From 989bf12da3cfef51ca0e51192db01da00452a72b Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Thu, 5 Sep 2024 15:32:13 -0400
Subject: [PATCH 1/4] Update security-compliance-toolkit-10.md
Updated Edge baseline to version 128
---
.../security-compliance-toolkit-10.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 87e04bd53be..a1a1d930592 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -35,7 +35,7 @@ The Security Compliance Toolkit consists of:
- Office 2016
- Microsoft 365 Apps for Enterprise Version 2206
- Microsoft Edge security baseline
- - Microsoft Edge version 114
+ - Microsoft Edge version 128
- Tools
- Policy Analyzer
- Local Group Policy Object (LGPO)
From 1da2eebef46e427aaec0c4f3c8adde9d8038c674 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Thu, 5 Sep 2024 15:33:59 -0400
Subject: [PATCH 2/4] Update get-support-for-security-baselines.md
updated version of Edge to 128
---
.../get-support-for-security-baselines.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
index f0014cf81af..c6529001824 100644
--- a/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -65,7 +65,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
| Name | Details | Security Tools |
|--|--|--|
| Microsoft 365 Apps for enterprise, version 2306 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2306/ba-p/3858702) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Microsoft Edge, version 117 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Microsoft Edge, version 128 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-128/ba-p/4237524) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
## Related articles
From 5a2a5fec62c5b494fb25dd5e28e1012b3f91c193 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 6 Sep 2024 10:57:17 -0400
Subject: [PATCH 3/4] Freshness review
---
.../windows/edu-take-a-test-kiosk-mode.md | 4 ++--
.../windows/take-a-test-app-technical.md | 6 ++---
.../assigned-access/shell-launcher/index.md | 1 -
.../shared-pc/set-up-shared-or-guest-pc.md | 6 ++---
.../access-control/access-control.md | 4 ++--
.../access-control/local-accounts.md | 8 +++----
.../identity-protection/passkeys/index.md | 2 +-
...l-smart-card-deploy-virtual-smart-cards.md | 2 +-
.../virtual-smart-card-evaluate-security.md | 2 +-
.../virtual-smart-card-get-started.md | 4 ++--
.../virtual-smart-card-overview.md | 2 +-
.../virtual-smart-card-tpmvscmgr.md | 2 +-
...smart-card-understanding-and-evaluating.md | 2 +-
...tual-smart-card-use-virtual-smart-cards.md | 2 +-
.../windows-firewall/configure-logging.md | 6 ++---
.../configure-with-command-line.md | 2 +-
.../windows-firewall/configure.md | 2 +-
.../windows-firewall/dynamic-keywords.md | 2 +-
.../filter-origin-documentation.md | 2 +-
.../windows-firewall/hyper-v-firewall.md | 20 ++++++++---------
.../windows-firewall/index.md | 4 ++--
.../windows-firewall/quarantine.md | 4 ++--
.../windows-firewall/rules.md | 2 +-
.../windows-firewall/tools.md | 2 +-
.../troubleshooting-uwp-firewall.md | 22 +++++++++----------
.../zero-trust-windows-device-health.md | 2 +-
26 files changed, 57 insertions(+), 60 deletions(-)
diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md
index 21664c95bd4..712eec4c918 100644
--- a/education/windows/edu-take-a-test-kiosk-mode.md
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@@ -1,7 +1,7 @@
---
title: Configure Take a Test in kiosk mode
description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
-ms.date: 11/08/2023
+ms.date: 09/06/2024
ms.topic: how-to
---
@@ -26,7 +26,7 @@ The other options allow you to configure Take a Test in kiosk mode using a local
Follow the instructions below to configure your devices, selecting the option that best suits your needs.
-# [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+# [:::image type="icon" source="images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
You can use Intune for Education or a custom profile in Microsoft Intune:
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index f7c44f77e7d..244868ff4c3 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -1,7 +1,7 @@
---
title: Take a Test app technical reference
description: List of policies and settings applied by the Take a Test app.
-ms.date: 11/02/2023
+ms.date: 09/06/2024
ms.topic: reference
---
@@ -15,7 +15,7 @@ Assessment vendors can use Take a Test as a platform to lock down the operating
## PC lock-down for assessment
- When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
+ When the assessment page initiates lock-down, the student's desktop is locked and the app executes above the Windows lock screen. This provides a sandbox that ensures the student can only interact with the Take a Test app. After transitioning to the lock screen, Take a Test applies local MDM policies to further lock down the device. The whole process of going above the lock screen and applying policies is what defines lock-down. The lock-down process is atomic, which means that if any part of the lock-down operation fails, the app won't be above lock and won't have any of the policies applied.
