From d325fc07187b818e5eca4d2282fce508ad2f66fe Mon Sep 17 00:00:00 2001 From: Tommy N Date: Tue, 25 Oct 2016 16:03:43 -0700 Subject: [PATCH 1/5] Update appv-release-notes-for-appv-for-windows.md --- .../manage/appv-release-notes-for-appv-for-windows.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/manage/appv-release-notes-for-appv-for-windows.md b/windows/manage/appv-release-notes-for-appv-for-windows.md index a80d391a45..0982031249 100644 --- a/windows/manage/appv-release-notes-for-appv-for-windows.md +++ b/windows/manage/appv-release-notes-for-appv-for-windows.md @@ -30,17 +30,19 @@ MSI packages that were generated using an App-V sequencer from previous versions - For the standalone Windows 10 SDK without other tools, see [Standalone Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk). -3. From an elevated Windows PowerShell prompt, navigate to the following folder: +3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin** + +4. From an elevated Windows PowerShell prompt, navigate to the following folder: <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\** By default, this path will be:
**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** -4. Run the following command: +5. Run the following command: - `Update-AppvPackageMsi -MsiPackage "" -MsSdkPath ""` + `Update-AppvPackageMsi -MsiPackage "" -MsSdkPath ""` - By default, the path to the Windows SDK installation will be:
**C:\Program Files (x86)\Windows Kits\10** + where the path is to the new directory (**C:\MyMsiTools\ for this example**). ## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V Client on Windows 10 From 5dcb971d015714847c35edc8bf97ca92bb3d00ee Mon Sep 17 00:00:00 2001 From: Gabe Stocco Date: Tue, 25 Oct 2016 16:08:10 -0700 Subject: [PATCH 2/5] Update for Integrated vs Firmware --- windows/keep-secure/tpm-recommendations.md | 80 +++++++++++----------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md index acf27319d7..20c1c827db 100644 --- a/windows/keep-secure/tpm-recommendations.md +++ b/windows/keep-secure/tpm-recommendations.md @@ -40,7 +40,8 @@ OEMs implement the TPM as a component in a trusted computing platform, such as a The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs whereas others do not. >**Note:**  Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -  + + ## TPM 1.2 vs. 2.0 comparison From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0, which has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM. @@ -59,32 +60,24 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in - TPM 2.0 offers a more **consistent experience** across different implementations. - - TPM 1.2 implementations across both discrete and firmware vary in policy settings. This may result in support issues as lockout policies vary. - - TPM 2.0 standardized policy requirement helps establish a consistent lockout experience across devices, as such, Windows can offer a better user experience end to end. + - TPM 1.2 implementations vary in policy settings. This may result in support issues as lockout policies vary. + - TPM 2.0 lockout policy is configured by Windows, ensuring a consistent dictionary attack protection guarantee. -- While TPM 1.2 parts were discrete silicon components typically soldered on the motherboard, TPM 2.0 is available both as a **discrete (dTPM)** silicon component and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on the system’s main SoC: +- While TPM 1.2 parts are discrete silicon components which are typically soldered on the motherboard, TPM 2.0 is available as a **discrete (dTPM)** silicon component in a sinple semiconductor package, an **integrated** component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s) - and as a **firmware (fTPM)** based component running in a trusted execution environment (TEE) on a general purpose SoC. - - On Intel chips, it is the Intel Management Engine (ME) or Converged Security Engine (CSE). - - For AMD chips, it is the AMD Security Processor - - For ARM chips, it is a Trustzone Trusted Application (TA). - - In the case of firmware TPM for desktop Windows systems, the chip vendor provides the firmware TPM implementation along with the other chip firmware to OEMs. +## Discrete, Integrated or Firmware TPM? -## Discrete or firmware TPM? +There are three implementation options for TPMs: -Windows uses discrete and firmware TPM in the same way. Windows gains no functional advantage or disadvantage from either option. +- Discrete TPM chip as a separate component in its own semiconductor package +- Integrated TPM solution, using dedicated hardware integrated into one or more semiconductor packages alongside, but logically separate from, other components +- Firmware TPM solution, running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit -From a security standpoint, discrete and firmware share the same characteristics; - -- Both use hardware based secure execution. -- Both use firmware for portions of the TPM functionality. -- Both are equipped with tamper resistance capabilities. -- Both have unique security limitations/risks. - -For more info, see [fTPM: A Firmware-based TPM 2.0 Implementation](http://research.microsoft.com/apps/pubs/?id=258236). +Windows uses any compatible TPM in the same way. Microsoft does not take a position on which way a TPM should be implemented and there is a wide ecosystem of available TPM solutions which should suit all needs. ## Is there any importance for TPM for consumer? -For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage. +For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Passport and in the future, will be a components of many other key security features in Windows. TPM secures the PIN for Passport, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage. ## TPM 2.0 Compliance for Windows 10 @@ -92,15 +85,6 @@ For end consumers, TPM is behind the scenes but still very relevant for Hello, P - As of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx) -## Two implementation options: - -- Discrete TPM chip as a separate discrete component -- Firmware TPM solution using Intel PTT (platform trust technology) or AMD - -### Windows 10 Mobile - -- All devices shipping with Windows 10 Mobile must implement TPM 2.0 and ship with the TPM 2.0 enabled. - ### IoT Core - TPM is optional on IoT Core. @@ -226,7 +210,7 @@ The following table defines which Windows features require TPM support. Some fea   ## Chipset options for TPM 2.0 -There are a variety of TPM manufacturers for both discrete and firmware. +There is a vibrant ecosystem of TPM manufacturers. ### Discrete TPM @@ -250,6 +234,33 @@ There are a variety of TPM manufacturers for both discrete and firmware.
