From 9aea41f0cbf9329bb163f7697587646ead054629 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 23 Sep 2020 11:10:42 +0500
Subject: [PATCH 01/23] Updating logon event
In this page, logon events were listed for Windows Xp, 7. I have updated them to Windows 10.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7178
---
.../auditing/basic-audit-logon-events.md | 33 ++++---------------
1 file changed, 6 insertions(+), 27 deletions(-)
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index 5c7672c13a..e03cf0d1ce 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -38,33 +38,12 @@ You can configure this security setting by opening the appropriate policy under
| Logon events | Description |
| - | - |
-| 528 | A user successfully logged on to a computer. For information about the type of logon, see the Logon Types table below. |
-| 529 | Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. |
-| 530 | Logon failure. A logon attempt was made user account tried to log on outside of the allowed time. |
-| 531 | Logon failure. A logon attempt was made using a disabled account. |
-| 532 | Logon failure. A logon attempt was made using an expired account. |
-| 533 | Logon failure. A logon attempt was made by a user who is not allowed to log on at this computer. |
-| 534 | Logon failure. The user attempted to log on with a type that is not allowed. |
-| 535 | Logon failure. The password for the specified account has expired. |
-| 536 | Logon failure. The Net Logon service is not active. |
-| 537 | Logon failure. The logon attempt failed for other reasons. |
-| 538 | The logoff process was completed for a user. |
-| 539 | Logon failure. The account was locked out at the time the logon attempt was made. |
-| 540 | A user successfully logged on to a network. |
-| 541 | Main mode Internet Key Exchange (IKE) authentication was completed between the local computer and the listed peer identity (establishing a security association), or quick mode has established a data channel. |
-| 542 | A data channel was terminated. |
-| 543 | Main mode was terminated. |
-| 544 | Main mode authentication failed because the peer did not provide a valid certificate or the signature was not validated. |
-| 545 | Main mode authentication failed because of a Kerberos failure or a password that is not valid. |
-| 546 | IKE security association establishment failed because the peer sent a proposal that is not valid. A packet was received that contained data that is not valid. |
-| 547 | A failure occurred during an IKE handshake. |
-| 548 | Logon failure. The security ID (SID) from a trusted domain does not match the account domain SID of the client. |
-| 549 | Logon failure. All SIDs corresponding to untrusted namespaces were filtered out during an authentication across forests. |
-| 550 | Notification message that could indicate a possible denial-of-service attack. |
-| 551 | A user initiated the logoff process. |
-| 552 | A user successfully logged on to a computer using explicit credentials while already logged on as a different user. |
-| 682 | A user has reconnected to a disconnected terminal server session. |
-| 683 | A user disconnected a terminal server session without logging off. |
+| 4624 | A user successfully logged on to a computer. For information about the type of logon, see the Logon Types table below. |
+| 4625 | Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. |
+| 4634 | The logoff process was completed for a user. |
+| 4647 | A user initiated the logoff process. |
+| 4648 | A user successfully logged on to a computer using explicit credentials while already logged on as a different user. |
+| 4779 | A user disconnected a terminal server session without logging off. |
When event 528 is logged, a logon type is also listed in the event log. The following table describes each logon type.
From f1eaf7601089582606509c69f35b7914b71d8ac5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 28 Sep 2020 20:00:39 +0500
Subject: [PATCH 02/23] Update windows-editions-for-education-customers.md
---
.../windows/windows-editions-for-education-customers.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 80555a4b90..7b99e740f1 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -32,8 +32,8 @@ Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and
For Cortana[1](#footnote1),
- If you're using version 1607, Cortana is removed.
-- If you're using new devices with version 1703, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
+- If you're using new devices with version 1703 or later, Cortana is turned on by default.
+- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
@@ -51,8 +51,8 @@ Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise
For Cortana1,
- If you're using version 1607, Cortana1 is removed.
-- If you're using new devices with version 1703, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
+- If you're using new devices with version 1703 or later, Cortana is turned on by default.
+- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
From 5d1075ddb39180193b63d7f198a72ce80e48f655 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 5 Oct 2020 22:09:12 +0500
Subject: [PATCH 03/23] Update
windows/security/threat-protection/auditing/basic-audit-logon-events.md
Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
.../threat-protection/auditing/basic-audit-logon-events.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index e03cf0d1ce..66c1906086 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -42,7 +42,7 @@ You can configure this security setting by opening the appropriate policy under
| 4625 | Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. |
| 4634 | The logoff process was completed for a user. |
| 4647 | A user initiated the logoff process. |
-| 4648 | A user successfully logged on to a computer using explicit credentials while already logged on as a different user. |
+| 4648 | A user successfully logged on to a computer using explicit credentials while already logged on as a different user. |
| 4779 | A user disconnected a terminal server session without logging off. |
From 81f2746fc4fe49026bf94ff34fc225c75272ce1b Mon Sep 17 00:00:00 2001
From: aktsuda
Date: Thu, 8 Oct 2020 15:42:37 +0900
Subject: [PATCH 04/23] Update kernel-dma-protection-for-thunderbolt.md
Changed Note to "**Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection)."
---
.../kernel-dma-protection-for-thunderbolt.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 2d8554f52b..859064bfc0 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -91,7 +91,7 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
- Reboot system into Windows 10.
>[!NOTE]
-> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES.
+> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature.
From 8ce32e8d920bf969417052c81e0948eb294d7f02 Mon Sep 17 00:00:00 2001
From: John Kennedy
Date: Thu, 8 Oct 2020 10:59:36 -0700
Subject: [PATCH 05/23] Update developers.yml
Corrected link to https://developer.microsoft.com/en-us/office/edu
---
education/developers.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/education/developers.yml b/education/developers.yml
index 9e21b6d27f..6491604539 100644
--- a/education/developers.yml
+++ b/education/developers.yml
@@ -26,8 +26,8 @@ additionalContent:
# Card
- title: Office Education Dev center
summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
- url: https://dev.office.com/industry-verticals/edu
+ url: https://developer.microsoft.com/office/edu
# Card
- title: Data Streamer
summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
- url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
\ No newline at end of file
+ url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
From 08ec329b9d52b3d29654170721b360ccc178a21b Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 9 Oct 2020 15:28:20 +0200
Subject: [PATCH 06/23] Credential Guard: Enterprise & Education SKU
Just to make it clear that Credential Guard is not supported on Windows 10 Pro or Windows 10 Home edition
Ref. closed issue ticket #4025
---
.../credential-guard/credential-guard-manage.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 32bf1aabaf..1e5ca4586a 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -22,7 +22,7 @@ ms.custom:
**Applies to**
- Windows 10 <=1903 Enterprise and Education SKUs
-- Windows 10 >=1909
+- Windows 10 >=1909 Enterprise and Education SKUs
- Windows Server 2016
- Windows Server 2019
From 3940dc0089abfa5ffc682f5cfbca099f3358e826 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 9 Oct 2020 15:39:49 +0200
Subject: [PATCH 07/23] Credential Guard: Enterprise & Education SKU
Ref. closed issue ticket #4025 and PR #8435
Just to make it clear that Credential Guard is not supported on Windows 10 Pro or Windows 10 Home edition
Thanks to @JonZeolla for raising the question by opening the ticket.
Thanks to @tecxx for taking the time to create and follow up CRM:0773000358 (MSRC).
---
.../credential-guard/credential-guard-requirements.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index cdf9c3ec9a..79de4b8ec8 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -19,7 +19,7 @@ ms.reviewer:
# Windows Defender Credential Guard: Requirements
**Applies to**
-- Windows 10
+- Windows 10 Enterprise and Education SKUs
- Windows Server 2016
@@ -56,11 +56,11 @@ For information about Windows Defender Remote Credential Guard hardware and soft
When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality.
->[!WARNING]
+> [!WARNING]
> Enabling Windows Defender Credential Guard on domain controllers is not supported.
> The domain controller hosts authentication services which integrate with processes isolated when Windows Defender Credential Guard is enabled, causing crashes.
->[!NOTE]
+> [!NOTE]
> Windows Defender Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Windows Defender Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts).
Applications will break if they require:
From 37266f65295520da475310c0627de02f11e01c8e Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Fri, 9 Oct 2020 19:01:51 +0200
Subject: [PATCH 08/23] Merge into 1 line
- Clarify that only Windows 10 Enterprise or Education SKUs are covered.
