deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into jd-sandbox

Browse Source
This commit is contained in:
jdeckerMS 2017-04-26 06:58:49 -07:00
commit 0892b8d042
17 changed files with 136 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
.openpublishing.redirection.json
View File

@ -72,22 +72,22 @@
},
{
"source_path": "windows/manage/waas-servicing-strategy-windows-10-updates.md",
"redirect_url": "/itpro/windows/update/waas-servicing-strategy-windows-10-updates",
"redirect_url": "windows/deployment/update/waas-servicing-strategy-windows-10-updates",
"redirect_document_id": true
},
{
"source_path": "windows/manage/waas-deployment-rings-windows-10-updates.md",
"redirect_url": "/itpro/windows/update/waas-deployment-rings-windows-10-updates",
"redirect_url": "/windows/deployment/update/waas-deployment-rings-windows-10-updates",
"redirect_document_id": true
},
{
"source_path": "windows/manage/waas-servicing-branches-windows-10-updates.md",
"redirect_url": "/itpro/windows/update/waas-servicing-branches-windows-10-updates",
"redirect_url": "/windows/deployment/update/waas-servicing-branches-windows-10-updates",
"redirect_document_id": true
},
{
"source_path": "windows/manage/update-compliance-monitor.md",
"redirect_url": "/itpro/windows/update/update-compliance-monitor",
"redirect_url": "/windows/deployment/update/update-compliance-monitor",
"redirect_document_id": true
},
{
@ -157,7 +157,7 @@
},
{
"source_path": "windows/manage/waas-restart.md",
"redirect_url": "/itpro/windows/update/waas-restart",
"redirect_url": "/windows/deployment/update/waas-restart",
"redirect_document_id": true
},
{
@ -177,7 +177,7 @@
},
{
"source_path": "windows/manage/set-up-shared-or-guest-pc.md",
"redirect_url": "/itpro/windows/configure/set-up-shared-or-guest-pc",
"redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
"redirect_document_id": true
},
{
@ -187,7 +187,7 @@
},
{
"source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
"redirect_url": "/itpro/windows/configure/set-up-a-device-for-anyone-to-use",
"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
"redirect_document_id": true
},
{
@ -202,12 +202,12 @@
},
{
"source_path": "windows/manage/lock-down-windows-10-to-specific-apps.md",
"redirect_url": "/itpro/windows/configure/lock-down-windows-10-to-specific-apps",
"redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps",
"redirect_document_id": true
},
{
"source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
"redirect_url": "/itpro/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition",
"redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-mobile-edition",
"redirect_document_id": true
},
{
@ -232,7 +232,7 @@
},
{
"source_path": "windows/manage/windows-10-start-layout-options-and-policies.md",
"redirect_url": "/itpro/windows/configure/windows-10-start-layout-options-and-policies",
"redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
"redirect_document_id": true
},
{
@ -262,7 +262,7 @@
},
{
"source_path": "windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
"redirect_url": "/itpro/windows/configure/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
"redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
"redirect_document_id": true
},
{
@ -337,12 +337,12 @@
},
{
"source_path": "windows/manage/stop-employees-from-using-the-windows-store.md",
"redirect_url": "/itpro/windows/configure/stop-employees-from-using-the-windows-store",
"redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store",
"redirect_document_id": true
},
{
"source_path": "windows/manage/configure-devices-without-mdm.md",
"redirect_url": "/itpro/windows/configure/provisioning-packages",
"redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
"redirect_document_id": false
},
{
@ -362,12 +362,12 @@
},
{
"source_path": "windows/manage/manage-wifi-sense-in-enterprise.md",
"redirect_url": "/itpro/windows/configure/manage-wifi-sense-in-enterprise",
"redirect_url": "/windows/configuration/manage-wifi-sense-in-enterprise",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/provisioning-packages.md",
"redirect_url": "/itpro/windows/configure/provisioning-packages",
"redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
"redirect_document_id": true
},
{
@ -482,7 +482,7 @@
},
{
"source_path": "windows/deploy/update-windows-10-images-with-provisioning-packages.md",
"redirect_url": "/itpro/windows/configure/provisioning-packages",
"redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
"redirect_document_id": false
},
{
@ -537,7 +537,7 @@
},
{
"source_path": "windows/keep-secure/manage-identity-verification-using-microsoft-passport.md",
"redirect_url": "/itpro/windows/keep-secure/hello-identity-verification",
"redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
"redirect_document_id": true
},
{
@ -632,7 +632,7 @@
},
{
"source_path": "windows/manage/manage-cortana-in-enterprise.md",
"redirect_url": "/itpro/windows/configure/cortana-at-work-overview",
"redirect_url": "/windows/configuration/cortana-at-work-overview",
"redirect_document_id": true
},
{
@ -1092,7 +1092,7 @@
},
{
"source_path": "windows/whats-new/new-provisioning-packages.md",
"redirect_url": "/itpro/windows/configure/provisioning-packages",
"redirect_url": "/itpro/windows/configuration/provisioning-packages/provisioning-packages",
"redirect_document_id": false
},
{
@ -1127,7 +1127,7 @@
},
{
"source_path": "windows/keep-secure/windows-10-security-guide.md",
"redirect_url": "/itpro/windows/keep-secure/overview-of-threat-mitigations-in-windows-10",
"redirect_url": "/windows/threat-protection/overview-of-threat-mitigations-in-windows-10",
"redirect_document_id": true
},
{
@ -8204,6 +8204,11 @@
"source_path": "windows/configure/index.md",
"redirect_url": "/windows/configuration/index",
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/security-technologies.md",
"redirect_url": "/windows/windows-10/index",
"redirect_document_id": true
}
]
}

