3o`c*^jLgl^}#{^Ms~mA9>+8Ck$7JnbO3i`c*xQTlj_y=XIp}!q2Zu!K7I$3)h0XF8ii137`baDQP;)A8z@VYEQOM zacWblJUjYrf>m<}bjS4bCoKDrh{(eKTp{uo9%u-QTRkmSYwcyScaaSc7W~E50ew^F zsGp$ok{!$p2S@b>Nz5-4t)bJA(k@oLLf>i3OTXcto#b7j@6AD_By&icaN4I-mXnu3 zfD2Qx2b!9U&-=q;4|2%)ny$AHZmX1}Fl1$_XLqZ*M)ojlXt!846n2Eai1DD2kPA>- zU{ZQ}9-b*NYZlo>*%<{orWO-0UvRg~K8g0CW;x;?=!MF6ebG((Bk-j~^2}MYI`w)g ziK3a_dUo0FR;$HnO(`DJiKH!?gMOP^P6G&HJoJ+A%S1n|hXL*Tvxv^55brrs-<8dy z6o{^S~0LtD%uLx4NNNn356pzp~%6LcEqJH!T%~UvCbvrPg zT-c7Ed=F)L6&2xX@1fXx5=U$%?A@^bw^wj-jas$0mxSEv7>4~-Kz4jHZl_phBdTnw z2~4$glYW=e-0O&{c5TY}J=$g|36_JOH(&4mG^fU5pr0JW31X0NHVFudKXa-F9+68& z0aL7!a(Ra>9irB_m*}X?6<{BRhcEP%{1BMq+j+~xN0a9ISC1a5C6%sC%rL>hxK;U# z=H;(%irVUTvin>|I1s&GQ3rOrTBafofxn28#yv)Naxl5^$zDnRIPCOWVKMZ$VH|lA z{bt9Ot6*681)p{;YGmBTb=fk5&h~rQyBSUfI|_G&SMMHtYy%>*!G$b$}USpT*8BX0qEFI;}}zAPWTL4X2z)X@tY}NP9|HMukZSU z1H#^2^aK3Z6z6cGhQw!zrf~DB$#EYCr{zB@#u9te5|gf>O8Y0=b>7*66$u)t+V!ep zaH^zQlljgvwYZf}$nqZy;K!d(aTxpU@2-WJD4K4>w9^%H4hJolB$z29k0aRk-FJvS z4)S)u!;=q0XJ9w^QQ?dbr{?{vaIwL+vEAp2?$eK3F1e+48I-&2+~wk{BqlPU9}_bQC(1OXV^9nP zSXo3r_W&6i@bT~9s#X86xR1kAtmY=R$1P|lv?wf*=3FZwU;J`}9soqS3bc@ch!z82 z1tf^<<2{i4{)p=f^XVjiTO>qoWeNQ7uwvv3 z_p3%P#l@j!nv^tHNs;33v&!2#dU077zT8Nq()Y-4+Pf(EEohKg0Y}V239_z7BiZ6% zyk(N>@k!2_nnMEg-^4YctZ%aIJA$Jy9#qQ(SG~QcW@t(h??jrU=@Mbg3EzNn1xy5cL2d zT!B^muk>T9g<@X|VDkHrOXJr17%N3i)zq&F>zwm>bwSXhry> z6lnX*t{bG5axI-|a1F*K>h@Z@oJT;EVVi!P5fDVmo&Qm1vg5pDcp+LYqXT#GCnSzp zDg$nt0e~xkfzhdrC6Gnk- z8v9A9B}nv&a+1d#d5N~+PlRHUIrVl0&u?JLb;XVZ;LW|{s$^J|v!h#YwLdPRH1P?z zsTr6(m~7}jQLjU+I_T{Cnm)5%!TZ-q%7?6$pfbxoXrkHo5zK*6yv;JuDm4Lzm(DGx zTK9-Ls+8fZa+;N6r1|K1sI4gbFKS$@tnKAb01JgX5@|B<;3U+ypdUmG6_@O$JlcYhx^-ONQaKPfRgDG{;#5QRN^D3y8;gdcVuJtaaTPFd0(O zF45nj9ieyWC=~M}7aqAE{Xryqwen9B$76w>t_6r;xcCy*{cK?@*hOLT(Ig<> z&fM;&c6=hs08gcR*HxAav!B!eVpiJ!tLKGtSHp;xqYf1XwG%f^HF&fFlfqkcv7!d0O@D`yFxxxj)K(@kPX4R^OWF_q zPnP1BZf3C!au(ZT%9NA4v?a@aKl~o<{F1@AX1#0dx6YfW@fH|&*4 zYq08WQS5t7GPo3xjLM?yb$6Jd7Wi46EDMkMC-q7Eag-~GQJ6w!Q#!-)sG5sg~u>A&# zQnm6<<4md@ja8s?iQ)O?-Q>%%QY)Unz+AZ)fA-uXx>CZ~^z7SLHw~1FdsoQ~zyL=C z+hWBd`>U)(Sf!TZMN1$_ki9o%6PyAX9uL(QBAMcg7}nEnBo<1RfEO18FNDQWdAl^6 zwKsVeX0Q4)FM*$vLKTcUEn!CtPn`H`U%aZ zpDVTg&Sh+AmwXKOWeV67QGw+G&4qz`7z6E@>`on80+X}yrdw|v3jumL9+N#+8JS&rPuX|A3VX$Xp z557+2|KBeb-DUX{F`hOb3_8i8*Ux|h%-w%ATSqR{ie2lw6DBv%52T?LIT$iaj|gxU zO&6giV(4%|3iFP`XV&|!7V+BiP|Q%Mc&V0RFq1R(=xhs!03kQ8O*bck@d2%pB<@}{ zm8?FVs_oUjI|5?`rghny(snAgwnrzKE7yPSJ@+SK34AMN$gOn#2H}G49lZaWq5?20 zGVXQDM0HvA-3w+tlnaxc7ygdpm|c?RgT8*(%ua*_#)SSyfEcs}4u(GBFyiMb1Vm0& zm5!?9N%QfhaQ1pr>{KX)VgvW*Ctaj@*mhlyIPuhU`e;0$25sABLw#1P_6msBmB5%EaI*?{B&yhereu2??6IoSuO7FF+v^Jy42s0oYmQ)zbg5M-n>TxlG}I>+Iuey2G0%( zUK%mJXd6}o&vM*plSP5n9);3Nk?hQhktQm^`!A{Gmj>?{0xTdT4ZfVW5{T%WM~K;v zlw4Q`W%g_WQG@&z=9zPJOc$if)VT3K$=oiH$f>z^o{SgOfEt^<^~j$mo?-?ngC0gp zl-nFRqIrk$u0{rrN2>EnKt5-W1vE4=z73l_MUMf9BWwR-TR|?=#xchbF(#=22UxzU z*2XrNVtI{v*VbR_{BWSC{>tXMK$J%&PM@hEUo(mtU zOBjAn1nM@`;djzuU4`Pu(J)l^L~x@Znj&mcC>H8U@GNQe;EUUb zGo}LI`b*WKI&mS_26cx>TLdf3OdQSS)KR*|3DKz%FYVB`uUc|L^Y7(&${rDf6_za)lG3>{9w~8U57z*}7Yd`5fu}>W>eR(dyf2%J7=-5< zwlrb4HugTu{Jx&ieAwftoxA9w28`Q2eK_ILWeQJ z(RrWo17=UAfMUfO2m$9o&yV+P(0o>0{Ejo?wD(TVVG80fCFo!86v*|E{x0?LNs7nV zs$5?Fd-CD(kM~?U{%Ys4?EWPn&hH|@6B+E8&UuLs}lL&Y0|>q{E*1{T1F5g+FIUpU@x$AJbB)XB46}y zY53D2bZ)o7P9YeIhglubOxP{+T{;Xku!f^pKlnl}6m!7pc3RfycE!REx20 zHjg{tRMtnm?#;2^%Ko{#5=9hX9y{v2f<1N~Y!M*KgY@Vt=5+V0Jd&Fl*#p!i6R&_V z9I$YcVG|EF@0_Fu$u=z!aw$V^GCv+Jc71`m${LgI`ikpc7xf)C+3T^Zp)+5JG!*jQ zx_Dh*Ku5d*jidUoib1H|1Nvct{lg-Zt;gxDw}cSp`mf;}Xo-h%Qq$t&SL&X0DHS-o zG*BEbDWmA4H|I{jcSBvkL1_9fiCIsE-}+L>%<~IzRX0!jI(a@Z4t8pMcQ(SWz0oHD zpKv+M zz)uTZf1x>GZD0)G(;R&{c4~j+o&45U-rgDNdACp)zpij4w>rf8mA3CMHRV)vzqK9) z_!8~#Y==NE*XQcbPeIaBal%c;&4*<_C|>vDXUvyu>-@aCfacTi>%26R-_1`r^7%@W@Yw+S$8u_0V2S4J5(hEt9YlV4| zNoF+v;4*!# z13&e1(Ebs5;7$>iB(DGw*HE`0u^5kDyY`Ih#_(W22Vi6QNpIx$Vg~vSA8|ME=uuA* ziHuqxw7VxIg)vG~9&r#Setac=)8`iNqzof}ZOnVu3QMEBoZ2kly`-?4OT6hhwHTRV zZ4_g2mt+hsT0DPap#GvDWMX>nNp0A{-y<&l zO!)6MQPjtYtOY?FtH8_S+KvpCm1d$jak7~krc&BwMeb2EniQ6ch3c|1T(H> z8D3i5qMmpE0xAbTLlADyHBhKg3?+d?W|-UKb!nD>A?Eaz)#P3h74Fyds@fD^_8_#3z3DF?1?ZEvfdZeGJsM0G`c1{2%mn z?`qN{m&(|I@!uA}evYyGCqGZ^c^b85Riy8vIHvt5hD^oW_n-Wjl&3$DiVN_e5fv*2 zE88l5Ww_qX|1BjY_Uz1ewAwZib;&I+TQRb$P%Hn$oi*g2P-TO}iDy>c=$JotsMKGA~Y+%>pY+*gzp)t+z%#^-`TriYjr)cK zX2W*xua78yZ;?HbxRv{tq6S30{+v(#FLv5~dzoxs72q&ojds%nj@d{lopj(+5QwiM zlG*(|QTlGNW#>eb7fv_#^XF?om~1}o?*^cIRT(@!K0Xe`(o%taPW~6~%f!p(P zEXn`(;RmEwz;D}fL!28pkftml*AainA04k)f(Sw7NxX;?h{zvNU`YvZEUsPtG{~mn z@3h%Q1Ak^01hnk`J~dg$sF*x4+bdl9gksQHw9g|MD^L$9Ro&mTivQIU6*l(QYn_H4 zkQO^AN9j;9$N3ynyc8ptiq)aJb)th6q`U!bVMfLyV5Z3q(;V`u7y5fgfyEG$IMURw zMk~(UQrkD?aW}ku^ET^R{q*hn%~b4Mv>c{ul$SE1e`@NlqN>&B3~A5mIGMv@O3xw# z?15EMFn)@Mvg@OlV~mQ?*HoVphK5y!