deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into security-book-24

Browse Source
This commit is contained in:
Rebecca Agiewich 2024-11-18 08:37:49 -08:00 committed by GitHub
commit f314f8d6c7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 91 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/configuration/assigned-access/policy-settings.md
View File

@ -39,7 +39,7 @@ The following policy settings are applied at the device level when you deploy a
## User policy settings
The following policy settings are applied to any nonadministrator account when you deploy a restricted user experience:
The following policy settings are applied to targeted user accounts when you deploy a restricted user experience:
| Type | Path | Name/Description |
|---------|----------------------------------------------------------------------------------|-------------------------------------------------------------------|
@ -47,8 +47,9 @@ The following policy settings are applied to any nonadministrator account when y
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HidePeopleBar` | Hide People Bar from appearing on taskbar |
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentJumplists` | Hide recent jumplists from appearing on the Start menu/taskbar |
| **GPO** | User Configuration\Administrative Templates\Desktop | Hide and disable all items on the desktop |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Clear history of recently opened documents on exit |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notifications as toast |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notifications as toasts |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning items in Jump Lists |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning programs to the Taskbar |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not display or track items in Jump Lists from remote locations |
@ -69,21 +70,23 @@ The following policy settings are applied to any nonadministrator account when y
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Notification and Action Center |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Quick Settings |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Run menu from Start Menu |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove the Security and Maintenance icon |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Turn off all balloon notifications |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Turn off feature advertisement balloon notifications |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications | Hide the TaskView button |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications | Turn off toast notifications |
| **GPO** | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Change Password |
| **GPO** | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Logoff |
| **GPO** | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Task Manager |
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Prevent access to drives from My Computer |
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove *Map network drive* and *Disconnect Network Drive* |
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove File Explorer's default context menu |
| **GPO** | User Configuration\Administrative Templates\Windows Components\Windows Copilot | Turn off Windows Copilot |
The following policy settings are applied to the kiosk account when you configure a kiosk experience with Microsoft Edge:
| Type | Path | Name/Description |
|---------|-----------------------------------------------------------------------------------|--------------------------------------------------------|
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications | Run only specified Windows applications > `msedge.exe` |
| **GPO** | User Configuration\Administrative Templates\System | Run only specified Windows applications > `msedge.exe` |
| **GPO** | User Configuration\Administrative Templates\System | Turn off toast notifications |
| **GPO** | User Configuration\Administrative Templates\Windows Components\Attachment Manager | Default risk level for file attachments > High risk |
| **GPO** | User Configuration\Administrative Templates\Windows Components\Attachment Manager | Inclusion list for low file types > `.pdf;.epub` |

14
windows/security/security-foundations/certification/fips-140-validation.md
View File

@ -1,7 +1,7 @@
---
title: Windows FIPS 140 validation
description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
ms.date: 2/1/2024
ms.date: 11/13/2024
ms.topic: reference
---
@ -21,6 +21,8 @@ The Windows client releases listed below include cryptographic modules that have
#### Windows 10 releases
- [Windows 10, version 21H1 (May 2021 Update)](validations/fips-140-windows10.md#windows-10-version-21h1-may-2021-update)
- [Windows 10, version 20H2 (October 2020 Update)](validations/fips-140-windows10.md#windows-10-version-20h2-october-2020-update)
- [Windows 10, version 2004 (May 2020 Update)](validations/fips-140-windows10.md#windows-10-version-2004-may-2020-update)
- [Windows 10, version 1909 (November 2019 Update)](validations/fips-140-windows10.md#windows-10-version-1909-november-2019-update)
- [Windows 10, version 1903 (May 2019 Update)](validations/fips-140-windows10.md#windows-10-version-1903-may-2019-update)
@ -60,16 +62,18 @@ The Windows client releases listed below include cryptographic modules that have
The Windows Server releases listed below include cryptographic modules that have completed FIPS 140 validation. Click on the release for details, including the CMVP certificate, Security Policy document, and algorithm scope for each module. When the CMVP certificate validation label includes the note *When operated in FIPS mode*, specific configuration and security rules outlined in the Security Policy must be followed.
#### Windows Server 2019 and 2016 releases
#### Windows Server 2022, 2019, and 2016 releases
- [Windows Server 2022](validations/fips-140-windows-server-2022.md#windows-server-2022)
- [Windows Server 2019](validations/fips-140-windows-server-2019.md#windows-server-2019)
- [Windows Server 2016](validations/fips-140-windows-server-2016.md#windows-server-2016)
#### Windows Server semi-annual releases
- [Windows Server, version 2004](validations/fips-140-windows-server-semi-annual.md#windows-server-version-2004-may-2020-update)
- [Windows Server, version 1909](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1909-november-2019-update)
- [Windows Server, version 1903](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1903-may-2019-update)
- [Windows Server, version 20H2](validations/fips-140-windows-server-semi-annual.md#windows-server-version-20h2)
- [Windows Server, version 2004](validations/fips-140-windows-server-semi-annual.md#windows-server-version-2004)
- [Windows Server, version 1909](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1909)
- [Windows Server, version 1903](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1903)
- [Windows Server, version 1809](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1809)
- [Windows Server, version 1803](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1803)
- [Windows Server, version 1709](validations/fips-140-windows-server-semi-annual.md#windows-server-version-1709)

