deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-07-06 12:43:39 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-lamoyn-working

Browse Source
This commit is contained in:
Lauren Moynihan
2019-09-09 09:38:13 -07:00
parent 9304fc9db8 6c1f66d7d2
commit 0b2a459d83
90 changed files with 922 additions and 1382 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.openpublishing.redirection.json
View File

@ -636,6 +636,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list.md",
"redirect_url": "windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control",
"redirect_document_id": true
@ -15245,3 +15250,5 @@
}
]
}

5
browsers/internet-explorer/ie11-deploy-guide/index.md
View File

@ -1,13 +1,14 @@
---
ms.mktglfcycl: deploy
description: Use this guide to learn about the several options and processes you'll need to consider while you're planning for, deploying, and customizing Internet Explorer 11 for your employee's devices.
author: shortpatti
author: lomayor
ms.author: lomayor
ms.prod: ie11
ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.localizationpriority: medium
ms.date: 07/27/2017
manager: dansimp
---

128
browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
View File

@ -1,64 +1,64 @@
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company.
author: lomayor
ms.prod: ie11
ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: lomayor
title: Use the Feature Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
---
# Use the Feature Selection page in the IEAK 11 Wizard
The **Feature Selection** page of the Internet Explorer Customization Wizard 11 lets you choose which parts of the setup processes and Internet Explorer 11 to change for your company, including:
- **Setup Customizations.** Lets you add custom components, decide which components to install, provide your download site information, and modify the Setup title bar and graphics.
- **Internal Install.** Lets you decide to install the latest updates, run the malicious Software Removal Tool, and set IE11 as the default browser.
- **Connection Manager.** Lets you import your Connection Manager Profiles, created by the Connection Manager Administration Kit (CMAK).
- **Browser User Interface.** Lets you change the toolbar buttons, the title bar, and the general look of the browser.
- **Search Providers.** Lets you add, remove, and pick a new default search provider for IE11.
- **Important URLs Home Page and Support.** Lets you choose multiple **Home** pages that open in different tabs in IE. You can also use this page to change the **Welcome** and **Online Support** pages.
- **Accelerators.** Lets you import, add, edit, or remove Accelerators, the contextual services that give you quick access to external services from any webpage.
- **Favorites, Favorites Bar, and Feeds.** Lets you pick which favorites, web slices, and feeds are installed with your custom installation package.
- **Browsing Options.** Lets you pick how you delete items in the Favorites, Favorites Bar, and Feeds folders, and whether to add the Microsoft default items.
- **Compatibility View.** Lets you decide whether IE renders content using compatibility mode or standards mode.
- **Connections Customization.** Lets you set up and deploy custom connections.
- **Security Zones and Content Ratings.** Lets you control what your employees can view and whats downloaded to their computer.
- **Programs.** Lets you pick the default program thats used automatically by email, HTML, newsgroups, Internet calls, calendars, and contact lists.
- **Additional Settings.** Lets you pre-set and lockdown specific functionality on your employees computer.
**Note**<br>Your choices on this page determine what wizard pages appear.
**To use the Feature Selection page**
1. Check the box next to each feature you want to include in your custom installation package.<p>
You can also click **Select All** to add, or **Clear All** to remove, all of the features.
2. Click **Next** to go to the [Automatic Version Synchronization](auto-version-sync-ieak11-wizard.md) page or **Back** to go to the [Package Type Selection](pkg-type-selection-ieak11-wizard.md) page.
 
 
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company.
author: lomayor
ms.prod: ie11
ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
ms.reviewer:
audience: itpro
manager: dansimp
ms.author: lomayor
title: Use the Feature Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
---
# Use the Feature Selection page in the IEAK 11 Wizard
The **Feature Selection** page of the Internet Explorer Customization Wizard 11 lets you choose which parts of the setup processes and Internet Explorer 11 to change for your company, including:
- **Setup Customizations.** Lets you add custom components, decide which components to install, provide your download site information, and modify the Setup title bar and graphics.
- **Internal Install.** Lets you decide to install the latest updates, run the malicious Software Removal Tool, and set IE11 as the default browser.
- **Connection Manager.** Lets you import your Connection Manager Profiles, created by the Connection Manager Administration Kit (CMAK).
- **Browser User Interface.** Lets you change the toolbar buttons, the title bar, and the general look of the browser.
- **Search Providers.** Lets you add, remove, and pick a new default search provider for IE11.
- **Important URLs Home Page and Support.** Lets you choose multiple **Home** pages that open in different tabs in IE. You can also use this page to change the **Welcome** and **Online Support** pages.
- **Accelerators.** Lets you import, add, edit, or remove Accelerators, the contextual services that give you quick access to external services from any webpage.
- **Favorites, Favorites Bar, and Feeds.** Lets you pick which favorites, web slices, and feeds are installed with your custom installation package.
- **Browsing Options.** Lets you pick how you delete items in the Favorites, Favorites Bar, and Feeds folders, and whether to add the Microsoft default items.
- **Compatibility View.** Lets you decide whether IE renders content using compatibility mode or standards mode.
- **Connections Customization.** Lets you set up and deploy custom connections.
- **Security Zones and Content Ratings.** Lets you control what your employees can view and whats downloaded to their computer.
- **Programs.** Lets you pick the default program thats used automatically by email, HTML, newsgroups, Internet calls, calendars, and contact lists.
- **Additional Settings.** Lets you pre-set and lockdown specific functionality on your employees computer.
**Note**<br>Your choices on this page determine what wizard pages appear.
**To use the Feature Selection page**
1. Check the box next to each feature you want to include in your custom installation package.<p>
You can also click **Select All** to add, or **Clear All** to remove, all of the features.
2. Click **Next** to go to the [Automatic Version Synchronization](auto-version-sync-ieak11-wizard.md) page or **Back** to go to the [Package Type Selection](pkg-type-selection-ieak11-wizard.md) page.
 
