Copyrighted Material

Home , Microsoft Defender, Quick Assist, Security and Maintenance

Index

Advanced Boot Options, 84, 103, Numbers 111, 323, 338 32-bit version, 269, 471 All Apps, Intune, 220 RAM requirements, 238 analytics, 206 64-bit version, 269, 471 Android devices upgrades, 119, 134 enrolling, 418 Intune, enrolling, 216 Intune Company Portal app, 200 A Microsoft Intune, 187 answer files, 17 access controls, 389 APIPA (Automatic Private IP Addressing), accessibility 315 d igital assistant, 12 APNs (Apple Push Notification service), 433 low vision, 9, 19 A pp Protection Status, 454 Narrator app, 266 App-V (Application Virtualization), 69 Account Lockout Policy, 282 application management, 211–236, 432–459 accounts, built-in, 41 applications ACPI (Advanced Configuration and Power adding, 476 Interface), 9 approved, 43 ACT (Application Compatibility Toolkit), 267 assigning, Intune and, 219 activation clock, 18 compatible, 43 activation status, verification, 10 corporate-managed devices, 223 A D (Active Directory), 13. See also Azure AD delays, 96 A D DS (Active Directory Domain distributing, 10 Services), 61, 474 download control, 216 Azure AD connection, 167, 255 installation, 443, 453 sleep settings, 31 installing for all, 217 Add-AipServiceTemplate cmdlet, 459 inventorying, 145 ADE (Automated Device managed, installation, 222 Enrollment), 402,COPYRIGHTED 404 nonapproved, MATERIAL identifying, 219 Admin group, 290 protection policies, 213 administrative tasks, 29, 187, 291 sideloading, 432–433 Administrative Templates, 168, 391 stopping, 94 administrator password, 26, 29 supported, 15 adminstrator accounts, 198 Task Manager, 193 ADMX, Microsoft Intune and, 152 uninstalling, 95 ADR (automatic deployment rule), 350 updates, upload and deployment, 220 480 AppLocker – Azure Monitor

AppLocker, 290 conditional access, 395 APPs (application protection policies), 225, p ermissions, 173 230, 231, 258, 406, 433, 437, 438, 441, Control Panel access, 33 447, 453, 457, 476 Custom Domain Names, 365 Access Requirements, 434 deployment profile, 133 configuration levels, 234 device identity management, 178, information, 231 253, 379, 400 listing available apps, 259 Device Restrictions, 125, 193 AppX (App Packages), 220 directory settings, 136 APs (access points), 320 Exchange Online, access, 156 Assign permission, 40 home computer connection Assigned Access, 449 prevention, 191 attacks, 196 hybrid devices, 259 surface reduction rules, 421 excluding, 166 updates and, 104 Identity Protection, 362 Audit Account Logon Events, 280 Intune and, 121, 437 Audit logs, 427, 441 enrolling, 120 audit policies, 281 Microsoft Intune, trusted websites, 191 auditing, 26 p asswords, resetting, 132 authentication PDF files, 376 biometric, 137, 363, 374, 378, 464, 468 policies communications, 52 creating, 120 MFA, 147, 166, 176, 250, 372, 469 enforcement, 163 Azure MFA, 148 PowerShell commands, 130 categories, 148 profile data, roaming, 167 photo, 301 SSPR (Self-Service Password Reset), 372 security questions, 147 updates, 97–98 two-factor, 30, 137, 283 WDS (Windows Deployment automated deployment, 16, 135, 136 Services), 124 automated installation, 22 Windows Hello for Business, 90 automatic enrollment, 387, 415, 476 Azure Information Protection, 232, 455 Autopilot, 118 protection settings, 459 computers, automatically joining, 118 Azure IoT Central applications, 408 Azure, 306 Azure Log Analytics applications, PowerShell commands, 214 Device Health solution, 189 Information Protection templates, event logs, 184, 186 cmdlets, 236 events, querying, 190 Monitor Logs, 257 Protection Status dashboard, 185 monitoring tool, 190 workgroups, 190 Azure AD, 26, 248, 257, 351, 361, 365, 474 Azure MFA (Multifactor Authentication), AD DS connection, 167 148, 250, 372, 373, 468 AD integration, 135 Azure Monitor, 207, 402, 428 application policy, PowerShell and, 140 l ogs, 429 authentication, 153 metrics, 429 Azure Portal – cmdlets (PowerShell) 481

Azure Portal, Windows Analytics, 147 dual-boot, 10 Azure RMS (Azure Rights Secure Boot, 122–123 Management), 158 viruses and, 108 Boot Configuration Data Editor, 263 boot logging, 339, 467 B BOOTMGR message, 85, 325 BranchCache, 325 background, desktop, 7, 264, 274, 308 Branding And Customization, 452 Background setting, 462 bridges, 319 Backup and Restore, 84, 102–103, 325, broadband tethering, 316 326, 338, 339 browsers, 20, 229, 240, 452, 477 backups, 86, 246 built-in accounts, 41, 51 automatic, 108 built-in compliance, policy settings, 178 encrypted files, 103 built-in utilities, 105 external drive, 95 BYOD (bring your own device), 260, 416, prior to installation, 91 452, 453, 478 restoring, 107 provisioning packages, 227 software installation, 88 System Image tool, 108 wbadmin.exe, 113 backward lookup (DNS), 307 C bandwidth CA (certificate authority), 212 configuring usage, 104 caching, transparent, 316 workgroups, 7 cellular connections, 59 baselines, 335, 426, 475 Central Store, Group Policy Administrative Battery Meter, 265 Template files, 175 BCD (Boot Configuration Data) Store, certificates, SCEP (Simple Certificate 263, 266, 282 Enrollment Protocol), 160 biometric authentication, 363, 374, Change permission, 40, 44 378, 464, 468 Check For Updates option, 340 two-factor, 137 CIDR (Classless Inter-Domain Routing) Windows Hello, 297 number, 61, 63, 81, 243, 306, 308 BitLocker (BitLocker Drive Encryption), 26, clean install, 24, 238, 460 33, 35, 37, 54, 55, 85, 138, 241, 280, phases, 16, 271 282, 284, 287, 294, 303, 353, 463 Clean Wipe, 121 GPOs (Group Policy object) and, 44 client computers, network connections, NTFS and, 300 65 TPM chip and, 288 cmdlets (PowerShell), 434, 436, 438 b oot, 5 Add-AipServiceTemplate, 459 advanced boot options, 111 Azure Information Protection Advanced Boot Options, 247 templates, 236 corrupt files, 104 Enable-PSRemoting, 318 default boot entry, 272 Invoke-Command, 62 dual, 16 l imiting, 70 482 co-management – deployment

New-LocalUser, 281 keyboard and mouse, 265 New-Service cmdlet, 274 Remote Desktop enabling, 62 Suspend-BitLocker, 285 controlled folder access, 298 co-management, 379, 382, 384, 388, 389 convert command, 49, 242 paths, 166 corrupt files, 325 transitioning to, 401, 472 booting and, 104 COD (corporate-owned device), 425 recovering, 396 Code Integrity policy, 42 Cortana, 267 command line, 5 Notebook, 270 Company Portal app, 197, 200, 207 topics displayed, 14 Compatibility Administrator, 271 Creator Owner account, 297 Compatible Products List, 279 Credential Manager, 266 compliance policy, 375, 376, 377, 386 Critical and Error events, 96 built-in, 178 CSP (configuration service provider), 387 configuration policy and, 171 multiple, 178 Computer Inventory Reports, 419 D conditional access, 232, 253, 375, 386, 388, 390, 471 data collector sets, 408 Azure AD, 395 data deduplication, 49 p ermissions, 173 data leakage, 222 policies, 167, 168 data loss, prevention, 39 troubleshooting, 172 data management, 26–55, 211–236, 280– What If tool, 394 303, 432–459 config.psl PowerShell script, 123 data syncing, 399 Configuration Designer tool, 357 deactivating, drivers, 4 Configuration Manager, 369, 384, 385 dedicated devices, 167, 383, 384, 390, 435 application inventory, 200 deduplication, 49 co-management, 163 default boot entry, 272 deployment types, 432 default gateway, 303 Desktop Analytics, 420 Defender Exploit Guard, 419 hash information, 144 Delivery Optimization, 125, 336, logs, 141 356, 468, 469 management features, 196 DEM (Device Enrollment Manager), 415 Microsoft Intune and, 162, 165 Deny Logon Locally, 280 mobile devices, 439 DEP (Device Enrollment Program), 402 Monitoring workspace, 163 d eploying Windows, 4–24 Connect From Anywhere setting, 309 deployment connection security rules, 282 automated deployment, 16, 135, 136 connectivity d eployment profile, 130 configuring, 58–82, 303–323 Dynamic, 353, 367 troubleshooting, 66, 79, 81 dynamic deployments, 143 console file, 296 Modern, 353, 367 Control Panel operating systems, 118–149, 349–374 access, 33, 246 profile, 133, 134 desktop – domains 483

provisioning packages, 143 troubleshooting, 394 reference image, 8 types, 230 rings, 356 upgrading, 355, 381, 383 Traditional, 353, 367 viewing installed, 11 traffic, limiting, 212 DHCP (Dynamic Host Configuration types, 432 Protocol), 61, 313 Windows, 262–279 server, 306 Windows Autopilot, 144 DHCP servers, configuration, 58 desktop diagnostics, 206 background, 7, 462 digital assistant, 12 default, 18 directories, retained in clean install, 238 profile changes, 169 discovery, 75 Desktop Analytics, 143, 145, 203, 209, 251, Disk Cleanup, 341 255, 355, 368, 369, 370, 404, 406, 418, Disk Defragmenter, 106, 293, 342, 381 420, 422, 431, 470, 474 disk images, 21 device compliance policies, 375 Disk Management utility, 281 Device Guard, 42, 292, 431 disk mirroring, 301 KMCI (kernel mode code disk quotas, 50, 54, 291, 302, 393 integrity) and, 292 restrictions, 241 Device Health Attestation, 280 disk space Device Health solution, Azure Log expanding, 28 Analytics, 189 restricting, 300 Device Install Status, 456 spanned volumes, 28 device management, 26–55, 182–209, 280– Diskpart, 301 303, 402–432 diskpart.exe, 241, 463 Device Manager, 262, 288, 327, 332 disks Device Performance & Health, 430, 474 dynamic, 42 device profiles, 354, 390 storage pool, 46 Device Restrictions, 125 DISM (Deployment Image Servicing and Device Security, 431 Management), 18, 141, 252, 264, 265, devices 273, 358, 363, 460 corporate data removal, 225 sideloading, 448 d edicated, 167, 383, 384, 390, 435 DLL (dynamic link library), 291 identity management, 178, 253 DLP (data loss prevention), 234 Intune, enrolling, 216 p olicies, 458 i nventory report, 202 p olicy creation, 234 i nventory reports, 420, 422, 425 DNS (Domain Name System), 293, 465 iOS, access, 213 b ackward lookup, 307, 308 k iosk setting, 449 forward lookup, 307, 308 limiting, 207 inbound/outbound traffic, 294 locking down, 42 resolver cache, 71 LOG (line-of-business) apps, 228 servers, corrupt data, 63 preconfiguring, 353 d ocument encryption, 48 security, 182–209, 402–432 d omains state condition, 455, 477 connecting to, 76 484 downgrading – files