`VT)Es(+AUYe60|YfYW#h#)DzPWJ#ZHE-qb zS~zZY`I?)pFi_6};n!OmI7r9o0unWof7v)8Hp~H`_2l^{FNY`<2T4VT+3uG1Md`#M zd}Umk2bvu3px8`^CeXP&_x3%a%_{jDkdPVA+trC0&vf5I%`u2r z;ry}d18if_ROX$lJb%JOM+p z$JZ>lBSr0HnE4tyY>@-n9q z9Yg2#!8YJQZ{YHa594bdi7*uy2Xg5F%vvJ6qJ0%WI0{^xF+^Se^BGtwd$B!Z5Aw^x zG#D0GhJ|4uuwDkPEy;hbE&rZ>O36&le@QTI{5|phrIs)uIi8_GSZVz$Uc-`4lj841 ewqnP6&P>^7@mav`;}EblB4v5?7p2cl0{$-r?WV8* literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png new file mode 100644 index 0000000000000000000000000000000000000000..1a7467f5818b148350c76f21fe8ce2e75e641a6b GIT binary patch literal 39349 zcma%i2UHVV+b#$eK*WxKh)NX%6a=J$g(6LA=n-j(6zMg91wGPx4?*c2L5L6_Vxfg5 zy(Lj8p(TNY00|_y!#Ur*|NZX$*1!H)E1Aq>&)$39{r30S?;aZKa&z)?vaqml>+9V! zV_{+AU|~7bb?gXm=Y$#B1~{?$o9W(RsU5ty0$i}WYa3~^uzXD7+IKn(Tys3vv+-wP zIUR8DVa2!!g|M*XJkY4}?3gKWX3l@D&_)zsCQ$T+l$ z>}}&4uSI6bf-~uRJ8L>fqo>!m!%s6hzvYyUX5hdTdweyQ=T{$Xv9^qcbk@qP9dQXl z%QSly?I}IH5WK2-LuzfUQEs@x@6!}Dcq0Uu(=a6;Ce^WoYT-ikIyvDZP-* zF03Lnk@1aKwKr{T>$e#D?uq1Le)^GaOaC3?XJfyt){ct zq%{86xnptv+es~8#-72n6JMk3sO_y;xuiK(tC@2L~9 z*N0p^TeCct#Trvb93m>wsdHT)y{*Mvor>41&C@iw+8y1iCt?<$IgO!KnXcD0Ye@Y) z`31oUZR+-BogGJlTddhC3`8B!FTEi=J=Rd>m_V{xZHBK{GRQY%xhgk_C4-BfdfG5i zp@y;3d`-G(a==1HAN%;~wX7q(!QM21NvVpGdIsLNYuPS~dd6Q(3?HJC3dRrvTLfa; z5c^RueKpR_!5MRtgDxjH5gZ9IdQh38y58(_=8WItYKbaW1!RW^*N>aZr+z+-avI~f ze08>qaM{Jb2_j$Y>e4eIIxV}hU)cUZ=x!sP5~_!D8M$Qe_|Iz;`wH5Y}o3V3@E)=N}8o}YK{8q63?MeVOJ zMlbls=d@ob7gAF`dF}hee#jj$i|>0FjJ~PF7m#e0X+Klyb6$Sg8oVi_@Ir62K%>T+ z2N)%Uz56nIx5OvOpycOkKe85<;$-`zz)|{+j80doqa0!ECw~)j_Y*4 z!;56?PB$%o$Ma~NMvplY93Fc3jP-)6%GPSQt2w(o4{+He{HtdyY>6` z*mO&Fv)E7@O}}u+rC6Jsk2ohtP*@rv@_<1n?{k}B^a@W#8Ga>CF3K|ZTlar}?XxuL z<_h#_km2Qrw)B_PjLmcM4%h1PZb9C@4^95XmzHdwoZ>e%uOTnz-gPAeo@ZWRdq>PF zQ#8X!W$jMw7x$$;xrV}twH^McTf*|!lzShT5tUjcD^{VeT$d8G~`*s>~3%w z2n-o7MvyVEFj^DVdLaP?EkqcIf)-z267fm{9*iD1xtD;NiL&4SwBOYdC-!i6?1up< zM>C|E|2VsNyHU{>HUabO-icO&1Lc-?eFFMA;g|7Ox9693a%&Qy7t&k_R}W~zwgr7% z`nTqbh8C3&bbxy-K}Y^O9e73Wpv|wl$p@z|-EHE(X_U3W0}UH3i0|lz;f(**qniKo zKHmO!3Ya!#(Gp2-Z9MxehKqNh3QVtbI8^^^QbsvsqtJo0*YB<&3}%qB@W2GVOoXl3 zVI{FlI@TxaPYZDqXUB8;JTI?nNXV27>ys_j_mc^Ui8G?WOluT0HL-rPkZ;;w(ZN`0 zpO9|?{c82*?8M?zfToZ39`{Zj-p*z}#J+CP8lJ*numREn@;b`Fer&3D7r2VX$CnAP zdW8)<+ob>mo;_1@@qirv*=qcYVx!ZSogh|6Xtd%X=n*$pbnQ&oVLqZj^0X@GV2ujJ z17!4uS?~C1>-3$gu*iR^+$8CW;0ONE3SNDfTrbmDWTP)#*K_Zy*tMJ%<=&~#gAvgc z^4ec%sn^eTyL>ji_iHWomdxR_CkXa|L=ZxPJ7n*u!jyYNL}9MggeqExDTk4dW)p{eLw8ufE=a1i-DjUHKo%Z`a-EKC+C2L1-MO+(?<`k9PpMqco2jC|3T&MAp7^(6sy4Kju^R@orFtguV zt}6mb1zpTx@6Q#EsnbzaBqn?azS;99VLdJ^--P80^yf!{PHEiFhMvNe?fC%uwZ$d; zXri1PNYV7QLs@AlTf8$NEhjzSMYLivsrEsvD#vmlb`x(_Fe{$%#o|(A(Lz*(`3r!x zr+WX3CI9^SaGZw+RqKH8MO~l7herLG^XBSWMGWgmIsa?j8NoH^Ca0LT{nK*&Qu8!vMh*Fd#mZwXgvAew!=Xv z$Xm_zjZowHvf6EXcDQ-q_#dcAiN0Vv?o04sUV$nLiw7|Lr6$MS4=&6*F6(dSWVBng zsrP%MenC4va-oDmOdHG#bT-DovB#0KjRUH#>#_{9)aH-;prvwonL7*84b>!@-Z^~r zG4fGxx~cD)D{7Q`l1V+Ex9!~vdFyczw03gdn%{KM2#HqL$qT-5awM=kvktLS-qoa{ z^rK#mJlOHO`(j;f%qR>5%W4D%BGRxjPc1>}wIUd*r(?GyR(TS4*+qbbp$EMl z9xYw?phsBH$O(s`2|P?Qg*#Y@mQMH-yRO?qg?pCsex^LnBWGt_OKMqZ=lK}Xv`w6B zU@dC}e^ZkjR)UUwAGyprt&47*sWtZ&{BzMjxPwHS6iI#kO zwOTo0%Ae~%`K^_|JZU`lM!sPQLeDmu;XQw;@KTw4@>!)iKaQH35~bQCVr9jx*z zCI;Nnrd7UcW@clyb;ck0w86|vIUiw`u7eb&m8=|?tM}z$Vc{EuXwF9r6G~3ltBfNv zHNq?`HCOdm!X7S_6Ev=-GD{v!<|*YOxG>RQq4`yPt;kl0Uy3{QOu%ac7aD}R+#4nS z!8}*cKxw6<^$^SOMeRewX`a0NCX;!uTOQz%h(}YMEv?wSu-~D*Ye(=?ZW?ldwwZ{FMm+=#)SfZ@}<=Vaq@kzN!DVl-NAy~qk z!>%l&v*K_gLt1XX!&cb;cVj_UrAL1*LB}gxf8u4rL_)0Zb#8hmxj>v+{$@AIbPv*P z=OQs>)QyrJRnqu^-kEhB0hQvi=f@~sK3QjkPF|B?lrRT}z>xdrw|@C!FT6T}Yb;R# z-a`W*xBE0}_x8$dV`k7$+NmlkJU)X}YpJ6`7TdmyW-S#cM zd6bQfr5@U}*R^QGbvhdQ=JI=i13UB!Fhg3w!1Dc@W$_gDNl~Up9%|)hWvRdNALEpN zx6x((+IO7nX*Ak8U>x!;)?S{6u*o63d1p^6B?a}(#M2JUPy71=LsEVGcpl0EuK{g4N>BY1mztgYF8=ShX?R@ajEKt{*XrzypTi90H96H^L3dZv ze2Ic@NY%%uwpfWBw87U#JAn?QVxIom>3h;s>gC$O?=#8Uu_~DxTVF$@YwB7**35d= zgj?aK1oEYTSrpz?xg~Z**gvBo{<;WTf*pFQe?k@$>NZDr_ z<(oTe`G58v=DRjqYk;~sT6(Hxv@z8-Xawh~O>*0_^1MO(8t-C`8tm}!OBAJDkoRxC zXgO>hIdkSyxieTWXd*O8{Z`b$kd6OQpFcQ5i*56IJ|s%nugov+uekBm0Bi)yWRPMF zMGm3Ne9OnUvoIrZ%D zVQ!@n54c!h6NS8(RO>t6#oYqg3!(&HjdxU1sq8S6ruiV5nhPr?n$B6xT|5!Yo!+CG z8)&~thv434j-xH^fFBTDBmaMyhK&`S+V8LXaU-eVIX!UB$C=Ad)V)?kDclP+iC*{d z^0Gw(2)319?^Uu9*H_bTO+H{uS;<5$eb`?X)|C0i+|V7r)le}?21hwB4`HeO#CIK! zp07JBecM_@929@8@C&woR3HDv_1|Lu=gAwQLp-l^yi9}y^`rez|EV8+xb$DLNC9#F>? zFDappo{-CEu30G&0B2@_cVpZ31Kq>)2ax3>iTgd#HkvB=+w`$5bV{C*PcGo<)cXfM z`9*THF=}P=PAdhsk2;85IU|Ki?Nf0+_s2nSsK;Je{LgeZ-&WN~R=0@ea&bc6U-8PS z5|#O9ngStlv`FpjAky|m8`sqwquzHq-P!-x`cWN_=sBG6ohOVb4sUdrrCCM#dN`I& zav&Nt-9*a*(HUYu5Fw>=2Tppxd%!19wZnCbu*_PB zcZ=*Ja=^*3+>kLDuY{Z&SXL5bOLqb96NPA7G4g4s0QfB{keJQR;uVU17I<8i^qr_K zYr+^prpRY?h%ki|pbViXX=G(7m`aS2X8I^BGJn;%8XF<^_m~D6EhOXurLH1-g*?P? zTHc!Jla`098eE0Z1a6W6R(53P(8}_=!=8d9XZoZPTZpp@jPLM12yyqk{yrVvM<9m8 zMRdcF_ZfuQpk6y9J}S)tOA~9s)%c_$FcC=+D+W=*b(q#`#1_qSDlLp#D;FDtl1uX+Hvm>ijb1$3mt>JL!9ZVJXs zyK^9~E|=vOZ4#Vk&7LgH#77{Pz`-;A|5V<%OA8|RN&c@-xH({{st?