 

5
browsers/internet-explorer/ie11-ieak/index.md
View File

@ -1,13 +1,14 @@
---
ms.mktglfcycl: plan
description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
author: shortpatti
author: lomayor
ms.author: lomayor
ms.prod: ie11
ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.localizationpriority: medium
ms.date: 07/27/2017
manager: dansimp
---

7
smb/cloud-mode-business-setup.md
View File

@ -2,15 +2,14 @@
title: Deploy and manage a full cloud IT solution for your business
description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices.
keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365
ms.prod: w10
ms.technology: smb-windows
ms.topic: hero-article
ms.prod:
ms.technology:
ms.author: eravena
audience: itpro
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: smb
author: eavena
ms.date: 10/30/2017
ms.reviewer:
manager: dansimp
ms.localizationpriority: medium

6
smb/index.md
View File

@ -2,16 +2,16 @@
title: Windows 10 for small to midsize businesses
description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business.
keywords: Windows 10, SMB, small business, midsize business, business
ms.prod: w10
ms.technology: smb-windows
ms.prod:
ms.technology:
ms.topic: article
ms.author: celested
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: smb
author: CelesteDG
ms.date: 05/01/2017
ms.localizationpriority: medium
manager: dansimp
---
# Windows 10 for SMB

4
windows/application-management/index.md
View File

@ -4,9 +4,9 @@ description: Windows 10 application management
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
manager: dansimp
author: dansimp
ms.localizationpriority: high
ms.date: 09/26/2017
---
# Windows 10 application management

4
windows/client-management/index.md
View File

@ -4,9 +4,9 @@ description: Windows 10 client management
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
author: dansimp
ms.localizationpriority: medium
ms.date: 08/16/2017
ms.author: dansimp
---
# Client management

1
windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
View File

@ -12,7 +12,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 11/15/2017
---
# Customize Windows 10 Start and taskbar with Group Policy

13
windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
View File

@ -12,7 +12,6 @@ author: dansimp
ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/15/2017
---
# Customize Windows 10 Start and taskbar with provisioning packages
@ -48,7 +47,7 @@ Three features enable Start and taskbar layout control:
<span id="escape"/>
## Prepare the Start layout XML file
## <a href="" id="escape"></a>Prepare the Start layout XML file
The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout section to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout section to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
@ -131,7 +130,6 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
## Related topics
- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
- [Customize and export Start layout](customize-and-export-start-layout.md)
@ -140,12 +138,3 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and tasbkar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)

6
windows/configuration/index.md
View File

@ -7,10 +7,10 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: jdeckerms
ms.author: jdecker
manager: dansimp
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 05/11/2018
---
# Configure Windows 10

3
windows/configuration/start-secondary-tiles.md
View File

@ -9,7 +9,6 @@ ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.topic: article
ms.date: 06/27/2018
ms.reviewer:
manager: dansimp
---
@ -111,7 +110,7 @@ In Microsoft Intune, you create a device restrictions policy to apply to device
### Using a provisioning package
#### Prepare the Start layout and Edge assets XML files
#### <a href="" id="escape"></a>Prepare the Start layout and Edge assets XML files
The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.

5
windows/configuration/wcd/wcd-deviceupdatecenter.md
View File

@ -4,9 +4,10 @@ description: This section describes the DeviceUpdateCenter settings that you can
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
author: dansimp
ms.localizationpriority: medium
ms.author: jdecker
ms.author: dansimp
manager: dansimp
ms.topic: article
---

1
windows/configuration/wcd/wcd-location.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-maps.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-messaging.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-modemconfigurations.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/12/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-multivariant.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-networkproxy.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-networkqospolicy.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-nfc.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-personalization.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---

5
windows/configuration/wcd/wcd-privacy.md
View File

@ -4,9 +4,10 @@ description: This section describes the Privacy settings that you can configure
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
author: dansimp
ms.localizationpriority: medium
ms.author: jdecker
ms.author: dansimp
manager: dansimp
ms.topic: article
---

5
windows/configuration/wcd/wcd-storaged3inmodernstandby.md
View File

@ -4,10 +4,11 @@ description: This section describes the StorageD3InModernStandby settings that y
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
author: dansimp
ms.localizationpriority: medium
ms.author: jdecker
ms.author: dansimp
ms.topic: article
manager: dansimp
---
# StorageD3InModernStandby (Windows Configuration Designer reference)

1
windows/configuration/wcd/wcd-theme.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---

5
windows/configuration/wcd/wcd-time.md
View File

@ -4,9 +4,10 @@ description: This section describes the Time settings that you can configure in
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: jdeckerMS
author: dansimp
ms.localizationpriority: medium
ms.author: jdecker
ms.author: dansimp
manager: dansimp
ms.topic: article
---

1
windows/configuration/wcd/wcd-unifiedwritefilter.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-universalappinstall.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-universalappuninstall.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/14/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-usberrorsoemoverride.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 09/14/2017
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-weakcharger.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-windowshelloforbusiness.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd-windowsteamsettings.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---

1
windows/configuration/wcd/wcd.md
View File

@ -8,7 +8,6 @@ author: dansimp
ms.localizationpriority: medium
ms.author: dansimp
ms.topic: article
ms.date: 07/19/2018
ms.reviewer:
manager: dansimp
---

35
windows/deployment/planning/compatibility-administrator-users-guide.md
View File

@ -11,7 +11,6 @@ ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@ -20,33 +19,30 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides the following:
- Compatibility fixes, compatibility modes, and AppHelp messages that you can use to resolve specific compatibility issues.
- Compatibility fixes, compatibility modes, and AppHelp messages that you can use to resolve specific compatibility issues.
- Tools for creating customized compatibility fixes, compatibility modes, AppHelp messages, and compatibility databases.
- Tools for creating customized compatibility fixes, compatibility modes, AppHelp messages, and compatibility databases.
- A query tool that you can use to search for installed compatibility fixes on your local computers.
- A query tool that you can use to search for installed compatibility fixes on your local computers.
The following flowchart shows the steps for using the Compatibility Administrator tool to create your compatibility fixes, compatibility modes, and AppHelp messages.
![act compatibility admin flowchart](images/dep-win8-l-act-compatadminflowchart.jpg)
> [!IMPORTANT]  
> [!IMPORTANT]
> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create and work with custom databases for 32-bit applications, and the 64-bit version to create and work with custom databases for 64-bit applications.
## In this section
<table>
<colgroup>
<col width="50%" />
@ -73,14 +69,3 @@ The following flowchart shows the steps for using the Compatibility Administrato
</tr>
</tbody>
</table>