default name, 132 data retention, 177 names, adding, 141 Explicit Deletion settings, 177 trusts, 74 error log, 16 downgrading, 126 Ethernet connection, 305 drive encryption, 124 ETW (Event Tracing for Windows), 329 Driver Rollback, 325, 328 event forwarding, 31 driverquery.exe, 266 Event logs, 404 drivers, 269 access, 75 deactivating, 4 Azure Log Analytics, 184 device troubleshooting, 85 Event Viewer, 94, 331, 332, 334, digitally signed, 28, 38 336, 346, 411 installation, testing, 28 Critical and Error events, 96 installing, 40 information events, 97 testing installation, 14 executable content, blocking, 202 unsigned, 30 exFAT, 102 dual-boot, 10, 16, 159 Explicit Deletion settings, 177 dynamic deployments, 143 Exploit Protection mitigations, 199, 200 dynamic disks, 42, 154, 293, 377 PowerShell, 202 dynamic provisioning, transformations, 143 Exploit Protection settings, 421 external storage, moving files, 50

E Ease of Access tools, 274 F Easy Connect, 312 facial recognition, 90, 138, 148 Edge, 275, 452, 462, 477 FAT32 file system, 158, 288, 299 app protection policy, 218 converting, 300 websites, untrusted, 185 features, testing, 90 EDP (Enterprise Data Protection), 437, 442 File Explorer, hiding computers, 62 EFS (Encrypting File System), 299, 463 File History, 36, 88, 287, 289, 296, 297, 327, EG (Exploit Guard), 292 328, 332, 338 EMM (Enterprise Mobility folder protection, 38, 93 Management), 222 f ilename extensions, 34, 286 EMS (Enterprise Mobility + Security), 189 files Enable Boot Logging, 339, 347 backups, 86 Enable Safe Mode, Command Prompt, 104 copying, to USB, 55 Enable-PSRemoting cmdlet, 318 deleting unnecessary, 105 encryption moving, to external drive, 50 b ackups, 103, 339 OneDrive, 100–101 communications, 52 permissions, 35 d ocuments, 48 recovering, 87, 90 d rive encryption, 124 restoring, 6, 86 VPN (virtual private network), 79 shared endpoint protection, 380, 423 accessing, 110 Enterprise, 11 retrieval time, 73 Enterprise State Roaming, 176, 177, 399 size, access time and, 43 financial information regulations – hotspots 485

financial information regulations, 175 gpresult, 280, 284 firewalls. See Microsoft Defender Firewall g race period, 398 Folder Redirection, 154, 155, 172, 285, 377, Graph view, 337 393, 395, 473 Group Policies, 285, 387 folders Central Store, 254 backups, 86 Delivery Optimization settings, 146, 251 controlled access, 298 OneDrive Known Folder Move, 174 File History, 38 restricting groups, 40 Home Folder, 48, 464 Windows Hello for Business, 122 permissions, 240 Group Policy Administrative Template files, recovery, 90, 92 Central Store, 175 restore, 40 g roups restoring, 86 creating, 36 shared, 48 membership, 218 accessing, 110 restricting, 40 p ermissions, 50, 53 GUID, blocking executable content, 202 fonts TTFs (TrueType fonts), 407 viruses, 188, 190 H forward lookup (DNS), 307, 308 FQDN (fully qualified domain name), 421 hard disks free space, notifications, 92 adding, 298 Fresh Start, 351–352, 412 basic disks, 293 Microsoft Intune, 121 Disk Defragmenter, 293 FTP (File Transfer Protocol), 294 dynamic, 154, 293 Windows Defender EG (Exploit formatting, 47, 55 Guard) and, 293 Storage Spaces, 51 hardware controlling, 28 isolation, 411 G reports, 201 gestures, photo logon, 301 hardware ID, PowerShell and, 144 GLBA (Gramm-Leach-Bliley Act), 472 h ash information, Configuration Google Assistant, 12 Manager and, 144 GPOs (Group Policy objects), 32, health report, 430 179, 180, 469 hibernation, 267 BitLocker (BitLocker Drive HIPPA (Health Insurance Portability and Encryption) and, 44 Accountability Act), 174, 396 KFM (Known Folder Move), 174, 175 Histogram Bar view, 411 Known Folder Move, 163 Histograms, 337 LGPOs (Local Group Policy objects), 34 HKEY_CURRENT_USER, 11 Microsoft Accounts, limiting, 148 Home Folder, 242, 464 Microsoft Defender Firewall, 45 setup, 48 sideloading, 226 HomeGroup, 316 Upgrade Readiness report, 142 Hosted Network, 320 Windows Update for Business, 147, 250 h otspots, 77 486 HTTP (Hypertext Transfer Protocol) – Intune