_;zN)}s}IcpTY5 z>XW9*pF11zTh^y114(P$&*3~#iw(K&7_m~?Mj}bKR7_w;MvdJ4EGmOf5`v><5FE82 zaKwG10iuY@(p(m|3@UqP@fBG(DDDKAA$&;znWLCW4BCBVuKwob^(E*KVntQVPML6f zHi)LSJ%js{K{3J=uQL*7pPFOA{H4>I3UmgGjTeCS%QWpeRMD>TnmlB=F-u=; zNvmk{pS@2GeSgJaf7WUxvjkiVHvFpO*meyfDKR{X2bQq2uL(9-j6=H?)tL~G%t-xq z1XAUEC)6Gej&pfBb1x@#Rt-L|&Sm^Y;aw*-FDysOD2 zyhIHo%Qu?BG9EX_`S%wD45UR(DgU+Krq-|cf_`;vw7eiznbAYKGiX!f+<0egQYO43 zmyx(ajL)0s!#yVRFd6rljxm0(?7)H+%7KfDs&xsGCWrP~DU*2<8P21ti3WAYIH{0; z`3QQeK_~z1Y>WN#ok)5RZeS!Kj z2VQWW4o60w(&DxhM*lGTQW@vj{x;4N>j9`l=W>gC8apjR`YYtB@sGy{3p7#|QU=WE z;|i)UT21=C`g}tX$zW@^EbOWTxp!XYS(M(z!#TaB`Lza1H8^=mQBR~OU+$2;ZLqj? zPFl-q#4k>B7xjiz+u9OUSrs0s*^K0OkNDn)h9jI>Rxqu!wX7VA73zJv#L)!Y_t(3t zpur56;XP2*`@fteGK-@$vcY4x_ajG-+;@GPekj|=@^+?yn5hgpDa2L8WOw+ZW zkGl;{+{I1)TyAW*nxs6~!mWAq*|&itID-tQoTxE*72sO_o623#7}9;-2I)42OWC?r zT*-~TjdVsii*Xg9he~Smm$6lnKG3vPga$DZKBr>XXY0_im`vv1*>SO0xMvOJzX<+D zY&mb0xVN`_&eEi0r6q22Z^6SF`x)8Iy}CMHU#-)<7TK|iEiXkTt*V|3jJ(@t(oFKf zDCz+0EG_=v#tW@q-Y?{%8fh2C?35_Nrk2AS4S4V3m#=p^aEw;OF^nn)^EZ=9C#B~q z-lL~vAKwN!f>UE2n>Oh0BsF*Z`E=Q!19@D3#RTX2utvz5KlL0XDMHKxd7FOZ!|IhQ zD^9Mn3h%#?CfY#oIjM5f(?DYIx@;Ux*4W9E8fs|(Wr$FgU_ynL;^vtP0G7^#(gJB@Wfc03fPq2TWG#9R%Pinu9=|vct~5UYf}fp zaH9O=GF`Ei!YOTkY}%l2nZe#h8NS>@b5iqP;$)|N*nCR>ijEVLmZ}VgZ({vVZsn-5#iI)_wETCa~OL4U^QG2%Zi(i|QDxYnjX3DGIbldGED$pUG0g>PO zd=`WK1cVRli`Tj1A+KKB!N*L(k7}E^4U?oKAKgg9YZON|GMA@^#?kjTF#5~ahgfjG zguI0T2Vk)EOqD)`2hncJ*9@*U-mLjc5^?S@-z4aI6$tLv)Mfg*eK zt*$hW?XXhVvpcEVIFIk&p%3ooO*#OvuuR#jXpqn9<}u^sjY@)B01BgAAAE94@Gw1H zm@XnR8NQyD@PQx_VE9;1XJnf*-mP|nopB-OR+-OJx7zD10s0dnU6D1zl;rAucKKsc zsv)jYnd$3+%&81e9=KxQILbQm;Sq!FKC8mWH3Kd)Lwv@)=f7O7F;3l&yz?fvs}^~E z9oGhv2z3Gz?VX$xQBvQj)gKa-*XLB?6ijhiSwFWzgf*D;wB?xc0MHy+U}wsf9@#8h zEi<^@rI9sozRbRTKqtyX(J#Um^{%qa!Bb+8IO;Z|=iu;>{DcHa3Xg0jd`E^l99V8Y zNF64KaCxe*Fl^_`kt0grmTOAjAk5eOSb(!(1!0H}3=#SB71%w(fBu4zXo$AdiVuGoQ5dn3T{Qy?g8K`~$5+9~rOkIdGf%=G2Ni z561V`rI&{r22LbeySliT?I;EL`0y-27vAi-xr7*ssLQzsa5HG4ygJ361qysXKFA`< z^7{IPtqcWK$3bmRf0ibAx4^5A1)BQj~p!M_}m1D468I9^Y)#DQi!7+RlWE1 zc*VfH{MEjSJxF||J3H}a7ZnmKHQ_$;*x~MvUg5zVbpn;bxd$EVypOL8{8yscK-Mt*F6(QA@BEuNs|2r|f1&~v zkE}m?aONa3&6(+U$1!};f%L9B&TnVUQ3~#8$sI`%2)FYoe8ocl*2TJXzRH%-B?VvH zjA{j8NJ~n+I1OfZ7)oWQ%uF)+p>_jZLFY)v)}RTKw&6$z%vPz= zbPfCz-Dl)ay~ShZPmCumDUMbfu!_Ay_sODF4(M_d=IT#OA_WE2mlP9~Dm6Z?PRHQj z4uVXXLv~Jk`^JMqL%Pl8ALe#;$%3tEh0GVj+PU7Jmn-IEpE;ZfTH!%sj1>=|Bu5;d zRt;UO?_D2Fa17Juc^GNwjr2gApXM#6mgOy#MYiM?nL$ErA;H4*@QNr4!(?Z|ZBGMQ z@NBzBah(jhGqOZQYegX4%)3E}Ikgo=w`&^jMvM;14&!&Bw}4o5nehmt{h;!kyfwY&B&qR4F;8)|JD;Y|7TCbrE=1Y6DuQ%EHkc81#7<#q!*R z^5}WXJso#{uE%yGCUy0^lKlZkUordhE51DtmnxKf9IyX|W`KmWqDy=Z6fP8vy_%F{m>wjEc_Gkj>YUC)L#{dN({B<}%> zyLl<}juCP+vxG;K#m?l5H(_6>PBg*Y9tFjZI>~wRa1zr_N z)@a%32wz;Pv2z=lU5;W0qWzaDx1QU8JEc%PFC)Ka!c(dRhQjI%r*9c=Ed=q@w(q*y zbdg322wIh_NR{f=PKNX0#O#Q_m zgm7g9GzwpGjoeW9l3VJNhSsyK7{(;B*~D=#H#P!g$5aZPokdz=w!M6S5JeiXU^l+i zjNG%z*j7}aJ19W%8X0)()u}mFen%Rr z&bPZ7jUl@YdzGQ*XZy*gg=KdhKSTlQnz7%!x5LV!sC^XXU96j0_2ykZo!7Z>sAvV>h%aCwz%v`uU=H`Kl3mc;<|l=Y-aDZRb3@l70LAgpCu0)pm=L<|Jh8~f4W|idaqvowcCrsT`@sS>P9-rxW-Y^|V+#V8OArziC z!eMns(@#p87IQXbOLJ`e#UO3ET~S>I%{0ZU$`-w-vUtJ!+;d!%-a}*A-2bu@1M$<)V!T-*&rHiXF;&R4N`(=mkoqZ)}8WqDnU7xkE3vBSX8Rzfi%;^sDqx8Tx==< z6ve-8aI^FkXsVqJI)FZsHq-ETTHv+mNEVGEA0b*?J@6QI${zBxZ$04G3B5uMEiR4S z7sSj>*zK##U1y=2NupkX{M5Ia*O||EkGk$2J-WET!_%jGf||#YxM*|*0OYw(~He#|&@ElJV&Rk;#TvFKLangqL+l->owr*S=PX%o6 z#4+jX$Vv)r=#C93o}`8XgIm8L$9Ygb4b@2}0Cmxlm%v_&POSe0#-r0CX=H8># z<(9sptd_gSAC)Z|CMQozRe3AHI*M0d#Q2lJj&3Oj*^9ZTzeIro;?F2Gi<#xhV%zq# zhxp1d@m|lqAoso=`{_1?;?_ZGwW?PYrd0CSkVAE>ou-$dmMF&D0a8M(wewGNw`KKD=ial#*RJbjJ)l6)V z?A>&<6ySVg&_1@`p&YcLNEK5?D90^9k87~P`!n{P<|*434f+)*vVaDr_J?pw%2o?3u&ttrOw1-=qF z>kYo(uRAJV+G~FpoLoZLPLh^iIilLkm4%V0yeL?GONFPIJr`q6sl013URP)_;PBzrgoepvBA z@F|OdvNs9+DousV@0A^Cyvu)nUdvpmMov!|Ts6`Lt0-gOJI1Y(82T>2Z|pS3O?D z<;gvfwKb1FTj)!&Yre`=X6;(l-RDS=(3Eg{`sz9`K8MWSy$NhBhF$=e2 zqBqkW286vaFYx)!qyVLnwb5PEu+IJr91Q~ z5BxAcLec(cIL^`^sp?h@>Is%iG>#D3a<77UWC^8rj{L>+KEdMY&(7gR4oHzZgO06N z&tcsa<{HetBCiaA68PfGc}=|gL=adNU}_}mMT@=wNBc`>a~THFNXDgIc)R@wm7+IW@KGh#-8!wJ(DKK)RPa@%X>|y85SE<4*%^ zaV_CTYl^T(1y7b^eP!5LmrcoJatc0OVn>~!77P@$kGU3DC`pveiLf4u76hu~TEyR? z)*Gv1JDnO8gQ2gLSk|xq57PhtUS5ZtILtxg&LFJep-&$Lp=+OgZEMrP%ioZ?xpQpT zl}B&x&rB(HqvhNpkYHo6t9})HdL&f})F1amGQ(BhHEl%6v3~7C`4Pq=$F9tAjXcuh z{DI>a4u!5{?O0g74qgWydW4w%K+xgKk-~{U!4^h%w~-Opr^bWsn&&1G^!1MS>Z!=a zd8a>WUHgnq>9X7?tQ+Hb;24`~G|?)4uIrgYrbqDAm%+!r5-#kLxe#%u3gFE$jciSU z^D*^phg@lixz%Sb1PmF!#t zwA3=Ut;O??|8jnUbnx%bx{2i3Zl^md9>C=Y<72(N|y6@d9GCe zaODaGJWZ2-1$F0~Im0Qk{onyf4!zD97HS#05_xkz+bG$|ETedf(wF*73x5i^e0j~pf-%83TAdwVvlzkgZO39XybZJudWMkw~6E}8V! zB=Pw;v3<~~L_=vJIYvzrKMpEN%gGuFmj8cPbZFgB$$Kt&7VZOz692j!SX5MWkT`zy zY~a7*i{RCjzac8E=l+G(18Cs2>JnUp-A%yO`va|2cb9cFJ#fud2y_AvqbuGN1Bi61 zNOm7x!J_SKcz{hAb|tt(*Pr^2qBFhmWwB#E$}{qis{Y~_2-b+q15j@C~0 z^|OTFf&;ipfNFvF0gU01`M;on{~P4-{_=aEz6Ke=<#cfcS)u|Q|1P!V*}yVhST$o$ z1pT=Qpc)FDRYJtCNVoXimprE+ounW6++JZv^~%Y6B4REj4Oh=_Am%b`k4LO-{nHxc zX%t-4UmvfpKk<2l8yGd9y@um7XI!cYklG0^nGHztMO+;x+&J5%?vVbNVlo06J1Q!B zA3#h%+CbCzi1$_n7#B!Tq3vMwj$h=xc8^tZ6`oivAT${|3xQBu9BRL=R^Q8P2c!