deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-22 18:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 4963: 12/13 PM Publish

Browse Source
This commit is contained in:
Alma Jenks 2017-12-13 23:32:27 +00:00
commit 0716af7fea
15 changed files with 291 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -8399,6 +8399,11 @@
"source_path": "windows/deployment/windows-10-enterprise-activation-subscription.md",
"redirect_url": "/windows/deployment/windows-10-enterprise-subscription-activation",
"redirect_document_id": true
},
{
"source_path": "windows/deployment/windows-10-auto-pilot.md",
"redirect_url": "/windows/deployment/windows-10-autopilot",
"redirect_document_id": true
}
]
}

2
education/windows/use-set-up-school-pcs-app.md
View File

@ -197,7 +197,7 @@ The **Set up School PCs** app guides you through the configuration choices for t
2. Check the options whether to allow keyboard text suggestions to appear and to allow teachers to monitor online tests.
3. Enter the assessment URL.
You can leave the URL blank so that students can enter one later. This enables teachers to use the the Take a Test account for daily quizzes or tests by having students manually enter a URL.
You can leave the URL blank so that students can enter one later. This enables teachers to use the Take a Test account for daily quizzes or tests by having students manually enter a URL.
**Figure 5** - Configure the Take a Test app

8
windows/access-protection/credential-guard/credential-guard-known-issues.md
View File

@ -18,6 +18,14 @@ ms.date: 08/17/2017
Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
The following known issue has been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/help/4051033):
- Scheduled tasks with stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
"Task Scheduler failed to log on \Test . <br>
Failure occurred in LogonUserExEx . <br>
User Action: Ensure the credentials for the task are correctly specified. <br>
Additional Data: Error Value: 2147943726. 2147943726 : ERROR\_LOGON\_FAILURE (The user name or password is incorrect)."
The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows 10 machines](https://support.microsoft.com/help/4015217/windows-10-update-kb4015217)

11
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/17/2017
ms.date: 12/13/2017
---
# Policy CSP - Authentication
@ -203,6 +203,15 @@ ms.date: 11/17/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Preview release in Windows 10, version 1709. Supported in the next release. Specifies whether Fast Identity Online (FIDO) device can be used to sign on. This policy enables the Windows logon credential provider for FIDO 2.0

44
windows/client-management/mdm/policy-csp-cellular.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/17/2017
ms.date: 12/13/2017
---
# Policy CSP - Cellular
@ -63,6 +63,15 @@ ms.date: 11/17/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, version 1709. This policy setting specifies whether Windows apps can access cellular data.
@ -83,7 +92,7 @@ Suported values:
- 0 - User is in control
- 1 - Force Allow
- 2 - Force Deny
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
@ -113,8 +122,18 @@ Suported values:
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
@ -144,8 +163,18 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
@ -175,8 +204,18 @@ Added in Windows 10, version 1709. List of semi-colon delimited Package Family N
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, version 1709. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps. Value type is string.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>
@ -226,6 +265,7 @@ Supported values:
- 0 - Hide
- 1 - Show
<!--EndDescription-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).

10
windows/client-management/mdm/policy-csp-connectivity.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/20/2017
ms.date: 12/13/2017
---
# Policy CSP - Connectivity
@ -662,7 +662,15 @@ ADMX Info:
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com.

21
windows/client-management/mdm/policy-csp-search.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/13/2017
ms.date: 12/13/2017
---
# Policy CSP - Search
@ -207,6 +207,15 @@ ms.date: 11/13/2017
<!--StartPolicy-->
<a href="" id="search-allowstoringimagesfromvisionsearch"></a>**Search/AllowStoringImagesFromVisionSearch**
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">This policy has been deprecated.
@ -287,10 +296,18 @@ ms.date: 11/13/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Allow Windows indexer. Value type is integer.
<!--EndDescription-->
<!--EndPolicy-->
<hr/>

10
windows/client-management/mdm/policy-csp-start.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/17/2017
ms.date: 12/13/2017
---
# Policy CSP - Start
@ -933,7 +933,15 @@ ms.date: 11/17/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.

13
windows/client-management/mdm/policy-csp-storage.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/13/2017
ms.date: 12/13/2017
---
# Policy CSP - Storage
@ -19,7 +19,7 @@ ms.date: 11/13/2017
## Storage policies
<dl>
<dd>
<dd>
<a href="#storage-allowdiskhealthmodelupdates">Storage/AllowDiskHealthModelUpdates</a>
</dd>
<dd>
@ -54,6 +54,15 @@ ms.date: 11/13/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. Allows disk health model updates.