HTTP (Hypertext Transfer clean, 24, 238, 460 Protocol), 293, 294 phases, 16, 271 HTTPS (Hypertext Transfer Protocol command line, 5 Secure), 293, 294 Device Context, 453 HVCI (Hypervisor-Protected Code drivers, 14, 40 Integrity), 195, 412 testing, 28 hybrid Azure AD, excluding devices, 166 final step, 21 Hybrid MDM, 375 image creation, 8 reference, 8 unattended, 17, 272 I User Context, 453 WDS (Windows Deployment Services), ICMP (Internet Control Message 17 Protocol), 284 Windows, multiple computers, 272 ID badges, 54 integrity policies, 42 identity-based risks, 169 Internet Explorer, 452, 477 if-then statement, 471 Intune Image Capture Wizard, 21, 239 ADMX-backed policy, 152 images All Apps, 220 background, 264 Android devices, 187 custom Company Portal app, 200 sign-in, 125 APNs (Apple Push Notification wallpaper, 125 service), 433 login, 149 app assignment, 219, 440 p hoto as password, 20, 149 app deployment, 218, 435, 439–440 imaging, 238 app detection, 441 capturing, 119 app information assignments, 233 disk images, 21 app listing, 229, 259 DISM (Deployment Image Servicing and app management, 443 Management), 141 app monitoring, 455, 456 setup automation, 135 App Overview pane, 234 SIM (System Image Manager), 361 app types, 221, 442 Sysprep and, 13, 17–18 app-related activity, administrators, 221 system images, 344 Azure AD and, 437 in-place upgrade, 14, 139 BYOD, 452, 453 inbound rules, 43, 192, 406, 410 Company Portal app, 436 Indexing Options, 92 name change, 230 indexing services, disabling, 331 Configuration Manager and, 162 inheritance, NTFS permissions, 44–45 workload balance, 165 inherited permissions, 295 configuration profiles, 157 installation, 238 d ata leakage protection, 220 answer files, 17 deployment, 134, 442 apps, 443 Device Enrollment, 256 automation, 10, 22, 272 Navigation pane, 205 backups prior, 88, 91 d evices inventorying apps – Known Folders 487

automatic enrollment, 476 upgrading and, 127, 159 enrolling, 216, 357, 416, 417, 426, 427, WIP (Windows Information 430, 433, 474 Protection), 442 types, 230 inventorying apps, 145 Discovered Apps, 221 Invoke-Command cmdlet, 62 endpoints and, 423 iOS devices enrolling, 120, 258 access, 213 restrictions, 409 enrollment, 185 features, 409 Intune, 184 Fresh Start, 121 IoT (Internet of Things), 408 g roups, 235, 440, 458, 459 IP addresses terms and conditions, 429 classes, 58, 304, 308, 320, installation, direct, 231 321 iOS devices, 184 network adapters, 75 enrollment, 185 new network, 59 LOB (line-of-business) apps, 226 valid, 75 MAM (mobile application management), IP network numbers, classes, 78 440, 441, 442, 443, 449 iPad devices, Intune, enrolling, 216 Managed Browser, 407 ipconfig, 245, 303, 311, 321, 465 Management Extension, 392 results, 78, 79 MDM (mobile device management), 221, ipconfig /all, 315 452, 453, 456, 475, 477 IPsec (Internet Protocol Security), 30, memberships, 258 322 Microsoft Defender Credential IPv6, 243 Guard, 186 link-state addresses, 78 network protection, 203 Media Sensing, disabling, 62 policies scoped addresses, 321 creating, 170, 255 templates, 214 troubleshooting, 170, 171 K PowerShell scripts, 164, 168–169, 391 profiles, Windows Hello for keyboard, speed configuration, 9 Business and, 156 KFM (Known Folder Move), 174, 376, proprietary data, 437 384, 397, 471 protection policies, 227 GPOs, 163, 174, 175 reports, 201, 203, 419, 421 k iosk settings, 449 requirements, 152 KMCI (kernel mode code integrity), Device restart prompt, 434 Guard and, 292 Security groups, 235 KMS (Key Management Service), 14, SSPR (self-service password reset), 184 265, 268, 363 Sync device, 438 Known Folder Move Group Policy, 385 trusted websites, 191 Known Folders update policy assignments, 350 O neDrive, 174 update rings, 128 redirect to OneDrive for Business, updates, 125 253 488 language – MDT (Microsoft Deployment Toolkit)

Configuration Manager, 141 L error log, 16 language, 20, 231, 239, 276, 461 Event logs, 404 laptops loopback address, 311 battery life reports, 13 LTSB (Long-Term Servicing Branch), 343 desktop background, 7 LTSC (Long-Term Servicing Channel), 343 locking, 5 new employees, 34 offline file access, 19 M power settings, 6 projecting, 15 MAC (media access control) sleep, 6 addresses, 61, 306 stolen, recovery, 193 NIC, 319 Launch Recovery Environment, 348 viewing, 76, 245 least amount of privilege, 157 maintenance Let Windows Manage This Connection software updates, 120 option, 304 Windows, 323–349 LGPOs (Local Group Policy malicious software, 106 objects), 34, 287 malware, 196, 198 license agreement coverage, 202 protecting, 42 licensing, 266, 355, 455 MAM (mobile application management), Line view output, 411 223, 400, 440, 441, 442, 443, LOB (line-of-business) apps, 13, 435, 449, 450, 454 444 all users enrolled, 229 devices, 228 Intune apps, 228 distributing, 226 troubleshooting, 457 sideloading, 236, 258, 447, 448 manage-bde, 326 web-based, 180 managed apps, installation, 222 Local Group Policy, 26, 281 Masters folder, NTFS, 243 local loopback, 319, 465 MBAM (Microsoft BitLocker Local Security Policies, 29 Administration and Monitoring), local user, account creation, 27 287 Lock Screen, 263, 274 MDM (mobile device management), 164, background images, 28 179, 180, 181, 220, 223, 377, 386, 400, l ockdown profiles, 227–228 401, 414, 451, 453, 456, 475, 477 Log Analytics, 403, 418, 476 co-management, 253 agents, 403 Company Portal app, 197 l og files, 23, 257, 271, 279 devices, enrolling, 196, 204 failure information, 90 enrollment, 414 login photo, 241, 374, 462, 463 h ybrid, 153 l ogon Intune devices, 230, 233 images, 149 LOB (line-of-business) and, 180 pictures, 51 push certificates, 197 l ogs MDT (Microsoft Deployment Toolkit), 127 Azure Log Analytics, 184 Azure AD, 124 Media Sensing – migration 489