50
windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
View File

@ -11,7 +11,6 @@ ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@ -20,40 +19,33 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
The Compatibility Administrator tool uses the term *fix* to describe the combination of compatibility information added to a customized database for a specific application. This combination can include single application fixes, groups of fixes that work together as a compatibility mode, and blocking and non-blocking AppHelp messages.
> [!IMPORTANT]  
> [!IMPORTANT]
> Fixes apply to a single application only; therefore, you must create multiple fixes if you need to fix the same issue in multiple applications.
## What is a Compatibility Fix?
A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can mean anything from disabling a new feature in the current version of the operating system to emulating a particular behavior of an older version of the Windows API.
## Searching for Existing Compatibility Fixes
The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility fix, you can search for an existing application and then copy and paste the known fixes into your customized database.
> [!IMPORTANT]  
> [!IMPORTANT]
> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
**To search for an existing application**
1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
2. Click the application name to view the preloaded compatibility fixes, compatibility modes, or AppHelp messages.
1. In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
2. Click the application name to view the preloaded compatibility fixes, compatibility modes, or AppHelp messages.
## Creating a New Compatibility Fix
@ -63,25 +55,13 @@ If you are unable to find a preloaded compatibility fix for your application, yo
**To create a new compatibility fix**
1. In the left-side pane of Compatibility Administrator underneath the **Custom Databases** heading, right-click the name of the database to which you want to apply the compatibility fix, click **Create New**, and then click **Application Fix**.
2. Type the name of the application to which the compatibility fix applies, type the name of the application vendor, browse to the location of the application file (.exe) on your computer, and then click **Next**.
3. Select the operating system for which your compatibility fix applies, click any applicable compatibility modes to apply to your compatibility fix, and then click **Next**.
4. Select any additional compatibility fixes to apply to your compatibility fix, and then click **Next**.
5. Select any additional criteria to use to match your applications to the AppHelp message, and then click **Finish**.
2. Type the name of the application to which the compatibility fix applies, type the name of the application vendor, browse to the location of the application file (.exe) on your computer, and then click **Next**.
3. Select the operating system for which your compatibility fix applies, click any applicable compatibility modes to apply to your compatibility fix, and then click **Next**.
4. Select any additional compatibility fixes to apply to your compatibility fix, and then click **Next**.
5. Select any additional criteria to use to match your applications to the AppHelp message, and then click **Finish**.
By default, Compatibility Administrator selects the basic matching criteria for your application. As a best practice, use a limited set of matching information to represent your application, because it reduces the size of the database. However, make sure you have enough information to correctly identify your application.
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

113
windows/deployment/planning/deployment-considerations-for-windows-to-go.md
View File

@ -20,39 +20,29 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 10
>[!IMPORTANT]
>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
> [!IMPORTANT]
> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs.
> [!NOTE]
> Windows To Go does not support operating system upgrades. Windows To Go is designed as a feature that is managed centrally. IT departments that plan to transition from one operating system version to a later version will need to incorporate re-imaging their existing Windows To Go drives as part of their upgrade deployment process.
The following sections discuss the boot experience, deployment methods, and tools that you can use with Windows To Go.
- [Initial boot experiences](#wtg-initboot)
- [Image deployment and drive provisioning considerations](#wtg-imagedep)
- [Application installation and domain join](#wtg-appinstall)
- [Management of Windows To Go using Group Policy](#bkmk-wtggp)
- [Supporting booting from USB](#wtg-bootusb)
- [Updating firmware](#stg-firmware)
- [Configure Windows To Go startup options](#wtg-startup)
- [Change firmware settings](#wtg-changefirmware)
- [Initial boot experiences](#wtg-initboot)
- [Image deployment and drive provisioning considerations](#wtg-imagedep)
- [Application installation and domain join](#wtg-appinstall)
- [Management of Windows To Go using Group Policy](#bkmk-wtggp)
- [Supporting booting from USB](#wtg-bootusb)
- [Updating firmware](#stg-firmware)
- [Configure Windows To Go startup options](#wtg-startup)
- [Change firmware settings](#wtg-changefirmware)
## <a href="" id="wtg-initboot"></a>Initial boot experiences
The following diagrams illustrate the two different methods you could use to provide Windows To Go drives to your users. The experiences differ depending on whether the user will be booting the device initially on-premises or off-premises:
![initial boot on-premises](images/wtg-first-boot-work.gif)
@ -63,33 +53,29 @@ When a Windows To Go workspace is first used at the workplace, the Windows To Go
When the Windows To Go workspace is going to be used first on an off-premises computer, such as one at the employees home, then the IT professional preparing the Windows To Go drives should configure the drive to be able to connect to organizational resources and to maintain the security of the workspace. In this situation, the Windows To Go workspace needs to be configured for offline domain join and BitLocker needs to be enabled before the workspace has been initialized.
**Tip**  
Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](https://go.microsoft.com/fwlink/p/?LinkId=619076).
> [!TIP]
> Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](https://go.microsoft.com/fwlink/p/?LinkId=619076).
DirectAccess can be used to ensure that the user can login with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](https://go.microsoft.com/fwlink/p/?LinkId=619077) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=619078). If you do not want to use DirectAccess as an alternative users could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
### <a href="" id="wtg-imagedep"></a>Image deployment and drive provisioning considerations
The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using System Center Configuration Manager 2012 Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive.
The Image Deployment process can be accomplished either by a centralized IT process for your organization or by individual users creating their own Windows To Go workspaces. You must have local Administrator access and access to a Windows 10 Enterprise or Windows 10 Education image to create a Windows To Go workspace, or you must be using System Center Configuration Manager 2012 Service Pack 1 or later to distribute Windows To Go workspaces to users. The image deployment process takes a blank USB drive and a Windows 10 Enterprise image (WIM) and turns it into a Windows To Go drive.
![windows to go image deployment](images/wtg-image-deployment.gif)
The simplest way to provision a Windows To Go drive is to use the Windows To Go Creator. After a single Windows To Go workspace has been created, it can be duplicated as many times as necessary using widely available USB duplicator products as long as the device has not been booted. After the Windows To Go drive is initialized, it should not be duplicated. Alternatively, Windows To Go Workspace Creator can be run multiple times to create multiple Windows To Go drives.
**Tip**  
When you create your Windows To Go image use sysprep /generalize, just as you do when you deploy Windows 10 to a standard PC. In fact, if appropriate, use the same image for both deployments.
> [!TIP]
> When you create your Windows To Go image use sysprep /generalize, just as you do when you deploy Windows 10 to a standard PC. In fact, if appropriate, use the same image for both deployments.
**Driver considerations**
Windows includes most of the drivers that you will need to support a wide variety of host computers. However, you will occasionally need to download drivers from Windows Update to take advantage of the full functionality of a device. If you are using Windows To Go on a set of known host computers, you can add any additional drivers to the image used on Windows To Go to make Windows To Go drives more quickly usable by your employees. Especially ensure that network drivers are available so that the user can connect to Windows Update to get additional drivers if necessary.
Wi-Fi network adapter drivers are one of the most important drivers to make sure that you include in your standard image so that users can easily connect to the internet for any additional updates. IT administrators that are attempting to build Windows 10 images for use with Windows To Go should consider adding additional Wi-Fi drivers to their image to ensure that their users have the best chance of still having basic network connectivity when roaming between systems.
Wi-Fi network adapter drivers are one of the most important drivers to make sure that you include in your standard image so that users can easily connect to the internet for any additional updates. IT administrators that are attempting to build Windows 10 images for use with Windows To Go should consider adding additional Wi-Fi drivers to their image to ensure that their users have the best chance of still having basic network connectivity when roaming between systems.
The following list of commonly used Wi-Fi network adapters that are not supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image.
The following list of commonly used Wi-Fi network adapters that are not supported by the default drivers provided with Windows 10 is provided to help you ascertain whether or not you need to add drivers to your image.
<table>
<colgroup>
@ -231,8 +217,6 @@ The following list of commonly used Wi-Fi network adapters that are not supporte
</tbody>
</table>
IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=619079).
### <a href="" id="wtg-appinstall"></a>Application installation and domain join
@ -243,55 +227,48 @@ Unless you are using a customized Windows image that includes unattended install
In general, management of Windows To Go workspaces is same as that for desktop and laptop computers. There are Windows To Go specific Group Policy settings that should be considered as part of Windows To Go deployment. Windows To Go Group Policy settings are located at `\\Computer Configuration\Administrative Templates\Windows Components\Portable Operating System\` in the Local Group Policy Editor.
The use of the Store on Windows To Go workspaces that are running Windows 8 can also be controlled by Group Policy. This policy setting is located at `\\Computer Configuration\Administrative Templates\Windows Components\Store\` in the Local Group Policy Editor. The policy settings have specific implications for Windows To Go that you should be aware of when planning your deployment:
The use of the Store on Windows To Go workspaces that are running Windows 8 can also be controlled by Group Policy. This policy setting is located at `\\Computer Configuration\Administrative Templates\Windows Components\Store\` in the Local Group Policy Editor. The policy settings have specific implications for Windows To Go that you should be aware of when planning your deployment:
**Settings for workspaces**
- **Allow hibernate (S4) when started from a Windows To Go workspace**
- **Allow hibernate (S4) when started from a Windows To Go workspace**
This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it is important that the hardware attached to the system, as well as the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace is not being used to roam between host PCs.
> [!IMPORTANT]  
> [!IMPORTANT]
> For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port.
- **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace**
- **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace**
This policy setting specifies whether the PC can use standby sleep states (S1S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it is shut down. It could be very easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace cannot use the standby states to cause the PC to enter sleep mode. If you disable or do not configure this policy setting, the Windows To Go workspace can place the PC in sleep mode.
**Settings for host PCs**
- **Windows To Go Default Startup Options**
- **Windows To Go Default Startup Options**
This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users will not be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog.
> [!IMPORTANT]  
> [!IMPORTANT]
> Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started.
## <a href="" id="wtg-bootusb"></a>Supporting booting from USB
The biggest hurdle for a user wanting to use Windows To Go is configuring their computer to boot from USB. This is traditionally done by entering the firmware and configuring the appropriate boot order options. To ease the process of making the firmware modifications required for Windows To Go, Windows includes a feature named **Windows To Go Startup Options** that allows a user to configure their computer to boot from USB from within Windows—without ever entering their firmware, as long as their firmware supports booting from USB.
> [!NOTE]
> Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options.
If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
### <a href="" id="stg-firmware"></a>Roaming between different firmware types
Windows supports two types of PC firmware: Unified Extensible Firmware Interface (UEFI), which is the new standard, and legacy BIOS firmware, which was used in most PCs shipping with Windows 7 or earlier version of Windows. Each firmware type has completely different Windows boot components that are incompatible with each other. Beyond the different boot components, Windows supports different partition styles and layout requirements for each type of firmware as shown in the following diagrams.
Windows supports two types of PC firmware: Unified Extensible Firmware Interface (UEFI), which is the new standard, and legacy BIOS firmware, which was used in most PCs shipping with Windows 7 or earlier version of Windows. Each firmware type has completely different Windows boot components that are incompatible with each other. Beyond the different boot components, Windows supports different partition styles and layout requirements for each type of firmware as shown in the following diagrams.
![bios layout](images/wtg-mbr-bios.gif)![uefi layout](images/wtg-gpt-uefi.gif)
This presented a unique challenge for Windows To Go because the firmware type is not easily determined by end-users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware.
To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
![firmware roaming disk layout](images/wtg-mbr-firmware-roaming.gif)
@ -299,43 +276,29 @@ This is the only supported disk configuration for Windows To Go. With this disk
### <a href="" id="wtg-startup"></a>Configure Windows To Go startup options
Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
**To configure Windows To Go startup options**
1. On the Start screen, type, type **Windows To Go Startup Options**, click **Settings** and then press Enter.
1. On the Start screen, type, type **Windows To Go Startup Options**, click **Settings** and then press Enter.
![windows to go startup options](images/wtg-startup-options.gif)
![windows to go startup options](images/wtg-startup-options.gif)
2. Select **Yes** to enable the startup options.
2. Select **Yes** to enable the startup options.
**Tip**  
If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
> [!TIP]
> If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
### <a href="" id="wtg-changefirmware"></a>Change firmware settings
If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer you will need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7 you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you do not suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer you will need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7 you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you do not suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
## Related topics
[Windows To Go: feature overview](windows-to-go-overview.md)
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
[Windows To Go: feature overview](windows-to-go-overview.md)<br>
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)

7
windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
View File

@ -11,7 +11,6 @@ ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@ -31,11 +30,10 @@ You can disable and enable individual compatibility fixes in your customized dat
## Disabling Compatibility Fixes
Customized compatibility databases can become quite complex as you add your fixes for the multiple applications found in your organization. Over time, you may find you need to disable a particular fix in your customized database. For example, if a software vendor releases a fix for an issue addressed in one of your compatibility fixes, you must validate that the vendor's fix is correct and that it resolves your issue. To do this, you must temporarily disable the compatibility fix and then test your application.
> [!IMPORTANT]  
> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
>[!IMPORTANT]
>Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
@ -66,4 +64,5 @@ You can enable your disabled compatibility fixes at any time.
2. On the **Database** menu, click **Enable Entry**.
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

4
windows/deployment/planning/index.md
View File

@ -4,11 +4,11 @@ description: Windows 10 provides new deployment capabilities, scenarios, and to
ms.assetid: 002F9B79-B50F-40C5-A7A5-0B4770E6EC15
keywords: deploy, upgrade, update, configure
ms.prod: w10
manager: laurawi
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
author: TrudyHa
ms.date: 07/27/2017
author: greg-lindsay
ms.topic: article
---