10
windows/client-management/mdm/policy-csp-update.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/13/2017
ms.date: 12/13/2017
---
# Policy CSP - Update
@ -1485,7 +1485,15 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. Used to manage Windows 10 Insider Preview builds. Value type is integer.

18
windows/client-management/mdm/policy-csp-wirelessdisplay.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 11/13/2017
ms.date: 12/13/2017
---
# Policy CSP - WirelessDisplay
@ -72,7 +72,15 @@ ms.date: 11/13/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS advertisement.
@ -108,7 +116,15 @@ ms.date: 11/13/2017
</table>
<!--EndSKU-->
<!--StartScope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--EndScope-->
<!--StartDescription-->
<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to turn off discovering the display service advertised over multicast DNS by a Wireless Display receiver. If the network administrator is concerned about network congestion, they may set this policy to 0, disabling mDNS discovery.

2
windows/deployment/TOC.md
View File

@ -10,7 +10,7 @@
## [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
## [Deploy Windows 10](deploy.md)
### [Overview of Windows AutoPilot](windows-10-auto-pilot.md)
### [Overview of Windows AutoPilot](windows-10-autopilot.md)
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
### [Windows 10 volume license media](windows-10-media.md)

4
windows/deployment/index.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: high
ms.date: 10/20/2017
ms.date: 12/13/2017
author: greg-lindsay
---
@ -28,7 +28,7 @@ Windows 10 upgrade options are discussed and information is provided about plann
|Topic |Description |
|------|------------|
|[Overview of Windows AutoPilot](windows-10-auto-pilot.md) |Windows AutoPilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices. |
|[Overview of Windows AutoPilot](windows-10-autopilot.md) |Windows AutoPilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices. |
|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about media available in the Microsoft Volume Licensing Service Center. |

292
windows/deployment/windows-10-auto-pilot.md → windows/deployment/windows-10-autopilot.md
View File

@ -1,146 +1,146 @@
---
title: Overview of Windows AutoPilot
description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 11/30/2017
---
# Overview of Windows AutoPilot
**Applies to**
- Windows 10
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
Windows AutoPilot allows you to:
* Automatically join devices to Azure Active Directory (Azure AD)
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
### Prerequisites
* [Devices must be registered to the organization](#registering-devices-to-your-organization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
* [Network connectivity to cloud services used by Windows AutoPilot](#network-connectivity-requirements)
* Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
* Devices must have access to the internet
* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* [Users must be allowed to join devices into Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal)
* Microsoft Intune or other MDM services to manage your devices
## Windows AutoPilot Scenarios
### Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows AutoPilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
#### The Windows AutoPilot Deployment Program experience
The end user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
* Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
</br>
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/4K4hC5NchbE" frameborder="0" allowfullscreen></iframe>
#### Registering devices to your organization
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
>[!NOTE]
>This PowerShell script requires elevated permissions.
By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
Additional options and customization is available through these portals to pre-configure the devices.
For information on how to upload device information, see [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#add-devices-and-apply-autopilot-deployment-profile) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) guidance.
#### OOBE customization
Deployment profiles are used to configure the Out-Of-the-Box-Experience (OOBE) on devices deployed through the Windows AutoPilot Deployment Program.
These are the OOBE customization options available for Windows 10, starting with version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
* Skipping EULA (*staring with Windows 10, version 1709*)
* Preventing the account used to set-up the device from getting local administrator permissions
We are working to add additional options to further personalize and streamline the setup experience in future releases.
To configure and apply deployment profiles, see guidance for the various available administration options:
* [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
* [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
* [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
* [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
##### Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory), to configure these settings.
#### Network connectivity requirements
The Windows AutoPilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
* https://go.microsoft.com
* https://login.microsoftonline.com
* https://login.live.com
* https://account.live.com
* https://signup.live.com
* https://licensing.mp.microsoft.com
* https://licensing.md.mp.microsoft.com
* ctldl.windowsupdate.com
* download.windowsupdate.com
>[!NOTE]
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/en-us/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
## Ensuring your device can be auto-enrolled to MDM
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-auto-pilot.md).
---
title: Overview of Windows AutoPilot
description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: DaniHalfin
ms.author: daniha
ms.date: 12/13/2017
---
# Overview of Windows AutoPilot
**Applies to**
- Windows 10
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.</br>
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
Windows AutoPilot allows you to:
* Automatically join devices to Azure Active Directory (Azure AD)
* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
### Prerequisites
* [Devices must be registered to the organization](#registering-devices-to-your-organization)
* [Company branding needs to be configured](#configure-company-branding-for-oobe)
* [Network connectivity to cloud services used by Windows AutoPilot](#network-connectivity-requirements)
* Devices have to be pre-installed with Windows 10 Professional, Enterprise or Education, of version 1703 or later
* Devices must have access to the internet
* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* [Users must be allowed to join devices into Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/device-management-azure-portal)
* Microsoft Intune or other MDM services to manage your devices
## Windows AutoPilot Scenarios
### Cloud-Driven
The Cloud-Driven scenario enables you to pre-register devices through the Windows AutoPilot Deployment Program. Your devices will be fully configured with no additional intervention required on the users' side.
#### The Windows AutoPilot Deployment Program experience
The end user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
* Provide email address (the email address of the user's Azure AD account) and password
Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
</br>
<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/4K4hC5NchbE" frameborder="0" allowfullscreen></iframe>
#### Registering devices to your organization
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
>[!NOTE]
>This PowerShell script requires elevated permissions.
By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
Additional options and customization is available through these portals to pre-configure the devices.
For information on how to upload device information, see [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#add-devices-and-apply-autopilot-deployment-profile) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) guidance.
#### OOBE customization
Deployment profiles are used to configure the Out-Of-the-Box-Experience (OOBE) on devices deployed through the Windows AutoPilot Deployment Program.
These are the OOBE customization options available for Windows 10, starting with version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
* Skipping EULA (*staring with Windows 10, version 1709*)
* Preventing the account used to set-up the device from getting local administrator permissions
We are working to add additional options to further personalize and streamline the setup experience in future releases.
To configure and apply deployment profiles, see guidance for the various available administration options:
* [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices#manage-autopilot-deployment-profiles)
* [Microsoft Intune](https://docs.microsoft.com/intune/enrollment-autopilot)
* [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
* [Partner Center](https://msdn.microsoft.com/partner-center/autopilot)
##### Configure company branding for OOBE
In order for your company branding to appear during the OOBE, you'll need to configure it in Azure Active Directory first.
See [Add company branding to your directory](https://docs.microsoft.com/azure/active-directory/customize-branding#add-company-branding-to-your-directory), to configure these settings.
#### Network connectivity requirements
The Windows AutoPilot Deployment Program uses a number of cloud services to get your devices to a productive state. This means those services need to be accessible from devices registered as Windows Autopilot devices.
To manage devices behind firewalls and proxy servers, the following URLs need to be accessible:
* https://go.microsoft.com
* https://login.microsoftonline.com
* https://login.live.com
* https://account.live.com
* https://signup.live.com
* https://licensing.mp.microsoft.com
* https://licensing.md.mp.microsoft.com
* ctldl.windowsupdate.com
* download.windowsupdate.com
>[!NOTE]
>Where not explicitly specified, both HTTPS (443) and HTTP (80) need to be accessible.
>[!TIP]
>If you're auto-enrolling your devices into Microsoft Intune, or deploying Microsoft Office, make sure you follow the networking guidlines for [Microsoft Intune](https://docs.microsoft.com/en-us/intune/network-bandwidth-use#network-communication-requirements) and [Office 365](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2).
### IT-Driven
If you are planning to configure devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
## Ensuring your device can be auto-enrolled to MDM
In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=windows-10-auto-pilot.md).

4
windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
View File

@ -60,7 +60,7 @@ Scan files on the network | Scan > Scan network files | Disabled | `-DisableScan
Scan packed executables | Scan > Scan packed executables | Enabled | Not available
Scan removable drives during full scans only | Scan > Scan removable drives | Disabled | `-DisableRemovableDriveScanning`
Specify the level of subfolders within an archive folder to scan | Scan > Specify the maximum depth to scan archive files | 0 | Not available
Specify the maximum CPU load (as a percentage) during a scan. This is a maximum - scans will not always use the maximum load defined here, but they will never exceed it | Scan > Specify the maximum percentage of CPU utilization during a scan | 50 | `-ScanAvgCPULoadFactor`
Specify the maximum CPU load (as a percentage) during a scan. Note: This is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on average. | Scan > Specify the maximum percentage of CPU utilization during a scan | 50 | `-ScanAvgCPULoadFactor`
Specify the maximum size (in kilobytes) of archive files that should be scanned. The default, **0**, applies no limit | Scan > Specify the maximum size of archive files to be scanned | No limit | Not available
**Use Configuration Manager to configure scanning options:**
@ -103,4 +103,4 @@ If Windows Defender Antivirus detects a threat inside an email, it will show you
- [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
- [Configure and run on-demand Windows Defender AV scans](run-scan-windows-defender-antivirus.md)
- [Configure scheduled scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)