(6 z_H`Rh@vAy*Tk8hT6RfKx3u*!b76#nVt52{-UvRjX+1K~__RW_bDl65ChLup`T@l-*| zSffNqBy=agGG|a$s=_r7Hq(5oT!7>hm?&v?^q9WQg=?xS9=WJns!Qd5cn=4rB_%Z5 zudVw4RCZfMQ%qaIY?S)L_HFtuWH_!=62lA9`g+EU3# z3lc?t0R}qxfs9VD5DwG;aoT4HrMZT?&Kc4?KA&JY@}o3MG^;r;EQhs~5J~f(yKz;3 z?yfahH8cuLcuWJ2YPoy%X21UaokPC`?RPp{RFq1qRa>;YR=Ouzfg3m%kk%UbVb!us zg3BOCAiM+_HjY6p!Iv?FhuXsd9h=R8uHtW8LFV&<2MLCw&Q@JltsVVxSkSMDO z%I!m=S(;A~+!gvs)dPkPj2lwNP(@X#oQSlOlEUAdo2!hyUV95%U9}XKt{69UZ(rFH z3e^49TX*XTS^n>wPYDVo;(ZI z?%FFYLH4V11j+5FM*Vvw6UbQreKb$(??|<&V z#CQs$=xTVVe)PtHjBdRQ>K5_5t;Z51dC+tif8q0Spw0g)VE@9M{ku{7e?Yq`XGPAs zwAGo=)DDogu|~L?mmAlDKAtz#Rjodrv|PiTG1UZj%u6akv4smI64S*G1cZ35uL-sXJ~QhOXTF%W8HyYjmYmuGe>Cw{JQCaO`Wrk{A zGY4up+9oXT*INFuQXeY7T2J^?u!s445f;*MhC^bm#sl#!4mC?lhfq#O&s%mNF@Fc< zRVxQ7hy_3U;UYuI|G(5bRb_O3bVzOlE!Crx z2f@Aa{dN8Yse?N2TA1-nMvhaHD*({2iOFyxQP}Ui3cWTV=cRp*s=^E~p0j-S?u-X? zd_5aj*J$o#`b`eE%k>>28Z#}mN-3`Ky$$WTKBYCS#mIBrz#2yjK8t(BK0BbdGr%|I zkevQKIlh=Ihu)|RF{6zZR54?I*iH&a-TZiU(cbn!=PV0=8Z)z#ZRK8}*yId`6Rv;y z0(vt5_ib0w!h!qy;%jzj>jC@D2NqTFQCyeE@(cLk9Kj1f;>b*H71?XAe`Mf`YjE|Q zhE^|nhHulryPLf{GyCT$3K0f8(an3JjTOn>27Ed4^C#Ck+%CSDrC%!@mdlSA*S4Be zW=oToQ*%pF4^WmtD^vyb7s-u${fC-JhIn+jrIsN%a41pEM$_$u+< zg?8_NfH4_>Jf1aFDzzu*LHgdMs7Qf${i!RQ@-_!L;%U|a@r4#Lm4nny!d z{=fPD*cq>j93Nx_5R#Jv_&@(O^A2+GY0i1bfp=(N$|;9Y`di?h1w3o7M^h*jSOKxW zkJ5td=AywP9DpD?@TYwoxy9`TtWu$Fz%4y%us?*2831rO;x^Dxx|X{4!a}LR z;icPn(D;6vsB&oQS|uX1kGLiPYO#J#In>pp}<9X4u=gD$GkMGo+>g`va1xcdhGIxTUBp(C? zPT9cK#10JH)*8!|Yh1#v2r%GOsyJlTd4QU!fH>y$e^@>2SyLYs?J+tkw+WxT&aHJJJ93ht z9|07(!nG2Axu^W=9{BGZeEx2hA~&iJMc<$8k?nb0(F|>=dZZEGsWq=ItsE@ej!btk zf>Q$v%>daxV=P@6Kvk*No8bvQFqwYyVXO|n<4E7x-Y$O1RSnxd9Qr$kcVXSMX#>kl zXv38a=1D6~hEglS2`S+O>NSO6M?dBgvg#8tC2D7#i$v61@cb#*MmcUr(8;sx_Ez6^ zqpW6z9b)+kgt8JnhRqT`JRA6(M8_K}1eggfE^;6_&^CY@DOote-zqR%*wfG={15

p9G%j= z=+v~X*NX{`@tURfjz>U|m`*Q*t6xmbGgm)l6xx5ic4HB<8=nmve*iK9Fs82`7Dkn? zg$w*Hb%ODZrbz&3mLJs?KG(}1eF=B}!uRclusm1Aj6?K4aHlcy(uo)PUWUQ`X09p@ z@6-aQmEVWAjsQILU`kVKFgkFKw0Goo^De$S z%C>eX;!cM(8mAq)(J6E@_=e#$cE4PWzEu=tr%*>eCIc!<_7k$89v<~{=-B=KiV+|W zaI8nD>gZ_FkyR_{QB@&@7K&FuWSeoE*JvqUcOnkpqNi)6_;O(&H?5mo8>Ha3BBT3M6?0kG zALX1X6kxnw9>0sAWZyg<+FSN!Jk!d}%r7;gm~rC(8nb46=Wo>eVoTBQAP#>h2HRpuNl;X44$=%TQlsFBwf5 z<;~x}M`!+tGwJ!pqxpN`y&t`X4Dn;Y^TmF3^Ny>4q3E!cz}EHD{vKi#^Xn?wEvoCc-SuMH6gBvmiD1#a9!j>{O^J8npXwB5rMr7?@Sd{qWtRP&aHHV?ulZZWt+)B@{6w67zhrMyWim z1F<7c>V0M0T40vuHm?Gs-Sf&*>hQJpJkPzmw(Z-L{M;KQu_zYEc_yd;J#;ywn$W^M zJ2Af8_Gypr$2DZ8J3fNF-5|B}WSRFj7%U}Ka__5nu{M-BmGe~J+F@>}w7FL7lxf|s zAOH#)=m}t(w__Yij==yH@-2H$@Jb(_m}PGwklmK%NqMsEBC?@n&e*4uFiQ#A}JuK4y`*%Ph-87Y$(&X|AVsJs+N*2exmeV_hBKXkvN{L=`IlWB0^*Tbubni zu+edA2PJy5Dz+}9uMTv8f4*QSqz9K=F zPGDeqznO|0PzqFYtk8JSuRWQZf3v7m?KBD65h36?3#ec~g_@|@!wG2PQW6!b zjHySYY;SyonHw1|z7k3?taiMVuu9?x{d#L_&iQ#_U5l;r?pq>5f4tbs@`E8ml7BJ( zY)5_smf(N9)N^Ml!SG)DWA-YR=r>#Rl>f0a( zV$&#NVUum7j^7KQfo03?vhgxkr2C+}N93M3_Oj-_)K$&RJXzG42o{#sFKb|CnCc{C z35OG&y=F=X-w!1Kup5bLq;r1nxn^&2nP!R!GDCZ+`p5XtaH%my|8wA4CKPbj(S%wAp}`;hR`no* z!lHN>0Bgm3^>&rJ`S%fs`y_aPhLczqy8JI!i;&+e+$F-|wYreaPVe$zdD0DHFdS9i z)@)^JIyCxEy=zr|_$1iy5YUkr5O5tNIBr?P&*Lu6-UK!%of?j5gWt#jET?VGu9C}| z_@MG=(7k{5{FDg;g&sAvKK^Wn$!D%@K3e_jK}{M`Y$@HJ*%F0-*{Rojb3PsLD#VtC zl9EfQ*MI*suOuzhC)2T9_|Nh}_Unv{bJVZA9lr$f3IUuKaY%>kn~DCk(@unt-t$0u z`q`Epzzl2}X+l$KRutLjJ~X5JX@2APx1hngpUOuGpJW6-8zw(Yy6l8lc1hllLXxCN z%#i1Lj*(Q?riEL7lu)wts3-#lHHrBMJ+$}(oaLz~6^wy_vf-? z9IonVnXI<+6;WkKUoom{d=FHzLNBp zED-E=UNvexTGi*=-%((V=^Yf$gnUFxn00~L5jQpy&0_=DiZo=wl>XK@y)I%!c0mBV zC!j$0vKuu}>bNe8+&C9XT^rm=&5bfG5u~QDHbw^A#_v_2JQrWGvOEg^*_jypbuj4d zOZM?(m{m#wVYU7r-}2(K``0K#RYy?yE&~dyuUZ-ohu*8r0Phh z&eB#}v1l0_hRVi!1ULelhGyw~%GbD8-$eY&kF|RB^|51@v7z1vZ7L(|jWl9^aS-*A z)5ZQ2mG>ac88k9x5iBuvN@G`jZ;=g4cOa>IjA#OQWMUR^nrMi1pi?!d1js6`W2Y}t z9WuE$Rvg*ER3|ZZumED#=K*G?AiZrzov5gZ^~uE6L}GlFuuR8{+Q`+0Pg#y(z576X zuR1HpdD`MGfW!Hk(O>T|mE|(v6kd|xfOgz3^wF*R)wKKD!G!JCUNG^ZlFCD=G`TmT3-BJ&&)6r-dPO7Q@$`vS&#{b!V2!M8u5CZLLkI z;(MY{p{+TmPU8vpR)LD%(Y0ltT5R%f>}N?P11?)7+HMSq%E!DKoLJpkKx0m5HasoB zk43IB13qx*v9hRU5#$!3^^KG-!VkM$rX5X{(mJYZ5zEJ8jbsgEyp+7`bj18c{m(@~ zf@~iM-!*1&ew~i2xI+T5_Q&SJvP{pY4Wpmneqv+z1;uW^e>wVvmr7y!8ZlNEK?`@^ z`S|khK?Zkp6rRCZxuAG%XN?)d45c{dMpRA<#-x8U0Rxr~nK=E{qOZ!coo?GnNDT(w-?t~-SJ z(}qXt8w04oF3A22|Etq3HNGG0#B%g|^{rCFLIW(###K4^_%6lqe_mg(W0W z$@cCFpDFitgvaO1^OlhY7MB3O6uy{PX;z6&_&}-)Dp^f)nK<+55$+~_J2s;2xse!y z%uE)L#in)_gx9puerTqrL~XRYouMeCfcKJMso*^x;0vS~Mb|9I0!Q^3GgqEc$WLt^ zYC>0#eLnj$Q3`w0{qy>`;_8>j1ob|THeZmM=f2n~`qz}6dh2G$@VK!>!`X+sP)>V<$*{~UA&m@{enk(0>Jd2IdA!<{8375M0wvUZf zmGPinkc#~9W2y^VzuEiQag&#l^jPOI&?}c?U zaq$sDj?@(&W~)7Y&XT%e08S3aw%A23FgwIFg9*qg>43Xfr!KLn&~~4u@RY&ta;z_H z15(vi3cMcwI2cU+Nq-89G^z9+pS_YJ{G<7R*SUn>wPYXH+xr34f zptcS|&fhnejn?`;KJ|c1;cyFH@Ndm<+_JM=;No8%EJA5%I|UVokAX~3ztIR+c+Lsb zN|iUsDX-b?1md0gQVg$SvN$ZlY!IgDW9|`<>sSV74Uz*k|8TW%Z+oy5Mn-Ifr;(Tf zG`AdvIM0LkTWx%wBbGaS{3oQs>`XrY!dN_CqVVUHVfuJaeCIe3@U3yCXDrQ2t8#1H zNwB9}KNy!6#9z{+dv zPFdU&ae1sE{uG@d8M26${uXfb*3h${CEiR6jhYGh=hYpw$xBJ=p5`aUu2o*oAgHx> z>Q4@tT)Jq9Q(O-TxYX%4*ZMjtvQ)|iJ)i#(f=?+*GJ0p<0UFHrQ{{8W80{YHeIGZu zFr%R0peBM#gj!Ybx)6$I28$~o#)FiFshDs=i*9LY>B34GZ2K^0m}A*WV3@!o@dLnR zviGNHK1vkCZ*6>*)QWHv7Yf-yERdrZa1shkb))LbKc@@HpJj?g0?zQ z=SJwL3u-#zU8kR?{-@S5Om z8FseAhuFU)0Zwh$IqI$tvx4vQ{+|Imxh7gA@G{!!&!=xu7bgoyJl3_`7Lm4$wK7d% zURg%1JY;ESL7tbgg&^e&?bq73?%OoM&xqbSe%khQi2fsG@f4G5K`=9`b0H%2-n(G} z%Yk2;eHKBthT{($uF{UrSq*uai*pScoO2RB&E2a-|Gnf zSuJGa>0a_#k}%vsDLH(tbbF%p$Fg{Q2|elBr6*&u9ly6vE&9CqOz{k;&JF#Li`(om zoqe5gZfcV6?v2ZhPV-{(>1^!yP^}aA@CSp4Q_*~|!b6A1qkORE8)Nr#W`ge*tPMDE zSb7&~MYHT4c%D5%A{GlpSZI0_886#2KID-07EF6Nw=<~jx2wslP-9dWEa^n^MHOcI z_PJpQKDBDtOj$YwjKW5&)Gcl;@}Nwjmfnt&m~tpMB@E$ptE@RAycEC@390spB*lZ($B_Y+X;O<^~9U{ikv#D->cnQMMj%X zP`WFXov+Sy%YopVJ~M9Pj#L3b>C#1|H>m;X(xinNdMKixA|SmN>Ae?8AR;QghtNU*rG(HTp$Uk7Pu%-G z?VfYT`Np^m|8WcmD`Bnq%=v4R|2HIS59M_HA!s`}Xs=iNAp4hZ@9kd`LwzAX)+D=iod;=hZK$**0H~Fq|$BtlF@H{QkP{&TR|24q5RM9k&C0h z-*a7%_j@$^qti_UGV+U{a9q3_drxU?=V}P6(rcLlj7lyCD{I(mi!a~+a^>>l{kmM< zytM0!;|33{%u@XXic6<$=h^|i8yvOQX{R)&FRaLBU zSilXbZWw(cj}lfYWM9vt#*bCOD^(8_wn`NeUe%{8et|&yemiS%ZFP8g{-EB=*w{%P z#3p4)-hxmI{!ZWaS;}aJs^zq_QJc54JDmOd>T=I@q@%EW5e(*@0tl?SPq5_My&)8)^NYNZ1_d+ibxQpor5}0*cDoNNPw1!7n;5U6`0FwKA180)4rYs@QhP{5dCni&oL=@HxGl2_{5OI{gI~?}0uevpF*)sk$-DT8Po(UdW+&5|m z$QN%OKwQMX_?CLU%e5dKNe5r<5eQ(cwm5OYqV2-1z&)l^^ZHkn?j$BKRrFg84ZTRjX?4WJ#SndGWNaq&G9T52V6cQ!N zVH8blxZ@X&YdluSQJc$8bQ}gVg%z0i@%#kuD!rzt-DClq_^QSJ(*YLzHhuOl>Z{$d zWU7^jkikNMZ`kprp-(Q5%8UdR1R_CU=m%^h%0?o`lRIT^nc&nAQtw&Fv8iqt)19hL zyO3C^fOfL@=vlt&O{yH%$D3l+1QGsz`?3Bm7?GytYWRjTYVK8yTJ_rLx$Tb)Y4RZ2 zDEpwn9B|uB<;ok0B?MQ6ZK~~DSesSei@Q%~&Bh@~3FV#~p7RwbX;*3njpL>lTkR6ap@B^wg|f%$@KOu8CFfjcYL1nu zqY3D|g;dBIv+Vg@CrW8$x^St4>B{aIgWL?*MElYoma=YA9Iov|nIZs--j5zW5efWj zh(g`W)VBv_k4cyd?AmgoB549WJL?FiZ5<6q+wRkr9xy`7O%L`+YoT+IpuL~Yd;UGB-x(f)!;S32!ybSU@bi^NC9Xx=n|={M&l6R*DsNa( zV~pg?-4_5>+|6R9rbZ-{tCMjG1+o%qa5PC#D%2Kd)Elk$2tO_gwQ_uSlkm&dTkZi@ zg!02{_O|vnxOqFE`VU!5&)MZt6J(SEDqj6gnPSLz(pfpfa0oTUy-%$y8!}3!0?Ml4 z7L{E4BR&1IB2?;rJ{up7>Tv81|js^EM!tzDFnM_nE z!+Eps@- za;l^=SYDi2*Jr2pix6cSUsf{kF^%7pxWHSpUFpd*$>j8u-d2}t^l&qYpr;bvCfb^# zTR-HiFAt%(*Syl7ddiA=<%KX!#(l}du^Vp+u07=0xSrhc{(MQUx%zRohoWHJK~rPM zB#No0+R)TwJZo&wV>8hUoxhWM3NhG#A1%~)qXsY`R7&ZINu!7e{W>elJ9@^qdb-^| zq)B>z8g7ePglB$lujrqKDq>`Gc;IH8D)oA|?70bTdMxRY)8n!}6Wc#5tC$e zy#B}iSwV++7%U9n#`H?S{0&qk&``2-8L3zPc(<{)_*Xq+Rs!9qDz*F zscB_ega}TVODM?YM4Qu6tk{Cw0IY@{71cS7vUi4Wzl^>-Z^%Y#5$K=C+F(Jp-nq7x zc79u}Vd<|zj%guj8-vp_ht#CA66#vM&D@NQ-x*rlc|4(jYa3W+I%GeYm9klfPnO|0 zcf-wOsDEnrBjUyQ6e#R(<{x1Y$}FD>DqgTUu!q2d2D4EMIZ+k$IORe$A0R50%mLcX!f*b}`0JiY4zmcX&hMjTu5 ziap%CEAq}?!#h}a6=f;Yw}nG4{h&h5Bizk=i1I=oZ7F2VDV_}V>rYKG2@u~wcE38JE zdbOCc$cb~dPaooS9?Chc6)Qbx^~+**A-1C4A;TUoa4Qx;GGsS0siplLfC$?>#eR5$ zhNETpwE$0U%>}#Rxs2L&zv7bZcl7CS-wqNq(K68<@0=k6^H8s1-a37Xe(^_~fCy|W zk-347!iNmD3Uk{&E#N|+`kh&3TU zFcX8FsvnYf#;=M$re6OGNZp>GA@+r-B!%n=vFmcNoZ~p1R$s<%lW%0rq^lc#$8}J? zJ08%ln-I)xeXP*gE>ICXSYhd5IKwLu$@*Z-Mq{%-4%g%VBYOF z<5~J&iv<>|+Z%V1!bM7uB~+4cq}c|acztZ;93on%`O9bQ4dM10{+ZpG<%2Y}X9JZ7 z5tlkJXivX==#*>GC(pyOjG)P)jpR?zC$WFX=N{gi#BKZ#Hj(j9>|JOUpeXJIy`nKG zT|)we%z@eNB~;IgOMG4aY1xkNr#^OVEMMyNH>eg1DyZ2ewJSDb2dwIwD^9KPUcyDI zi@0u|SBNNC*eQ;rdjoA5w9X@)$*h-`lebpl5t$w89`arS>fckQzfePl=-80)wt$Xj zuS&KrLGBPsexB@-Gj}4=^)@xC#K=oV@Uhc5| zju1TR6LxW6>9FegAq%0qeO`OHO-@Pvq~VsZTz`OJ=l2xQH`sAs9MuZc&4usCCw%*F(kFKL#7SuBEaJ^nF zXfP)#!T(dh=N6ksS%bYJa)FC0CJqN9q_FIev+?^eCw>2nrxcUt5dub7-%C5_=j&Ea zM5(AB@83LLhQnkBv2&6pyxS4o+0=`}sN%&|rW2`KH2my$6tcExsCCQ}OW}~kmRaWH zM@y&Ao;nlCMiy$G8TLIt_>#GnGUdX`7ESSDu0LaZcMqlXacHJYgIxCWf^f>eXLgFv zEN$^$Lx_b-WpurKmJm)}*w9G5#Kz;HST%}^(cm`N9}N$q{^>Ri#A;b8|L_rBiqHH> z&yN~nYUmkUMYcN%PNcaW#peejy6wl&s5jkXU7{bp2KdMjJ!}HMEBHIi9CHiLEwvNh zw~!Qs7AUn3$##+Q?NyCS#>BZHuda3+R7^nWxF7DDRjoNhG!WOxnzR2c1TtE-LBls3 z(y)v4o8g5e9@$l*Luv;!vS)aodDp!|d~Aj9&Xk_v3g|*OEoNBSAC0jbcL*L&m3m`B zb*6Uef_0OaWNa;DqECAw!jN;P-k=>|~Ot`?( zC6nuoA0LS89JdA?7qDk%T%c%I_FlGgIuz>g{&4&$n0G~arC}$<)bY(4{99`xFLZWx zW4ctQ`n6XDb|Gl}WlAX_RAHUU`lGk6zs13q z9dBy%@mY-04E)5y(cAhDj{MRX!6Q;72}eUo-oI>);(IofwBjg3hI8#Dvco`TAYB#RzMADHynTvfvxys`*T zXqK0#&YT`xUSQU^7TU#YnmS+g8%dRe#Y;T?&>uYwwr?kO# z6Q|~{CwI+=U~KvGx6c;wz1xktn=G`|SPdW8m$@WCfXQiv2*ExGsNcbv?-fN3bWQ1; z)0o({p2N+ffVQYiSBBdu06P@)ZuFfn&7n_-iSo7hBBFbxq@rSHLiXlKpcL0Gev-zb zN)DP)gP_eSP$$VW3s&f~kojI+Nkkd=XRyp;`|We;BE7RYE4` z)ykrg-k{!!%o^Bu<}IOk9T^y2*Xr0Ci$9`wwaH_TD$LZBaCI+Ju0Y1kT4I6(E6iD7 znjR}~bR&XHqj*+C94LuO$$j!`V9vtrw!x*)H+t3j3w zuAKM#!jcyfYdBUE9Els!O@>JdC&?3kLf8JlHVeuggm}%2*486CTfJDF8Uh^6y&J8s z`TcED0nO=?FySye)G1kW*z&j|TCh*#ZYPjVA^IrsMlQX;VJ5%(BSI zN*?Wg)GCl&3tLT<5S<(7cQzka_i4HWFKm_$ZM(JVJbX{}xS!n(?)zj+>?~(jbKa*N zT+XzE{_*PMP*(wR;e_|&dVdCwO;!JWeIS9yi0}&t_yjh)NM8Rw{w2n7YpIgpN|vC4 zC+<%gPPSRSkj6PBwS8U;+jd)gd=MN$kB!bnozny=#l6>!M#gVYjJStSo<6j-R<^%p zaD{si7x_LfhL0{VsbSjg0o5JMf-~=2$@X=DYI{6_Ec*=!?0RC{+`-5az9|A6b5a8K zYzdF6)sDRvYAZP2=&k$-6?AC=L3yB6UiD!iXru=(2`tB3Dlcn>_&8KNOY2{RtILQ*=qt}54Qb6pi2V_0kF5h2Ce{9VMSJO!J-1wnv_t`6G zW048Qy0C~@H!J3DTs0dZirQS1h4|#h+#uW0%$3FvBZg{*M6S=Wk=eekT=k_Ai2QeJ zW9GXcHWybS8hdX;@6SZG`Rzo_<^nsis{HxpLYqG8SH`&*zf=6+rgYqpKMBL1qS^GC zK>pw_qI+^$V>2orL8Ey8I+=1_@B57;tkbY}nEtN7M84nQdG=g&&_=Od>9~6U>b!