128
windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
View File

@ -11,7 +11,6 @@ ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@ -20,55 +19,51 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
For information about the Search feature, see [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md). However, the Query tool provides more detailed search criteria, including tabs that enable you to search the program properties, the compatibility fix properties, and the fix description. You can perform a search by using SQL SELECT and WHERE clauses, in addition to searching specific types of databases.
<<<<<<< HEAD
> [!IMPORTANT]
> You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
=======
>[!IMPORTANT]
>You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
>>>>>>> bfaab3359a63dde24e6d0dca11b841e045c481f6
## Querying by Using the Program Properties Tab
You can use the **Program Properties** tab of the Query tool to search for any compatibility fix, compatibility mode, or AppHelp for a specific application.
**To query by using the Program Properties tab**
1. On the Compatibility Administrator toolbar, click **Query**.
2. In the **Look in** drop-down list, select the appropriate database type to search.
3. Type the location of the application you are searching for into the **Search for the Application** field.
1. On the Compatibility Administrator toolbar, click **Query**.
2. In the **Look in** drop-down list, select the appropriate database type to search.
3. Type the location of the application you are searching for into the **Search for the Application** field.
This name should be the same as the name in the **Applications** area (left pane) of Compatibility Administrator.
4. Type the application executable (.exe) file name into the **Search for the File** box. If you leave this box blank, the percent (%) sign appears as a wildcard to search for any file.
4. Type the application executable (.exe) file name into the **Search for the File** box. If you leave this box blank, the percent (%) sign appears as a wildcard to search for any file.
You must designate the executable name that was given when the compatibility fix was added to the database.
5. Optionally, select the check box for one of the following types of compatibility fix:
5. Optionally, select the check box for one of the following types of compatibility fix:
- **Compatibility Modes**
- **Compatibility Modes**
- **Compatibility Fixes**
- **Application Helps**
- **Compatibility Fixes**
- **Application Helps**
> [!IMPORTANT]  
> [!IMPORTANT]
> If you do not select any of the check boxes, the search will look for all types of compatibility fixes. Do not select multiple check boxes because only applications that match all of the requirements will appear.
6. Click **Find Now**.
6. Click **Find Now**.
The query runs and the results of the query are displayed in the lower pane.
@ -79,53 +74,39 @@ You can use the **Fix Properties** tab of the Query tool to search for any appli
**To query by using the Fix Properties tab**
1. On the Compatibility Administrator toolbar, click **Query**.
1. On the Compatibility Administrator toolbar, click **Query**.
2. Click the **Fix Properties** tab.
3. In the **Look in** drop-down list, select the appropriate database type to search.
4. Type the name of the compatibility fix or compatibility mode into the **Search for programs fixed using** field.
2. Click the **Fix Properties** tab.
>[!NOTE]
>You can use the percent (%) symbol as a wildcard in your fix-properties query, as a substitute for any string of zero or more characters
3. In the **Look in** drop-down list, select the appropriate database type to search.
5. Select the check box for either **Search in Compatibility Fixes** or **Search in Compatibility Modes**.
4. Type the name of the compatibility fix or compatibility mode into the **Search for programs fixed using** field.
>[!IMPORTANT]
>Your text must match the type of compatibility fix or mode for which you are performing the query. For example, entering the name of a compatibility fix and selecting the compatibility mode check box will not return any results. Additionally, if you select both check boxes, the query will search for the fix by compatibility mode and compatibility fix. Only applications that match both requirements appear.
> [!NOTE]
> You can use the percent (%) symbol as a wildcard in your fix-properties query, as a substitute for any string of zero or more characters.
5. Select the check box for either **Search in Compatibility Fixes** or **Search in Compatibility Modes**.
> [!IMPORTANT]
> Your text must match the type of compatibility fix or mode for which you are performing the query. For example, entering the name of a compatibility fix and selecting the compatibility mode check box will not return any results. Additionally, if you select both check boxes, the query will search for the fix by compatibility mode and compatibility fix. Only applications that match both requirements appear.
6. Click **Find Now**.
6. Click **Find Now**.
The query runs and the results of the query are displayed in the lower pane.
## Querying by Using the Fix Description Tab
You can use the **Fix Description** tab of the Query tool to add parameters that enable you to search your compatibility databases by application title or solution description text.
**To query by using the Fix Description tab**
1. On the Compatibility Administrator toolbar, click **Query**.
1. On the Compatibility Administrator toolbar, click **Query**.
2. Click the **Fix Description** tab.
3. In the **Look in** drop-down list, select the appropriate database type to search.
4. Type your search keywords into the box **Words to look for**. Use commas to separate multiple keywords.
2. Click the **Fix Description** tab.
>[!IMPORTANT]
>You cannot use wildcards as part of the Fix Description search query because the default behavior is to search for any entry that meets your search criteria.
3. In the **Look in** drop-down list, select the appropriate database type to search.
4. Type your search keywords into the box **Words to look for**. Use commas to separate multiple keywords.
> [!IMPORTANT]
> You cannot use wildcards as part of the Fix Description search query because the default behavior is to search for any entry that meets your search criteria.
5. Refine your search by selecting **Match any word** or **Match all words** from the drop-down list.
6. Click **Find Now**.
5. Refine your search by selecting **Match any word** or **Match all words** from the drop-down list.
6. Click **Find Now**.
The query runs and the results of the query are displayed in the lower pane.
@ -136,25 +117,22 @@ You can use the **Fix Description** tab of the Query tool to add additional SQL
**To query by using the Advanced tab**
1. On the Compatibility Administrator toolbar, click **Query**.
2. Click the **Advanced** tab.
3. In the **Look in** drop-down list, select the appropriate database type to search.
4. Select the appropriate SELECT clause for your search from the **Select clauses** box. For example, **APP\_NAME**.
1. On the Compatibility Administrator toolbar, click **Query**.
2. Click the **Advanced** tab.
3. In the **Look in** drop-down list, select the appropriate database type to search.
4. Select the appropriate SELECT clause for your search from the **Select clauses** box. For example, **APP\_NAME**.
The **APP\_NAME** clause appears in the **SELECT** field. You can add as many additional clauses as you require. They will appear as columns in your search results.
5. Select the appropriate WHERE clause for your search from the **Where clauses** box. For example, **DATABASE\_NAME**.
5. Select the appropriate WHERE clause for your search from the **Where clauses** box. For example, **DATABASE\_NAME**.
The **DATABASE\_NAME =** clause appears in the **WHERE** box.
6. Type the appropriate clause criteria after the equal (=) sign in the **WHERE** box. For example, **DATABASE\_NAME = "Custom\_Database"**.
6. Type the appropriate clause criteria after the equal (=) sign in the **WHERE** box. For example, **DATABASE\_NAME = "Custom\_Database"**.
You must surround your clause criteria text with quotation marks (") for the clause to function properly.
7. Click **Find Now**.
7. Click **Find Now**.
The query runs and the results of the query are displayed in the lower pane.
@ -165,20 +143,12 @@ You can export any of your search results into a tab-delimited text (.txt) file
**To export your results**
1. After you have completed your search by using the Query tool, click **Export**.
1. After you have completed your search by using the Query tool, click **Export**.
The **Save results to a file** dialog box appears.
2. Browse to the location where you intend to store the search results file, and then click **Save**.
2. Browse to the location where you intend to store the search results file, and then click **Save**.
## Related topics
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