33
windows/security/security-foundations/certification/validations/fips-140-windows-server-2022.md Normal file
View File

@ -0,0 +1,33 @@
---
title: FIPS 140 validated modules for Windows Server 2022
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server 2022.
ms.date: 11/13/2024
ms.topic: reference
---
# FIPS 140 validated modules in Windows Server 2022
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server 2022, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, see its linked Security Policy document or module certificate.
## Windows Server 2022
Build: 10.0.20348. Validated Editions: Standard, Datacenter, and Datacenter: Azure.
|Cryptographic Module (linked to Security Policy document)|CMVP Certificate #|Validated Algorithms|
|--- |--- |--- |
|[Cryptographic Primitives Library][sp-4825]|[#4825][certificate-4825]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
|[Kernel Mode Cryptographic Primitives Library][sp-4766]|[#4766][certificate-4766]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
---
<!-- Links -->
<!-- CMVP Certificates -->
[certificate-4766]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4766
[certificate-4825]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4825
<!-- Security Policies -->
[sp-4766]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4766.pdf
[sp-4825]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4825.pdf

21
windows/security/security-foundations/certification/validations/fips-140-windows-server-semi-annual.md
View File

@ -1,7 +1,7 @@
---
title: FIPS 140 validated modules for Windows Server Semi-Annual Releases
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows Server semi-annual releases.
ms.date: 2/1/2024
ms.date: 11/13/2024
ms.topic: reference
---
@ -9,7 +9,16 @@ ms.topic: reference
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows Server semi-annual releases, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
## Windows Server, version 2004 (May 2020 Update)
## Windows Server, version 20H2
Build: 10.0.19042. Validated Editions: Standard Core, Datacenter Core
|Cryptographic Module (linked to Security Policy document)|CMVP Certificate #|Validated Algorithms|
|--- |--- |--- |
|[Cryptographic Primitives Library][sp-4825]|[#4825][certificate-4825]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
|[Kernel Mode Cryptographic Primitives Library][sp-4766]|[#4766][certificate-4766]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
## Windows Server, version 2004
Build: 10.0.19041. Validated Editions: Standard Core, Datacenter Core
@ -24,7 +33,7 @@ Build: 10.0.19041. Validated Editions: Standard Core, Datacenter Core
|[Virtual TPM][sp-4537]|[#4537][certificate-4537]|FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG|
|[Windows OS Loader][sp-4339]|[#4339][certificate-4339]|FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG|
## Windows Server, version 1909 (November 2019 Update)
## Windows Server, version 1909
Build: 10.0.18363. Validated Editions: Standard Core, Datacenter Core
@ -39,7 +48,7 @@ Build: 10.0.18363. Validated Editions: Standard Core, Datacenter Core
|[Virtual TPM][sp-4537]|[#4537][certificate-4537]|FIPS Approved: AES, CKG, CVL, DRBG, ECDSA, HMAC, KAS, KBKDF, KTS, RSA, and SHS; Other Allowed: NDRNG|
|[Windows OS Loader][sp-4339]|[#4339][certificate-4339]|FIPS Approved: AES, CKG, DRBG, RSA, and SHS; Other Allowed: NDRNG|
## Windows Server, version 1903 (May 2019 Update)
## Windows Server, version 1903
Build: 10.0.18362. Validated Editions: Standard Core, Datacenter Core
@ -123,6 +132,8 @@ Build: 10.0.16299. Validated Editions: Standard Core, Datacenter Core
[certificate-4536]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4536
[certificate-4537]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4537
[certificate-4538]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4538
[certificate-4766]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4766
[certificate-4825]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4825
<!-- Security Policies -->
@ -146,3 +157,5 @@ Build: 10.0.16299. Validated Editions: Standard Core, Datacenter Core
[sp-4536]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4536.pdf
[sp-4537]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf
[sp-4538]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf
[sp-4766]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4766.pdf
[sp-4825]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4825.pdf

24
windows/security/security-foundations/certification/validations/fips-140-windows10.md
View File

@ -1,7 +1,7 @@
---
title: FIPS 140 validated modules for Windows 10
description: This topic lists the completed FIPS 140 cryptographic module validations for Windows 10.
ms.date: 2/1/2024
ms.date: 11/13/2024
ms.topic: reference
---
@ -9,6 +9,24 @@ ms.topic: reference
The following tables list the completed FIPS 140 validations of cryptographic modules used in Windows 10, organized by major release of the operating system. The linked Security Policy document for each module provides details on the module capabilities and the policies the operator must follow to use the module in its FIPS approved mode of operation. For information on using the overall operating system in its FIPS approved mode, see [Use Windows in a FIPS approved mode of operation](../fips-140-validation.md#use-windows-in-a-fips-approved-mode-of-operation). For details on the FIPS approved algorithms used by each module, including CAVP algorithm certificates, see the module's linked Security Policy document or CMVP module certificate.
## Windows 10, version 21H1 (May 2021 Update)
Build: 10.0.19043. Validated Editions: Pro, Enterprise
|Cryptographic Module (linked to Security Policy document)|CMVP Certificate #|Validated Algorithms|
|--- |--- |--- |
|[Cryptographic Primitives Library][sp-4825]|[#4825][certificate-4825]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
|[Kernel Mode Cryptographic Primitives Library][sp-4766]|[#4766][certificate-4766]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
## Windows 10, version 20H2 (October 2020 Update)
Build: 10.0.19042. Validated Editions: Pro, Enterprise
|Cryptographic Module (linked to Security Policy document)|CMVP Certificate #|Validated Algorithms|
|--- |--- |--- |
|[Cryptographic Primitives Library][sp-4825]|[#4825][certificate-4825]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
|[Kernel Mode Cryptographic Primitives Library][sp-4766]|[#4766][certificate-4766]|FIPS Approved: AES, CKG, CVL, DRBG, DSA, ECDSA, ENT (P), HMAC, KAS, KAS-SSC, KBKDF, KTS, PBKDF, RSA, SHS, and Triple-DES|
## Windows 10, version 2004 (May 2020 Update)
Build: 10.0.19041. Validated Editions: Home, Pro, Enterprise, Education
@ -257,6 +275,8 @@ Build: 10.0.10240. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, M
[certificate-4536]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4536
[certificate-4537]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4537
[certificate-4538]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4538
[certificate-4766]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4766
[certificate-4825]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4825
<!-- Security Policies -->
@ -320,3 +340,5 @@ Build: 10.0.10240. Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, M
[sp-4536]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4536.pdf
[sp-4537]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf
[sp-4538]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4537.pdf
[sp-4766]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4766.pdf
[sp-4825]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4825.pdf

4
windows/whats-new/deprecated-features.md
View File

@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
ms.date: 10/01/2024
ms.date: 11/14/2024
ms.service: windows-client
ms.subservice: itpro-fundamentals
ms.localizationpriority: medium
@ -83,7 +83,7 @@ The features in this article are no longer being actively developed, and might b
| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
| Companion Device Framework | The [Companion Device Framework](/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
| Dynamic Disks | The [Dynamic Disks](/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
| Microsoft BitLocker Administration and Monitoring (MBAM)| [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/), part of the [Microsoft Desktop Optimization Pack (MDOP)](/lifecycle/announcements/mdop-extended) is no longer being developed. | September 2019 |
| Microsoft Desktop Optimization Pack (MDOP) | The [Microsoft Desktop Optimization Pack (MDOP)](/lifecycle/announcements/mdop-extended) is no longer being developed. End of extended support is April 14, 2026. This end of support includes the [User Experience Virtualization (UE-V) client in Windows](/microsoft-desktop-optimization-pack/ue-v/uev-for-windows).<br>&nbsp;<br>As of November 2024, the [Application Virtualization (App-V) client in Windows](/microsoft-desktop-optimization-pack/app-v/appv-support-policy) is no longer deprecated and persists with a fixed extended support lifecycle. | September 2019 |
| Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
| My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 |
| Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. <br>&nbsp;<br>The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. <br>&nbsp;<br>PSR was removed in Windows 11.| 1909 |