When running above the lock screen:
@@ -64,7 +64,7 @@ When Take a Test is running, the following functionality is available to student
- Assistive technology that might be running
- Lock screen (not available if student is using a dedicated test account)
- > [!NOTE]
+ > [!NOTE]
> The app will exit if the student signs in to an account from the lock screen.
> Progress made in the test may be lost or invalidated.
- The student can exit the test by pressing Ctrl+Alt+Delete
diff --git a/windows/configuration/assigned-access/shell-launcher/index.md b/windows/configuration/assigned-access/shell-launcher/index.md
index 2b0ae488ab8..4a51fa21434 100644
--- a/windows/configuration/assigned-access/shell-launcher/index.md
+++ b/windows/configuration/assigned-access/shell-launcher/index.md
@@ -127,5 +127,4 @@ Depending on your configuration, you can have a user to automatically sign in to
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
-[MEM-2]: /mem/intune/fundamentals/licenses#device-only-licenses
[WIN-3]: /windows/client-management/mdm/assignedaccess-csp
diff --git a/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md b/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
index 7513c63f7b8..15c139b82ed 100644
--- a/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
@@ -1,7 +1,7 @@
---
title: Configure a shared or guest Windows device
description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios.
-ms.date: 11/08/2023
+ms.date: 09/06/2024
ms.topic: how-to
---
@@ -25,9 +25,7 @@ Shared PC can be configured using the following methods:
Follow the instructions below to configure your devices, selecting the option that best suits your needs.
-#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
-
-
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Shared PC`**:
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 3a7b6d25bd5..20731a876a3 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -1,9 +1,9 @@
---
-ms.date: 11/07/2023
+ms.date: 09/06/2024
title: Access Control overview
description: Learn about access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
ms.topic: overview
-appliesto:
+appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server 2022
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index ba0aa757cc9..70dbff73883 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,9 +1,9 @@
---
-ms.date: 11/07/2023
+ms.date: 09/06/2024
title: Local Accounts
description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
ms.topic: concept-article
-appliesto:
+appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ Windows Server 2022
@@ -37,7 +37,7 @@ The default Administrator account can't be deleted or locked out, but it can be
Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group.
-Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.
+Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.
#### Account group membership
@@ -219,7 +219,7 @@ The following table shows the Group Policy and registry settings that are used t
||Registry value data|0|
> [!NOTE]
-> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates.
+> You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates.
#### To enforce local account restrictions for remote access
diff --git a/windows/security/identity-protection/passkeys/index.md b/windows/security/identity-protection/passkeys/index.md
index be6abe05f71..ebad860cb21 100644
--- a/windows/security/identity-protection/passkeys/index.md
+++ b/windows/security/identity-protection/passkeys/index.md
@@ -4,7 +4,7 @@ description: Learn about passkeys and how to use them on Windows devices.
ms.collection:
- tier1
ms.topic: overview
-ms.date: 11/07/2023
+ms.date: 09/06/2024
appliesto:
- ✅ Windows 11
- ✅ Windows 10
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index b65ca793893..8c0882c38cd 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -2,7 +2,7 @@
title: Deploy Virtual Smart Cards
description: Learn about what to consider when deploying a virtual smart card authentication solution
ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index 755499b07b6..3ee5766ed3e 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -2,7 +2,7 @@
title: Evaluate Virtual Smart Card Security
description: Learn about the security characteristics and considerations when deploying TPM virtual smart cards.
ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Evaluate Virtual Smart Card Security
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index b1660c359ed..901b24ec160 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -1,8 +1,8 @@
---
-title: Get Started with Virtual Smart Cards - Walkthrough Guide
+title: Get Started with Virtual Smart Cards - Walkthrough Guide
description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
ms.topic: get-started
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Get Started with Virtual Smart Cards: Walkthrough Guide
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index 9e37414666f..985c2fcf933 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -2,7 +2,7 @@
title: Virtual Smart Card Overview
description: Learn about virtual smart card technology for Windows.
ms.topic: overview
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Virtual Smart Card Overview
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index 8ebcae8444f..4204ca10f06 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -2,7 +2,7 @@
title: Tpmvscmgr
description: Learn about the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
ms.topic: reference
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Tpmvscmgr
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 8113208565f..d1a28711ffd 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -2,7 +2,7 @@
title: Understanding and Evaluating Virtual Smart Cards
description: Learn how smart card technology can fit into your authentication design.
ms.topic: overview
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Understand and Evaluate Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 68ad880e775..de527ed1b05 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -2,7 +2,7 @@
title: Use Virtual Smart Cards
description: Learn about the requirements for virtual smart cards, how to use and manage them.