---
.../credential-guard/credential-guard-manage.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 1e5ca4586a..0b0c7e3af3 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -21,8 +21,7 @@ ms.custom:
# Manage Windows Defender Credential Guard
**Applies to**
-- Windows 10 <=1903 Enterprise and Education SKUs
-- Windows 10 >=1909 Enterprise and Education SKUs
+- Windows 10 Enterprise or Education SKUs
- Windows Server 2016
- Windows Server 2019
From 42b0c8ff76af5a364001d968de969b4c42d9f965 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 11 Oct 2020 08:39:30 +0500
Subject: [PATCH 09/23] Update how-user-account-control-works.md
---
.../user-account-control/how-user-account-control-works.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 560f4b240c..f25477e9ad 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -278,7 +278,7 @@ The slider will never turn UAC completely off. If you set it to Never notify<
> **Important:** In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
>
-> **Warning:** Universal Windows apps will not work when UAC is disabled.
+> **Warning:** Some Universal Windows apps may not work when UAC is disabled.
### Virtualization
From 9e90ea017a38107796ef99cbef5f838e76d626b6 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 12 Oct 2020 09:39:33 +0500
Subject: [PATCH 10/23] Update
windows/security/identity-protection/user-account-control/how-user-account-control-works.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../user-account-control/how-user-account-control-works.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index f25477e9ad..042e28e960 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -278,7 +278,7 @@ The slider will never turn UAC completely off. If you set it to Never notify<
> **Important:** In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
>
-> **Warning:** Some Universal Windows apps may not work when UAC is disabled.
+> **Warning:** Some Universal Windows Platform apps may not work when UAC is disabled.
### Virtualization
From e59c706d86f628478c7f566d412b2bbce00d9582 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 12 Oct 2020 21:04:39 +0500
Subject: [PATCH 11/23] Addition of information in Note
Add additional information in the Note section to enable policy to work.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8241
---
windows/security/identity-protection/remote-credential-guard.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 373339ebcd..0e6a67a9e5 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -109,6 +109,8 @@ There are no hardware requirements for Windows Defender Remote Credential Guard.
> [!NOTE]
> Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain.
+> GPO [Remote host allows delegation of non-exportable credentials](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for Delegation of non-exportable credentials.
+
- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.
- The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
- The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Windows Defender Remote Credential Guard.
From a8dd40616c11690ef6177528fd598215aefd4d3c Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 12 Oct 2020 23:08:53 +0500
Subject: [PATCH 12/23] Update
windows/security/identity-protection/remote-credential-guard.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
windows/security/identity-protection/remote-credential-guard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 0e6a67a9e5..a2dffe193f 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -109,7 +109,7 @@ There are no hardware requirements for Windows Defender Remote Credential Guard.
> [!NOTE]
> Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain.
-> GPO [Remote host allows delegation of non-exportable credentials](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for Delegation of non-exportable credentials.
+> GPO [Remote host allows delegation of non-exportable credentials](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for delegation of non-exportable credentials.
- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.
- The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
From 3ef680b8308b50de54d3dbe2593d1c8998f95df3 Mon Sep 17 00:00:00 2001
From: Daniel Simpson
Date: Wed, 14 Oct 2020 10:13:26 -0700
Subject: [PATCH 13/23] Update kernel-dma-protection-for-thunderbolt.md
removed en-us from URL line 94
---
.../kernel-dma-protection-for-thunderbolt.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 859064bfc0..dac9d8ce02 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -91,7 +91,7 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
- Reboot system into Windows 10.
>[!NOTE]
-> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
+> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature.
From d09202414096f80cbd1364fccc5d8c1626912c66 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Mon, 19 Oct 2020 23:59:59 +0200
Subject: [PATCH 14/23] Update
windows/security/identity-protection/credential-guard/credential-guard-requirements.md
Unneeded blank line added during resolve of file conflict, line removed.
---
.../credential-guard/credential-guard-requirements.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index dd65abcdca..315c4bad46 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -18,7 +18,6 @@ ms.reviewer:
# Windows Defender Credential Guard: Requirements
-
## Applies to
- Windows 10
From 8f2c0fe56cd6f668ccd5ea9bbb1b06e3a263b412 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Tue, 20 Oct 2020 00:02:06 +0200
Subject: [PATCH 15/23] Update
windows/security/identity-protection/credential-guard/credential-guard-requirements.md
Another unneeded blank line added during merge of branch 'public' into PR branch. Line removed.
---
.../credential-guard/credential-guard-requirements.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 315c4bad46..2e56e0803c 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -58,7 +58,6 @@ For information about Windows Defender Remote Credential Guard hardware and soft
When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality.
-
> [!WARNING]
> Enabling Windows Defender Credential Guard on domain controllers is not supported.
> The domain controller hosts authentication services which integrate with processes isolated when Windows Defender Credential Guard is enabled, causing crashes.
From 95c740523395dc21922cb5a086dc4e0193a480ec Mon Sep 17 00:00:00 2001
From: Tina Burden
Date: Thu, 22 Oct 2020 11:04:40 -0700
Subject: [PATCH 16/23] removed en-us locale code from urls
---
education/developers.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/education/developers.yml b/education/developers.yml
index 6491604539..6533d8c51c 100644
--- a/education/developers.yml
+++ b/education/developers.yml
@@ -18,11 +18,11 @@ additionalContent:
# Card
- title: UWP apps for education
summary: Learn how to write universal apps for education.
- url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/
+ url: https://docs.microsoft.com/windows/uwp/apps-for-education/
# Card
- title: Take a test API
summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
- url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/take-a-test-api
+ url: https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api
# Card
- title: Office Education Dev center
summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
@@ -30,4 +30,4 @@ additionalContent:
# Card
- title: Data Streamer
summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
- url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
+ url: https://docs.microsoft.com/microsoft-365/education/data-streamer
From 813ca87003e52717b4132b486d03959dbe3430da Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:04:34 -0700
Subject: [PATCH 17/23] Applied note styles and corrected table header cells
---
.../how-user-account-control-works.md | 29 ++++++++++---------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 042e28e960..254e57e0e9 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -109,9 +109,7 @@ To better understand each component, review the table below:
Description
-
-
User
-
+
User
@@ -138,9 +136,7 @@ To better understand each component, review the table below:
-
-
System
-
+
System
@@ -248,8 +244,7 @@ To better understand each component, review the table below:
-
-
Kernel
+
Kernel
@@ -276,9 +271,11 @@ The slider will never turn UAC completely off. If you set it to Never notify<
- Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
- Automatically deny all elevation requests for standard users.
-> **Important:** In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
->
-> **Warning:** Some Universal Windows Platform apps may not work when UAC is disabled.
+> [!IMPORTANT]
+> In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
+
+> [!WARNING]
+> Some Universal Windows Platform apps may not work when UAC is disabled.
### Virtualization
@@ -291,7 +288,9 @@ Most app tasks operate properly by using virtualization features. Although virtu
Virtualization is not an option in the following scenarios:
- Virtualization does not apply to apps that are elevated and run with a full administrative access token.
+
- Virtualization supports only 32-bit apps. Non-elevated 64-bit apps simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations.
+
- Virtualization is disabled if the app includes an app manifest with a requested execution level attribute.
### Request execution levels
@@ -319,6 +318,8 @@ Before a 32-bit process is created, the following attributes are checked to dete
- Key attributes in the resource script data are linked in the executable file.
- There are targeted sequences of bytes within the executable file.
-> **Note:** The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
->
-> **Note:** The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
+> [!NOTE]
+> The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
+
+> [!NOTE]
+> The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
From 4389f5e61fd099aa986f5192fdade8b610e420f3 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:09:52 -0700
Subject: [PATCH 18/23] Removed unnecessary bold from table headings
Table headings are automatically bold. Adding bold ( or **) to table headings results in bold text that is lighter than normal.
---
.../remote-credential-guard.md | 21 ++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index a2dffe193f..1f3c3a4fa9 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -53,7 +53,7 @@ Use the following table to compare different Remote Desktop connection security
-| **Feature** | **Remote Desktop** | **Windows Defender Remote Credential Guard** | **Restricted Admin mode** |
+| Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode |
|--------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. | User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the “domain user”. Any attack is local to the server |
| **Version support** | The remote computer can run any Windows operating system | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**.
For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997.aspx). |
@@ -67,7 +67,7 @@ Use the following table to compare different Remote Desktop connection security
For further technical information, see [Remote Desktop Protocol](https://msdn.microsoft.com/library/aa383015(v=vs.85).aspx)
-and [How Kerberos works](https://technet.microsoft.com/library/cc961963.aspx(d=robot))
+and [How Kerberos works](https://technet.microsoft.com/library/cc961963.aspx(d=robot)).
@@ -92,9 +92,12 @@ To use Windows Defender Remote Credential Guard, the Remote Desktop client and r
The Remote Desktop client device:
-- Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine.
+- Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine.
