Merge branch 'master' into symantec-mdatp

2025-05-28 05:07:23 +00:00 · 2020-06-18 12:14:12 -07:00 · 2020-06-18 12:14:12 -07:00 · 07431aa24d
commit 07431aa24d
parent 9b50ab042d 04231f78f5
7 changed files with 66 additions and 8 deletions
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@ -42,7 +42,7 @@
        - name: Determine application readiness
          href: update/plan-determine-app-readiness.md 
        - name: Define your servicing strategy
-          href: update/waas-servicing-strategy-windows-10-updates.md
+          href: update/plan-define-strategy.md
        - name: Best practices for feature updates on mission-critical devices
          href: update/feature-update-mission-critical.md
        - name: Windows 10 deployment considerations
@ -165,8 +165,10 @@
          items:
            - name: Monitor Delivery Optimization
              href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization
-            - name: Monitor Windows Updates with Update Compliance
+            - name: Monitor Windows Updates
              items:
+              - name: Monitor Windows Updates with Update Compliance
+                href: update/update-compliance-monitor.md
              - name: Get started
                items: 
                  - name: Get started with Update Compliance
@ -238,6 +240,8 @@
      items:
        - name: How does Windows Update work?
          href: update/how-windows-update-works.md
+        - name: Deploy Windows 10 with Microsoft 365
+          href: deploy-m365.md
        - name: Understanding the Unified Update Platform
          href: update/windows-update-overview.md
        - name: Servicing stack updates
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@ -50,8 +50,8 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
 >If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.

 1. [Obtain a free M365 trial](https://docs.microsoft.com/office365/admin/try-or-buy-microsoft-365).
-2. Check out the [Microsoft 365 deployment advisor](https://portal.office.com/onboarding/Microsoft365DeploymentAdvisor#/).
-3. Also check out the [Windows Analytics deployment advisor](https://portal.office.com/onboarding/WindowsAnalyticsDeploymentAdvisor#/). This advisor will walk you through deploying [Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), [Update Compliance](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), and [Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor). 
+2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
+3. Also check out the [Windows Analytics deployment advisor](https://aka.ms/windowsanalyticssetupguide). This advisor will walk you through deploying [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview). 

 That's all there is to it! 

--- a/windows/deployment/update/images/annual-calendar.png
+++ b/windows/deployment/update/images/annual-calendar.png
--- a/windows/deployment/update/images/rapid-calendar.png
+++ b/windows/deployment/update/images/rapid-calendar.png
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@ -0,0 +1,49 @@
+---
+title: Define update strategy
+description: Two examples of a calendar-based approach to consistent update installation
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+author: jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.reviewer: 
+manager: laurawi
+ms.topic: article
+---
+
+# Define update strategy with a calendar
+
+Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
+
+Today, more organizations are treating deployment as a continual process of updates which roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
+
+Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, an so you might choose to update annually. The 18/30 month lifecycle cadence lets you to allow some portion of you environment to move faster while a majority can move less quickly.
+
+## Calendar approaches
+You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
+
+### Annual
+Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Configuration Manager and Microsoft 365 Apps release cycles:
+
+![Calendar showing an annual update cadence](images/annual-calendar.png)
+
+This approach provides approximately twelve months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.
+
+This cadence might be most suitable for you if any of these conditions apply:
+
+- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a once every 3-5 year project to a twice a year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
+- You want to wait and see how successful other companies are at adopting a Windows 10 feature update.
+- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
+
+### Rapid
+This calendar shows an example schedule that installs each feature update as it is released, twice per year:
+
+![Update calendar showing a faster update cadence](images/rapid-calendar.png)
+
+This cadence might be best for you if these conditions apply:
+
+- You have a strong appetite for change.
+- You want to continuously update supporting infrastructure and unlock new scenarios.
+- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
+- You have experience with feature updates for Windows 10.
--- a/windows/deployment/windows-autopilot/policy-conflicts.md
+++ b/windows/deployment/windows-autopilot/policy-conflicts.md
@ -23,13 +23,18 @@ ms.topic: article

 - Windows 10

-There are a sigificant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.
+There are a significant number of policy settings available for Windows 10, both as native MDM policies and group policy (ADMX-backed) settings. Some of these can cause issues in certain Windows Autopilot scenarios as a result of how they change the behavior of Windows 10. If you encounter any of these issues, remove the policy in question to resolve the issue.

 <table>
 <th>Policy<th>More information

-<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/partner-center/regional-authorization-overview">Password policy</a>
-<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.
+<tr><td width="50%">Device restriction / <a href="https://docs.microsoft.com/windows/client-management/mdm/devicelock-csp">Password Policy</a></td>
+<td>When certain <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-devicelock">DeviceLock policies</a>, such as minimum password length and password complexity, or any similar group policy settings, including any that disable auto-logon, are applied to a device, and that device reboots during the device Enrollment Status Page (ESP), the out-of-box experience or user desktop auto-logon could fail unexpectantly.  This is especially true for kiosk scenarios where passwords are automatically generated.</td>
+
+<tr><td width="50%">Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Administrator elevation prompt behavior</a>
+<br>Windows 10 Security Baseline / <a href="https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions">Require admin approval mode for administrators</a></td>
+<td>When modifying user account control (UAC) settings during the out-of-box experience (OOBE) using device Enrollment Status Page (ESP), additional UAC prompts may result, especially if the device reboots after these policies are applied enabling them to take effect.  To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process.</td>
+
 </table>

 ## Related topics
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@ -148,7 +148,7 @@ It's important to understand the following prerequisites prior to creating indic

 5. Review the details in the Summary tab, then click **Save**.

-## Create indicators for certificates (preview)
+## Create indicators for certificates

 You can create indicators for certificates. Some common use cases include: