From b59b678870b951f5d0b9fa60732331fb0a0d3627 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 4 Oct 2018 15:46:39 -0700 Subject: [PATCH 01/18] added MAM only --- .../limitations-with-wip.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 9dce29791b..255097a5ac 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.author: justinha -ms.date: 05/30/2018 +ms.date: 10/04/2018 ms.localizationpriority: medium --- @@ -108,6 +108,13 @@ This table provides info about the most common problems you might encounter whil Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). + + Only enlightened apps can be managed without device enrollment + + If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. MAM is a lightweight registration that applies a fewer set of policies than Mobile Device Management (MDM). + If users need all apps to be managed, enroll the device for MDM. + + >[!NOTE] From 3890eac03ec59d48b29d99385284f95ebff07d6f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 4 Oct 2018 16:00:58 -0700 Subject: [PATCH 02/18] edits --- .../windows-information-protection/limitations-with-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 255097a5ac..624f53445a 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -112,7 +112,7 @@ This table provides info about the most common problems you might encounter whil Only enlightened apps can be managed without device enrollment If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. MAM is a lightweight registration that applies a fewer set of policies than Mobile Device Management (MDM). - If users need all apps to be managed, enroll the device for MDM. + If all apps need to be managed, enroll the device for MDM. From d0e159f3e318540e8e4ffa3f957c22cfe3a75e49 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 29 Nov 2018 14:45:25 -0800 Subject: [PATCH 03/18] Updated list and added new section for Winows Holographic --- .../policy-configuration-service-provider.md | 65 +++++++++++++++++-- 1 file changed, 59 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b8eeef6c2d..50aebe1f68 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4992,9 +4992,11 @@ The following diagram shows the Policy configuration service provider in tree fo - [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) - [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Authentication/PreferredAadTenantDomainName​](#authentication-preferredaadtenantdomainname) - [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) - [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) -- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowAutofill​](#browser-allowautofill) - [Browser/AllowCookies](#browser-allowcookies) - [Browser/AllowDoNotTrack](#browser-allowdonottrack) - [Browser/AllowPasswordManager](#browser-allowpasswordmanager) @@ -5002,6 +5004,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) - [Browser/AllowSmartScreen](#browser-allowsmartscreen) - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowUSBConnection​](#connectivity-allowusbconnection) - [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) - [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) - [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) @@ -5012,21 +5015,71 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) - [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](#experience-allowcortana) -- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment) - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) - [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) - [Security/RequireDeviceEncryption](#security-requiredeviceencryption) - [Settings/AllowDateTime](#settings-allowdatetime) -- [Settings/AllowVPN](#settings-allowvpn) +- [Settings/AllowVPN](#settings-allowvpn) +- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate) - [System/AllowLocation](#system-allowlocation) - [System/AllowTelemetry](#system-allowtelemetry) - [Update/AllowAutoUpdate](#update-allowautoupdate) - [Update/AllowUpdateService](#update-allowupdateservice) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Update/RequireUpdateApproval](#update-requireupdateapproval) -- [Update/UpdateServiceUrl](#update-updateserviceurl) - +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/ScheduledInstallDay​](#update-scheduledinstallday) +- [Update/ScheduledInstallTime](#update-scheduledinstalltime) +- [Update/UpdateServiceUrl](#update-updateserviceurl) +- [DisallowConvenienceLogon](https://docs.microsoft.com/en-us/uwp/api/windows.security.exchangeactivesyncprovisioning.easclientsecuritypolicy.disallowconveniencelogon) +## Policies supported by Windows Holographic + +- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Browser/AllowCookies](#browser-allowcookies) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts +- [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) +- [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) +- [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) +- [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) +- [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters) +- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [Experience/AllowCortana](#experience-allowcortana) +- [Location/EnableLocation](#location-enablelocation) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Settings/AllowDateTime](#settings-allowdatetime) +- [Settings/AllowVPN](#settings-allowvpn) +- [Speech/AllowSpeechModelUpdate](#speech-allowspeechmodelupdate) +- [System/AllowTelemetry](#system-allowtelemetry) +- [System/AllowLocation](#system-allowlocation) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/ScheduledInstallDay](#update-scheduledinstallday) +- [Update/ScheduledInstallTime] +- [Update/UpdateServiceUrl](#update-scheduledinstalltime) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Wifi/AllowManualWiFiConfiguration​](#wifi-allowmanualwificonfiguration​) +- [DisallowConvenienceLogon](https://docs.microsoft.com/en-us/uwp/api/windows.security.exchangeactivesyncprovisioning.easclientsecuritypolicy.disallowconveniencelogon) + + ## Policies that can be set using Exchange Active Sync (EAS) From 93f7c1d5d4bc25d4a4af8891a37ffab63d1df9e3 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 29 Nov 2018 16:27:37 -0800 Subject: [PATCH 04/18] Fixed missing parentheses and brackets --- .../mdm/policy-configuration-service-provider.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 50aebe1f68..6a834b1a52 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5051,7 +5051,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection) - [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) -- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts +- [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts) - [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock) - [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength) - [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) @@ -5073,8 +5073,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/AllowUpdateService](#update-allowupdateservice) - [Update/RequireUpdateApproval](#update-requireupdateapproval) - [Update/ScheduledInstallDay](#update-scheduledinstallday) -- [Update/ScheduledInstallTime] -- [Update/UpdateServiceUrl](#update-scheduledinstalltime) +- [Update/ScheduledInstallTime](#update-scheduledinstalltime) +- [Update/UpdateServiceUrl](#update-updateserviceurl) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) - [Wifi/AllowManualWiFiConfiguration​](#wifi-allowmanualwificonfiguration​) - [DisallowConvenienceLogon](https://docs.microsoft.com/en-us/uwp/api/windows.security.exchangeactivesyncprovisioning.easclientsecuritypolicy.disallowconveniencelogon) From d6f521e3693039fa13faeeb1e0375bcba9ef043c Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 14 Feb 2019 09:53:10 -0800 Subject: [PATCH 05/18] Removed DisallowConvenienceLogon Updated metadata and change history. --- .../mdm/new-in-windows-mdm-enrollment-management.md | 7 +++++++ .../mdm/policy-configuration-service-provider.md | 4 +--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 52c8272547..b7d977b310 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -49,6 +49,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [Requirements to note for VPN certificates also used for Kerberos Authentication](#a-href%22%22-id%22kerberos%22arequirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication) - [Device management agent for the push-button reset is not working](#a-href%22%22-id%22pushbuttonreset%22adevice-management-agent-for-the-push-button-reset-is-not-working) - [Change history in MDM documentation](#change-history-in-mdm-documentation) + - [February 2019](#february-2019) - [January 2019](#january-2019) - [December 2018](#december-2018) - [September 2018](#september-2018) @@ -1778,6 +1779,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware ## Change history in MDM documentation +### February 2019 + +|New or updated topic | Description| +|--- | ---| +|[Policy CSP](policy-configuration-service-provider.md)|Updated supported policies for Holographic.| + ### January 2019 |New or updated topic | Description| diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6a834b1a52..0135fa5575 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 08/24/2018 +ms.date: 02/14/2019 --- # Policy CSP @@ -5030,7 +5030,6 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallDay​](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) -- [DisallowConvenienceLogon](https://docs.microsoft.com/en-us/uwp/api/windows.security.exchangeactivesyncprovisioning.easclientsecuritypolicy.disallowconveniencelogon) ## Policies supported by Windows Holographic @@ -5077,7 +5076,6 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/UpdateServiceUrl](#update-updateserviceurl) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) - [Wifi/AllowManualWiFiConfiguration​](#wifi-allowmanualwificonfiguration​) -- [DisallowConvenienceLogon](https://docs.microsoft.com/en-us/uwp/api/windows.security.exchangeactivesyncprovisioning.easclientsecuritypolicy.disallowconveniencelogon) From f7c4d8eaa9a9f8e52ac2d94eaacacd1775c4a593 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 15 Feb 2019 09:49:04 -0800 Subject: [PATCH 06/18] Made changes based on Lavinder's feedback --- .../mdm/policy-configuration-service-provider.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 0135fa5575..b6a2152b9d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5006,7 +5006,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) - [Connectivity/AllowUSBConnection​](#connectivity-allowusbconnection) - [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) -- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) +- [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword) - [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired) - [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) - [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory) @@ -5059,7 +5059,6 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) - [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) - [Experience/AllowCortana](#experience-allowcortana) -- [Location/EnableLocation](#location-enablelocation) - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) - [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) - [Security/RequireDeviceEncryption](#security-requiredeviceencryption) From 70f430afbf7eed76c0e8a3eac06fd1674ad40c1a Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 26 Feb 2019 13:31:55 -0800 Subject: [PATCH 07/18] Update w Hololens changes --- .../mdm/configuration-service-provider-reference.md | 1 + .../mdm/policy-configuration-service-provider.md | 1 + 2 files changed, 2 insertions(+) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index dfd6b9d464..9faccd5f60 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2672,6 +2672,7 @@ The following list shows the configuration service providers supported in Window | Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition | |--------|--------|------------| | [AccountManagement CSP](accountmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | +| [Accounts CSP](accounts-csp) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [AssignedAccess CSP](assignedaccess-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)| diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b6a2152b9d..b29061aa0a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4988,6 +4988,7 @@ The following diagram shows the Policy configuration service provider in tree fo ## Policies supported by Windows Holographic for Business - [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration​) - [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) - [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) From 9337af8e7db125ae3bd4e2784a2f5b0c1b46c533 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 27 Feb 2019 11:05:45 -0800 Subject: [PATCH 08/18] updating broken link --- .../mdm/policy-configuration-service-provider.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index b29061aa0a..e10df96e20 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4988,7 +4988,6 @@ The following diagram shows the Policy configuration service provider in tree fo ## Policies supported by Windows Holographic for Business - [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) -- [AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration​) - [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) - [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) - [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) @@ -5031,6 +5030,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallDay​](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) +- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration) + ## Policies supported by Windows Holographic @@ -5075,7 +5076,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Wifi/AllowManualWiFiConfiguration​](#wifi-allowmanualwificonfiguration​) +- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration) From 9d172e7e9aa0688f5698308737c1e184c22cdb99 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 1 Mar 2019 12:40:01 -0800 Subject: [PATCH 09/18] Fixing broken links --- .../mdm/policy-configuration-service-provider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index e10df96e20..5de93710a5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5030,7 +5030,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallDay​](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration) +- [Wifi/AllowManualWiFiConfiguration](./policy-csp-wifi.md/#wifi-allowmanualwificonfiguration) ## Policies supported by Windows Holographic @@ -5076,7 +5076,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Wifi/AllowManualWiFiConfiguration](#wifi-allowmanualwificonfiguration) +- [Wifi/AllowManualWiFiConfiguration](./policy-csp-wifi.md/#wifi-allowmanualwificonfiguration) From dc3946ca80f07edfd66251f9c028edec4d7791b6 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 1 Mar 2019 14:52:07 -0800 Subject: [PATCH 10/18] broken links again --- .../mdm/policy-configuration-service-provider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 5de93710a5..050be84a48 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -5030,7 +5030,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallDay​](#update-scheduledinstallday) - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) -- [Wifi/AllowManualWiFiConfiguration](./policy-csp-wifi.md/#wifi-allowmanualwificonfiguration) +- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration) ## Policies supported by Windows Holographic From 8847efb0df7bacad2442b2498b5eae807e758db8 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 1 Mar 2019 15:35:15 -0800 Subject: [PATCH 11/18] Broken link again seriously. --- .../mdm/policy-configuration-service-provider.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 050be84a48..b24b2e6b11 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 02/14/2019 +ms.date: 03/01/2019 --- # Policy CSP @@ -5076,7 +5076,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Update/ScheduledInstallTime](#update-scheduledinstalltime) - [Update/UpdateServiceUrl](#update-updateserviceurl) - [Update/RequireDeferUpgrade](#update-requiredeferupgrade) -- [Wifi/AllowManualWiFiConfiguration](./policy-csp-wifi.md/#wifi-allowmanualwificonfiguration) +- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration) From 483241f83d232a4155558f5f787ec9c29b60f1a8 Mon Sep 17 00:00:00 2001 From: DulceMV Date: Mon, 4 Mar 2019 18:28:25 +0000 Subject: [PATCH 12/18] Updated - moved AH under EDR and swapped SS and MTE position --- windows/security/threat-protection/index.md | 27 ++++++++------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 983b2182d6..4e1747fbb7 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -22,9 +22,8 @@ ms.date: 10/04/2018