`6 z)koQXhf31D=TbcbbicV71a|9Uv1g%18wGQ*KH<*?6>uvt=;IwZo%;lSC~l_IG^aa0 zuBA$roa?mmoaJw6{?jipjPK98@Bpj8ioG?CZ!lZV86TRp^oLMZ^v&<|8E?0u_l7D_NhtlJ#1(wv~=8oaZ9nkZ*ohOcZ-qSRaLS9{a+d$g7lJNnU!4 z%#c!ZWyyJJ5GE-EHB-E{eJHrXe@_+aGkdT3J$u)M%!CK@)jf^QPKdkQkQngYEV)d{ zkve^b$Vm@VbBkh^#k&$q%w})5b>ui4#`YJ+WSV-Ul*pbUMpMfKy?}=iGa7i%b`hqV z!`(Q%W{%^>whvQV0z)@eR=qs!=5F}6w=uWkOETMh)TKQ+74dCJknCneE3|%M+vc&8s2i+2(T-lI%r?MRW@y^7B*G z(nL9V`2OeR2}z+BHORlL4>D{+j#&<6VPA3dRzsAYs@lD^XzPiH+udM-uxrkW!D7!L z)?Q^8X*EMCbOOg)u#gr=BNLR#qG+l)9ZK|04T|a8`lNmM6-~eB4YOd;$s`3Gl&QJ7 zL0TTmTexLsL(Sw-o^4$Vd~>(T7i5Y^?}PN{-me86mGOzmy)8bTI+PmrO?Nqv){#^| zj(^_>F`lU&#h@e0{nLkR5?a4^oFgqJ==2_J<6YIGwb5%k5|ekq1EB?YqQYC8=X&mi z`Dk&W>O?sbq}0INM2RJw z^nQ}ZJPFm^8!X=#1+9d@uQF)LAI1F7+i;eW$ zIT2ry1zJfB&&P|;%(c5R<258FA}-FY1JLx_kA}CUwW`rrs|9dtea@w%!m?Xvs~JhY zoJg@%^b|31Jy?zS{#tWIUTU^{J^RE^9wV-C;}ch*LRN|*{A#dcH(@-HJc|08j8$#` zacEbBq1p|s6vJI_+-u;Uk%Qe7>W*j4U*3>j%5qaO__d}5lz7}MHz$>6(*lH9pL0uF4iZxa_iSO5r+y&-%I3!!2R`(0muvdod zukzM2mCSB;hJ3l!C}Z0tPz#PcWrH51nQp0=%9mHx>$@eY>0({rKMs>kBs0(Ow8aRpJhfukO9`S6N%ujFU` z>IH8;wA&0;aH+%JU;Tn!qs`Ujvhp3{6U_pnZBA`!fB9E2&*D)mx^}M>j#owTi=;N< z;925YqY~1y|2r>46+BGG)&^zpUs8xS6kva`0GC7`%~i~-#i9$`>=32V2f-plfoxgw*b zzBbJ~go6}Yp+K23lC{SyC*ZL75^eZUCqOlna8y-&YEAfr1kU7!%06?V2X3wnajY*< zJa7>_MIkQgRg*iEc)Ff1TK;k23Ul8TJ1be;YN{@K;%}__owSn+{xUUj>VnU_yKNR$ zPQ_zTk<%%J=wQEz_?x=w9rt-4&5oy&TlO|wqhMhM_lYvzqR8m_z8Kw(>jB;V00#2C zpUnx&%eZo9_I+!TH>YWq!{HCg+O5u|Yvy-_kV7G=RlB1ZixSAeHb1&2^L9?S9T9Py zmE;AvS~#rlxNe-F@$^t?c{5iHo$HR20|)%!vj=mziJl3k&QM6iZ4TO2hprL2uckQ# zo+27etxNBJlWI32Xui!oVn^P-F={{={OrRf#dKVnC_R(Wd!;j0`h;R$D(abOLv!c) zwV5b9g=rzk(C|N0``nk(-!6}hotRL8D0tztd@bw#YUP|a_gU`h+Kr0xmfw^<_IgBm z!lrXq-kG%9)}UsYb{=(|td0vEc^B4q=uc=&xs735DLX-gi+!u>ZgAXMqfop+5+Iw( zqG0%UHw%CHH?}qB)CmQebaDwwnGeo9*UWTh%~|2UwQRTkoYjx~V(cYelqu%+_dEc1 zQ1&&)dl?@4fY~&;cQIYvGU*B|{PM1Om?NQ@PI*tL88OJRQ?g7wZaXTQMfH@8GUbGK zeMwkfyEd>!j#CTy%Bw!w@fuGk=gkX0aYYr-G488(__tR-=x!(c8koFEZi!rY#X)~_ ziA!v}rI_iez1+f?al1d*ZGkFT2IPjk?mtO?1yiU2nocDXn8JhO%e*pJAWMJQ-SMXX z*2_1k&BDMXLU9HSK7&9zOsl4dd2Rp6Y(^xIuUPjoWv=jwR|XsEMVmi~77}zGR0I#TYhzQyG_cXO=hWlLxgDW%LN{ z%st6`1W&!sInA}~2!TW8CP|1aAeiu%^cbi?6qUk!QYZm$8&%pu(EO)~$tAb1zn?P0^z+B(FDmn4I|~X*_TyUZDk9X z;;~mdQ=rvVg8}0&V5Vnr%?w%1NF5OYrHpkAV!f{d*m>ZuA42>Y+JEiInCLA_?z+v| z)#6?s9gnfS2vmLk=xYCeUvcYSa~p3f@w;IBqU6_1k2*0{2H*%W;wnJJx1Pf@h&-pvRbg8kn-Z zeCRFByEH5#t$T3ImM25RJkcA+C8Iy_-F3su*+@sQOi2B+R7}+ai^b;&n{xP=(@O>~ z+!73y1dF{dnw78)&Agp%HIDyvpuF@Vg!yJ&G=g(*6?&Lz{%a&p# z5}Ne_;6dl5AJs&cFD2T-C|$sW%f*|3F)DLvHCjiiwn9wWAgP9*N}J%%OW^sZ*5cMv z8h$aT>YR^OMKlzp`_fEh@b@~Ibe-Yu5iE}=iMiZc&H*%h`Bl1doZE&StKf}&$+Jz! z-iSI^XYg`TzN#c>A^}82^yR8E88e_a|KQqdiw{}r z&8x*Hc|@CUm9FQ46xv2fQXpdTMKb*^%ZhNZkakZJ=WOWwGiC)(r6Qs1_;3lT_CcVo z%@t3xW)P@S-wEVjqn7S+TZG!q{Sf(NqxU!?=}WxR8GB&x7XNfS&?W?J5I4O)ZG`xgeL8=D8@*{%H z{js03^GTCqSEZgndCij0k+I!LrCp0FtPZ~kfs|J?0Xb{+YHf=q>w*`l!(u{Lct%5_`vaHFnS(Oq|5+FWd> zAo4~kYW%Rbfi=FAdgSZ~SyT2CA&xoL_LhzoIOhug5!|bpHdT5h(UM z?Mp=`bektRRoF5vw**yZN-g<_Aoz=8v;J+Y^HUvUk*UOvt?|j+*q3SZNY+B)wMj&eR<*2_@n6G^_zar%fdZ-CotV=IIo=wE#&yN&1H&*;KGI(m>m5A z_Hl`)UBK`>C`y7~D4n{M1+|szQ>dInt;2tXM8;g9sIdV+!U{BFM8WLCEoUU^{5gtH zI&e;095DOH3L;gSnWEsE$lK~ zt8G=x8Aanm)0+>qSp!~ZeE2f4jK}ecu?-0m8ghs0p0JkR4iQ(vv_R+H{4 z?6&Jl8#YhdY@S?+s0#K^+Mv^CjeDVs3pFHAg3FO;%d_+m=lASDR`)sHI_mRSi%-H> zOA<2^i`t?IZ~9Bc5-gQISe5I_Zwib1eTA5tXo&o^X1t4%2r}AnD z#c@Jjn@rEoVHUEOMzP94*~*z-`3gjyE{DM!X=3ysCq-`gmWX(+mdrN*TCdjZ7wQE_ zwea)y9*b-gMY`sv;FVaA4oq-y%j#-%4XBCuonpBoM5}+q5+29HkIQf{4jv$FIT;z1 zcTJbjRc7)Erl!QA(iK2lj$P@B;#upZ0EM9eY59!ToB5VS5qscw?d17b78McLZ|r$5 z_cLr?nIxe08mkY2c{_O8s*01mlDwrMeAq9mb&_(M5+X(>5=?%l_F+`}w9Ccf8qHA= zl7diq3!sH7TsyGun!cH1G?*~%l65F)@hx%f*by>O>5G0067}a}9LKa@rO)n(T9yoh zX2|A?As=??Z@l)f`Y&MJe^@7C6Il2VnlRXxhpkt#j2=J6P##G`P}H{Lg2MvZQXVcw z^16937$J#3_cAD+5MNoje&@&dg=MN$>hNAv-J2~j=kL_wmhij zv+Q_~;g+HD&VHG^$fmcw-zi~8bg<=BU=T>U2({=;Jq7+&o|-2Em~wb2*6(h_sLlVq z&V}r-ACXv4vR`2h%BBcS1&<#1`qy5p|K5R2RHK+~;G9jMuriej+^fiXAVbF{?}87V z9oY=LOwQ&YLvG^IszCYh!Ti1e*rE0CZD{uAzA^GkyZn1#0QtZFVG-9;m%q2D+`bb{ zzkc}MTb{DM4oY91H~Oieu5x^Jubs{-XdfyS{88w=5OWF+8LM%Jp?&Z^cwSn(wR@9Z z8_1%~I;*fW2<}PuHN~3eTAr)l63wK((Vh|N-r|IS(#I$DRG(s96C4%8nxF$T;^DHU zC#L$WjR@|l>`!?aux21QRQflbmwO(5ztkeKo63w^sF)qhhVPlkK&nTit%}KABx@in zz^4^;PVZyFGBLe@Uz8Gh_&4%Nao_SU9OhIA< zEsJU2^t~^Is-skEVDq{J+FA;Z(UNyT`}A2$)^`1O5LCN1 zQ0(PO;n;U2*m27F>Xs}`=5K*WP;=f`oSO(0#r`8Ot z|3B0|51WzI%TEmm3D%V=L_>nD(QAn*Bpl%PqX%E6udeQLo7}v{ow2hHF}sMhsHW-T zbegLR3CwvZZO`LO>vxq?br4xEq;hg8Wqd4I9bly$huePWaI9GW?YvpV%5lD1bN5&$ z-|cZPvG^GM|J5$H^9XeNjRqRd1sY1T<8EW3b~;mU9X*S?n)Y-&4wbIbjr!Fu$2cYo z=%TWoR)b+${L2W18cx}7Gr}d>4ofT9a-KUC^*^5;gq~#&IO0>C1#riovv~Lf-_)8! zRbP3d49yqA5&C^`bP{i4vqY+q)tfR8ZJrut9B>27C5T7*;`AHogYECIOK4y7>+f4B2{NZ0 z9>%=KMeqE0uJ1W4ORMH0SwJ>M?D<`er=tVv>kt3?