28
windows/deployment/planning/understanding-and-using-compatibility-fixes.md
View File

@ -11,27 +11,24 @@ ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
# Understanding and Using Compatibility Fixes
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012
- Windows Server 2008 R2
As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.
## How the Compatibility Fix Infrastructure Works
The Compatibility Fix infrastructure uses the linking ability of APIs to redirect an application from Windows code directly to alternative code that implements the compatibility fix.
The Windows Portable Executable File Format includes headers that contain the data directories that are used to provide a layer of indirection between the application and the linked file. API calls to the external binary files take place through the Import Address Table (IAT), which then directly calls the Windows operating system, as shown in the following figure.
@ -42,14 +39,13 @@ Specifically, the process modifies the address of the affected Windows function
![act app redirect with compatibility fix](images/dep-win8-l-act-appredirectwithcompatfix.jpg)
> [!NOTE]
> For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API.
>[!NOTE]
>For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API.
## Design Implications of the Compatibility Fix Infrastructure
There are important considerations to keep in mind when determining your application fix strategy, due to certain characteristics of the Compatibility Fix infrastructure.
- The compatibility fix is not part of the Windows operating system (as shown in the previous figure). Therefore, the same security restrictions apply to the compatibility fix as apply to the application code, which means that you cannot use compatibility fixes to bypass any of the security mechanisms of the operating system. Therefore, compatibility fixes do not increase your security exposure, nor do you need to lower your security settings to accommodate compatibility fixes.
@ -58,14 +54,11 @@ There are important considerations to keep in mind when determining your applica
- The compatibility fixes run as user-mode code inside of a user-mode application process. This means that you cannot use a compatibility fix to fix kernel-mode code issues. For example, you cannot use a compatibility fix to resolve device-driver issues.
> [!NOTE] 
> [!NOTE]
> Some antivirus, firewall, and anti-spyware code runs in kernel mode.
## Determining When to Use a Compatibility Fix
The decision to use compatibility fixes to remedy your compatibility issues may involve more than just technical issues. The following scenarios reflect other common reasons for using a compatibility fix.
### Scenario 1
@ -88,15 +81,14 @@ In the situation where an application is either unimportant to your organization
## Determining Which Version of an Application to Fix
You can apply a compatibility fix to a particular version of an application, either by using the "up to or including" clause or by selecting that specific version. This means that the next version of the application will not have the compatibility fix automatically applied. This is important, because it allows you to continue to use your application, but it also encourages the vendor to fix the application.
## Support for Compatibility Fixes
Compatibility fixes are shipped as part of the Windows operating system and are updated by using Windows Update. Therefore, they receive the same level of support as Windows itself.
You can apply the compatibility fixes to any of your applications. However, Microsoft does not provide the tools to use the Compatibility Fix infrastructure to create your own custom fixes.
## Related topics
[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)

19
windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
View File

@ -11,7 +11,6 @@ ms.pagetype: appcompat
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.date: 04/19/2017
ms.topic: article
---
@ -29,14 +28,14 @@ ms.topic: article
The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
> [!IMPORTANT]  
> The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list.
>[!IMPORTANT]
>The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list.
**To open the Events screen**
- On the **View** menu, click **Events**.
- On the **View** menu, click **Events**.
## Handling Multiple Copies of Compatibility Fixes
@ -46,15 +45,5 @@ Compatibility Administrator enables you to copy your compatibility fixes from on
If you open the **Events** screen and then perform the copy operation, you can see a description of the action, along with the time stamp, which enables you to view your fix information without confusion.
## Related topics
[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)
[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)<br>
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)

4
windows/deployment/planning/windows-10-1703-removed-features.md
View File

@ -2,11 +2,11 @@
title: Windows 10, version 1703 removed features
description: Learn about features that were removed in Windows 10, version 1703
ms.prod: w10
manager: laurawi
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
author: lizap
ms.date: 10/09/2017
author: greg-lindsay
ms.topic: article
---
# Features that are removed or deprecated in Windows 10, version 1703

