deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

minor style edits, then decided to rearrange some itmes while I was editing

Browse Source
This commit is contained in:
Meghan Stewart 2022-08-24 14:30:57 -07:00
parent f11a0afcd8
commit 09dd11b2f3
1 changed files with 40 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
windows/deployment/update/update-compliance-v2-configuration-mem.md
View File

@ -9,7 +9,7 @@ ms.author: mstewart
ms.localizationpriority: medium ms.localizationpriority: medium
ms.collection: M365-analytics ms.collection: M365-analytics
ms.topic: article ms.topic: article
ms.date: 06/06/2022 ms.date: 08/24/2022
--- ---
# Configuring Microsoft Endpoint Manager devices for Update Compliance (preview) # Configuring Microsoft Endpoint Manager devices for Update Compliance (preview)
@ -29,87 +29,79 @@ This article is specifically targeted at configuring devices enrolled to [Micros
## Create a configuration profile ## Create a configuration profile
Take the following steps to create a configuration profile that will set required policies for Update Compliance. Create a configuration profile that will set the required policies for Update Compliance. There are two profile types that can be used to create a configuration profile for Update Compliance:
- The [settings catalog](#settings-catalog)
- [Template](#custom-oma-uri-based-profile) for a custom OMA URI based profile
**Note:** There are two profile types that can be used to create an Update Compliance configuration profile, these being the settings catalog, or custom (OMA-URL). Below each of these profile types are covered. ### Settings catalog
### Settings Catalog 1. Go to the Admin portal in Endpoint Manager and navigate to **Devices** > **Windows** > **Configuration profiles**.
1. On the **Configuration profiles** view, select **Create profile**.
1. Go to the Admin portal in Endpoint Manager and navigate to **Devices/Windows/Configuration profiles**. 1. Select **Platform**="Windows 10 and later" and **Profile type**="Settings Catalog", and then select **Create**.
1. On the **Configuration profiles** view, select **Create a profile**.
1. Select **Platform**="Windows 10 and later" and **Profile type**="Settings Catalog", and then press **Create**.
1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**. 1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
1. On the **Configuration settings** page, you'll be adding multiple settings from the System category 1. On the **Configuration settings** page, you'll be adding multiple settings from the **System** category. Using the **Settings picker**, select the **System** category, then add the following settings and values:
1. Required settings for Update Compliance:
1. Using the Settings Picker, select the System category, then add the following settings and values:
- **Setting**: Allow Commercial Data Pipeline - **Setting**: Allow Commercial Data Pipeline
- **Value**: Enabled - **Value**: Enabled
- **Setting**: Allow device name to be sent in Windows diagnostic data (*optional setting if you wish to view device names in the UC logs)
- **Value**: Allowed
- **Setting**: Allow Telemetry - **Setting**: Allow Telemetry
- **Value**: Basic (*all that is required is basic, but it can be safely set to a higher value*) - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
- **Setting**: Allow Update Compliance Processing - **Setting**: Allow Update Compliance Processing
- **Value**: Enabled - **Value**: Enabled
1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this isn't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance: 1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
- **Setting**: Configure Telemetry Opt In Settings Ux
- **Value**: Disable Telemetry opt-in Settings.
- **Setting**: Configure Telemetry Opt In Change Notification - **Setting**: Configure Telemetry Opt In Change Notification
- **Value**: Disable telemetry change notifications. - **Value**: Disable telemetry change notifications
1. (*Optional*) Include the device name in the Update Compliance logs data. If this isn't enabled, you will not be able to filter by device name in logs: - **Setting**: Configure Telemetry Opt In Settings Ux
- **Value**: Disable Telemetry opt-in Settings
1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Update Compliance:
- **Setting**: Allow device name to be sent in Windows diagnostic data - **Setting**: Allow device name to be sent in Windows diagnostic data
- **Value**: Enabled - **Value**: Allowed
1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
1. Review and select **Create**. 1. Review the settings and then select **Create**.
## Custom OMA URI based profile ### Custom OMA URI based profile
1. Go to the Admin portal in Endpoint Manager and navigate to **Devices/Windows/Configuration profiles**. 1. Go to the Admin portal in Endpoint Manager and navigate to **Devices** > **Windows** > **Configuration profiles**.
1. On the **Configuration profiles** view, select **Create a profile**. 1. On the **Configuration profiles** view, select **Create profile**.
1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates". 1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
1. For **Template name**, select **Custom**, and then press **Create**. 1. For **Template name**, select **Custom**, and then select **Create**.
1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**. 1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md). 1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md).
1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
- **Name**: Allow commercial data pipeline
- **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline`
- **Data type**: Integer
- **Value**: 1
1. Add a setting configuring the **Windows Diagnostic Data level** for devices: 1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
- **Name**: Allow Telemetry - **Name**: Allow Telemetry
- **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance. - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry` - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry`
- **Data type**: Integer - **Data type**: Integer
- **Value**: 1 (*all that is required is 1, but it can be safely set to a higher value*). - **Value**: 1 (*1 is the minimum value meaning basic, but it can be safely set to a higher value*).
1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this isn't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
- **Name**: Disable Telemetry opt-in interface
- **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
- **Data type**: Integer
- **Value**: 1
1. Add a setting to **Allow device name in diagnostic data**; otherwise, there will be no device name in Update Compliance:
- **Name**: Allow device name in Diagnostic Data
- **Description**: Allows device name in Diagnostic Data.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
- **Data type**: Integer
- **Value**: 1
1. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance: 1. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance:
- **Name**: Allow Update Compliance Processing - **Name**: Allow Update Compliance Processing
- **Description**: Opts device data into Update Compliance processing. Required to see data. - **Description**: Opts device data into Update Compliance processing. Required to see data.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing` - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing`
- **Data type**: Integer - **Data type**: Integer
- **Value**: 16 - **Value**: 16
1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance: 1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
- **Name**: Allow commercial data pipeline - **Name**: Disable Telemetry opt-in interface
- **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline` - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
- **Data type**: Integer - **Data type**: Integer
- **Value**: 1 - **Value**: 1
1. (*Optional*) Include the device name in the Update Compliance logs data. If this isn't enabled, you will not be able to filter by device name in logs: 1. (*Recommended, but not required*) Add a setting to **Allow device name in diagnostic data**; otherwise, the device name won't be in Update Compliance:
- **Name**: Allow Device Name In DiagnosticData - **Name**: Allow device name in Diagnostic Data
- **Description**: This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data. - **Description**: Allows device name in Diagnostic Data.
- **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData` - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
- **Data type**: Integer - **Data type**: Integer
- **Value**: 1 - **Value**: 1
1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
1. Review and select **Create**. 1. Review the settings and then select **Create**.
## Deploy the configuration script ## Deploy the configuration script