Microsoft Office 365 ProPlus, 158 SMTP inbound/outbound rules, MSI package, 215 43, 188, 192 Media Sensing, 62, 307 Microsoft Defender Firewall with Advanced membership in groups, 218 Security, 410 messages, errors, 110 Microsoft Defender Security Center metered connections, 327, 439 portal, 206 metered networks, 317 Microsoft Defender SmartScreen, MFA (multifactor authentication), 147, 166, 196, 199, 413 176, 250, 372, 469 Microsoft Edge. See Edge Azure MFA, 148 Microsoft Endpoint Configuration categories, 148 Manager, 179, 180 Microsoft 365 Microsoft Exchange Online, 232 devices, preventing access, 153 Microsoft Intune. See Intune unmanaged devices, 189 Microsoft Office 365 ProPlus, Windows 10 Professional and, 130 MDT and, 158 Windows Insider Program, Microsoft Store preventing, 120 account information access, 233 Microsoft 365 Apps for Enterprise, 440 apps transitioning to, 228 free, 447 usage and health information, 230 installing, 140, 232 Microsoft Accounts, limiting, 148 preventing, 30 Microsoft Defender Antivirus, 197, 203, p urchasing, 447 257, 410, 423, 430, 431, 475 disabling users, 283 automation, 208 Global Administrator, 224, 258 requirements, 209 licensing, 233 Microsoft Defender Application Guard, Microsoft Store for Business 207, 256, 403, 408, 409, 424, 425, app deployment with Intune, 218 426, 429, 474 application installation, 137 device settings, 204 corporate users, 224 hard disk space, 195 Global Administrator, 444, 445, 456 new window, 205 licensing, 224, 446 RAM requirements, 192 Offline licensing, 446 Microsoft Defender ATP (Advanced Threat Online licensing, 446 Protection), 190, 204, 375, 407, Private Store, 225, 446, 454 414, 427, 430 app installation, 226, 447 Microsoft Defender Credential Guard, 186, p rivate stores, 364 190, 404, 409 purchase configuration, 225 Group Policy, 195 sign up, 224 Microsoft Defender Exploit Guard, 47, 198, Microsoft System Center 2012 R2 405, 413, 423 Configuration Manager, 160 Microsoft Defender Firewall, 42, 464 Microsoft System Center Configuration DNS inbound/outbound rules, 43, 243 Manager, 156, 157 GPOs (Group Policy objects), 45 migration, 4, 6 inbound/outbound rules, 193 administrator task, 199 rules, 32 GroupPolicies evaluation, 165 490 Miracast – ntuser.dat file

network, 86 IP addresses, 75 p rint servers, 37 p roperties, 76 User State Migration components, 146 resource settings, 76 USMT (User State Migration troubleshooting, 77 Tool), 12, 142 network cards, 38 Miracast, 138, 270 Network Discovery, 307, 319 mirroring, 301 Windows Firewall, 310 misconfigured files, 325 network ID, 80, 81, 244 MMA (Microsoft Monitoring network interfaces, selecting, 59 Agent), 403, 407 network mask, calculating, 322 MMAT (MDM Migration Analysis Tool), network prefixes, 322, 465 165, 387, 388, 401 network protection, 422, 424 MMC (Microsoft Management network resources, access, 94 Console), 66, 281 Network Unlock, 303 Author Mode, 296 networking metering, 466 console files, 296 networking models, 73 filename extensions, 36, 287 networks Mode-full access, 296 bridges, 319 Mode-limited access, 296 connecting to, 245 Print Management, 302 metered, 317 prompts, preventing, 46 p eer-to-peer, 305 Windows Reliability and Performance Private, 311 Monitor, 332 protection mobile applications, download control, 216 Intune and, 203 mobile devices PowerShell, 204 projecting, 15 type, 59 tablets connecting to, 216 New-CIPolicy, 292 tethering, 436 New-LocalUser cmdlet, 281, 284 Mobility Center, 15, 270 New-PSSessionConfigurationFilee cmdlet, 313 Modify permission, 295, 464 New-Service cmdlet, 274 monitoring, 206 NIC (network interface card), 319, 466 mouse, speed configuration, 9 setup, 466 MSI (Microsoft Installer), package files, 220 NLA (Network Level Authentication), 304 MSRT (Malicious Software Removal NTFS (New Technology File System), Tool), 342, 343 158, 273, 280 MyFolder, 29 advantages, 49 BitLocker and, 300 d isk quotas, 50, 241 N limiting user space, 41 Masters folder, 243 Narrator app, 266 object owners, 302 NAT (Network Address Translation), 313 p ermissions, 26, 33, 39, 44–45, 285, 290, NDES (Network Device Enrollment 299, 300, 302 Service), 383 volumes, disabling, 38 network adapters ntuser.dat file, 255 ODT (Office Deployment Tool) – permissions 491

Password Must Meet Complexity O Requirements policy, 34 ODT (Office Deployment Tool), 380 password policies, 30, 282, 286 Office 365 ProPlus, 440 Password Reset, 359 name change, 220 passwords Office Telemetry Dashboard, 453 administrator password, 26, 29 Offline Files, 275 Azure AD, 132 OMA-URI (Open Mobile Alliance Uniform changing, 11 Resource Identifier), 405 photo as, 20, 149, 240, 275, OneDrive, 333, 337, 347, 466, 468 373, 462, 463 deleting files, 326 resetting, 410 folders, redirecting, 174 SSPR (self-service password GPO settings, 397, 472 reset), 184, 402 KFM, 397 Patch Tuesdays, 107, 139, 247, 278, Known Folders redirect, 162 341, 361, 467 offline files/folders, 100, 101, 248 patches, 340 Recycle Bin, 326 p eer-to-peer networks, 305 redirecting folders, 153 workgroups, 316 requirements, 111 p erformance, 256 restoring files, 95 baseline, 335, 426, 475 storage, 111, 171, 246 data collection, 191 syncing, 97 deleting sectors, 106 OneDrive for Business, 172, 173, 395 monitoring, 205 Known Folders, 253 system performance statistics, 411 restoring files, 173 Performance Monitor, 84, 96, 198, 248, OneDrive Known Folder Move, 174 323, 326, 327, 335, 405, 415, 416, OOBE (Out of Box Experience), 125, 268 419, 468, 476 operating systems Add Counters window, 324 deployment, 118–149, 349–374 baseline report, 195 loophole, 21 output modes, 89, 99, 100, 194 multiple simultaneous, 77 performance monitoring, 96 refreshing, personalization permissions, 54, 240, 242, 286 settings and, 131 A ssign, 40 unbootable, repairing, 108 Change, 40, 44 updating, 118–149, 349–374 conditional access, 173 outbound rules, 43, 192, 406, 410 inherited, 295 ownership permissions, 297 Modify, 295 modifying, 33 NTFS, 26, 39, 302 P inheritance and, 44–45 ownership, 297 package files, MSI (Microsoft Installer), 220 Read, 40, 44, 47 Packet Internet Groper (ping ), 319 Read & Execute, 295 parental controls, 37, 288 share, 26, 39, 240, 462 partitions, converting, 463 Shared folder permissions, 242 492 personalization – PXE (Preboot Execution Environment)

shared folders, 49, 50, 52, 53 Intune and, 168–169 Write, 47 running, 164 p ersonalization, refreshing operating service creation, 19 system and, 131 PPP (Point-to-Point) packets, 313 phishing, 196 p ractice exams photo login, 20, 149, 240, 241, 275, MD-100, 238–248 301, 373, 374 MD-101, 250–260 picture passwords, 462, 463 Previous Versions tabs, 89, 101 PIN (personal identification Print Management, MMC (Microsoft number), 374, 468 Management Console), 302 complexity rules, 46, 149, 242, Print Management Console, 262, 287 250 Print Management tools, 36 length, 149 print server, migration and, 37 Windows Hello, 250, 297 Printer Migration, 288 ping, 72, 80, 244, 319, 322, 465 printers, settings, remote configuration, own computer, 76 54 p ings, 32 p rivacy, automatic lock, 149 PNRP (Peer Name Resolution private networks, 13, 268, 311 Protocol), 69, 312 p rivileges, least amount, 157 policies, managing, 151–181, 375–402 profile data, roaming, 167 p olicy refresh cycle times, 178 p rofiles, 382 p orts, Device Health Attestation, 27 desktop changes, 169 Power Options, 283 managing, 151–181, 375–402 power settings roaming, 288 ACPI (Advanced Configuration and size, 171, 172 Power Interface), 9 super-mandatory profiles, 289 laptops, 6 Properties dialog box, Profile tab, 299 tablets, 12 proprietary data, Intune, 437 Power Users, 284 protection policies, apps, 213 powercfg.exe, 267 protection tools, 196 PowerShell, 262, 346, 357, 467 provisioning package, 130, 140, 357, 362, application update, 216 363, 365, 367, 459, 470, 476 applications, password credential AD domain, 131 removal, 218 BYOD (bring your own device), 227, 260 Azure AD policies, 120, 130 d eploying, 143, 252 cmdlets, 434, 436, 438 language, 131 l imiting, 70 multivariant, 358 commands, 58 PowerShell and, 137 Exploit Protection configuration, 202 WCD (Windows Configuration h ardware ID, 144 Designer), 144 provisioning packages and, 137, 143 p ublic networks, changing to private, 13 remote connection, 61, 78, 303, 306 p ush certificates, MDM (mobile device Remoting, 321 management), 197 scripts PXE (Preboot Execution config.psl, 123 Environment), 273, 350 Quick Assist – Safe Mode 493

GLBA (Gramm-Leach-Bliley Q Act), 397, 472 Quick Assist, 74, 312, 318 healthcare information, 174 HIPPA, 396 personal information, 254 R Reliability and Performance Monitor, 332 Reliability Monitor, 326, 332 RAID (Redundant Array of Inexpensive remote addresses, viewing, 64 Disks), 296 Remote Assistance, 75 RAM remote connections, setup, 304 32-bit version, 238 Remote Desktop, 78, 245, 307, 312, 321 minimum requirements, 23 connection speeds, 71 ransomware, 198 Control Panel, 62 RAS (Remote Access Service), 313 setup, 59 RD Gateway, 64, 68, 310, 318, 466 sign in, 67 RD Session Host, 68, 311 Remote Desktop Connection, 82 RDC (Remote Desktop Connection), 243, Remote Desktop Services, 285 314, 323, 465 removable storage, 31 RDP (Remote Desktop Protocol), 315 Report view, 411 login credentials, 70 reports, Readiness Report Creator, 228 Remember Me option, 312 Resource Monitor, 309 RDS (Remote Desktop Services), 64 resources, control, 47 Read & Execute permission, 295 Restore Files And Directories, 282 Read permission, 40, 44, 47 restore points, 91, 101, 107, 109, 247, 329, Readiness Report Creator, 228, 229, 331, 334, 343, 344, 467 232, 451, 455 restores, 5, 246 Readiness Toolkit for Office add-ins files, 6 and VBA, 450 folders, 40 Readiness Report Creator, 228 OneDrive, 95 recovery, 87, 90, 92, 111, 246 Recycle Bin, 264 message errors and, 110 roaming profiles, 36, 288 Recovery tab, 265 Roll Back Driver, 262 Recycle Bin, 264, 330, 396 rollbacks, 127 reference counter, 461 RRAS (Routing and Remote Access refreshing operating system, personalization Service), 71 settings and, 131 RSAT (Remote Server Administration ReFS (Resilient File System), Tools), 310 296 rules, inbound/outbound, 43 Registry, 264, 278, 460 editing, 7 restore points, 329 restricting access, 238 S utilities, 23 S mode, 262 regulations Safe Mode, 103, 325, 344 f inancial information, 175 recovery and, 111 494 scanstate command – signed drivers