138
windows/deployment/planning/windows-to-go-overview.md
View File

@ -20,52 +20,42 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 10
>[!IMPORTANT]
>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
> [!IMPORTANT]
> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif)
- [Roaming with Windows To Go](#bkmk-wtgroam)
- [Prepare for Windows To Go](#wtg-prep-intro)
- [Hardware considerations for Windows To Go](#wtg-hardware)
- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif)
- [Roaming with Windows To Go](#bkmk-wtgroam)
- [Prepare for Windows To Go](#wtg-prep-intro)
- [Hardware considerations for Windows To Go](#wtg-hardware)
> [!NOTE]
> Windows To Go is not supported on Windows RT.
> Windows To Go is not supported on Windows RT.
## <a href="" id="bkmk-wtgdif"></a>Differences between Windows To Go and a typical installation of Windows
Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are:
- **Internal disks are offline.** To ensure data isnt accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer.
- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturers standard for the computer doesnt apply when running a Windows To Go workspace, so the feature was disabled.
- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
- **Internal disks are offline.** To ensure data isnt accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer.
- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturers standard for the computer doesnt apply when running a Windows To Go workspace, so the feature was disabled.
- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
## <a href="" id="bkmk-wtgroam"></a>Roaming with Windows To Go
Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is subsequently booted on that host computer it will be able to identify the host computer and load the correct set of drivers automatically.
The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware which will cause difficulties if the workspace is being used with multiple host computers.
## <a href="" id="wtg-prep-intro"></a>Prepare for Windows To Go
Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available.
@ -73,8 +63,6 @@ These same tools can be used to provision Windows To Go drive, just as you would
> [!IMPORTANT]
> Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported.
As you decide what to include in your Windows To Go image, be sure to consider the following questions:
Are there any drivers that you need to inject into the image?
@ -91,47 +79,37 @@ For more information about designing and planning your Windows To Go deployment,
## <a href="" id="wtg-hardware"></a>Hardware considerations for Windows To Go
**For USB drives**
The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following:
The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following:
- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly.
- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later.
- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details.
- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly.
- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later.
- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details.
As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives:
**Warning**  
Using a USB drive that has not been certified is not supported
> [!WARNING]
> Using a USB drive that has not been certified is not supported.
- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714))
- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717))
- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718))
- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714))
- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717))
- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718))
- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace.
- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
> [!IMPORTANT]  
> [!IMPORTANT]
> You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720).
- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
**Tip**  
This device contains an embedded smart card.
> [!TIP]
> This device contains an embedded smart card.
@ -151,11 +129,9 @@ Using a USB drive that has not been certified is not supported
When assessing the use of a PC as a host for a Windows To Go workspace you should consider the following criteria:
- Hardware that has been certified for use with Windows 7or later operating systems will work well with Windows To Go.
- Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario.
- Running a Windows To Go workspace on a Mac computer is not a supported scenario.
- Hardware that has been certified for use with Windows 7 or later operating systems will work well with Windows To Go.
- Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario.
- Running a Windows To Go workspace on a Mac computer is not a supported scenario.
The following table details the characteristics that the host computer must have to be used with Windows To Go:
@ -177,7 +153,7 @@ The following table details the characteristics that the host computer must have
</tr>
<tr class="even">
<td align="left"><p>Firmware</p></td>
<td align="left"><p>USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)</p></td>
<td align="left"><p>USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Processor architecture</p></td>
@ -206,11 +182,9 @@ The following table details the characteristics that the host computer must have
</tbody>
</table>
**Checking for architectural compatibility between the host PC and the Windows To Go drive**
In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
<table>
<colgroup>
@ -249,37 +223,17 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your W
</tbody>
</table>
## Additional resources
- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
## Related topics
- [Deploy Windows To Go in your organization](https://go.microsoft.com/fwlink/p/?LinkId=619975)
- [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
- [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
- [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
- [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
- [Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
[Deploy Windows To Go in your organization](https://go.microsoft.com/fwlink/p/?LinkId=619975)<br>
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)<br>
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)

2
windows/deployment/update/index.md
View File

@ -5,9 +5,9 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: Jaimeo
manager: laurawi
ms.localizationpriority: high
ms.author: jaimeo
ms.date: 04/06/2018
ms.topic: article
---

4
windows/deployment/update/waas-optimize-windows-10-updates.md
View File

@ -4,9 +4,9 @@ description: Two methods of peer-to-peer content distribution are available in W
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: greg-lindsay
author: jaimeo
ms.localizationpriority: medium
ms.author: greg-lindsay
ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article

5
windows/deployment/update/waas-restart.md
View File

@ -4,10 +4,9 @@ description: tbd
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
author: jaimeo
ms.localizationpriority: medium
ms.author: greg-lindsay
ms.date: 07/27/2017
ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article

5
windows/deployment/update/waas-wufb-group-policy.md
View File

@ -4,10 +4,9 @@ description: Configure Windows Update for Business settings using Group Policy.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: greg-lindsay
author: jaimeo
ms.localizationpriority: medium
ms.author: greg-lindsay
ms.date: 07/27/2017
ms.author: jaimeo
ms.reviewer:
manager: laurawi
ms.topic: article

4
windows/deployment/upgrade/windows-10-upgrade-paths.md
View File

@ -24,7 +24,7 @@ ms.topic: article
This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. For more information about migrating to a different edition of Windows 10, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md).
> **Windows 10 version upgrade**: You can directly upgrade a supported version of Windows 10 to a newer version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
> **Windows 10 version upgrade**: You can directly upgrade any semi-annual channel version of Windows 10 to a newer, supported semi-annual channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information.
>
> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
>
@ -34,7 +34,7 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
>
> **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
✔ = Full upgrade is supported including personal data, settings, and applications.<BR>
✔ = Full upgrade is supported including personal data, settings, and applications.<br>
D = Edition downgrade; personal data is maintained, applications and settings are removed.
<br>

108
windows/deployment/windows-autopilot/bitlocker.md
View File

@ -1,54 +1,54 @@
---
title: Setting the BitLocker encryption algorithm for Autopilot devices
ms.reviewer:
manager: laurawi
description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices.
keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
ms.prod: w10
ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Setting the BitLocker encryption algorithm for Autopilot devices
**Applies to**
- Windows 10
With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins.
The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm.
2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group.
- **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices.
- **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
An example of Microsoft Intune Windows Encryption settings is shown below.
![BitLocker encryption settings](images/bitlocker-encryption.png)
Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
Note: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
## Requirements
Windows 10, version 1809 or later.
## See also
---
title: Setting the BitLocker encryption algorithm for Autopilot devices
ms.reviewer:
manager: laurawi
description: Microsoft Intune provides a comprehensive set of configuration options to manage BitLocker on Windows 10 devices.
keywords: Autopilot, BitLocker, encryption, 256-bit, Windows 10
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Setting the BitLocker encryption algorithm for Autopilot devices
**Applies to**
- Windows 10
With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. This ensures that the default encrytion algorithm is not applied automatically when this is not the desired setting. Other BitLocker policies that must be applied prior to encryption can also be delivered before automatic BitLocker encryption begins.
The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm.
2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group.
- **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices.
- **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
An example of Microsoft Intune Windows Encryption settings is shown below.
![BitLocker encryption settings](images/bitlocker-encryption.png)
Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
Note: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
## Requirements
Windows 10, version 1809 or later.
## See also
[Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