Next generation protection

Endpoint detection and response

Automated investigation and remediation
-

Microsoft Threat Experts

Secure score
-

Advanced hunting
+

Microsoft Threat Experts
@@ -73,6 +72,9 @@ Endpoint detection and response capabilities are put in place to detect, investi - [Forensic collection](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) - [Threat intelligence](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Advanced detonation and analysis service](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +- [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md) + - [Custom detection](windows-defender-atp/overview-custom-detections.md) + - [Realtime and historical hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md) @@ -84,16 +86,6 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D - [Manage automated investigations](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md) - [Analyze automated investigation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md#analyze-automated-investigations) - - -**[Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)**
-Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. - -- [Targeted attack notification](windows-defender-atp/microsoft-threat-experts.md) -- [Experts-on-demand](windows-defender-atp/microsoft-threat-experts.md) -- [Configure your Microsoft Threat Protection managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md) - - **[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**
@@ -103,13 +95,14 @@ Windows Defender ATP includes a secure score to help you dynamically assess the - [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md) - [Threat analytics](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) - + -**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**
-Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. +**[Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)**
+Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. -- [Custom detection](windows-defender-atp/overview-custom-detections.md) -- [Realtime and historical hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md) +- [Targeted attack notification](windows-defender-atp/microsoft-threat-experts.md) +- [Experts-on-demand](windows-defender-atp/microsoft-threat-experts.md) +- [Configure your Microsoft Threat Protection managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md) From 399ce30b133ecfea40167a92fc7fe03f009d0654 Mon Sep 17 00:00:00 2001 From: DulceMV Date: Mon, 4 Mar 2019 18:41:02 +0000 Subject: [PATCH 13/18] Updated to swap SS and MTE, and incorporate AH info in EDR description. Replaced pillar table column from 7 to 6 --- ...ows-defender-advanced-threat-protection.md | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 7f9c549ba1..43bb2202f5 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -53,16 +53,15 @@ Windows Defender ATP uses the following combination of technology built into Win