BIN
education/windows/images/windows-ad-connect.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 44 KiB

15
education/windows/take-a-test-multiple-pcs.md
View File

@ -200,8 +200,17 @@ Anything hosted on the web can be presented in a locked down manner, not just as
**To provide a link to the test**
1. Create the link to the test using schema activation.
- Create a link using a web UI
Manually embed a URL with a specific prefix. You can select parameters depending on what you want to enable. For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
- Create a link using schema activation
You can accomplish the same thing as the first option (using a web UI), by manually embedding a URL with a specific prefix. You can select parameters depending on what you want to enable.
For more info, see [Create a link using schema activation](#create-a-link-using-schema-activation).
2. Distribute the link.
@ -217,7 +226,7 @@ One of the ways you can present content in a locked down manner is by embedding
1. Embed a link or create a desktop shortcut with:
```
ms-edu-secureassessment:<URL>!enforceLockdown
ms-edu-secureassessment:<URL>#enforceLockdown
```
2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
@ -235,7 +244,7 @@ One of the ways you can present content in a locked down manner is by embedding
> The Windows 10, version 1607 legacy configuration, `ms-edu-secureassessment:<URL>!enforcelockdown` is still supported, but not in combination with the new parameters.
### Create a shortcut for the test link
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-l) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.

7
education/windows/take-a-test-single-pc.md
View File

@ -58,12 +58,11 @@ Anything hosted on the web can be presented in a locked down manner, not just as
1. Create the link to the test.
There are different ways you can do this:
- Create a link using a web UI
For this option, you can just copy the assessment URL, select the options you want to allow during the test, and click a button to create the link. We recommend this for option for teachers.
To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link)
To get started, go here: [Create a link using a web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link).
- Create a link using schema activation
@ -91,7 +90,7 @@ One of the ways you can present content in a locked down manner is by embedding
1. Embed a link or create a desktop shortcut with:
```
ms-edu-secureassessment:<URL>!enforceLockdown
ms-edu-secureassessment:<URL>#enforceLockdown
```
2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
@ -110,7 +109,7 @@ One of the ways you can present content in a locked down manner is by embedding
### Create a shortcut for the test link
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-l) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
You can also distribute the test link by creating a shortcut. To do this, create the link to the test by either using the [web UI](https://education.microsoft.com/courses-and-resources/windows-10-create-a-take-a-test-link) or using [schema activation](#create-a-link-using-schema-activation). After you have the link, follow these steps:
1. On a device running Windows, right-click on the desktop and then select **New > Shortcut**.
2. In the **Create Shortcut** window, paste the assessment URL in the field under **Type the location of the item**.

33
education/windows/use-set-up-school-pcs-app.md
View File

@ -15,11 +15,6 @@ author: CelesteDG
- Windows 10
> [!NOTE]
> The latest Set up School PCs app will be available for download in the Store very soon. To get familiar with the settings you can configure in the latest app, read the information in this topic.
IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up PCs for students. A student PC set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
![Set up School PCs app](images/suspc_getstarted_resized.png)
@ -49,6 +44,13 @@ A student PC that's set up using the Set up School PCs provisioning package is t
## Tips for success
* **Run the same Windows 10 build on the admin device and the student PCs**
It's critical that the IT administrator's or technical teacher's device is running the same Windows 10 build (Windows 10, version 1607 or Windows 10, version 1703) as the student PCs that you're provisioning.
> [!NOTE]
> If you're using the Windows 10, version 1607 build of the Set up School PCs app, do not use it to provision student PCs with Windows 10, version 1703 images. Conversely, if you're using the Windows 10, version 1703 build of Set up School PCs, do not use it to provision student PCs with Windows 10, version 1607 images. We recommend using the latest Set up School PCs app (for Windows 10, version 1703) along with Windows 10, version 1703 images on the student PCs that you're provisioning.
* **Run the app at work**
For the best results, run the Set up School PCs app on your work device connected to your school's network. That way the app can gather accurate information about your wireless networks and cloud subscriptions.
@ -56,6 +58,11 @@ A student PC that's set up using the Set up School PCs provisioning package is t
> [!NOTE]
> Don't use the **Set up Schools PCs** app for PCs that must connect to enterprise networks or to open Wi-Fi networks that require the user to accept Terms of Use.
* **Network tips**
* You cannot use Set up School PCs over a certification-based network, or one where you have to enter credentials in a browser. You can only connect to an open network, or one with a basic password.
* If you need to set up a lot of devices over Wi-Fi, make sure that your network configuration can support it.
- We recommend configuring your DHCP so you have a good set of IP addresses available (about 100-200). These IP addresses will expire after a short amount of time (about 30 minutes). This allows you set up many devices simultaneously, and the IP addresses will be freed up quick so you can continue to set up devices without risk of crashing your network.
* **Apply to new student PCs**
* The provisioning package that the Set up School PCs app creates should be used on new PCs that haven't been set up for accounts yet. If you apply the provisioning package to a student PC that has already been set up, existing accounts and data might be lost.
@ -93,9 +100,7 @@ What you need:
- The **Set up School PCs** app, installed on your work PC and connected to your school's network.
<!--
[Download the Set up School PCs app from the Store](https://www.microsoft.com/store/apps/9nblggh4ls40).
-->
To get started, [download the latest Set up School PCs app from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4ls40).
- A USB drive, 1 GB or larger. We recommend an 8 GB or larger USB drive if you're installing Office.
@ -152,7 +157,11 @@ The **Set up School PCs** app guides you through the configuration choices for t
> If you select this option, the provisioning process will take longer (about 30 minutes).
- Select **Allow local storage (not recommended for shared devices)** to let students save files to the **Desktop** and **Documents** folder on the student PC. We don't recommend this option if the device will be part of a shared cart or lab.
- Select **Optimize device for a single student, instead of a shared cart or lab** to optimize the device for use by a single student (1:1). Check this option if the device will not be part of a shared cart or lab.
- Select **Optimize device for a single student, instead of a shared cart or lab** to optimize the device for use by a single student (1:1).
- Check this option if the device will not be part of a shared cart or lab.
- Set up School PCs will change some account management logic so that it sets the expiration time for an account to 180 days (without requiring sign-in).
- This setting also increases the maximum storage to 100% of the available disk space. This prevents the student's account from being erased if the student stores a lot of files or data, or if the student doesn't use the PC over a prolonged period.
- Select **Let guests sign-in to these PCs** to allow guests to use student PCs without a school account. For example, if the device will be in a library and you want other users (like visiting students or teachers) to be able to use the device, you can select this option.
If you select this option, this adds a **Guest** account button in the PC's sign-in screen to allow anyone to use the PC.
@ -178,13 +187,13 @@ The **Set up School PCs** app guides you through the configuration choices for t
3. Click **Next** or **Skip** depending on whether you want to set up Take a Test.
<!-- comment out
7. If you want to add Store for Business apps to the student PCs, you can select from the list of recommended apps in the **Add STEM and Makerspace apps to Student PCs** page.
7. If you want to add Microsoft Store for Education apps to the student PCs, you can select from the list of recommended apps in the **Add STEM and Makerspace apps to Student PCs** page.
1. Select the apps that you want to add. You'll see a checkmark on apps that you select.
2. Click **Next**.
**Figure 4** - Select Store apps to add to student PCs
**Figure 4** - Select Microsoft Store apps to add to student PCs
![Select Store apps to add to student PCs](images/suspc_choosesettings_apps.png)
![Select Microsoft Store apps to add to student PCs](images/suspc_choosesettings_apps.png)
-->