ms.topic: concept-article
-ms.date: 11/06/2023
+ms.date: 09/06/2024
---
# Use Virtual Smart Cards
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
index 367749a97c9..1696c770a09 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
@@ -1,8 +1,8 @@
---
-title: Configure Windows Firewall logging
+title: Configure Windows Firewall logging
description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
---
# Configure Windows Firewall logging
@@ -137,7 +137,7 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
-$NewAcl = Get-Acl -Path $LogPath
+$NewAcl = Get-Acl -Path $LogPath
$identity = "NT SERVICE\mpssvc"
$fileSystemRights = "FullControl"
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
index 5abfd7f9765..b1b37ca0087 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
@@ -2,7 +2,7 @@
title: Manage Windows Firewall with the command line
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
---
# Manage Windows Firewall with the command line
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure.md b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
index 8d1b33190c1..b8e9d793fc8 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure.md
@@ -2,7 +2,7 @@
title: Configure firewall rules with group policy
description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
---
# Configure rules with group policy
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
index 275f7adfa94..55844489b49 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
@@ -2,7 +2,7 @@
title: Windows Firewall dynamic keywords
description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
ms.topic: how-to
-ms.date: 01/16/2024
+ms.date: 09/06/2024
---
# Windows Firewall dynamic keywords
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
index 6c5bd21b4d0..3b126e154bb 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
@@ -2,7 +2,7 @@
title: Filter origin audit log
description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
ms.topic: troubleshooting
-ms.date: 11/21/2023
+ms.date: 09/06/2024
---
# Filter origin audit log
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
index fcae3df1e9c..c0f1b76b53a 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
@@ -1,8 +1,8 @@
---
-title: Hyper-V firewall
+title: Hyper-V firewall
description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
ms.topic: how-to
-ms.date: 11/21/2023
+ms.date: 09/06/2024
appliesto:
- ✅ Windows 11
---
@@ -21,18 +21,18 @@ This section describes the steps to manage Hyper-V firewall using PowerShell.
### Obtain the WSL GUID
-Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
+Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
```powershell
-Get-NetFirewallHyperVVMCreator
+Get-NetFirewallHyperVVMCreator
```
The output contains a VmCreator object type, which has unique identifier `VMCreatorId` and `friendly name` properties. For example, the following output shows the properties of WSL:
```powershell
PS C:\> Get-NetFirewallHyperVVMCreator
-VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
-FriendlyName : WSL
+VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
+FriendlyName : WSL
```
> [!NOTE]
@@ -63,7 +63,7 @@ The output contains the following values:
To configure Hyper-V firewall, use the [Set-NetFirewallHyperVVMSetting][PS-2] command. For example, the following command sets the default inbound connection to *Allow*:
```powershell
-Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
+Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
```
### Firewall Rules
@@ -76,10 +76,10 @@ Get-NetFirewallHyperVRule -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
To configure specific rules, use the [Set-NetFirewallHyperVRule][PS-4] cmdlet.
-For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
+For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
```powershell
-New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
+New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
```
### Target Hyper-V firewall rules and settings to specific profiles
@@ -95,7 +95,7 @@ The policy options are similar to the ones already described, but are applied to
To view the settings per profile, use the following command:
```powershell
-Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
+Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
```
> [!NOTE]
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/index.md b/windows/security/operating-system-security/network-security/windows-firewall/index.md
index 856de36d535..8952b535cf6 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/index.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/index.md
@@ -1,8 +1,8 @@
---
-title: Windows Firewall overview
+title: Windows Firewall overview
description: Learn overview information about the Windows Firewall security feature.
ms.topic: overview
-ms.date: 11/21/2023
+ms.date: 09/06/2024
---
# Windows Firewall overview
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
index 83f92a658fd..66d7f05f80b 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
@@ -2,7 +2,7 @@
title: Quarantine behavior
description: Learn about Windows Firewall and the quarantine feature behavior.
ms.topic: concept-article
-ms.date: 11/21/2023
+ms.date: 09/06/2024
---
# Quarantine behavior
@@ -77,7 +77,7 @@ Inside the wfpdiag.xml, search for `netEvents` that have `FWPM_NET_EVENT_TYPE_CL
The characters in the application ID name are separated by periods:
```XML
- \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
+ \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
```
The `netEvent` contains more information about the dropped packet, including information about its capabilities, the filter that dropped the packet, and much more.
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/rules.md b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
index 10231bc2a68..4729ae6e10c 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/rules.md
@@ -1,7 +1,7 @@
---
title: Windows Firewall rules
description: Learn about Windows Firewall rules and design recommendations.
-ms.date: 11/21/2023
+ms.date: 09/06/2024
ms.topic: concept-article
---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/tools.md b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
index f77a0e77df0..bd17b1a53c9 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/tools.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/tools.md
@@ -1,7 +1,7 @@
---
title: Windows Firewall tools
description: Learn about the available tools to configure Windows Firewall and firewall rules.