^r4kYFFXjQAo3>SB)fM$FrxMT zVFw<25JtJBf_~JPpA6{w_pFnltWy-BC{rsU$BJXkB3lhD#iR$QlU7~mSSi}`htR-W zDv(bEN(1=%*Z!8$?4DNXo?+1 z)-Z&y?8&QbFM-Oylq{R59{GpT_;bWLlL`tiOCD}>(ACYJf_-?-k(Z1@h6TfT?1cWR;v0% zbii&MVNn~`ndUnOby{rHPZ=l+k<5zR_$*g#>K&}}-y3Ym@A`3E>f59w8nwwUGG!U7 z&jxBSIfVc1xUx4XkX661YyS3ZwphqS!JlEdtFWpo9(YscLi51ShbE%HaH-NeF{GPQJV4V+`E!( zf>#}dE#5DG%K;|<~$rleV+`;p4&0X7&I!x6x zm*R-L@W<>DR}X#ezT3b&+h*#ML8!?@t@5xnIU<*8GA3;-{Jv88lX`fUejaQ~6e|C_ zw_`XHT4BH>nteL@KUVVe|D%#S2^gShhrk{c|eudNiT8(?y9V-e;s-S4tP$S?kPH zq@7pN#Z|*1e}f9s4pxq;M(N@=LGhJ_*db?CyJrn_jSL@K*K)PkVN@q{@B16t+Nxfr z9Wvb5_I@^^*b|%emPW_>QJY3C<4WAzyW#CCo$2uo=XRt`;z^WOqI(LCAhP%U9m^ zW_q|oO5`za7Ayd`>W~BS*)cV)&CcrEUP%nB38T{$w~`G$-K~e{m3=fd7Ep6?tG_U; zk)oe$=2$b1Q7fJ0PGzg*V_n{kl~&O0`VcoH|4pWhn7)FEqlFi45LfNtF_r(PeCfp1 zdpmpjZ(IL$rMZ-Pdag{#5NAkRRQWfHPz%tDJaMXa`eh8fhH6+Se|n1u^XPS_#K@xU zxQhNs7S3iG0fCxo$IP{0JgR)zDASYitdt6DDNrdBt=#V+b-XOtA^;^x; z+(2>+?Jn0m=a+o+&%`U{fC!ruy5_@}YSJhWE+SHT1VLiymR%9c-f6=GvMlZ>JHM9FbSkh9RBhM+lDISKO=2 z2ip~}3`cKmCRNRsy@NinYP}uZL7!{IE_+l3;q}qxPYm>NO=G)RR18c_IhIlQ-Z4|Q zYV@7Gb4PSanK?BJIuDt3%vmsyfu1j%E^}%oOsYmm1~Asd4-!>A5uFmezR7)f*Y!?v zRMBN-sMhc><|7~$p}w4Q@?R5~#dIEA23+HRl7v<3XeF&pRLf`x-x3n){rCTUjYF?}#7>l&yLXM$$gT#q8*ZUyCdpEm4f#94nl|{BI8K z71qPvnl^QymWy9pRlZC~G3*bTmVhp!4^N%?2*rFa&c9Y7PVLPZQeavB$sPnF5%`h^ zlhgF)b~}nTty(sKBXKf$#jF({OWaGR8-B)3fUuaFr@A^}xERV@^l zJmEm?f`W_8Z!QW9E!*ue0NkXQuHO2{{{?0$S;iSzxWd=!{8~QZrK>C~w#uRA4J?i2 z&#+UlFKeKbNbi4s(|@?j;_cLGYp+y|yx%&e4!7}amy|TM+Hyfk+cJ35m#YM`a3R~W zF=RBkyty7bmQu}=wP{}6(zooeaaT(o1E-vGq*&1<_o9zMIT&+S9soMrha3oIDcTQX zfE-AAod~R)W0mjw3l>MYP0+}{u5nlYG99bD>!sxTFye`Mr(n0HgdO6gL9bNY`Wy9; zCBbghDZXkwGP;7zB_}Cc07I@5F4*D{Y~0|1Cv0*+hPTjB$7bZw5#9OMy)#oqb+<%H z7+=~U5oNk^;dZxrhJ&<6fu(1y%3UR~d3NRcy8oRnc`y_qeZ$M}d^MI?!D%~~@)6-L zQu{P%C4INQT`!xK`Za%Go}jjiPBcx^SFG;KiJX;iop@Nr3jEAUSy2{$dIh+#wq;{q zy0%Qv<5o2aA69U;YW>;gMG7BG8np$vOf^C(htP1cSi1Exf4VA|V|@M~;$=><^w%_i zCNNr@g*y?Vq#SXQ_Up~R_mLzi)QE8jAi|3K1i*0A0C69<`i;tDG6%d50KAl-&XQ{h@{#IB281jN99bmh9NqOtM4Wi`>GC3;FlgXaTx_bsC3 zsUfCaL>wv%(Q4x!E4pencKpn{zR#0%UGW6jED4Af!;9z6$eI z4)i`z6R!{nH=gp6qMv%hd~H3NS~EUXlvm3xD+DQEwzTfVd;Km-Z5*+y}yZW9&R9uJd>haMoi z=A|Yu$9eLU)pxtb)@K609573J{H#K>Rt`wh%gu*v@wJfrx^bt_ERN)%-eXG0koOPPVHo#WKY_R6Qg?LI8?rP~3;98LM|&q0#724xCJ z7m|X1x^gA2uE|_FzU~glRi=R#KHk@8#)6^k`@NLp;p27beBG=Jn#8%{qrOPojhDJQ zx6yYRDV<&8IrC)UtkZI*G444M{{H(>hv!>&Uwdc{48rexDC!yxTc{@Ctr6$bc3ygY zy|Q4o^Gr@P9FiD#AtN8;1soWB>z@Kfnn2hw0a+-au?9QB(gdlnxynhR?RS zl~WDF_n4FF!-P)<#$+csL(?rn1{mI(X;Id2f*L(3J=^}y^x4bku?1~b9fK)Tb07)6izs_Ui6R+KqEX|(jP0V zNkOdfjv!YSA%FOz&8~bQO1Apa(g8_7q0;y1l>8y{=TEm|;s3zrCh!uRWA@H|8T5Tzx>GRj6LxVMw zxVqpI$ykm(i~>lDB}y#a%gQ59BZo`oWJEg~Ale-3ewn9RKQK27nV7KnY}3i;94^85 z4BylPl@vdBg|>!>LFImCzf$%@4e94DnlN~-qobE@ROiI%NBS3F@a*gx3zgU)%ccbe zH_tWi1np`yR5dL23W(eYgCRaj-(H=}g7+=JMN%gSj*VTaf(mW3_2%M&@8!$Pnw8dZ zL+095y{|k!Xhtq=;CPLLjZON>tgCG3eJxWYhiZPdVjmVBk;Xo%>eZE#pnY_KE$z4V%9-P`hLdLrn<73&0x33P9Zx^z}~BF>+o{8q+Qi@qdbHHfD@ z=NDWTvRWY3(j8f{`)(<~Zy()y6tPsPIiHED_*WY z8Fc5jJ;6t}JlPdwO}3T)n^O8d@D6QpMc8s>r6^f`@M#VSP~St)XZMwdmCrJb)tJS8 zD|=6TMTYl4ON~F>RY+0pV=m!a=1Bjc%Ecqa&e zIR)6oR8X$-j=o_(R;l51EcSJV0R84mq60wB07 z{Y(eL72Uc6ga5|U%^L%FH*@Zcu_GQJ(y`#VdcgplD#NN6 zs5FO*ScG}rK~~D=XM^`%R{t?!=)Gd6 z2J8sT0O!pPBg=mYCIXZRh4h0D1CvK2L7D#ob=U6RmtRX(z-zmI;1q;Ib~F|`F~0*} z6v7yS*(khez>zsn=%u&U7Fy2X)wUNu8!d)vJ@V1#tja=&VY`k@QoQuip*0&mvc(yW zNLKn#mM}8zGNR??yXkEXvWg9X-rRis`fMsKg*kX<_X5`qN2j(9tN5sN(m(X|mi3>1 zPq=}T_s+%~pSG3oqZv<>5?c5u8${qANQs@bH@E+nDK3EJaq?#Tx1u!!H2^(cEPbui z_~F0xT2=)mi?QuHi<_;~2p0jpVVNVaz8!84caxZ8xHgpe{QW#dUZFn8Bz2_x1M@ek;l8u&+jOZ$dSQ9ez0MJ<3_#ez1rNS@G942XE$%XBAgC>RK+;fZV^~+`v+cjbMu}!1ETls7q$i zFn2Ws1DpB!K7-~AArRg2gvBsfo$dNxwMRz$WDi@};4Iu+n{(JQ#x&*o_P49SF+YI` z+xydo-2J{=phYaC>rzWt&s*Qkio7^GBwac<(i(`GmMhlI{)G_idGt^&owZm*taNYS zwh`0!r~_ds;gN6fmo?i-X^CbCE@wnLkRoD2q7WCa+=}jg%g=F$#I0Y?AJmx_wPZ!N zxTY-tzI*GO&qvtT_v^E8vu8aNKG(>9b3#N6_KpZTGxY`yKU~Dc<^EWb?$92{2GV(; zWAe|6xuM`MR3>MeF1p%iZ7+Q-S_|TOr0qB`H~fabe0~lhPGeUE0?3#30`7tEjln3$ zq}16(0(#xa>uK8G9pHv2xdYt9kG~|=8+D;ZyvmOFzeurF-GyMt5%>KP^DvuWm-h!A zR4>N)ZUpKpnHa)^fD*B}g7FCPmQ>c={q{=#=O56>*GE|zdl1S`mG1vD{~}?c*tvUk zW%VlB%sanpqgPLS8EmzX&|@m?;{;h7(|skhf|;E8m<@B9G-HoFsoHddX#M6R&0?3G z%uau04Kqhc+%3;H-O?fRe3k-Ajs0%(flr{j- zqf@!V#r4C{XMgDjI-6@}PU>`uKC2*-v~jfO#EU(1vxEqAl`?*}SzVj=p*;JJGXIxjMoMH${R4!b( z#9OM3GWtslNQzdSKdYTd*)MwNebmdKnqK;;*a?1TrHL%fYCkP@V&cTGOEb8 z#6xpYdi4@MMiC}0pt27LFNdrpl|Jf#Ux37sIXk2H_c0XX`g>IHSgf$UeVoOkuRtkH z$}8CDu2fb%{)AKmK<|jk6!t;S&YtPlaR}=8s84U_GQ-0=KawiPnY68i}DNc#Z6C{+sj)<(yPfMCs&p-(~o_k<59DqU`IpM$wc zI_n~%`H8`%xI0)O+K*IEnVmzO`KE*#ao;K!m z5beC`a#Twr({2Qh!0niS4Lp|{30mQ&HggZ@=-PLHck0PqUJX7;k&9g-Cj(?J;cgw78)seij|Ax@te@xUeqt(a79FnqftnO zeBQ|DeB)b7(QFY+FY#u>gfb4_7Vyeh%(oO60_w34gY%l8xC!^$PSEjValm zu`>mo)BzYxPI&V7;@NQRQuBgg;nw6_=i^2~fe@zPXzEY4x(?(Dgam{1IWQW?H8P zw^Z#AUg^CyoY`Tam1d<*yEfS{B#g^d6P&1eYt&ojU(XJV@TO$c+U!Q&=mP*`g8;>) zY0TKL@>5eXYOokcMh(0^ZZc)v!p8j@R89E@s`fDc16AjbyNfcF`r>1!o)Tngk|fq- zYL)OF;X6#>Y128OS2lCgC&$mp^30Mw^l|k%{^`1~8hR7HCU-4USh`I)tge9MCyUBb`RLBd#7e3@NF;0eW@XC%w|Dmz z&6>Q;bR}?I+zdGpIror#f?xaA%n!e^FYwWml}CQ@W%Qm4<+z`I@zK7-L;Hk(@%eA< z+3|dN^ZjUN_KOGK1DmaW^Ji&YUmssSEh!=T>1?f~Ad4zOqd0{jbuMne@8 zMx#k?G(UpU0emS4zWJfiY=vj?jMBi_BCAsKb#?sKVo-E!o6LLHQz77hUn%5nqiwOk z11xUD{kjsev+nP%%_4^%JzB)W&wpEWV(jj+nQX!vCRZ@GJb2$SJx^!vMojsM8^%yJezK&COc6Kg1nO|8M8CUsKbT_b$+ORe5 z|F7$(A3RtP+vR@WGs6D^gw|2GqK1~~BGwOc#CeV7NbO;nH#0Ja_A__k9C@4$L_wwZ?OE(#_PG3!YJ3kPPglA76js%2D8QuVp9ZEiU?Y zW^Yl^x_w7iNpE*w=X3IC@YS^!H?973#&Y7y<9i&hIa)4lV)e_e0oUepi@r))mj8^a zbpJ5zfc2zJ?^k|)#4QY5H_EL3eyZ^uN8pa^b5AGO2owtG%d9VTTvg`0>28Z(^|h<- ztYRiSKKRyjufM77uX6$GftLUP_na@O^{i~4yY|*+zMa?4Nlo`Z)u`;ha^~_UHGg^8 zauxwM(CT^YdVPILOy!+E#en&aKb;Sj*xDWWBKo-``VwQKm;ExQiQVtMf%>a&P1}I2 zNni|4)|>v+(mJ~ItL4t5blKl2Ugj3(ZIt|X_J)>UFA}-lr+aU*>L9uDa*t zuG^O)Ewz5}T}-vCJTUn@@RU@ayX<#&gY$@0DsVS+2CyrrcjHz4I-TkAKLc{-9J0G@ z`|QDvtV#2xB;Q{9{#4kd=P{;l=X2TuuYvi&_+GX_Q*_?e*As6glo+pku<+fq!1oZp z&H#3~FIGQ&()f7mNA_P{-+*Tvg_hrp3chU*JSXSVjcuW;qj6y$7Z~);X9pq@!i1v!bg}(zhh0B?Z2dRfVuR&dpurcK@BP_)e)jz9|9+a!od06Y-Thy9KYs?E^mzAA z&!?CE^-mdKI;Vst0Od%GYybcN literal 0 HcmV?d00001 From 738dd5ec03cc9164d1d0b23f8acbf3f2b185f56f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Apr 2019 11:18:37 -0700 Subject: [PATCH 52/54] fixed link --- .../customize-attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index b772be4c4c..204fad8ca0 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 12/19/2018 +ms.date: 04/26/2019 --- # Customize attack surface reduction rules @@ -35,7 +35,7 @@ This could potentially allow unsafe files to run and infect your devices. >[!WARNING] >Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded. > ->If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules). +>If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions. From 4475d96184a8eeb24c85b84be3ac6d40401a6406 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Apr 2019 11:20:17 -0700 Subject: [PATCH 53/54] fixed links --- .../enable-attack-surface-reduction.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index c4e2d4430f..82c0381006 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -43,7 +43,7 @@ You can exclude files and folders from being evaluated by most attack surface re >[!WARNING] >Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded. > ->If ASR rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules). +>If ASR rules are detecting files that you believe shouldn't be detected, you should [use audit mode first to test the rule](evaluate-attack-surface-reduction.md). >[!IMPORTANT] >File and folder exclusions do not apply to the following ASR rules: @@ -53,9 +53,6 @@ You can exclude files and folders from being evaluated by most attack surface re You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. ->[!IMPORTANT] ->The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. - ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). The following procedures for enabling ASR rules include instructions for how to exclude files and folders. From 92b36fb68c6228dfa44299602ff5bbdc234bee36 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 26 Apr 2019 12:26:34 -0700 Subject: [PATCH 54/54] fix errors --- .../access-control/active-directory-security-groups.md | 2 +- .../credential-guard/credential-guard-manage.md | 2 +- .../evaluate-attack-surface-reduction.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index defad633eb..3b7f39ee7e 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -328,7 +328,7 @@ The following tables provide descriptions of the default groups that are located

Yes

-

[Enterprise Key Admins](#bkmk-enterprise-key-admins)

+

[Enterprise Key Admins](#enterprise-key-admins)

Yes

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 188d69a0d2..b315be80ea 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -23,7 +23,7 @@ ms.date: 03/01/2019 ## Enable Windows Defender Credential Guard -Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-credential-guard-by-using-group-policy), the [registry](#enable-credential-guard-by-using-the-registry), or the Windows Defender Device Guard and Windows Defender Credential Guard [hardware readiness tool](#hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. +Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the Windows Defender Device Guard and Windows Defender Credential Guard [hardware readiness tool](#hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The same set of procedures used to enable Windows Defender Credential Guard on physical machines applies also to virtual machines. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index cb40850d1e..707aa20197 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -9,7 +9,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: @Justinha +author: Justinha ms.author: justinha ms.date: 04/02/2019 ---