diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d6f6446385..31d8d2cd74 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -11487,7 +11487,7 @@ }, { "source_path": "windows/plan/windows-10-compatibility.md", - "redirect_url": "/windows/deployment/planning/windows-10-compatibility", + "redirect_url": "/windows/compatibility/", "redirect_document_id": false }, { diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json index 44cd5fae11..9fe31073d2 100644 --- a/.openpublishing.redirection.windows-deployment.json +++ b/.openpublishing.redirection.windows-deployment.json @@ -1179,6 +1179,16 @@ "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md", "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-and-feature-update-reports-overview", "redirect_document_id": true + }, + { + "source_path": "windows/deployment/planning/windows-10-compatibility.md", + "redirect_url": "/windows/compatibility/", + "redirect_document_id": false + }, + { + "source_path": "windows/deployment/update/plan-determine-app-readiness.md", + "redirect_url": "/windows/compatibility/windows-11/testing-guidelines", + "redirect_document_id": false } ] } diff --git a/education/windows/index.yml b/education/windows/index.yml index ac12ab0836..0cd20e659d 100644 --- a/education/windows/index.yml +++ b/education/windows/index.yml @@ -9,7 +9,6 @@ metadata: ms.collection: - education - tier1 - - essentials-navigation author: paolomatarazzo ms.author: paoloma manager: aaroncz diff --git a/windows/client-management/client-tools/administrative-tools-in-windows.md b/windows/client-management/client-tools/administrative-tools-in-windows.md index 63b3fbd65c..785eb740cc 100644 --- a/windows/client-management/client-tools/administrative-tools-in-windows.md +++ b/windows/client-management/client-tools/administrative-tools-in-windows.md @@ -4,6 +4,8 @@ description: The folders for Windows Tools and Administrative Tools are folders ms.date: 07/01/2024 ms.topic: conceptual zone_pivot_groups: windows-versions-11-10 +ms.collection: +- essentials-manage --- # Windows Tools diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml index 184e34da03..4cee76e2bb 100644 --- a/windows/client-management/index.yml +++ b/windows/client-management/index.yml @@ -10,6 +10,7 @@ metadata: ms.collection: - highpri - tier1 + - essentials-manage author: vinaypamnani-msft ms.author: vinpa manager: aaroncz diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md index 7be2352c9b..1db4cb2fee 100644 --- a/windows/client-management/mdm-overview.md +++ b/windows/client-management/mdm-overview.md @@ -7,6 +7,7 @@ ms.localizationpriority: medium ms.collection: - highpri - tier2 +- essentials-manage --- # Mobile Device Management overview diff --git a/windows/configuration/start/index.md b/windows/configuration/start/index.md index c78ef0401d..0627e33663 100644 --- a/windows/configuration/start/index.md +++ b/windows/configuration/start/index.md @@ -4,6 +4,8 @@ description: Learn how to configure the Windows Start menu to provide quick acce ms.topic: overview ms.date: 04/10/2024 zone_pivot_groups: windows-versions-11-10 +ms.collection: +- essentials-manage appliesto: --- diff --git a/windows/configuration/taskbar/index.md b/windows/configuration/taskbar/index.md index 68edd41929..6ef2fe06f6 100644 --- a/windows/configuration/taskbar/index.md +++ b/windows/configuration/taskbar/index.md @@ -3,6 +3,8 @@ title: Configure the Windows taskbar description: Learn how to configure the Windows taskbar to provide quick access to the tools and applications that users need most. ms.topic: how-to ms.date: 04/17/2024 +ms.collection: +- essentials-manage appliesto: zone_pivot_groups: windows-versions-11-10 --- diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 88851f15ff..339f7151c3 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -36,8 +36,6 @@ href: update/plan-define-readiness.md - name: Evaluate infrastructure and tools href: update/eval-infra-tools.md - - name: Determine application readiness - href: update/plan-determine-app-readiness.md - name: Define your servicing strategy href: update/plan-define-strategy.md - name: Delivery Optimization for Windows client updates @@ -53,6 +51,8 @@ href: planning/windows-10-infrastructure-requirements.md - name: Plan for volume activation href: volume-activation/plan-for-volume-activation-client.md + - name: Windows compatibility cookbook + href: /windows/compatibility/ - name: Features removed or planned for replacement items: - name: Windows client features lifecycle diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md index 9635f725c9..1f89eca0a6 100644 --- a/windows/deployment/do/delivery-optimization-workflow.md +++ b/windows/deployment/do/delivery-optimization-workflow.md @@ -8,15 +8,13 @@ author: cmknox ms.author: carmenf manager: aaroncz ms.reviewer: mstewart -ms.collection: +ms.collection: - tier3 - - essentials-privacy - - essentials-security ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 - ✅ Windows 10 -- ✅ Delivery Optimization +- ✅ Delivery Optimization ms.date: 05/23/2024 --- @@ -30,7 +28,7 @@ Delivery Optimization can't be used to download or send personal content. Delive Delivery Optimization downloads the same updates and apps that you would get through [Windows Update](../update/windows-update-security.md), Microsoft Store apps, and other Microsoft updates using the same security measures. To make sure you're getting authentic updates, Delivery Optimization gets information securely from Microsoft to check the authenticity of each part of an update or app that it downloads from other PCs. The authenticity of the downloads is checked again before installing it. -## Download request workflow +## Download request workflow This workflow allows Delivery Optimization to securely and efficiently deliver requested content to the calling device and explains client-service communication. Delivery Optimization uses content metadata to verify the content and to determine all available locations to pull content from. @@ -50,4 +48,4 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r | cp\*.prod.do.dsp.mp.microsoft.com
| 443 | Content Policy | Provides content specific policies and as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox)
**ContentId**: The content identifier
**doClientVersion**: The version of the DoSvc client
**countryCode**: The country the client is connected from
**altCatalogID**: If ContentID isn't available, use the download URL instead
**eID**: Client grouping ID
**CacheHost**: Cache host ID | | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | **Profile**: The device type (for example, PC or Xbox)
**ContentID**: The content identifier
**doClientVersion**: The version of the DoSvc client
**partitionID**: Client partitioning hint
**altCatalogID**: If ContentID isn't available, use the download URL instead
**eID**: Client grouping ID | | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox)
**ContentID**: The content identifier
**doClientVersion**: The version of the DoSvc client
**altCatalogID**: If ContentID isn't available, use the download URL instead
**PeerID**: Identity of the device running DO client
**ReportedIp**: The internal / private IP Address
**IsBackground**: Is the download interactive or background
**Uploaded**: Total bytes uploaded to peers
**Downloaded**: Total bytes downloaded from peers
**DownloadedCdn**: Total bytes downloaded from CDN
**Left**: Bytes left to download
**Peers Wanted**: Total number of peers wanted
**Group ID**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies)
**Scope**: The Download mode
**UploadedBPS**: The upload speed in bytes per second
**DownloadBPS**: The download speed in Bytes per second
**eID**: Client grouping ID | -| dl.delivery.mp.microsoft.com
download.windowsupdate.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. | +| dl.delivery.mp.microsoft.com
download.windowsupdate.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. | diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index d4f3409ae7..d8717e04d8 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -12,13 +12,12 @@ metadata: ms.collection: - highpri - tier3 - - essentials-navigation author: aczechowski ms.author: aaroncz manager: aaroncz ms.date: 12/22/2023 #Required; mm/dd/yyyy format. localization_priority: medium - + # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new landingContent: @@ -61,8 +60,8 @@ landingContent: - text: Optimize Windows 10 or later update delivery with Configuration Manager url: /mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#windows-delivery-optimization - text: Delivery Optimization settings in Microsoft Intune - url: /mem/intune/configuration/delivery-optimization-windows - + url: /mem/intune/configuration/delivery-optimization-windows + # Card - title: Microsoft Connected Cache (MCC) for Enterprise and Education linkLists: @@ -71,7 +70,7 @@ landingContent: - text: MCC for Enterprise and Education (early preview) url: waas-microsoft-connected-cache.md - text: Sign up - url: https://aka.ms/MSConnectedCacheSignup + url: https://aka.ms/MSConnectedCacheSignup # Card - title: Microsoft Connected Cache (MCC) for Internet Service Providers (ISPs) @@ -84,7 +83,7 @@ landingContent: url: https://aka.ms/MCCForISPSurvey - text: MCC for ISPs (early preview) url: mcc-isp.md - + # Card (optional) - title: Resources diff --git a/windows/deployment/do/waas-delivery-optimization-monitor.md b/windows/deployment/do/waas-delivery-optimization-monitor.md index 6c30ab2dc4..ed6710932b 100644 --- a/windows/deployment/do/waas-delivery-optimization-monitor.md +++ b/windows/deployment/do/waas-delivery-optimization-monitor.md @@ -10,11 +10,10 @@ manager: aaroncz ms.reviewer: mstewart ms.collection: - tier3 - - essentials-manage ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 -- ✅ Windows 10 +- ✅ Windows 10 - ✅ Delivery Optimization ms.date: 05/23/2024 --- diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index 0a8cced507..93e5197724 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -10,7 +10,6 @@ ms.reviewer: mstewart manager: aaroncz ms.collection: - tier3 - - essentials-get-started ms.localizationpriority: medium appliesto: - ✅ Windows 11 diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md index 10e0059d41..133945930d 100644 --- a/windows/deployment/do/waas-delivery-optimization.md +++ b/windows/deployment/do/waas-delivery-optimization.md @@ -11,11 +11,10 @@ ms.reviewer: mstewart ms.collection: - tier3 - highpri - - essentials-overview ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 -- ✅ Windows 10 +- ✅ Windows 10 ms.date: 05/23/2024 --- diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 5e60b0c3c0..3f5ea288b1 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -15,7 +15,7 @@ metadata: author: aczechowski ms.author: aaroncz manager: aaroncz - ms.date: 04/01/2024 + ms.date: 07/12/2024 localization_priority: medium # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new @@ -34,10 +34,10 @@ landingContent: url: update/plan-define-readiness.md - text: Define your servicing strategy url: update/plan-define-strategy.md - - text: Determine application readiness - url: update/plan-determine-app-readiness.md - text: Plan for volume activation url: volume-activation/plan-for-volume-activation-client.md + - text: Windows compatibility cookbook + url: /windows/compatibility/ - title: Prepare linkLists: diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md deleted file mode 100644 index 83227970dd..0000000000 --- a/windows/deployment/planning/windows-10-compatibility.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Windows 10 compatibility (Windows 10) -description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. -manager: aaroncz -ms.author: frankroj -ms.service: windows-client -ms.localizationpriority: medium -author: frankroj -ms.topic: article -ms.subservice: itpro-deploy -ms.date: 10/28/2022 ---- - -# Windows 10 compatibility - -**Applies to** - -- Windows 10 - -Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. - -For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10. - -Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Those applications that interface with Windows at a low level, those applications that use undocumented APIs, or those that do not follow recommended coding practices could experience issues. - -Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store. - -For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](/internet-explorer/ie11-deploy-guide/) - -## Recommended application testing process - -Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level: - -- Identify mission-critical applications and websites, those applications and websites that are essential to the organization's operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release. - -- For less critical applications, apply an "internal flighting" or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines. - -## Related articles - - -[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) - -[Windows 10 deployment considerations](windows-10-deployment-considerations.md) - -[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) \ No newline at end of file diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md index 434b7da17f..4b6d775551 100644 --- a/windows/deployment/planning/windows-10-deployment-considerations.md +++ b/windows/deployment/planning/windows-10-deployment-considerations.md @@ -69,7 +69,7 @@ In either of these scenarios, you can make various configuration changes to the For computers using the [General Availability Channel](../update/waas-overview.md#general-availability-channel), you can deploy these upgrades by using various methods: - Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet. -- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they're approved (deploying like an update). +- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they're approved (deploying like an update). - Configuration Manager task sequences. - Configuration Manager software update capabilities (deploying like an update). @@ -79,5 +79,4 @@ The upgrade process is also optimized to reduce the overall time and network ban ## Related articles -[Windows 10 compatibility](windows-10-compatibility.md)
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index 06a835b0ba..f33cc45e96 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -97,4 +97,3 @@ Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different [Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
-[Windows 10 compatibility](windows-10-compatibility.md)
\ No newline at end of file diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 080e86b6ad..3794cdf447 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -13,7 +13,7 @@ appliesto: - ✅ Windows 11 - ✅ Windows 10 - ✅ Windows Server -ms.date: 12/05/2023 +ms.date: 07/10/2024 --- # Update Windows installation media with Dynamic Update @@ -38,10 +38,10 @@ Devices must be able to connect to the internet to obtain Dynamic Updates. In so ## Acquire Dynamic Update packages -You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://catalog.update.microsoft.com). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. Check various parts of the results to be sure you've identified the needed files. The following tables show the key values to search for or look for in the results. +You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://catalog.update.microsoft.com). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. Check various parts of the results to be sure you've identified the files needed. The following tables show the key values to search for or look for in the results. -### Windows 11, version 22H2 Dynamic Update packages -**Title** can distinguish each Dynamic Package. Cumulative updates have the servicing stack embedded. The servicing stack is published only if necessary for a given cumulative update. +### Windows 11, version 22H2 and later Dynamic Update packages +**Title** can distinguish each Dynamic Package. Latest cumulative updates have the servicing stack embedded. The servicing stack is published only if necessary for a given cumulative update.Titles below are for Windows 11, version 22H2. Windows 11, version 23H2 and 24H2 have a similar format. | Update packages |Title | |-----------------------------------|---------------------------------------------------------------| @@ -61,7 +61,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https |Latest cumulative update | YYYY-MM Cumulative Update for Windows 11 | | | |Servicing stack Dynamic Update | YYYY-MM Servicing Stack Update for Windows 11 Version 21H2 | | | -### For Windows 10, version 22H2 Dynamic Update packages +### Windows 10, version 22H2 Dynamic Update packages **Title**, **Product** and **Description** are required to distinguish each Dynamic Package. Latest cumulative update has the servicing stack embedded. Servicing stack published separately only if necessary as a prerequisite for a given cumulative update. | Update packages |Title |Product |Description | @@ -75,7 +75,7 @@ If you want to customize the image with additional languages or Features on Dema ## Update Windows installation media -Properly updating the installation media involves a large number of actions operating on several different targets (image files). Some actions are repeated on different targets. The target images files include: +Properly updating the installation media involves many actions operating on several different targets (image files). Some actions are repeated on different targets. The target images files include: - Windows Preinstallation Environment (WinPE): a small operating system used to install, deploy, and repair Windows operating systems - Windows Recovery Environment (WinRE): repairs common causes of unbootable operating systems. WinRE is based on WinPE and can be customized with additional drivers, languages, optional packages, and other troubleshooting or diagnostic tools. @@ -86,7 +86,7 @@ This table shows the correct sequence for applying the various tasks to the file |Task |WinRE (winre.wim) |Operating system (install.wim) | WinPE (boot.wim) | New media | |-----------------------------------|-------------------|--------------------------------|------------------|-----------| -|Add servicing stack Dynamic Update | 1 | 9 | 17 | | +|Add servicing stack Dynamic Update | 1 | 9 | 17 | | |Add language pack | 2 | 10 | 18 | | |Add localized optional packages | 3 | | 19 | | |Add font support | 4 | | 20 | | @@ -119,6 +119,13 @@ You don't have to add more languages and features to the image to accomplish the Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid the cleanup failure. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month). + +### Checkpoint cumulative updates +Starting with Windows 11, version 24H2, the latest cumulative update may have a prerequisite cumulative update that is required to be installed first. These are known as checkpoint cumulative updates. In these cases, the cumulative update file level differentials are based on a previous cumulative update instead of the Windows RTM release. The benefit is a smaller update package and faster installation. When you obtain the latest cumulative update from the [Microsoft Update Catalog](https://catalog.update.microsoft.com), checkpoint cumulative updates will be available from the download button. In addition, the knowledge base article for the cumulative update will provide additional information. + +To install the checkpoint(s) when servicing the Windows OS (steps 9 & 12) and WinPE (steps 17 & 23), call `Add-WindowsPackage` with the target cumulative update. The folder from `-PackagePath` will be used to discover and install one or more checkpoints as needed. Only the target cumulative update and checkpoint cumulative updates should be in the `-PackagePath` folder. Cumulative update packages with a revision <= the target cumulative update will be processed. If you are not customizing the image with additional languages and/or optional features, then separate calls to `Add-WindowsPackage` (checkpoint cumulative updates first) can be used for steps 9 & 17 above. Separate calls cannot be used for steps 12 and 23. + + ## Windows PowerShell scripts to apply Dynamic Updates to an existing image These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages are stored locally in this folder structure: @@ -150,12 +157,13 @@ $LANG_FONT_CAPABILITY = "jpan" # If you are using this script for Windows 10, modify to mount and use the LANGPACK ISO. $FOD_ISO_PATH = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso" -# Declare Dynamic Update packages -$LCU_PATH = "C:\mediaRefresh\packages\LCU.msu" -$SSU_PATH = "C:\mediaRefresh\packages\SSU_DU.msu" -$SETUP_DU_PATH = "C:\mediaRefresh\packages\Setup_DU.cab" -$SAFE_OS_DU_PATH = "C:\mediaRefresh\packages\SafeOS_DU.cab" -$DOTNET_CU_PATH = "C:\mediaRefresh\packages\DotNet_CU.msu" +# Declare Dynamic Update packages. A dedicated folder is used for the latest cumulative update, and as needed +# checkpoint cumulative updates. +$LCU_PATH = "C:\mediaRefresh\packages\CU\LCU.msu" +$SSU_PATH = "C:\mediaRefresh\packages\Other\SSU_DU.msu" +$SETUP_DU_PATH = "C:\mediaRefresh\packages\Other\Setup_DU.cab" +$SAFE_OS_DU_PATH = "C:\mediaRefresh\packages\Other\SafeOS_DU.cab" +$DOTNET_CU_PATH = "C:\mediaRefresh\packages\Other\DotNet_CU.msu" # Declare folders for mounted images and temp files $MEDIA_OLD_PATH = "C:\mediaRefresh\oldMedia" @@ -211,14 +219,14 @@ This process is repeated for each edition of Windows within the main operating s # Update each main OS Windows image including the Windows Recovery Environment (WinRE) # -# Get the list of images contained within WinPE +# Get the list of images contained within the main OS $WINOS_IMAGES = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" Foreach ($IMAGE in $WINOS_IMAGES) { # first mount the main OS image Write-Output "$(Get-TS): Mounting main OS, image index $($IMAGE.ImageIndex)" - Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index $IMAGE.ImageIndex -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null + Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\install.wim" -Index $IMAGE.ImageIndex -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null if ($IMAGE.ImageIndex -eq "1") { @@ -237,19 +245,22 @@ Foreach ($IMAGE in $WINOS_IMAGES) { # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the - # combined cumulative update can be installed. + # combined cumulative update can be installed. # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update # Write-Output "$(Get-TS): Adding package $SSU_PATH" - # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null + # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null # Now, attempt the combined cumulative update. # There is a known issue where the servicing stack update is installed, but the cumulative update will fail. This error should # be caught and ignored, as the last step will be to apply the Safe OS update and thus the image will be left with the correct # packages installed. + + Write-Output "$(Get-TS): Adding package $LCU_PATH to WinRE" try { + Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $LCU_PATH | Out-Null } Catch @@ -270,29 +281,27 @@ Foreach ($IMAGE in $WINOS_IMAGES) { # update. This second approach is commented out below. # Write-Output "$(Get-TS): Adding package $SSU_PATH" - # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null + # Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null # # Optional: Add the language to recovery environment # # Install lp.cab cab - Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH" - Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null + Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH to WinRE" + Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null # Install language cabs for each optional package installed $WINRE_INSTALLED_OC = Get-WindowsPackage -Path $WINRE_MOUNT Foreach ($PACKAGE in $WINRE_INSTALLED_OC) { - if ( ($PACKAGE.PackageState -eq "Installed") ` - -and ($PACKAGE.PackageName.startsWith("WinPE-")) ` - -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) { + if ( ($PACKAGE.PackageState -eq "Installed") -and ($PACKAGE.PackageName.startsWith("WinPE-")) -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) { $INDEX = $PACKAGE.PackageName.IndexOf("-Package") if ($INDEX -ge 0) { $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab" if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) { $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB - Write-Output "$(Get-TS): Adding package $OC_CAB_PATH" + Write-Output "$(Get-TS): Adding package $OC_CAB_PATH to WinRE" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null } } @@ -301,7 +310,7 @@ Foreach ($IMAGE in $WINOS_IMAGES) { # Add font support for the new language if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) { - Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH to WinRE" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null } @@ -309,16 +318,16 @@ Foreach ($IMAGE in $WINOS_IMAGES) { if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) { if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) { - Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH to WinRE" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH to WinRE" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null } } # Add Safe OS - Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH" + Write-Output "$(Get-TS): Adding package $SAFE_OS_DU_PATH to WinRE" Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction stop | Out-Null # Perform image cleanup @@ -347,54 +356,54 @@ Foreach ($IMAGE in $WINOS_IMAGES) { # includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these # cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully # rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published, - # and installed first before the combined cumulative update can be installed. + # and installed first before the combined cumulative update can be installed. # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update # Write-Output "$(Get-TS): Adding package $SSU_PATH" - # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null + # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null # Now, attempt the combined cumulative update. Unlike WinRE and WinPE, we don't need to check for error 0x8007007e - Write-Output "$(Get-TS): Adding package $LCU_PATH" - Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null + Write-Output "$(Get-TS): Adding package $LCU_PATH to main OS, index $($IMAGE.ImageIndex)" + Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null # The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU # update. This second approach is commented out below. - # Write-Output "$(Get-TS): Adding package $SSU_PATH" - # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null + # Write-Output "$(Get-TS): Adding package $SSU_PATH to main OS, index $($IMAGE.ImageIndex)" + # Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $SSU_PATH | Out-Null # Optional: Add language to main OS - Write-Output "$(Get-TS): Adding package $OS_LP_PATH" - Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null + Write-Output "$(Get-TS): Adding package $OS_LP_PATH to main OS, index $($IMAGE.ImageIndex)" + Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $OS_LP_PATH -ErrorAction stop | Out-Null # Optional: Add a Features on Demand to the image - Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0" + Write-Output "$(Get-TS): Adding language FOD: Language.Fonts.Jpan~~~und-JPAN~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "Language.Fonts.$LANG_FONT_CAPABILITY~~~und-$LANG_FONT_CAPABILITY~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0" + Write-Output "$(Get-TS): Adding language FOD: Language.Basic~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "Language.Basic~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0" + Write-Output "$(Get-TS): Adding language FOD: Language.OCR~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "Language.OCR~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0" + Write-Output "$(Get-TS): Adding language FOD: Language.Handwriting~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "Language.Handwriting~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0" + Write-Output "$(Get-TS): Adding language FOD: Language.TextToSpeech~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "Language.TextToSpeech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding language FOD:Language.Speech~~~$LANG~0.0.1.0" + Write-Output "$(Get-TS): Adding language FOD: Language.Speech~~~$LANG~0.0.1.0 to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "Language.Speech~~~$LANG~0.0.1.0" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null # Note: If I wanted to enable additional Features on Demand, I'd add these here. # Add latest cumulative update - Write-Output "$(Get-TS): Adding package $LCU_PATH" + Write-Output "$(Get-TS): Adding package $LCU_PATH to main OS, index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null # Perform image cleanup - Write-Output "$(Get-TS): Performing image cleanup on main OS" + Write-Output "$(Get-TS): Performing image cleanup on main OS, index $($IMAGE.ImageIndex)" DISM /image:$MAIN_OS_MOUNT /cleanup-image /StartComponentCleanup | Out-Null # @@ -403,11 +412,11 @@ Foreach ($IMAGE in $WINOS_IMAGES) { # the image to be booted, and thus if we tried to cleanup after installation, it would fail. # - Write-Output "$(Get-TS): Adding NetFX3~~~~" + Write-Output "$(Get-TS): Adding NetFX3~~~~ to main OS, index $($IMAGE.ImageIndex)" Add-WindowsCapability -Name "NetFX3~~~~" -Path $MAIN_OS_MOUNT -Source $FOD_PATH -ErrorAction stop | Out-Null # Add .NET Cumulative Update - Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH" + Write-Output "$(Get-TS): Adding package $DOTNET_CU_PATH to main OS, index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $DOTNET_CU_PATH -ErrorAction stop | Out-Null # Dismount @@ -420,6 +429,7 @@ Foreach ($IMAGE in $WINOS_IMAGES) { } Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sources\install.wim" -Force -ErrorAction stop | Out-Null + ``` ### Update WinPE @@ -438,7 +448,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # update WinPE Write-Output "$(Get-TS): Mounting WinPE, image index $($IMAGE.ImageIndex)" - Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null + Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null # Add servicing stack update (Step 9 from the table) @@ -448,11 +458,11 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the - # combined cumulative update can be installed. + # combined cumulative update can be installed. # This is the code to handle the rare case that the SSU is published and required for the combined cumulative update # Write-Output "$(Get-TS): Adding package $SSU_PATH" - # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null + # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null # Now, attempt the combined cumulative update. # There is a known issue where the servicing stack update is installed, but the cumulative update will fail. @@ -461,6 +471,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { try { + Write-Output "$(Get-TS): Adding package $LCU_PATH to WinPE, image index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH | Out-Null } Catch @@ -481,19 +492,17 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # update. This second approach is commented out below. # Write-Output "$(Get-TS): Adding package $SSU_PATH" - # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null + # Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null # Install lp.cab cab - Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH" - Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null + Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH to WinPE, image index $($IMAGE.ImageIndex)" + Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_OC_LP_PATH -ErrorAction stop | Out-Null # Install language cabs for each optional package installed $WINPE_INSTALLED_OC = Get-WindowsPackage -Path $WINPE_MOUNT Foreach ($PACKAGE in $WINPE_INSTALLED_OC) { - if ( ($PACKAGE.PackageState -eq "Installed") ` - -and ($PACKAGE.PackageName.startsWith("WinPE-")) ` - -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) { + if ( ($PACKAGE.PackageState -eq "Installed") -and ($PACKAGE.PackageName.startsWith("WinPE-")) -and ($PACKAGE.ReleaseType -eq "FeaturePack") ) { $INDEX = $PACKAGE.PackageName.IndexOf("-Package") if ($INDEX -ge 0) { @@ -501,7 +510,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { $OC_CAB = $PACKAGE.PackageName.Substring(0, $INDEX) + "_" + $LANG + ".cab" if ($WINPE_OC_LANG_CABS.Contains($OC_CAB)) { $OC_CAB_PATH = Join-Path $WINPE_OC_LANG_PATH $OC_CAB - Write-Output "$(Get-TS): Adding package $OC_CAB_PATH" + Write-Output "$(Get-TS): Adding package $OC_CAB_PATH to WinPE, image index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $OC_CAB_PATH -ErrorAction stop | Out-Null } } @@ -510,7 +519,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # Add font support for the new language if ( (Test-Path -Path $WINPE_FONT_SUPPORT_PATH) ) { - Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_FONT_SUPPORT_PATH to WinPE, image index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_FONT_SUPPORT_PATH -ErrorAction stop | Out-Null } @@ -518,10 +527,10 @@ Foreach ($IMAGE in $WINPE_IMAGES) { if (Test-Path -Path $WINPE_SPEECH_TTS_PATH) { if ( (Test-Path -Path $WINPE_SPEECH_TTS_LANG_PATH) ) { - Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_PATH to WinPE, image index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_PATH -ErrorAction stop | Out-Null - Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH" + Write-Output "$(Get-TS): Adding package $WINPE_SPEECH_TTS_LANG_PATH to WinPE, image index $($IMAGE.ImageIndex)" Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $WINPE_SPEECH_TTS_LANG_PATH -ErrorAction stop | Out-Null } } @@ -533,11 +542,11 @@ Foreach ($IMAGE in $WINPE_IMAGES) { } # Add latest cumulative update - Write-Output "$(Get-TS): Adding package $LCU_PATH" - Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null + Write-Output "$(Get-TS): Adding package $LCU_PATH to WinPE, image index $($IMAGE.ImageIndex)" + Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $LCU_PATH -ErrorAction stop | Out-Null # Perform image cleanup - Write-Output "$(Get-TS): Performing image cleanup on WinPE" + Write-Output "$(Get-TS): Performing image cleanup on WinPE, image index $($IMAGE.ImageIndex)" DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null if ($IMAGE.ImageIndex -eq "2") { @@ -545,6 +554,18 @@ Foreach ($IMAGE in $WINPE_IMAGES) { # Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null + # Save setuphost.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder + # This is only required starting with Windows 11 version 24H2 + $TEMP = Get-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex + if ([System.Version]$TEMP.Version -ge [System.Version]"10.0.26100") { + + Copy-Item -Path $WINPE_MOUNT"\sources\setuphost.exe" -Destination $WORKING_PATH"\setuphost.exe" -Force -ErrorAction stop | Out-Null + } + else { + + Write-Output "$(Get-TS): Skipping copy of setuphost.exe; image version $($TEMP.Version)" + } + # Save serviced boot manager files later copy to the root media. Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -ErrorAction stop | Out-Null Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -ErrorAction stop | Out-Null @@ -580,21 +601,26 @@ cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PA Write-Output "$(Get-TS): Copying $WORKING_PATH\setup.exe to $MEDIA_NEW_PATH\sources\setup.exe" Copy-Item -Path $WORKING_PATH"\setup.exe" -Destination $MEDIA_NEW_PATH"\sources\setup.exe" -Force -ErrorAction stop | Out-Null +# Copy setuphost.exe from boot.wim, saved earlier. +if (Test-Path -Path $WORKING_PATH"\setuphost.exe") { + + Write-Output "$(Get-TS): Copying $WORKING_PATH\setuphost.exe to $MEDIA_NEW_PATH\sources\setuphost.exe" + Copy-Item -Path $WORKING_PATH"\setuphost.exe" -Destination $MEDIA_NEW_PATH"\sources\setuphost.exe" -Force -ErrorAction stop | Out-Null +} # Copy bootmgr files from boot.wim, saved earlier. $MEDIA_NEW_FILES = Get-ChildItem $MEDIA_NEW_PATH -Force -Recurse -Filter b*.efi Foreach ($File in $MEDIA_NEW_FILES){ - if (($File.Name -ieq "bootmgfw.efi") -or ` - ($File.Name -ieq "bootx64.efi") -or ` - ($File.Name -ieq "bootia32.efi") -or ` - ($File.Name -ieq "bootaa64.efi")) + if (($File.Name -ieq "bootmgfw.efi") -or ($File.Name -ieq "bootx64.efi") -or ($File.Name -ieq "bootia32.efi") -or ($File.Name -ieq "bootaa64.efi")) { + Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)" Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null } elseif ($File.Name -ieq "bootmgr.efi") { + Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)" Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null } diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md deleted file mode 100644 index 6801a4cca8..0000000000 --- a/windows/deployment/update/plan-determine-app-readiness.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Determine application readiness -description: How to test your apps to identify which need attention prior to deploying an update in your organization. -ms.service: windows-client -ms.subservice: itpro-updates -ms.topic: conceptual -ms.author: mstewart -author: mestew -manager: aaroncz -ms.localizationpriority: medium -appliesto: -- ✅ Windows 11 -- ✅ Windows 10 -ms.date: 12/31/2017 ---- - -# Determine application readiness - -Before you deploy a Windows client update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps](plan-define-readiness.md) with respect to their criticality in your organization. - -## Validation methods - -You can choose from various methods to validate apps. Exactly which ones to use depends on the specifics of your environment. - - -|Validation method |Description | -|---------|---------| -|Full regression | A full quality assurance probing. Staff that know the application well and can validate its core functionality should do this validation. | -|Smoke testing | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application they're validating. | -|Automated testing | Software performs tests automatically. The software lets you know whether the tests have passed or failed, and provides detailed reporting for you automatically. | -|Test in pilot | You preselect users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types. | -|Reactive response | Applications are validated in late pilot, and no specific users are selected. These applications normally aren't installed on many devices and aren't handled by enterprise application distribution. | - -Combining the various validation methods with the app classifications you've previously established might look like this: - - -|Validation method |Critical apps |Important apps |Not important apps | -|---------|---------|---------|---------| -|Full regression | x | | | -|Smoke testing | | x | | -|Automated testing | x | x | x | -|Test in pilot | x | x | x | - - -### Identify users - -Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you have to choose which users are best suited for validation testing. Some factors to consider include: - -- **Location**: If users are in different physical locations, can you support them and get validation feedback from the region they're in? -- **Application knowledge**: Do the users have appropriate knowledge of how the app is supposed to work? -- **Technical ability**: Do the users have enough technical competence to provide useful feedback from various test scenarios? - -You could seek volunteers who enjoy working with new features and include them in the pilot deployment. You might want to avoid using core users like department heads or project managers. Current application owners, operations personnel, and developers can help you identify the most appropriate pilot users. - -### Identify and set up devices for validation - -In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection includes devices representing all of the hardware models in your environment. - -There's more than one way to choose devices for app validation: - -- **Existing pilot devices**: You might already have a list of devices that you regularly use for testing updates as part of release cycles. -- **Manual selection**: Some internal groups like operations have expertise to help choose devices manually based on specifications, usage, or records of past support problems. -- **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices. diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md index 732aab35e3..def7222a70 100644 --- a/windows/deployment/update/prepare-deploy-windows.md +++ b/windows/deployment/update/prepare-deploy-windows.md @@ -1,14 +1,14 @@ --- title: Prepare to deploy Windows -description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users +description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users. ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: concept-article author: mestew ms.author: mstewart manager: aaroncz ms.localizationpriority: medium -appliesto: +appliesto: - ✅ Windows 11 - ✅ Windows 10 ms.date: 12/31/2017 @@ -19,7 +19,7 @@ ms.date: 12/31/2017 Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows client. The planning phase left you with these useful items: - A clear understanding of necessary personnel and their roles and criteria for [rating app readiness](plan-define-readiness.md) -- A plan for [testing and validating](plan-determine-app-readiness.md) apps +- A plan for [testing and validating](/windows/compatibility/windows-11/testing-guidelines) apps - An assessment of your [deployment infrastructure](eval-infra-tools.md) and definitions for operational readiness - A [deployment plan](create-deployment-plan.md) that defines the rings you want to use @@ -35,7 +35,7 @@ Your infrastructure probably includes many different components and tools. You n 1. Review all of the infrastructure changes that you've identified in your plan. It's important to understand the changes that need to be made and to detail how to implement them. This process prevents problems later on. -2. Validate your changes. You validate the changes for your infrastructure's components and tools, to help you understand how your changes could affect your production environment. +2. Validate your changes. You validate the changes for your infrastructure's components and tools, to help you understand how your changes could affect your production environment. 3. Implement the changes. Once the changes have been validated, you can implement the changes across the wider infrastructure. @@ -166,11 +166,11 @@ You can also create and run scripts to perform additional cleanup actions on dev In the plan phase, you determined the specific infrastructure and configuration changes that needed to be implemented to add new capabilities to the environment. Now you can move on to implementing those changes defined in the plan phase. You need to complete these higher-level tasks to gain those new capabilities: -- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions come with new policies that you use to update ADMX templates. +- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions come with new policies that you use to update ADMX templates. - Validate new changes to understand how they affect the wider environment. -- Remediate any potential problems that have been identified through validation. +- Remediate any potential problems that have been identified through validation. ## Prepare users diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml index 2c2a7c6642..3385e19bee 100644 --- a/windows/deployment/windows-autopatch/index.yml +++ b/windows/deployment/windows-autopatch/index.yml @@ -17,7 +17,6 @@ metadata: ms.collection: - highpri - tier2 - - essentials-navigation # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md index ee20c918b3..1a03d4c08b 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md @@ -13,7 +13,6 @@ ms.reviewer: andredm7 ms.collection: - highpri - tier1 - - essentials-manage --- # Software update management diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md index 0b6c9d7421..6273ceb86d 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md @@ -13,7 +13,6 @@ ms.reviewer: smithcharles ms.collection: - highpri - tier1 - - essentials-manage --- # Maintain the Windows Autopatch environment diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md index 54d541524e..16dd0cc679 100644 --- a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md +++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md @@ -13,7 +13,6 @@ ms.reviewer: rekhanr ms.collection: - highpri - tier1 - - essentials-manage --- # Policy health and remediation diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md index df3a6cd77d..a44081d038 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md @@ -12,7 +12,6 @@ manager: aaroncz ms.reviewer: hathind ms.collection: - tier2 - - essentials-get-started --- # Windows Autopatch deployment guide diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md index f5f9d6ac76..f8f71f9db2 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md @@ -4,7 +4,7 @@ description: Details what the service is and shortcuts to articles. ms.date: 07/08/2024 ms.service: windows-client ms.subservice: itpro-updates -ms.topic: conceptual +ms.topic: overview ms.localizationpriority: medium author: tiaraquan ms.author: tiaraquan @@ -12,7 +12,6 @@ manager: aaroncz ms.collection: - highpri - tier1 - - essentials-overview ms.reviewer: hathind --- diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md index 5b74de7688..c2aadef998 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md @@ -13,7 +13,6 @@ ms.reviewer: hathind ms.collection: - highpri - tier1 - - essentials-privacy --- # Privacy diff --git a/windows/hub/index.yml b/windows/hub/index.yml index 6bed7b9fcc..95d49b10a7 100644 --- a/windows/hub/index.yml +++ b/windows/hub/index.yml @@ -15,7 +15,7 @@ metadata: author: paolomatarazzo ms.author: paoloma manager: aaroncz - ms.date: 04/25/2024 + ms.date: 07/11/2024 highlightedContent: items: @@ -34,19 +34,15 @@ highlightedContent: - title: Windows commercial licensing itemType: overview url: /windows/whats-new/windows-licensing - - title: Copilot in Windows - itemType: how-to-guide - url: /windows/client-management/manage-windows-copilot - title: Windows 365 documentation itemType: overview url: /windows-365 - title: Explore all Windows trainings and learning paths for IT pros itemType: learn url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator - -# - title: Enroll Windows client devices in Microsoft Intune -# itemType: how-to-guide -# url: /mem/intune/fundamentals/deployment-guide-enrollment-windows + - title: Enroll Windows client devices in Microsoft Intune + itemType: how-to-guide + url: /mem/intune/fundamentals/deployment-guide-enrollment-windows productDirectory: title: Get started @@ -55,10 +51,10 @@ productDirectory: - title: Learn how to deploy Windows imageSrc: /media/common/i_deploy.svg links: - - url: /mem/autopilot/ - text: Windows Autopilot overview - - url: /mem/autopilot/tutorial/autopilot-scenarios - text: "Tutorial: Windows Autopilot scenarios" + - url: /autopilot/ + text: Windows Autopilot + - url: /autopilot/device-preparation/compare + text: Compare Windows Autopilot solutions - url: /windows/deployment/do/ text: Delivery optimization - url: /windows/deployment/update/deployment-service-overview @@ -103,14 +99,14 @@ productDirectory: - title: Learn how to manage Windows imageSrc: /media/common/i_management.svg links: + - url: /windows/client-management/administrative-tools-in-windows-10 + text: Windows administrative tools + - url: /windows/client-management/client-tools/windows-version-search + text: What version of Windows am I running? - url: /windows/client-management/mobile-device-enrollment text: MDM enrollment - url: /windows/client-management/mdm/ - text: Configuration Service Provider (CSP) - - url: /windows/client-management/administrative-tools-in-windows-10 - text: Windows administrative tools - - url: /windows/client-management/manage-windows-copilot - text: Manage Copilot in Windows + text: Configuration Service Provider (CSP) reference - url: /windows/application-management/index text: Learn more about application management > - url: /windows/client-management diff --git a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md index 21442ea394..46d07c19a7 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md @@ -4,7 +4,6 @@ description: Learn how to plan and implement a WDAC deployment. ms.localizationpriority: medium ms.date: 01/23/2023 ms.topic: overview -ms.collection: essentials-get-started --- # Deploying Windows Defender Application Control (WDAC) policies @@ -31,7 +30,7 @@ Before you deploy your WDAC policies, you must first convert the XML to its bina { $PolicyBinary = "SiPolicy.p7b" } - + ## Binary file will be written to your desktop ConvertFrom-CIPolicy -XmlFilePath $WDACPolicyXMLFile -BinaryFilePath $env:USERPROFILE\Desktop\$PolicyBinary ``` diff --git a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md index 81a98c78ca..71c48fb256 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md @@ -4,7 +4,6 @@ description: Gather information about how your deployed Windows Defender Applica ms.localizationpriority: medium ms.date: 03/30/2023 ms.topic: how-to -ms.collection: essentials-manage --- # Windows Defender Application Control operational guide diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md index f35be85ec0..2d0145d3bc 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md @@ -4,9 +4,6 @@ description: Application Control restricts which applications users are allowed ms.localizationpriority: medium ms.collection: - tier3 -- must-keep -- essentials-navigation -- essentials-overview ms.date: 08/30/2023 ms.topic: overview --- diff --git a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md index 66feedfe73..dfdb572272 100644 --- a/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md +++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md @@ -9,7 +9,7 @@ ms.date: 07/10/2024 Microsoft Pluton security processor is a chip-to-cloud security technology built with [Zero Trust](/security/zero-trust/zero-trust-overview) principles at the core. Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. Pluton technology is a combination of a secure subsystem, which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem. -Microsoft Pluton is currently available on devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2. +Microsoft Pluton is currently available on devices with AMD Ryzen® 6000, 7000, 8000, Ryzen AI and Qualcomm Snapdragon® 8cx Gen 3 and Snapdragon X series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2 and later. ## What is Microsoft Pluton? @@ -19,6 +19,25 @@ Microsoft Pluton is designed to provide the functionality of the Trusted Platfor Pluton is built on proven technology used in Xbox and Azure Sphere, and provides hardened integrated security capabilities to Windows 11 devices in collaboration with leading silicon partners. For more information, see [Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs](https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/). +## How can Pluton help customers? + +Pluton is built with the goal of providing customers with better end-to-end security experiences. It does so by doing three things: + +1. **Zero-trust security and reliability**: Customer security scenarios often span devices and cloud services. Windows PCs and services like Microsoft Entra and Intune need to work harmoniously together to provide frictionless security. Pluton is designed, built and maintained in close collaboration with teams across Microsoft to ensure that customers get both high security and reliability. +1. **Innovation**: Pluton platform and the functionality it provides is informed by customer feedback and Microsoft’s threat intelligence. As an example, Pluton platforms in 2024 AMD and Intel systems will start to use a Rust-based firmware foundation given the importance of memory safety. +1. **Continuous improvement**: Pluton platform supports loading new firmware delivered through operating system updates. This functionality is supported alongside the typical mechanism of UEFI capsule updates that update the Pluton firmware that is resident on the system’s SPI flash and loaded during early system boot. The additional support for dynamically loading valid new Pluton firmware through operating system updates facilitates continuous improvements both for bug fixes and new features. + +### A practical example: zero-trust security with device-based conditional access policies + +An increasingly important zero-trust workflow is conditional access – gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune, for example, supports different workflows for conditional access including [device-based conditional access](/mem/intune/protect/create-conditional-access-intune) which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organization’s apps and services. + +To ensure that Intune gets an accurate picture about the device’s health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM. + +For the end-to-end scenario to be truly successful at scale, the hardware-based security is not enough. Since access to enterprise assets is being gated based on security settings that are being reported by the TPM logs, it is critical that these logs are available reliably. Zero-trust security essentially requires high reliability. + +With Pluton, when it is configured as the TPM for the system, customers using conditional access get the benefits of Pluton’s security architecture and implementation with the reliability that comes from the tight integration and collaboration between Pluton and other Microsoft components and services. + + ## Microsoft Pluton security architecture overview ![Diagram showing the Microsoft Pluton security processor architecture](../images/pluton/pluton-security-architecture.png) diff --git a/windows/security/index.yml b/windows/security/index.yml index afb32d0f77..9553388f93 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -7,7 +7,6 @@ metadata: ms.topic: landing-page ms.collection: - tier1 - - essentials-navigation author: paolomatarazzo ms.author: paoloma manager: aaroncz diff --git a/windows/security/introduction.md b/windows/security/introduction.md index 7b90b57e21..073a4309b9 100644 --- a/windows/security/introduction.md +++ b/windows/security/introduction.md @@ -6,7 +6,6 @@ ms.topic: tutorial ms.author: paoloma ms.collection: - essentials-security - - essentials-overview content_well_notification: - AI-contribution author: paolomatarazzo diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md index a32a7baeb6..c3887cd926 100644 --- a/windows/whats-new/windows-11-plan.md +++ b/windows/whats-new/windows-11-plan.md @@ -1,18 +1,18 @@ --- title: Plan for Windows 11 -description: Windows 11 deployment planning, IT Pro content. +description: This article provides guidance to help you plan for Windows 11 in your organization. ms.service: windows-client author: mestew ms.author: mstewart manager: aaroncz ms.localizationpriority: high -ms.topic: conceptual +ms.topic: get-started ms.collection: - highpri - tier1 - essentials-get-started ms.subservice: itpro-fundamentals -ms.date: 02/06/2024 +ms.date: 07/12/2024 appliesto: - ✅ Windows 11 --- @@ -20,98 +20,102 @@ appliesto: # Plan for Windows 11 This article provides guidance to help you plan for Windows 11 in your organization. + ## Deployment planning -Since Windows 11 is built on the same foundation as Windows 10, you can use the same deployment capabilities, scenarios, and tools—and the same basic deployment strategy that you use today for Windows 10. You'll need to review and update your servicing strategy to adjust for changes in [Servicing and support](#servicing-and-support) for Windows 11. +Since Windows 11 is built on the same foundation as Windows 10, you can use the same deployment capabilities, scenarios, and tools. You can also use the same basic deployment strategy that you use today for Windows 10. Make sure that you review and update your servicing strategy to adjust for changes in [servicing and support](#servicing-and-support) for Windows 11. At a high level, this strategy should include the following steps: + - [Create a deployment plan](/windows/deployment/update/create-deployment-plan) - [Define readiness criteria](/windows/deployment/update/plan-define-readiness) - [Evaluate infrastructure and tools](/windows/deployment/update/eval-infra-tools) -- [Determine application readiness](/windows/deployment/update/plan-determine-app-readiness) +- [Test applications](/windows/compatibility/windows-11/testing-guidelines) - [Define your servicing strategy](/windows/deployment/update/plan-define-strategy) -If you're looking for ways to optimize your approach to deploying Windows 11, or if deploying a new version of an operating system isn't a familiar process for you, some items to consider are provided below: +If you're looking for ways to optimize your approach to deploying Windows 11, or if deploying a new version of Windows isn't a familiar process for you, consider the factors in the following sections. ## Determine eligibility -As a first step, you'll need to know which of your current devices meet the Windows 11 hardware requirements. Most devices purchased in the last 18-24 months will be compatible with Windows 11. Verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md) to ensure it's compatible. +As a first step, determine which of your current devices meet the Windows 11 hardware requirements. To ensure compatibility, verify that your device meets or exceeds [Windows 11 requirements](windows-11-requirements.md). -Microsoft is currently developing analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. When Windows 11 reaches general availability, users running Windows 10 Home, Pro, and Pro for Workstations will be able to use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine their eligibility for Windows 11. Users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they're eligible for the upgrade.  - -Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as Endpoint analytics and Update Compliance. This capability will be available when Windows 11 is generally available. Microsoft is also working with software publishing partners to facilitate adding Windows 11 device support into their solutions. +Microsoft has analysis tools to help you evaluate your devices against the Windows 11 hardware requirements. If you're running Windows 10 Home, Pro, or Pro for Workstations editions, you can use the [PC Health Check](https://www.microsoft.com/windows/windows-11#pchealthcheck) app to determine Windows 11 eligibility. Users running Windows 10 Enterprise and Education editions should rely on their IT administrators to let them know when they're eligible for the upgrade. + +Enterprise organizations looking to evaluate device readiness in their environments can expect this capability to be integrated into existing Microsoft tools, such as [Endpoint analytics](/mem/analytics/). ## Windows 11 availability -The availability of Windows 11 will vary according to a device's hardware and whether the device receives updates directly, or from a management solution that is maintained by an IT administrator. +The availability of Windows 11 varies according to a device's hardware and whether the device receives updates directly from Microsoft, or from a management solution that's maintained by an IT administrator. -##### Managed devices +For more information, see [Defining Windows update-managed devices](/windows/deployment/update/update-managed-unmanaged-devices). -Managed devices are devices that are under organizational control. Managed devices include those devices managed by Microsoft Intune, Microsoft Configuration Manager, or other endpoint management solutions. +### Managed devices -If you manage devices on behalf of your organization, you'll be able to upgrade eligible devices to Windows 11 using your existing deployment and management tools at no cost when the upgrade reaches general availability. Organizations that use Windows Update for Business will have added benefits, such as: +Managed devices are devices that are under organizational control. Managed devices include those devices managed by Microsoft Intune, Microsoft Configuration Manager, or other endpoint management solutions. -- Ensuring that devices that don't meet the minimum hardware requirements aren't automatically offered the Windows 11 upgrade. -- More insight into safeguard holds. While safeguard holds will function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business will have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11. +If you manage devices on behalf of your organization, you can upgrade eligible devices to Windows 11 using your existing deployment and management tools. + +Organizations that use Windows Update for Business also have the following benefits: + +- Ensuring that devices that don't meet the minimum hardware requirements aren't automatically offered the Windows 11 upgrade. +- More insight into safeguard holds. While safeguard holds function for Windows 11 devices just as they do for Windows 10 today, administrators using Windows Update for Business have access to information on which safeguard holds are preventing individual devices from taking the upgrade to Windows 11. > [!NOTE] -> Also, Windows 11 has new Microsoft Software License Terms. If you are deploying with Windows Update for Business or Windows Server Update Services, you are accepting these new license terms on behalf of the users in your organization. +> Also, Windows 11 has new Microsoft Software License Terms. If you deploy with Windows Update for Business or Windows Server Update Services, you accept these new license terms on behalf of the users in your organization. -##### Unmanaged devices +### Unmanaged devices -Unmanaged devices are devices that aren't managed by an IT administrator on behalf of an organization. For operating system (OS) deployment, these devices aren't subject to organizational policies that manage upgrades or updates. +Unmanaged devices are devices that an IT administrator doesn't manage on behalf of an organization. For OS deployment, these devices aren't subject to organizational policies that manage upgrades or updates. -Windows 11 will be offered to eligible Windows 10 devices beginning later in the 2021 calendar year. Messaging on new devices will vary by PC manufacturer, but users will see labels such as **This PC will upgrade to Windows 11 once available** on products that are available for purchase. +Windows 11 was offered to eligible Windows 10 devices in 2021. Messaging on new devices varies by PC manufacturer. -The Windows 11 upgrade will be available initially on eligible, unmanaged devices to users who manually seek the upgrade through Windows Update. As with all Windows Update managed devices, the **Windows Update Settings** page will confirm when a device is eligible, and users can upgrade if they choose to. +The Windows 11 upgrade is available on eligible, unmanaged devices to users who manually seek the upgrade through Windows Update. As with all Windows Update-managed devices, the **Windows Update** settings page confirms when a device is eligible. -Just like Windows 10, the machine learning-based [intelligent rollout](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860) process will be used when rolling out upgrades. Machine learning uses a combination of testing, close partner engagement, feedback, diagnostic data, and real-life insights to manage quality. This process improves the update experience and ensures that devices first nominated for updates are the devices likely to have a seamless experience. Devices that might have compatibility issues with the upgrade get the benefit of resolving these issues before the upgrade is offered. +Just like Windows 10, the machine learning-based [intelligent rollout](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/using-machine-learning-to-improve-the-windows-10-update/ba-p/877860) process is used when rolling out upgrades. Machine learning uses a combination of testing, close partner engagement, feedback, diagnostic data, and real-life insights to manage quality. This process improves the update experience and ensures that devices first nominated for updates are the devices likely to have a seamless experience. Devices that might have compatibility issues with the upgrade get the benefit of resolving these issues before the upgrade is offered. -## Windows 11 readiness considerations +## Windows 11 readiness considerations -The recommended method to determine if your infrastructure, deployment processes, and management tools are ready for Windows 11 is to join the [Windows Insider Program for Business](https://insider.windows.com/for-business). As a participant in the [Release Preview Channel](/windows-insider/business/validate-Release-Preview-Channel), you can validate that your devices and applications work as expected, and explore new features. +The recommended method to determine if your infrastructure, deployment processes, and management tools are ready for Windows 11 is to join the [Windows Insider Program for Business](https://insider.windows.com/for-business). As a participant in the [release preview channel](/windows-insider/business/validate-Release-Preview-Channel), you can validate that your devices and applications work as expected, and explore new features. As you plan your endpoint management strategy for Windows 11, consider moving to cloud-based mobile device management (MDM), such as [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). If a cloud-only approach isn't right for your organization yet, you can still modernize and streamline essential pieces of your endpoint management strategy as follows: -- Create a [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview) (CMG) to manage Configuration Manager clients over the internet. -- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -- Use [co-management](/mem/configmgr/comanage/overview) to concurrently manage devices using both Configuration Manager and Microsoft Intune. This concurrent management allows you to take advantage of cloud-powered capabilities like [Conditional Access](/azure/active-directory/conditional-access/overview). -For more information on the benefits of these approaches, see [Cloud Attach Your Future: The Big 3](https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-attach-your-future-part-ii-quot-the-big-3-quot/ba-p/1750664). +- To manage Configuration Manager clients over the internet, create a [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview) (CMG). +- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +- Use [co-management](/mem/configmgr/comanage/overview) to concurrently manage devices using both Configuration Manager and Microsoft Intune. This concurrent management allows you to take advantage of cloud-powered capabilities like [conditional access](/azure/active-directory/conditional-access/overview). + +For more information on the benefits of these approaches, see [Cloud Attach Your Future: The Big 3](https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-attach-your-future-part-ii-quot-the-big-3-quot/ba-p/1750664). The introduction of Windows 11 is also a good time to review your hardware refresh plans and prioritize eligible devices to ensure an optimal experience for your users. ## Servicing and support -Along with user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback. +Along with user experience and security improvements, Windows 11 introduces enhancements to Microsoft's servicing approach based on your suggestions and feedback. -**Quality updates**: Windows 11 and Windows 10 devices will receive regular monthly quality updates to provide security updates and bug fixes. +- **Quality updates**: Windows 11 and Windows 10 devices receive regular monthly quality updates to provide security updates and bug fixes. -**Feature updates**: Microsoft will provide a single Windows 11 feature update annually, targeted for release in the second half of each calendar year. +- **Feature updates**: Microsoft provides a single Windows 11 feature update annually, targeted for release in the second half of each calendar year. -**Lifecycle**: -- Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 will receive 24 months of support from the general availability date. -- Enterprise and Education editions of Windows 11 will be supported for 36 months from the general availability date. +- **Lifecycle**: -When Windows 11 reaches general availability, a consolidated [Windows 11 update history](https://support.microsoft.com/topic/59875222-b990-4bd9-932f-91a5954de434) is available, similar to what is [available today for Windows 10](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11). Similarly, the [Windows release health](/windows/release-health/) hub will offer quick access to Windows 11 servicing announcements, known issues, and safeguard holds. + - Home, Pro, Pro for Workstations, and Pro for Education editions of Windows 11 receive 24 months of support from the general availability date. + - Enterprise and Education editions of Windows 11 are supported for 36 months from the general availability date. -It's important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations will have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 will continue to receive monthly Windows 10 security updates through 2025, and incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page, which offers information about the Windows 10 General Availability Channel and Long-term Servicing Channel (LTSC) releases. +A consolidated [Windows 11 update history](https://support.microsoft.com/topic/59875222-b990-4bd9-932f-91a5954de434) is available. Similarly, the [Windows release health](/windows/release-health/) hub offers quick access to Windows 11 servicing announcements, known issues, and safeguard holds. + +It's important that organizations have adequate time to plan for Windows 11. Microsoft also recognizes that many organizations have a mix of Windows 11 and Windows 10 devices across their ecosystem. Devices on in-service versions of Windows 10 continue to receive monthly Windows 10 security updates, and incremental improvements to Windows 10 to support ongoing Microsoft 365 deployments. For more information, see the [Windows 10 release information](/windows/release-health/release-information) page. ## Application compatibility Microsoft's compatibility promise for Windows 10 is maintained for Windows 11. Data from the App Assure program shows that Windows 10 compatibility rates are over 99.7% for enterprise organizations, including line of business (LOB) apps. Microsoft remains committed to ensuring that the apps you rely upon continue to work as expected when you upgrade. Windows 11 is subject to the same app compatibility validation requirements that are in place for Windows 10 today, for both feature and quality updates. -#### App Assure +For more information, see [Windows compatibility cookbook](/windows/compatibility/). -If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, App Assure can help. +### App Assure -- **App Assure**: With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft will help you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats. - -You might already be using App Assure in your Windows 10 environment. The tool will continue to function with Windows 11. +If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, App Assure can help. With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft helps you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with more than 150 devices. ## Next steps [Prepare for Windows 11](windows-11-prepare.md) -## Also see - [Plan to deploy updates for Windows 10 and Microsoft 365 Apps](/training/modules/windows-plan/)