+
- Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user’s signed-in credentials. This requires the user’s account be able to sign in to both the client device and the remote host.
+
- Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard.
+
- Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk.
The Remote Desktop remote host:
@@ -112,7 +115,9 @@ There are no hardware requirements for Windows Defender Remote Credential Guard.
> GPO [Remote host allows delegation of non-exportable credentials](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for delegation of non-exportable credentials.
- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.
+
- The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
+
- The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Windows Defender Remote Credential Guard.
## Enable Windows Defender Remote Credential Guard
@@ -120,15 +125,20 @@ There are no hardware requirements for Windows Defender Remote Credential Guard.
You must enable Restricted Admin or Windows Defender Remote Credential Guard on the remote host by using the Registry.
1. Open Registry Editor on the remote host.
+
2. Enable Restricted Admin and Windows Defender Remote Credential Guard:
+
- Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa.
+
- Add a new DWORD value named **DisableRestrictedAdmin**.
+
- To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0 to turn on Windows Defender Remote Credential Guard.
+
3. Close Registry Editor.
You can add this by running the following command from an elevated command prompt:
-```
+```console
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD
```
@@ -145,6 +155,7 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C
3. Under **Use the following restricted mode**:
+
- If you want to require either [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.remote-desktop-services-enable-restricted-admin-mode.aspx) or Windows Defender Remote Credential Guard, choose **Restrict Credential Delegation**. In this configuration, Windows Defender Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Windows Defender Remote Credential Guard cannot be used.
> [!NOTE]
@@ -165,7 +176,7 @@ Beginning with Windows 10 version 1703, you can enable Windows Defender Remote C
If you don't use Group Policy in your organization, or if not all your remote hosts support Remote Credential Guard, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection.
-```
+```console
mstsc.exe /remoteGuard
```
From 474fd1f2dca54ddfd5221ea56a48e7353cff11a9 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:16:10 -0700
Subject: [PATCH 19/23] Added space for reliability, corrected indentation
---
.../credential-guard-manage.md | 39 +++++++++++++------
1 file changed, 28 insertions(+), 11 deletions(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 0b0c7e3af3..6175ac1e5e 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -178,15 +178,25 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
- We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard will not help to secure a device or identity that has already been compromised, which is why we recommend turning on Credential Guard as early as possible.
- You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
- - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
- - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: \[**0x0** \| **0x1** \| **0x2**\], **0**
- - The first variable: **0x1** or **0x2** means that Windows Defender Credential Guard is configured to run. **0x0** means that it's not configured to run.
- - The second variable: **0** means that it's configured to run in protect mode. **1** means that it's configured to run in test mode. This variable should always be **0**.
- - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard.
- - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]
- - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]
- You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
- - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: **0x0**. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: **0x1**. TPM PCR mask: **0x0**.
+
+ - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
+
+ - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: \[**0x0** \| **0x1** \| **0x2**\], **0**
+
+ - The first variable: **0x1** or **0x2** means that Windows Defender Credential Guard is configured to run. **0x0** means that it's not configured to run.
+
+ - The second variable: **0** means that it's configured to run in protect mode. **1** means that it's configured to run in test mode. This variable should always be **0**.
+
+ - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard.
+
+ - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]
+
+ - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]
+
+ You can also verify that TPM is being used for key protection by checking Event ID 51 in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0.
+
+ - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: **0x0**. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: **0x1**. TPM PCR mask: **0x0**.
+
- You can use Windows PowerShell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated PowerShell window and run the following command:
```powershell
@@ -194,10 +204,13 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
```
This command generates the following output:
+
- **0**: Windows Defender Credential Guard is disabled (not running)
+
- **1**: Windows Defender Credential Guard is enabled (running)
- > [!NOTE]
- > Checking the task list or Task Manager to see if LSAISO.exe is running is not a recommended method for determining whether Windows Defender Credential Guard is running.
+
+ > [!NOTE]
+ > Checking the task list or Task Manager to see if LSAISO.exe is running is not a recommended method for determining whether Windows Defender Credential Guard is running.
## Disable Windows Defender Credential Guard
@@ -206,12 +219,15 @@ To disable Windows Defender Credential Guard, you can use the following set of p
1. If you used Group Policy, disable the Group Policy setting that you used to enable Windows Defender Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**).
