deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

added robocopy on s mode png

Browse Source
This commit is contained in:
Justin Hall
2018-05-02 12:55:53 -07:00
parent b10a36ba67 ce48d442c1
commit f166036c2b
1040 changed files with 27471 additions and 16848 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
View File

@ -18,7 +18,7 @@ This topic explains how BitLocker Device Encryption can help protect data on de
For an architectural overview about how BitLocker Device Encryption works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview).
For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md).
When users travel, their organizations confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives; in Windows 10, BitLocker will even protect individual files, with data loss prevention capabilities. Windows consistently improves data protection by improving existing options and by providing new strategies.
When users travel, their organizations confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.
Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7.

2
windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md
View File

@ -336,7 +336,7 @@ To use Network Unlock you must also have a PIN configured for your computer. Whe
BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before you can use it.
Network Unlock uses two protectors, the TPM protector and the one provided by the network or by your PIN, whereas automatic unlock uses a single protector, the one stored in the TPM. If the computer is joined to a network without the key protector it will prompt you to enter your PIN. If the PIN is
not available you will need to use the recovery key to unlock the computer if it can ot be connected to the network.
not available you will need to use the recovery key to unlock the computer if it can not be connected to the network.
For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).

2
windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
View File

@ -393,7 +393,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p
**Reference**
This policy setting is only enforced when BitLocker or device encyption is enabled.
This policy setting is only enforced when BitLocker or device encyption is enabled. As explained in the [Microoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2018/01/18/issue-with-bitlockerdma-setting-in-windows-10-fall-creators-update-v1709/), in some cases when this setting is enabled, internal, PCI-based peripherals can fail, including wireless network drivers and input and audio peripherals. This problem is fixed in the [April 2018 quality update](https://support.microsoft.com/help/4093105/windows-10-update-kb4093105).
### <a href="" id="bkmk-dpinchange"></a>Disallow standard users from changing the PIN or password

4
windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
View File

@ -108,7 +108,7 @@ For Azure AD-joined computers, including virtual machines, the recovery password
```
PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:
PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
PS C:\>BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
```
@ -118,7 +118,7 @@ For domain-joined computers, including servers, the recovery password should be
```
PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector
PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:
PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"
PS C:\>Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
```

3
windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
View File

@ -27,6 +27,9 @@ To avoid the automatic encryption of data, developers can enlighten apps by addi
We strongly suggest that the only unenlightened apps you add to your allowed apps list are Line-of-Business (LOB) apps.
>[!IMPORTANT]
>After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
>[!Note]
>For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](https://msdn.microsoft.com/en-us/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center.

3
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -509,6 +509,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
Optionally, if you dont want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
>[!IMPORTANT]
>Curly braces -- {} -- are required around the RMS Template ID.
>[!NOTE]
>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.

3
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md
View File

@ -420,6 +420,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
Optionally, if you dont want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
>[!IMPORTANT]
>Curly braces -- {} -- are required around the RMS Template ID.
>[!NOTE]
>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.

3
windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
View File

@ -555,6 +555,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
Optionally, if you dont want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option.
>[!IMPORTANT]
>Curly braces -- {} -- are required around the RMS Template ID.
>[!NOTE]
>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.

2
windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
View File

@ -62,7 +62,7 @@ WIP provides:
- Additional data protection for existing line-of-business apps without a need to update the apps.
- Ability to wipe corporate data from devices while leaving personal data alone.
- Ability to wipe corporate data from Intune MDM enrolled devices while leaving personal data alone.
- Use of audit reports for tracking issues and remedial actions.

5
windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
View File

@ -23,6 +23,9 @@ We've come up with a list of suggested testing scenarios that you can use to tes
## Testing scenarios
You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
>[!IMPORTANT]
>If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
<table>
<tr>
<th>Scenario</th>
@ -152,7 +155,7 @@ You can try any of the processes included in these scenarios, but you should foc
<td>Unenroll client devices from WIP.</td>
<td>
<ul>
<li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<br><br><strong>Important</strong><br>On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
<li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<br><br><strong>Important</strong><br>On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
</ul>
</td>
</tr>