deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into App-v-revision

Browse Source
This commit is contained in:
Heidi Lohr
2018-02-09 08:56:39 -08:00
parent daea863385 ad82b5c497
commit fe5e13f5fa
31 changed files with 139 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -20,6 +20,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
New or changed topic | Description
--- | ---
[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
[Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | Updated the instructions for applying a customized Start layout using Microsoft Intune.
## January 2018

77
windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
ms.date: 11/15/2017
ms.date: 02/08/2018
---
# Customize Windows 10 Start and taskbar with mobile device management (MDM)
@ -45,86 +45,37 @@ Two features enable Start layout control:
 
- In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244).
- In Microsoft Intune, you select the Start layout XML file and add it to a device configuration profile.
## <a href="" id="bkmk-domaingpodeployment"></a>Create a policy for your customized Start layout
This example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout. See the documentation for your MDM solution for help in applying the policy.
1. In the Start layout file created when you ran **Export-StartLayout**, replace markup characters with escape characters, and save the file. (You can replace the characters manually or use an online tool.)
1. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
Example of a layout file produced by Export-StartLayout:
2. Select **Device configuration**.
<span codelanguage="XML"></span>
<table>
<colgroup>
<col width="100%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">XML</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><pre><code>&lt;LayoutModificationTemplate Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
&lt;DefaultLayoutOverride&gt;
&lt;StartLayoutCollection&gt;
&lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot; xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot;&gt;
&lt;start:Group Name=&quot;Life at a glance&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot;&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
&lt;/start:Group&gt;
&lt;/defaultlayout:StartLayout&gt;
&lt;/StartLayoutCollection&gt;
&lt;/DefaultLayoutOverride&gt;
&lt;/LayoutModificationTemplate&gt;</code></pre></td>
</tr>
</tbody>
</table>
3. Select **Profiles**.
Example of the same layout file with escape characters replacing the markup characters:
4. Select **Create profile**.
```
&amp;lt;wdcml:p xmlns:wdcml=&amp;quot;http://microsoft.com/wdcml&amp;quot;&amp;gt;Example of a layout file produced by Export-StartLayout:&amp;lt;/wdcml:p&amp;gt;&amp;lt;wdcml:snippet xmlns:wdcml=&amp;quot;http://microsoft.com/wdcml&amp;quot;&amp;gt;&amp;lt;![CDATA[&amp;lt;LayoutModificationTemplate Version=&amp;quot;1&amp;quot; xmlns=&amp;quot;http://schemas.microsoft.com/Start/2014/LayoutModification&amp;quot;&amp;gt;
&amp;lt;DefaultLayoutOverride&amp;gt;
&amp;lt;StartLayoutCollection&amp;gt;
&amp;lt;defaultlayout:StartLayout GroupCellWidth=&amp;quot;6&amp;quot; xmlns:defaultlayout=&amp;quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&amp;quot;&amp;gt;
&amp;lt;start:Group Name=&amp;quot;Life at a glance&amp;quot; xmlns:start=&amp;quot;http://schemas.microsoft.com/Start/2014/StartLayout&amp;quot;&amp;gt;
&amp;lt;start:Tile Size=&amp;quot;2x2&amp;quot; Column=&amp;quot;0&amp;quot; Row=&amp;quot;0&amp;quot; AppUserModelID=&amp;quot;Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge&amp;quot; /&amp;gt;
&amp;lt;start:Tile Size=&amp;quot;2x2&amp;quot; Column=&amp;quot;4&amp;quot; Row=&amp;quot;0&amp;quot; AppUserModelID=&amp;quot;Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI&amp;quot; /&amp;gt;
&amp;lt;start:Tile Size=&amp;quot;2x2&amp;quot; Column=&amp;quot;2&amp;quot; Row=&amp;quot;0&amp;quot; AppUserModelID=&amp;quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&amp;quot; /&amp;gt;
&amp;lt;/start:Group&amp;gt;
&amp;lt;/defaultlayout:StartLayout&amp;gt;
&amp;lt;/StartLayoutCollection&amp;gt;
&amp;lt;/DefaultLayoutOverride&amp;gt;
&amp;lt;/LayoutModificationTemplate&amp;gt;]]&amp;gt;&amp;lt;/wdcml:snippet&amp;gt;
```
5. Enter a friendly name for the profile.
2. In the Microsoft Intune administration console, click **Policy** &gt; **Add Policy**.
6. Select **Windows 10 and later** for the platform.
3. Under **Windows**, choose a **Custom Configuration (Windows 10 Desktop and Mobile and later)** policy.
7. Select **Device restrictions for the profile type.
4. Enter a name (mandatory) and description (optional) for the policy.
8. Select **Start**.
5. In the **OMA-URI Settings** section, click **Add.**
9. In **Start menu layout**, browse to and select your Start layout XML File.
6. In **Add or Edit OMA-URI Setting**, enter the following information.
10. Select **OK** twice, and then select **Create**.
| Item | Information |
|----|----|
| **Setting name** | Enter a unique name for the OMA-URI setting to help you identify it in the list of settings. |
| **Setting description** | Provide a description that gives an overview of the setting and other relevant information to help you locate it. |
| **Data type** | **String** |
| **OMA-URI (case sensitive)** | **./User/Vendor/MSFT/Policy/Config/Start/StartLayout** |
| **Value** | Paste the contents of the Start layout .xml file that you created. |
11. Assign the profile to a device group.
 
7. Click **OK** to save the setting and return to the **Create Policy** page.
For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
8. Click **Save Policy**.
## Related topics

2
windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
View File

@ -51,7 +51,7 @@ The following policy settings can be configured for UE-V.
<td align="left"><p>The default is enabled.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Roam Windows settings</p></td>
<td align="left"><p>Synchronize Windows settings</p></td>
<td align="left"><p>Computers and Users</p></td>
<td align="left"><p>This Group Policy setting configures the synchronization of Windows settings.</p></td>
<td align="left"><p>Select which Windows settings synchronize between computers.</p>

1
windows/security/identity-protection/TOC.md
View File

@ -67,6 +67,7 @@
### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md)
### [VPN security features](vpn\vpn-security-features.md)
### [VPN profile options](vpn\vpn-profile-options.md)
### [How to configure Diffie Hellman protocol over IKEv2 VPN connections](vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md)
### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md)
### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)

44
windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md Normal file
View File

@ -0,0 +1,44 @@
---
title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10)
description: Explains how to secure VPN connections for Diffie Hellman Group 2
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, networking
author: shortpatti
ms.author: pashort
ms.localizationpriority: medium
ms.date: 02/08/2018
---
# How to configure Diffie Hellman protocol over IKEv2 VPN connections
>Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10
In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges.
To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets.
## VPN server
For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](https://docs.microsoft.com/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration.
```powershell
Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy
```
On an earlier versions of Windows Server, run [Set-VpnServerIPsecConfiguration](https://technet.microsoft.com/library/hh918373(v=wps.620).aspx). Since `Set-VpnServerIPsecConfiguration` doesnt have `-TunnelType`, the configuration applies to all tunnel types on the server.
```powershell
Set-VpnServerIPsecConfiguration -CustomPolicy
```
## VPN client
For VPN client, you need to configure each VPN connection.
For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](https://docs.microsoft.com/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps) and specify the name of the connection:
```powershell
Set-VpnConnectionIPsecConfiguration -ConnectionName <String>
```

10
windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: iaanw
ms.author: iawilt
ms.date: 11/20/2017
author: andreabichsel
ms.author: v-anbic
ms.date: 02/08/2018
---
@ -38,7 +38,9 @@ Block at first sight is a feature of Windows Defender Antivirus cloud-delivered
It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. You can use group policy settings to confirm the feature is enabled.
You can also [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file.
You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file.
You can also [customize the message displayed on users' desktops](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL.
> [!IMPORTANT]
> There is no specific individual setting in System Center Configuration Manager to enable or disable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. You must use Group Policy settings to enable or disable the feature.