-ms.date: 11/20/2023
+ms.date: 09/06/2024
ms.topic: best-practice
---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
index 36ec68be9da..07a5074ab65 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
@@ -2,7 +2,7 @@
title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
ms.topic: troubleshooting
-ms.date: 11/07/2023
+ms.date: 09/06/2024
---
# Troubleshooting UWP App Connectivity Issues
@@ -83,7 +83,7 @@ package SID, or application ID name. The characters in the application ID name
will be separated by periods:
```XML
-(ex)
+(ex)
\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
@@ -118,18 +118,18 @@ remote address, capabilities, etc.
- FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET
- FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET
- FWPM_NET_EVENT_FLAG_APP_ID_SET
- - FWPM_NET_EVENT_FLAG_USER_ID_SET
+ - FWPM_NET_EVENT_FLAG_USER_ID_SET
- FWPM_NET_EVENT_FLAG_IP_VERSION_SET
- FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET
FWP_IP_VERSION_V6
- 6
- 2001:4898:30:3:256c:e5ba:12f3:beb1
+ 6
+ 2001:4898:30:3:256c:e5ba:12f3:beb1
2620:1ec:c11::200
52127
443
0
-
+
5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
@@ -152,7 +152,7 @@ remote address, capabilities, etc.
0000000000000000
-
+
- FWP_CAPABILITIES_FLAG_INTERNET_CLIENT
- FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER
- FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK
@@ -195,7 +195,7 @@ allowed by Filter #125918, from the InternetClient Default Rule.
.+......
FWPM_LAYER_ALE_AUTH_CONNECT_V6
- FWPM_SUBLAYER_MPSSVC_WSHFWPM_SUBLAYER_MPSSVC_WSH
FWP_EMPTY
@@ -284,7 +284,7 @@ The important part of this condition is **S-1-15-3-1**, which is the capability
From the **netEvent** capabilities section, capabilities from netEvent, Wfpdiag-Case-1.xml.
```xml
-
+
- FWP_CAPABILITIES_FLAG_INTERNET_CLIENT
- FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER
- FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK
@@ -575,7 +575,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
52998
53
0
-
+
5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
@@ -653,7 +653,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
52956
53
0
-
+
5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000
\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...
diff --git a/windows/security/security-foundations/zero-trust-windows-device-health.md b/windows/security/security-foundations/zero-trust-windows-device-health.md
index 2f5a418bc15..cacb76f47db 100644
--- a/windows/security/security-foundations/zero-trust-windows-device-health.md
+++ b/windows/security/security-foundations/zero-trust-windows-device-health.md
@@ -5,7 +5,7 @@ ms.topic: concept-article
manager: aaroncz
ms.author: paoloma
author: paolomatarazzo
-ms.date: 11/07/2023
+ms.date: 09/06/2024
---
# Zero Trust and Windows device health
From 87781448b75f0f6c7a52aada93561871b718590d Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 6 Sep 2024 13:30:49 -0400
Subject: [PATCH 4/4] acrolinx
---
.../virtual-smart-cards/virtual-smart-card-get-started.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index 901b24ec160..f9d707ff54c 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -79,10 +79,11 @@ In this step, you create the virtual smart card on the client computer by using
`tpmvscmgr.exe create /name TestVSC /pin default /adminkey random /generate`
- This creates a virtual smart card with the name **TestVSC**, omit the unlock key, and generate the file system on the card. The PIN is set to the default, 12345678. To be prompted for a PIN, instead of **/pin default** you can type **/pin prompt**.\
- For more information about the Tpmvscmgr command-line tool, see [Use Virtual Smart Cards](virtual-smart-card-use-virtual-smart-cards.md) and [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md).
+ This creates a virtual smart card with the name **TestVSC**, omit the unlock key, and generate the file system on the card. The PIN is set to the default, 12345678.
-1. Wait several seconds for the process to finish. Upon completion, Tpmvscmgr.exe provides you with the device instance ID for the TPM Virtual Smart Card. Store this ID for later reference because you need it to manage or remove the virtual smart card.
+1. Wait several seconds for the process to finish. Upon completion, Tpmvscmgr.exe provides you with the device instance ID for the TPM Virtual Smart Card. Store this ID for later reference because you need it to manage or remove the virtual smart card. To be prompted for a PIN, instead of **/pin default** you can type **/pin prompt**.
+
+For more information about the Tpmvscmgr command-line tool, see [Use Virtual Smart Cards](virtual-smart-card-use-virtual-smart-cards.md) and [Tpmvscmgr](virtual-smart-card-tpmvscmgr.md).
## Step 3: Enroll for the certificate on the TPM Virtual Smart Card