4
smb/cloud-mode-business-setup.md
View File

@ -12,13 +12,13 @@ ms.pagetype: smb
author: CelesteDG
---
![Are you ready to move to the cloud?](images/business-cloud-mode.png)
# Get started: Deploy and manage a full cloud IT solution for your business
**Applies to:**
- Office 365 Business Premium, Azure AD Premium, Intune, Windows Store for Business, Windows 10
Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Windows Store for Business, and Windows 10. We'll show you the basics on how to:
- Acquire an Office 365 business domain
- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant

8
windows/deployment/update/index.md
View File

@ -36,10 +36,10 @@ Windows as a service provides a new way to think about building, deploying, and
| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider. |
| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization. |
| [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution. |
| [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
| [Manage updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. |
| [Manage Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
| [Manage Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates. |
| [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md) | Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile. |
| [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune. |
| [Deploy Windows 10 updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows 10 updates. |
| [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md) | Explains how to use Configuration Manager to manage Windows 10 updates. |
| [Manage device restarts after updates](waas-restart.md) | Explains how to use Group Policy to manage device restarts. |
| [Windows Insider Program for Business](waas-windows-insider-for-business.md) | Explains how the Windows Insider Program for Business works and how to become an insider. |

2
windows/deployment/update/waas-manage-updates-configuration-manager.md
View File

@ -1,5 +1,5 @@
---
title: Manage Windows 10 updates using System Center Configuration Manager (Windows 10)
title: Deploy Windows 10 updates using System Center Configuration Manager (Windows 10)
description: System Center Configuration Manager provides maximum control over quality and feature updates for Windows 10.
ms.prod: w10
ms.mktglfcycl: manage

2
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -1,5 +1,5 @@
---
title: Manage Windows 10 updates using Windows Server Update Services (Windows 10)
title: Deploy Windows 10 updates using Windows Server Update Services (Windows 10)
description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
ms.prod: w10
ms.mktglfcycl: manage

2
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -1,5 +1,5 @@
---
title: Manage updates using Windows Update for Business (Windows 10)
title: Deploy updates using Windows Update for Business (Windows 10)
description: Windows Update for Business lets you manage when devices received updates from Windows Update.
ms.prod: w10
ms.mktglfcycl: manage

2
windows/deployment/update/waas-mobile-updates.md
View File

@ -1,5 +1,5 @@
---
title: Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile (Windows 10)
title: Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile (Windows 10)
description: tbd
ms.prod: w10
ms.mktglfcycl: manage

20
windows/deployment/upgrade/windows-10-edition-upgrades.md
View File

@ -41,13 +41,16 @@ X = unsupported <BR>
- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
## Upgrade using a provisioning package
The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
- To use Windows ICD to create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To use Windows ICD to create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
For more info about Windows Configuration Designer, see these topics:
- [Create a provisioining package for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package)
- [Apply a provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package)
For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=533700).
## Upgrade using a command-line tool
You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
@ -81,12 +84,3 @@ If you do not have a product key, you can upgrade your edition of Windows 10 th
**Note**<br>If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Windows Store, click [here](ms-windows-store://windowsupgrade/).
 