scanstate command, 358 Security and Maintenance section, 106, scanstate.exe, 6 247, 341, 467 SCCM (System Center Configuration security event logs, users and, 93 Manager), 212, 215, 292 security groups, 458 devices, Intune registered, 219 security policies, 30, 217 SCEP (Simple Certificate Enrollment security questions, 147 Protocol), 160, 383 Security Updates, 340 Schannel, 301 selective wipe, 384 scope tags, 392, 473 Semi-Annual Channel servicing, 343 scoped addresses, 321 servers, accessing, 62 screen shut off, 12 service packs, 277 Screen Timeout, 263 se rvices screensaver, changing, 19 configuring, 8 scripting tools, 5 startup type, 110 scripts, PowerShell, config.psl, 123 Servicing options, 107 SCSI drivers, 89 Session section, 166 Secure Boot, 122–123, 352 setup.exe, /unattend switch, 262 Secure Channel, 301 setupconfig.in i, 352 security share permissions, 26, 32, 39, 54, 462 administrator password, 26 Change, 289 auditing, 26 Full Control, 289 authentication, two-factor, 30 Read, 289 BitLocker (BitLocker Drive Encryption), s hared files 26, 33, 35, 37 accessing, 110 devices, 182–209 retrieval time, 73 event forwarding, 31 Shared folder permissions, 242 File History, 36 shared folders, 48 file permissions, 35 accessing, 110 firewalls, 32 permissions, 49, 50, 52 folders, File History, 38 shared permissions, 240 GPOs (Group Policy objects), 32 shortcut trusts, 316 home users, 35 shutdown command, 354 ID badges, 54 SID (security identifier), 8, 135, LGPOs (Local Group Policy objects), 34 286, 291, 463 l ocal user, account creation, 27 resetting, 11 malware, 42 sideloading, 226, 268, 432–433, 436 Parental Controls, 37 DISM (Deployment Image Servicing and p asswords, administrator password, 26 Management), 448 removable storage, 31 GPOs (Group Policy objects), 226 roaming profiles, 36 LOB (line-of-business) apps, 236, share permissions, 26 258, 447, 448 unsigned drivers, 30 offline images and, 226 usage tracking, 26 sign-in screen, custom image, 125 virtualization-based, 186 signed drivers, 38 SIM (System Image Manager) – traffic 495

SIM (System Image Manager), 266, 275, syncing data, 399 277, 361, 362 Sysprep, 11, 13, 267, 277, 350, 365, 461, 471 SIM tool, 20 sysprep.exe, 265 site server, 379 system configuration, recovering, 85 Sleep mode, 263 system event logs, users and, 93 sleep settings, 6, 12 system files, repairing, 324 SMART alert, 95 system image, 327, 344 smart cards, 283, 303 System Image tool, backups, 108 virtual, 39, 289 system performance and processes, 109, 411 SMTP (Simple Mail Transfer System Preparation tool, 8, 273, 461 Protocol), 293, 294 System Protection, 247, 289, 328, 343, 467 Microsoft Defender Firewall, 43, 188 enabling, 92 software, malicious, 106 restore points, 107, 331 spanned volumes, 28, 281, 300 System Protection snapshot, 103 SSID, 320, 465 system requirements, 279 SSO (single sign-on), 11 System Restore, 247 SSPR (self-service password reset), 184, 402 system restore point, 334 SSTP (Secure Socket Tunneling Protocol), 313 Standard user account, 280 T Start Menu, 270 modification, 6 tablets, 161, 162 Start section, 263 configuring, 215 Startup Repair tool, 339, 347, 466 connect to mobile phones, S tartup Settings screen, 112 216 storage sleep settings, 12 external, moving to, 50 Wi-Fi connection, 74 free space notifications, 92 targets, 358 OneDrive, 111 Task Manager, 333, 334, 411 removable, 31 applications, stopping, 94, 193 storage pool, disks, adding, 46 stopping services, 105 Storage Spaces, 51, 98, 296, 336 Task Scheduler, 106, 342 subnet masks, 74, 306, 315 task sequences, 353 classes, 77 TCP/IP i ncrease, 82 connections, active, 64 network ID, 80 d etails, 72 ranges, 73 DNS server, 60 Subscription Activation, 124, 138 testing, installation, 28 super-mandatory profiles, 289 testing environment, 9 Suspend-BitLocker cmdlet, 285 tethering, 73, 316, 436 Sync Center, 346 TPM (Trusted Platform Module) chip, Sync settings, 172, 173, 473 288, 294, 353 synchronize files, 266, 473 tracert, 322 Intune, 438 traffic, limiting, 212 496 transformations – viruses

transformations, dynamic upgrades, 271 provisioning and, 143 to 32-bit, 238 transparent caching, 316 64-bit, 119, 134 troubleshooting devices, 355, 381 conditional access, 172 in-place, 14, 139 connectivity, 66, 79, 81 Windows 2000, 16 devices, 394 usage tracking, 26 MAM and, 457 USB devices, copying to, 55 Microsoft Intune policies, 170, 171 user accounts network adapters, 77 creating, 41 Windows Autopilot, 139 Standard, 280 trusts, 74 user experience settings, 354 shortcut, 316 user profiles, 391 TTFs (TrueType fonts), 407 types, 392 viruses, 190 usernames, changing, 11 tunneling, 314, 315 use rs two-factor authentication, 30, 283 creating, 67 biometric, 137 local, account creation, 27 roaming profiles, 36 USMT (User State Migration Tool), 12, 142, U 145, 146, 251, 252, 262, 264, 267, 366, 370, 371, 469, 470 UAC (User Account Control), 27, utilities 41, 280, 291 built-in, 105 UMCI (user mode code integrity), 292 PS prefix, 110 Unenlightened apps, 454 real time data analysis, 201 unsigned drivers, 30 UWP (Universal Windows Update & Security, 90 Platform), 212, 220 Update Compliance, 147, 367, 418 CA (certificate authority), 212 updates, 278 available, 105 Azure AD, 97–98 checking for, 22, 239, 461 V d ay of the week, 23 VAN (View Available Networks), 308 d ownloading, 129 VBA (Visual Basic for Applications), 450 maintenance window and, 120 VHDX files, 30 operating systems, 118–149, 349–374 video card driver, configuring, 84 removing, 88 video drivers, updating, 87, 126 restoring, 101 virtual smart cards, 39, 289 rings, 128–129 virtualization, 320 rollbacks, 127 virtualization-based security, 186, 409 services, 112 viruses Upgrade Readiness report, 145, 251 booting and, 108 GPO (Group Policy object), 142 fonts, 188, 190 volume license customers – Windows Defender EG (Exploit Guard) 497

volume license customers, 355 WEF (Windows Event Forwarding), volumes, 50 283 spanned volumes, 28, 300 What If tool, 394 VPN (virtual private network), 60, 70, 179, Wi-Fi, 305 180, 181, 305, 306, 313, 314 data consumption, 219, 246 AD (Active Directory) and, 60 networks, connecting, 309 connecting, 71 p rofiles, 317 connection troubleshooting, 73 tablets, 74 encryption, 79 Windows Autopilot Reset, 123 location, 71 Wi-Fi profiles, 74 setup, 59 WIM (Windows Image) Windows Autopilot Reset, 124 drivers, 7 VPN Reconnect, 313 third-party drivers, viewing, 131 W indows deploying, 4–24 W maintenance, 84–113, 323–349 migrating, 4 wallpaper, 240 scripting tools, 5 changing, 19 updates, checking, 239 custom image, 125 Windows 10 WAN (wide area network), updates, disk size requirements, 142 downloading, 85 requirements, 460 WAP (wireless access point), 245, 313, 465 version selection, 4 wbadmin.exe, 333, 348, 466 Windows 10 Home Edition, synchronize backups, 113 laptop to network, 10 WCD (Windows Configuration Designer), Windows 10 Professional, 141, 362, 366, 367, 449, 478 Microsoft 365, 130 provisioning packages, 144 Windows Analytics, 355, 420 WDAC (Windows Defender Application Azure Portal, 147 Control), 294, 406, 428, 474 retirement, 147 WDS (Windows Deployment Services), 7, Windows Autopilot, 123, 125, 351, 10, 18, 21, 239, 264, 272, 273, 276, 352, 356, 362 350, 355, 461 adding devices, 349–350 Azure AD, 124 deployment profile, 130, 133, 369 command-line utility, 126 d eployment scenarios, 140, 144 installation, 17 error codes, 122, 145 server prep, 17 OOBE (Out of Box Experience), 125 user requests, 119 troubleshooting, 139 wdsutil, 20 Windows Autopilot Reset, 122, 123, 364 wdsutil, WDS (Windows Deployment VPN connections, 124 Services), 20 Wi-Fi connection, 123 websites Windows Defender ATP (Advanced Threat trusted, 191 Protection), 157 untrusted, isolating, 185 Windows Defender EG (Exploit Guard) 498 Windows Defender Firewall – XML-based files

controlled folder access, 298 WinRE (Windows Recovery Environment), FTP (File Transfer Protocol) and, 293 85, 86, 109, 326, 345, 352 Windows Defender Firewall, 284, 286, 294 WinRM (Windows Remote enabling, 295 Management), 327 Windows Enterprise Certificate, LOB enabling, 68 (line-of-business) apps, 448 WIP (Windows Information Protection), Windows Firewall, Network 219, 437, 442, 443, 444, 445, 451, Discovery and, 310 454, 459, 477 Windows Hello, 363, 378, 381, 464, 468 benefits, 235 biometric authentication, 297 categories, 224, 231, 259 facial recognition and, 138 Enterprise Context, 437 PIN, 250 Intune, configuring, 222 Windows Hello for Business, 468 logging inappropriate data, 229 facial recognition, 90, 148 management mode, 223, 259 Group Policy settings, 122 policy creation, 222 Microsoft Intune, profiles, 156 policy deployment, 223 Windows Insider Program, 329 wireless hotspots, 77 p reventing, 120 bridges, 319 Windows Security, 413 w ireless networks App & Browser Control secction, 417 automatic connect, 64 Device Performance & Health, 430 preventing, 65 health reports, 430 connecting to available, 63 reports, 208, 255 settings, 28 Windows To Go, 278, 331 standards, 76 repairing workspace, 22, 92 viewing, 64 Windows Update, 136, 277, 287, 328, 330, WLAN (wireless local area 347, 362, 461 network), 77, 245 configuring, 21, 104, 239, 340 workgroups settings, 84 bandwidth consumed, 7 Windows Update for Business, 142 built-in accounts, 51, 300 anti-malware, 142 configurations, 32 anti-spyware, 142 Write permissions, 47 Feature Updates, 367 WSUS (Windows Server Update Services), GPOs, 147, 469 89, 91, 277, 287, 323, 328, 330 Internal Deployment Groups, 366 WUDO (Windows Update Delivery Microsoft Intune, 125 Optimization), 264, 340 Non-Deferrable Updates, 367 Quality Updates, 367 update types, 142, 364 X–Y–Z video driver update prevention, 126 WinPE (Windows PE), 364 XML-based files, 360