From 5a80ed449f64a8888457630c5d05bc4b740115a1 Mon Sep 17 00:00:00 2001 From: Kofl Date: Sat, 14 Jan 2023 20:00:35 +0100 Subject: [PATCH 1/4] Update mcc-enterprise-deploy.md fixed typo Set- VMProcessor ... => Set-VMProcessor --- windows/deployment/do/mcc-enterprise-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md index c39e4b5a84..76b5333ac9 100644 --- a/windows/deployment/do/mcc-enterprise-deploy.md +++ b/windows/deployment/do/mcc-enterprise-deploy.md @@ -163,7 +163,7 @@ Installing MCC on your Windows device is a simple process. A PowerShell script p 1. Enable nested virtualization: ```powershell - Set -VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true + Set-VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true ``` 1. Enable MAC spoofing: From d1dbbe6c7bb36a3ff8cad1ae4885630ffe52dc45 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 9 Mar 2023 12:29:49 -0800 Subject: [PATCH 2/4] Revert "Add documentation for ScanBeforeInitialLogonAllowed" --- windows/deployment/update/waas-wu-settings.md | 26 ++++++------------- 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 63f165899e..af807a712a 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -9,12 +9,17 @@ manager: aaroncz ms.topic: article ms.collection: highpri, tier2 ms.technology: itpro-updates -ms.date: 03/09/2023 +ms.date: 01/06/2023 --- # Manage additional Windows Update settings -***(Applies to: Windows 11 & Windows 10)*** + +**Applies to** + +- Windows 10 +- Windows 11 + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) @@ -32,8 +37,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure | [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All | | [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) | [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | 1607 | | [Configure Automatic Updates](#configure-automatic-updates) | [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | All | -| | [Windows Update notifications display organization name](#bkmk_display-name)

*Organization name is displayed by default. A registry value can disable this behavior. | Windows 11 devices that are Azure Active Directory joined or registered | -| | [Allow Windows updates to install before initial user sign-in](#allow-windows-update-before-initial-sign-in) | Windows 11 version 22H2 | +| | [Windows Update notifications display organization name](#bkmk_display-name)

*Organization name is displayed by default. A registry value can disable this behavior. | Windows 11 devices that are Azure Active Directory joined or registered | >[!IMPORTANT] >Additional information about settings to manage device restarts and restart notifications for updates is available on **[Manage device restarts after updates](waas-restart.md)**. @@ -279,17 +283,3 @@ if (!(Test-Path $registryPath)) New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null ``` - -## Allow Windows updates to install before initial user sign-in -*(Starting in Windows 11, version 22H2)* - -On new devices, Windows Update doesn't begin installing background updates until a user has completed the Out of Box Experience (OOBE) and signs in for the first time. In many cases, the user signs in immediately after completing the OOBE. However, some VM-based solutions provision a device and automate the first user experience. These VMs may not be immediately assigned to a user so they won't see an initial sign-in until several days later. - -In scenarios where initial sign-in is delayed, setting the following registry values allow devices to begin background update work before a user first signs in: - -- **Registry key**: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator -- **DWORD value name**: ScanBeforeInitialLogonAllowed -- **Value data**: 1 - -> [!Warning] -> This value is designed to be used only for scenarios with a deferred initial user sign in. Setting this value on devices where initial user sign in isn't delayed could have a detrimental effect on performance since it may allow update work to occur as the user is signing in for the first time. From ed650fcc6c9e4060a82591d266dc035936af3e2c Mon Sep 17 00:00:00 2001 From: Bart Billiet Date: Fri, 10 Mar 2023 21:12:24 +0100 Subject: [PATCH 3/4] Fix URL --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index de180d4626..082c1adff9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -238,7 +238,7 @@ sections: - attempting to access on-premises resources secured by Active Directory - question: Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust? answer: | - Windows Hello for Business cloud Kerberos trust can't be used as a supplied credential with RDP/VDI. Similar to key trust, cloud Kerberos trust can be used for RDP with [remote credential guard][/windows/security/identity-protection/remote-credential-guard] or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose. + Windows Hello for Business cloud Kerberos trust can't be used as a supplied credential with RDP/VDI. Similar to key trust, cloud Kerberos trust can be used for RDP with [remote credential guard](/windows/security/identity-protection/remote-credential-guard) or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose. - question: Do all my domain controllers need to be fully patched as per the prerequisites for me to use Windows Hello for Business cloud Kerberos trust? answer: | No, only the number necessary to handle the load from all cloud Kerberos trust devices. From 65d025e673f9da496578b9725af11cf6ef29ea12 Mon Sep 17 00:00:00 2001 From: Bart Billiet Date: Sat, 11 Mar 2023 07:22:44 +0100 Subject: [PATCH 4/4] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 082c1adff9..621663aecd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -238,7 +238,7 @@ sections: - attempting to access on-premises resources secured by Active Directory - question: Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust? answer: | - Windows Hello for Business cloud Kerberos trust can't be used as a supplied credential with RDP/VDI. Similar to key trust, cloud Kerberos trust can be used for RDP with [remote credential guard](/windows/security/identity-protection/remote-credential-guard) or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose. + Windows Hello for Business cloud Kerberos trust can't be used as a supplied credential with RDP/VDI. Similar to key trust, cloud Kerberos trust can be used for RDP with [Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard) or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose. - question: Do all my domain controllers need to be fully patched as per the prerequisites for me to use Windows Hello for Business cloud Kerberos trust? answer: | No, only the number necessary to handle the load from all cloud Kerberos trust devices.