 
 

1
windows/threat-protection/change-history-for-threat-protection.md
View File

@ -14,6 +14,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
## March 2017
|New or changed topic |Description |
|---------------------|------------|
|[Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703.|
|[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
|[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. |
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. |

100
windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md
View File

@ -1,6 +1,6 @@
---
title: Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune (Windows 10)
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune (Windows 10)
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
keywords: WIP, Enterprise Data Protection
ms.prod: w10
@ -11,103 +11,63 @@ author: eross-msft
localizationpriority: high
---
# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
# Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune
**Applies to:**
- Windows 10, version 1607 and later
- Windows 10 Mobile, version 1607 and later
- Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop)
After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
## Create your VPN policy using Microsoft Intune
Follow these steps to create the VPN policy you want to use with WIP.
## Associate your WIP policy to your VPN policy by using Microsoft Azure Intune
Follow these steps to associate your WIP policy with your organization's existing VPN policy.
**To create your VPN policy**
**To associate your policies**
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration).
2. Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
2. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**.
![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png)
3. Type *Contoso_VPN_Win10* into the **Name** box, along with an optional description for your policy into the **Description** box.
3. In the **Create Profile** blade, type a name for your profile, such as *Contoso_VPN_Win10*, into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**.
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png)
![Microsoft Azure Intune, Create a new policy using the Create Profile blade](images/wip-azure-vpn-configure-policy.png)
4. In the **VPN Settings** area, type the following info:
4. In the **Custom OMA-URI Settings** blade, click **Add**.
- **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable.
5. In the **Add Row** blade, type:
- **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**.
- **Name.** Type a name for your setting, such as *EDPModeID*.
- **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable.
- **Description.** Type an optional description for your setting.
- **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN).
- **OMA-URI.** Type _./Vendor/MSFT/VPNv2/&lt;VPNProfileName&gt;/EDPModeId_ into the box.
![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png)
- **Data type.** Select **String** from the dropdown box
5. In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
It's your choice whether you check the box to **Remember the user credentials at each logon**.
- **Value.** Type your fully-qualified domain that should be used by the OMA-URI setting. For example, _corp.contoso.com_.
![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
![Microsoft Azure Intune, Add your OMA-URI settings](images/wip-azure-vpn-custom-omauri.png)
6. You can leave the rest of the default or blank settings, and then click **Save Policy**.
6. Click **OK** to save your setting info in the **Add Row** blade, and then click **OK** in the **Custom OMA-URI Settings** blade to save the setting with your policy.
## Deploy your VPN policy using Microsoft Intune
7. Click **Create** to create the policy, including your OMA_URI info.
## Deploy your VPN policy using Microsoft Azure Intune
After youve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
**To deploy your VPN policy**
**To deploy your Custom VPN policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
1. On the **App policy** blade, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
The added people move to the **Selected Groups** list on the right-hand pane.
A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** blade.
![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png)
2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
3. After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
The policy is deployed to the selected users' devices.
## Link your WIP and VPN policies and deploy the custom configuration policy
The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EDPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies
**To link your VPN policy**
1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
2. Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png)
4. In the **OMA-URI Settings** area, click **Add** to add your **EDPModeID** info.
5. In the **OMA-URI Settings** area, type the following info:
- **Setting name.** Type **EDPModeID** as the name.
- **Data type.** Pick the **String** data type.
- **OMA-URI.** Type `./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId`, replacing &lt;*VPNProfileName*&gt; with the name you gave to your VPN policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EDPModeId`.
- **Value.** Your fully-qualified domain that should be used by the OMA-URI setting.
![Microsoft Intune: Fill in the OMA-URI Settings for the EMPModeID setting](images/intune-vpn-omaurisettings.png)
6. Click **OK** to save your new OMA-URI setting, and then click **Save Policy.**
**To deploy your linked policy**
1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png)
3. After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png)
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

2
windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
View File

@ -506,7 +506,7 @@ Optionally, if you dont want everyone in your organization to be able to shar
## Related topics
- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms)

2
windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md
View File

@ -38,6 +38,6 @@ After youve created your Windows Information Protection (WIP) policy, you'll
## Related topics
- [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](create-wip-policy-using-intune.md)
- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)
- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)

5
windows/whats-new/whats-new-windows-10-version-1703.md
View File

@ -170,6 +170,11 @@ For Windows desktops, users are able to reset a forgotten PIN through **Settings
For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin).
### Windows Information Protection (WIP) and Azure Active Directory (Azure AD)
Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md).
You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md).
## Update
### Windows Update for Business