Merge remote-tracking branch 'refs/remotes/origin/master' into atp-securityanalytics

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -2305,6 +2305,37 @@ Footnotes:
 <!--EndCSP-->
 
 <!--StartCSP-->
+
+<!--StartCSP-->
+[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--EndCSP-->
+
+<!--StartCSP-->
+
 [WindowsLicensing CSP](windowslicensing-csp.md)  
 
 <!--StartSKU-->

windows/client-management/mdm/vpnv2-csp.md

@@ -1215,7 +1215,7 @@ Servers
           <Target>
             <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/EncryptionMethod</LocURI>
           </Target>
-          <Data>PFS2048</Data>
+          <Data>AES128</Data>
         </Item>
       </Add>
       <Add>
@@ -1224,7 +1224,7 @@ Servers
           <Target>
             <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/IntegrityCheckMethod</LocURI>
           </Target>
-          <Data>Eap</Data>
+          <Data>SHA256</Data>
         </Item>
       </Add>
       <Add>
@@ -1233,7 +1233,7 @@ Servers
           <Target>
             <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/DHGroup</LocURI>
           </Target>
-          <Data>SHA256</Data>
+          <Data>Group2</Data>
         </Item>
      </Add>
       <Add>
@@ -1242,7 +1242,7 @@ Servers
           <Target>
             <LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/NativeProfile/Authentication/CryptographySuite/PfsGroup</LocURI>
           </Target>
-          <Data>AES128</Data>
+          <Data>PFS2048</Data>
         </Item>
       </Add>
    

windows/configuration/change-history-for-configure-windows-10.md

@@ -18,6 +18,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 
 | New or changed topic | Description |
 | --- | --- |
+| [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md) | Added guidelines for using Remote Desktop app as the kiosk app and added a general guideline that apps generated using the Desktop App Converter cannot be used for kiosk apps |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added warning about using Shell Launcher to set a custom shell with an application that launches a different process and then exits |
 | [Windows Configuration Designer command-line interface (reference)](provisioning-packages/provisioning-command-line.md) | Removed references to imaging |
 

windows/configuration/guidelines-for-assigned-access-app.md

@@ -7,6 +7,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 localizationpriority: high
+ms.author: jdecker
+ms.date: 06/29/2017
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
@@ -27,6 +29,14 @@ The following guidelines may help you choose an appropriate Windows app for your
 
 - Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch. 
 
+- Apps that are generated using the [Desktop App Converter (Desktop Bridge)](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) cannot be used as kiosk apps.
+
+## Guidelines for using Remote Desktop app 
+
+Kiosk apps open in full screen. When you assign [Remote Desktop](https://www.microsoft.com/store/apps/9wzdncrfj3ps) as the kiosk app, make sure the **Start connections in full screen** setting in the Remote Desktop app is set to **Off**.
+
+![Toggle Start connections in full screen to off](images/rdc.png)
+
 
 ## Guidelines for Windows apps that launch other apps
 

windows/deployment/windows-10-auto-pilot.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: DaniHalfin
 ms.author: daniha
-ms.date: 06/28/2017
+ms.date: 06/30/2017
 ---
 
 # Overview of Windows AutoPilot
@@ -86,10 +86,7 @@ Options available for Windows 10, Version 1703:
 * Skipping privacy settings
 * Preventing the account used to set-up the device from getting local administrator permissions
 
-Additional options we are working on for the next Windows 10 release:
-* Skipping EULA
-* Personalizing the setup experience
-* MDM Support
+We are working to add additional options to further personalize and streamline the setup experience in future releases.
 
 To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
 

windows/device-security/applocker/tools-to-use-with-applocker.md

@@ -46,7 +46,7 @@ The following tools can help you administer the application control policies cre
 
 -   **AppLocker PowerShell cmdlets**
 
-    The AppLocker Windows PowerShell cmdlets are designed to streamline the administration of AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Local Security Policy snap-in and the GPMC. For information about the cmdlets, see the [AppLocker PowerShell Command Reference](http://technet.microsoft.com/library/hh847210.aspx).
+    The AppLocker Windows PowerShell cmdlets are designed to streamline the administration of AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Local Security Policy snap-in and the GPMC. For information about the cmdlets, see the [AppLocker PowerShell Command Reference](https://technet.microsoft.com/itpro/powershell/windows/applocker/applocker).
 
 ## Related topics
 

windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md

@@ -21,7 +21,7 @@ Windows Defender Antivirus is a built-in antimalware solution that provides secu
 
 This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
 
-For more important information about running Windows Defender on a server platform, see [Windows Defender Overview for Windows Server](https://technet.microsoft.com/library/dn765478.aspx).
+For more important information about running Windows Defender AV on a server platform, see [Windows Defender Overview for Windows Server](https://technet.microsoft.com/library/dn765478.aspx).
 
 Windows Defender AV can be managed with:
 - System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)