Next generation protection

Endpoint detection and response

Automated investigation and remediation
-

Microsoft Threat Experts

Secure score
-

Advanced hunting
+

Microsoft Threat Experts
- +
Management and APIs
-
Microsoft Threat Protection
+
Microsoft Threat Protection

@@ -87,26 +86,22 @@ To further reinforce the security perimeter of your network, Windows Defender AT **[Endpoint detection and response](overview-endpoint-detection-response.md)**
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. +You can also do advanced hunting to create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. **[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)**
In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. - - -**[Microsoft Threat Experts](microsoft-threat-experts.md)**
-Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately. - **[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)**
Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization. - + -**[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)**
-Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. +**[Microsoft Threat Experts](microsoft-threat-experts.md)**
+Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately. From e22ac405be4ea5d5fe30a70a997a7b1515877835 Mon Sep 17 00:00:00 2001 From: DulceMV Date: Mon, 4 Mar 2019 18:42:52 +0000 Subject: [PATCH 14/18] Updated pillar table colspan from 7 to 6 --- windows/security/threat-protection/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 4e1747fbb7..24148710fd 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -26,11 +26,11 @@ ms.date: 10/04/2018

Microsoft Threat Experts
- +
Management and APIs
-
Microsoft Threat Protection
+
Microsoft Threat Protection

From 37f973294959b1933c9640bc211cdd71d0b098fe Mon Sep 17 00:00:00 2001 From: DulceMV Date: Mon, 4 Mar 2019 18:50:37 +0000 Subject: [PATCH 15/18] Updated index.md --- windows/security/threat-protection/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 24148710fd..c3218e2541 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -9,7 +9,6 @@ ms.sitesec: library ms.pagetype: security author: dansimp ms.localizationpriority: medium -ms.date: 10/04/2018 --- # Threat Protection From f7b3e1be1c6c65b1d77be6f736dfde4f5f94d30f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 4 Mar 2019 11:12:51 -0800 Subject: [PATCH 16/18] added new row for unenlighted apps --- .../limitations-with-wip.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 624f53445a..404e1afcc4 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -8,7 +8,11 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.author: justinha -ms.date: 10/04/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 ms.localizationpriority: medium --- @@ -111,7 +115,7 @@ This table provides info about the most common problems you might encounter whil Only enlightened apps can be managed without device enrollment - If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. MAM is a lightweight registration that applies a fewer set of policies than Mobile Device Management (MDM). + If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintenionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. If all apps need to be managed, enroll the device for MDM. From 9be7d8c1d52e606caa1ba5f34139cd499fc2bfc2 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 4 Mar 2019 11:18:36 -0800 Subject: [PATCH 17/18] added sccm error code back --- .../windows-information-protection/limitations-with-wip.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 404e1afcc4..a795c151fc 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -12,7 +12,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/04/2019 ms.localizationpriority: medium --- @@ -108,7 +108,7 @@ This table provides info about the most common problems you might encounter whil
  • SavedGames
    • - WIP isn’t turned on for employees in your organization. + WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using System Center Configuration Manager. Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

    If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). From 4aaa2835cbcd96cf23564e209197bee48b040856 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Mon, 4 Mar 2019 19:25:05 +0000 Subject: [PATCH 18/18] Added two more settings. --- ...oud-protection-level-windows-defender-antivirus.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md index 924c523815..9a2b331fae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md @@ -62,9 +62,14 @@ For more information about Intune device profiles, including how to create and c 5. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**. 1. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection: - 1. Setting to **Default Windows Defender Antivirus blocking level** will provide strong detection without increasing the risk of detecting legitimate files. - 2. Setting to **High blocking level** will apply a strong level of detection. While unlikely, some legitimate files may be detected (although you will have the option to unblock or dispute that detection). - + 1. Setting to **Default Windows Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files. + 2. Setting to **High blocking level** applies a strong level of detection. + 3. **High + blocking level** applies additional protection measures. + 4. **Zero tolerance blocking level** blocks all unknown executables. + + > [!WARNING] + > While unlikely, setting this switch to **High** might cause some legitimate files to be detected (although you will have the option to unblock or dispute that detection). The **High +** setting might impact client performance. We recommend you set this to the default level (**Not configured**). + 1. Click **OK**.