2. Delete the following registry settings:
+
- HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags
- HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags
3. If you also wish to disable virtualization-based security delete the following registry settings:
+
- HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity
- HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures
+
> [!IMPORTANT]
> If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
@@ -260,6 +276,7 @@ DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot
> [!IMPORTANT]
> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
+>
> This is a known issue.
#### Disable Windows Defender Credential Guard for a virtual machine
From 7b1f9fc967cc87c7fa9148e8d0c0d7a69da276e8 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:18:16 -0700
Subject: [PATCH 20/23] Spacing
---
.../credential-guard/credential-guard-manage.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 6175ac1e5e..742dd80951 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -118,12 +118,15 @@ You can do this by using either the Control Panel or the Deployment Image Servic
2. Enable virtualization-based security:
- Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard.
+
- Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
+
- Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**.
3. Enable Windows Defender Credential Guard:
- Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA.
+
- Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.
4. Close Registry Editor.
@@ -144,6 +147,7 @@ DG_Readiness_Tool.ps1 -Enable -AutoReboot
> [!IMPORTANT]
> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
+>
> This is a known issue.
### Review Windows Defender Credential Guard performance
@@ -170,6 +174,7 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
> [!IMPORTANT]
> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
+>
> This is a known issue.
> [!NOTE]
From 5b6cdbdd9bbd22633634d3d227958cb2b1e43501 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:19:13 -0700
Subject: [PATCH 21/23] Corrected end punctuation
---
education/windows/windows-editions-for-education-customers.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 7b99e740f1..4197cf6869 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -30,7 +30,7 @@ Windows 10, version 1607 introduces two editions designed for the unique needs o
Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
-For Cortana[1](#footnote1),
+For Cortana[1](#footnote1):
- If you're using version 1607, Cortana is removed.
- If you're using new devices with version 1703 or later, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
@@ -49,7 +49,7 @@ Customers who deploy Windows 10 Pro are able to configure the product to have si
Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
-For Cortana1,
+For Cortana1:
- If you're using version 1607, Cortana1 is removed.
- If you're using new devices with version 1703 or later, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
From 11a57840a4337162b4544b7aa46551cf94a708dc Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:21:10 -0700
Subject: [PATCH 22/23] Corrected indentation
---
.../kernel-dma-protection-for-thunderbolt.md | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index dac9d8ce02..836d7916f5 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -82,20 +82,24 @@ Beginning with Windows 10 version 1809, you can use Security Center to check if
### Using System information
1. Launch MSINFO32.exe in a command prompt, or in the Windows search bar.
+
2. Check the value of **Kernel DMA Protection**.
+
+
3. If the current state of **Kernel DMA Protection** is OFF and **Hyper-V - Virtualization Enabled in Firmware** is NO:
+
- Reboot into BIOS settings
- Turn on Intel Virtualization Technology.
- Turn on Intel Virtualization Technology for I/O (VT-d). In Windows 10 version 1803, only Intel VT-d is supported. Other platforms can use DMA attack mitigations described in [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md).
- Reboot system into Windows 10.
->[!NOTE]
-> **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
+ >[!NOTE]
+ > **Hyper-V - Virtualization Enabled in Firmware** is NOT shown when **A hypervisor has been detected. Features required for Hyper-V will not be displayed.** is shown because this means that **Hyper-V - Virtualization Enabled in Firmware** is YES and the **Hyper-V** Windows feature is enabled. Enabling both is needed to enable **Kernel DMA Protection** even when the firmware has the flag of "ACPI Kernel DMA Protection Indicators" described in [Kernel DMA Protection (Memory Access Protection) for OEMs](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-kernel-dma-protection).
4. If the state of **Kernel DMA Protection** remains Off, then the system does not support this feature.
-For systems that do not support Kernel DMA Protection, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
+ For systems that do not support Kernel DMA Protection, please refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating system](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf) for other means of DMA protection.
## Frequently asked questions
From da7e9d44d8637b3c83141dfd43ad8ced82421bf9 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 22 Oct 2020 15:26:57 -0700
Subject: [PATCH 23/23] Fixed a broken note
---
windows/security/identity-protection/remote-credential-guard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 1f3c3a4fa9..60dc685e1e 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -111,7 +111,7 @@ There are no hardware requirements for Windows Defender Remote Credential Guard.
> [!NOTE]
> Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain.
-
+>
> GPO [Remote host allows delegation of non-exportable credentials](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for delegation of non-exportable credentials.
- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.