  +### Integrated TPM + +++ + + + + + + + + + + + + +
SupplierChipset
Intel
    +
  • Atom (CloverTrail) +
  • Baytrail
    • +
  • Braswell
    • +
  • 4th generation Core (Haswell)
    • +
  • 5th generation Core (Broadwell)
    • +
  • 6th generation Core (Skylake)
    • +
  • 7th generation Core (Kaby Lake)
    • +
+ ### Firmware TPM @@ -272,17 +283,6 @@ There are a variety of TPM manufacturers for both discrete and firmware. - - - -
Intel
    -
  • Atom (CloverTrail) -
  • Baytrail
    • -
  • 4th generation(Haswell)
    • -
  • 5th generation(Broadwell)
    • -
  • Braswell
    • -
  • Skylake
    • -
Qualcomm
  • MSM8994
    • From efac80e27e667e1ee341c6569a253ddaba46f06c Mon Sep 17 00:00:00 2001 From: coolriggs Date: Tue, 25 Oct 2016 16:28:46 -0700 Subject: [PATCH 3/5] Update tpm-recommendations.md --- windows/keep-secure/tpm-recommendations.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md index 20c1c827db..277ad8c4ba 100644 --- a/windows/keep-secure/tpm-recommendations.md +++ b/windows/keep-secure/tpm-recommendations.md @@ -77,13 +77,13 @@ Windows uses any compatible TPM in the same way. Microsoft does not take a posi ## Is there any importance for TPM for consumer? -For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Passport and in the future, will be a components of many other key security features in Windows. TPM secures the PIN for Passport, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage. +For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a components of many other key security features in Windows. TPM secures the PIN, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar. Using Windows on a system with a TPM enables a deeper and broader level of security coverage. ## TPM 2.0 Compliance for Windows 10 ### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) -- As of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx) +- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx) ### IoT Core From 5d530fb3adb0f018285bc4873d7d1fc34a37961c Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Wed, 26 Oct 2016 09:29:15 -0700 Subject: [PATCH 4/5] fixing links and formatting --- windows/manage/acquire-apps-windows-store-for-business.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/manage/acquire-apps-windows-store-for-business.md b/windows/manage/acquire-apps-windows-store-for-business.md index f9a6004ba5..156d071c04 100644 --- a/windows/manage/acquire-apps-windows-store-for-business.md +++ b/windows/manage/acquire-apps-windows-store-for-business.md @@ -33,7 +33,7 @@ There are a couple of things we need to know when you pay for apps. You can add You can add payment info on **Account information**. If you don’t have one saved with your account, you’ll be prompted to provide one when you buy an app. ## Acquire apps -To acquire an app +**To acquire an app** 1. Log in to http://businessstore.microsoft.com 2. Click Shop, or use Search to find an app. 3. Click the app you want to purchase. @@ -42,7 +42,7 @@ To acquire an app 6. If you don’t have a payment method saved in Account settings, Store for Business will prompt you for one. 7. Add your credit card or debit card info, and click **Next**. Your card info is saved as a payment option on **Account information**. -You’ll also need to have your business address saved on **Account information**. The address is used to generate tax rates. For more information on taxes for apps, see organization tax information. +You’ll also need to have your business address saved on **Account information**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings#organization-tax-information). Store for Business adds the app to your inventory. From **Inventory**, you can: - Distribute the app: add to private store, or assign licenses From 4a15c27eb9cc519152b40d7031cf80772b57bb06 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 26 Oct 2016 10:08:53 -0700 Subject: [PATCH 5/5] fix author --- education/windows/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/index.md b/education/windows/index.md index 794b6706ac..98aaf94eef 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu -author: jdeckerMS +author: CelesteDG --- # Windows 10 for Education