78
windows/deployment/windows-autopilot/enrollment-status.md
View File

@ -1,39 +1,39 @@
---
title: Windows Autopilot Enrollment Status Page
ms.reviewer:
manager: laurawi
description: Gives an overview of the Enrollment Status Page capabilities, configuration
keywords: Autopilot Plug and Forget, Windows 10
ms.prod: w10
ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot Enrollment Status Page
**Applies to**
- Windows 10, version 1803 and later
The Enrollment Status Page (ESP) displays the status of the complete device configuration process when an MDM managed user signs into a device for the very first time. The ESP will help users understand the progress of device provisioning and ensures the device has met the organizations desired state before the user can access the desktop for the first time.
The ESP will track the installation of applications, security policies, certificates and network connections. Within Intune, an administrator can deploy ESP profiles to a licensed Intune user and configure specific settings within the ESP profile; a few of these settings are: force the installation of specified applications, allow users to collect troubleshooting logs, specify what a user can do if device setup fails. For more information, see how to set up the [Enrollment Status Page in Intune](https://docs.microsoft.com/intune/windows-enrollment-status).
![Enrollment Status Page](images/enrollment-status-page.png)
## More information
For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).<br>
For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP documentation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
For more information about blocking for app installation:
- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
---
title: Windows Autopilot Enrollment Status Page
ms.reviewer:
manager: laurawi
description: Gives an overview of the Enrollment Status Page capabilities, configuration
keywords: Autopilot Plug and Forget, Windows 10
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
ms.localizationpriority: medium
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot Enrollment Status Page
**Applies to**
- Windows 10, version 1803 and later
The Enrollment Status Page (ESP) displays the status of the complete device configuration process when an MDM managed user signs into a device for the very first time. The ESP will help users understand the progress of device provisioning and ensures the device has met the organizations desired state before the user can access the desktop for the first time.
The ESP will track the installation of applications, security policies, certificates and network connections. Within Intune, an administrator can deploy ESP profiles to a licensed Intune user and configure specific settings within the ESP profile; a few of these settings are: force the installation of specified applications, allow users to collect troubleshooting logs, specify what a user can do if device setup fails. For more information, see how to set up the [Enrollment Status Page in Intune](https://docs.microsoft.com/intune/windows-enrollment-status).
![Enrollment Status Page](images/enrollment-status-page.png)
## More information
For more information on configuring the Enrollment Status Page, see the [Microsoft Intune documentation](https://docs.microsoft.com/intune/windows-enrollment-status).<br>
For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP documentation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
For more information about blocking for app installation:
- [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).

3
windows/hub/index.md
View File

@ -7,9 +7,8 @@ ms.localizationpriority: high
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.date: 07/16/2019
ms.author: dansimp
ms.date: 09/03/2018
author: dansimp
ms.reviewer: dansimp
manager: dansimp
---

5
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.localizationpriority: medium
author: medgarmedgar
ms.author: v-medgar
ms.date: 8/23/2019
ms.date: 9/4/2019
---
# Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server
@ -100,7 +100,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
1. **OneDrive**
1. MDM Policy: [DisableOneDriveFileSync](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync). Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
1. Ingest the ADMX - To get the latest OneDrive ADMX file you need an up-to-date Windows 10 client. The ADMX files are located under the following path: %LocalAppData%\Microsoft\OneDrive\ there's a folder with the current OneDrive build (e.g. "18.162.0812.0001"). There is a folder named "adm" which contains the admx and adml policy definition files.
1. MDM Policy: Prevent Network Traffic before User SignIn. **PreventNetworkTrafficPreUserSignIn**. The OMA-URI value is: ./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn, **String, \<enabled/>**
1. MDM Policy: Prevent Network Traffic before User SignIn. **PreventNetworkTrafficPreUserSignIn**. The OMA-URI value is: **./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC\~Policy\~OneDriveNGSC/PreventNetworkTrafficPreUserSignIn**, Data type: **String**, Value: **\<enabled/>**
1. **Privacy settings** Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
@ -139,6 +139,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
1. Windows Defender Smartscreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender Smartscreen. **Set to 0 (zero)**
1. Windows Defender Smartscreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
1. [Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). Allows you to define the order in which different definition update sources should be contacted. The OMA-URI for this is: **./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder**, Data type: **String**, Value: **FileShares**
1. **Windows Spotlight** - [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight). Disable Windows Spotlight. **Set to 0 (zero)**
1. **Microsoft Store**
1. [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps). Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**

6
windows/release-information/resolved-issues-windows-10-1607.yml
View File

@ -32,9 +32,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='641msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#641msgdesc'>See details ></a></td><td>OS Build 14393.3144<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='612msg'></div><b>Internet Explorer 11 and apps using the WebBrowser control may fail to render</b><br>JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.<br><br><a href = '#612msgdesc'>See details ></a></td><td>OS Build 14393.3085<br><br>July 09, 2019<br><a href ='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='538msg'></div><b>SCVMM cannot enumerate and manage logical switches deployed on the host</b><br>For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.<br><br><a href = '#538msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>July 16, 2019 <br>10:00 AM PT</td></tr>
@ -80,9 +80,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='612msgdesc'></div><b>Internet Explorer 11 and apps using the WebBrowser control may fail to render</b><div>Internet Explorer 11 may fail to render some JavaScript after installing <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>. You may also have issues with apps using JavaScript or the <strong>WebBrowser</strong> control, such as the present PowerPoint feature of Skype Meeting&nbsp;Broadcast.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a>.</div><br><a href ='#612msg'>Back to top</a></td><td>OS Build 14393.3085<br><br>July 09, 2019<br><a href ='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 26, 2019 <br>04:58 PM PT</td></tr>
</table>
"

6
windows/release-information/resolved-issues-windows-10-1703.yml
View File

@ -32,8 +32,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='641msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#641msgdesc'>See details ></a></td><td>OS Build 15063.1988<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512474' target='_blank'>KB4512474</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 15063.1868<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503279' target='_blank'>KB4503279</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='528msg'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><br>Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.<br><br><a href = '#528msgdesc'>See details ></a></td><td>OS Build 15063.1805<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499181' target='_blank'>KB4499181</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507450' target='_blank'>KB4507450</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='520msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#520msgdesc'>See details ></a></td><td>OS Build 15063.1839<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499162' target='_blank'>KB4499162</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509476' target='_blank'>KB4509476</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
@ -71,8 +71,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/resolved-issues-windows-10-1709.yml
View File

@ -32,9 +32,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='648msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#648msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='520msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#520msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='503msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#503msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
@ -73,9 +73,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/resolved-issues-windows-10-1803.yml
View File

@ -32,10 +32,10 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='674msg'></div><b>Notification issue: \"Your device is missing important security and quality fixes.\"</b><br>Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"<br><br><a href = '#674msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 03, 2019 <br>12:32 PM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='649msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#649msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='520msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#520msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='503msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.<br><br><a href = '#503msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
@ -83,9 +83,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>Resolved:<br>August 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
View File

@ -32,9 +32,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='641msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#641msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='520msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#520msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509479' target='_blank'>KB4509479</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
<tr><td><div id='504msg'></div><b>Devices with Realtek Bluetooth radios drivers may not pair or connect as expected</b><br>Devices with some Realtek Bluetooth radios drivers, in some circumstances, may have issues pairing or connecting to devices.<br><br><a href = '#504msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
@ -82,9 +82,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

10
windows/release-information/resolved-issues-windows-10-1903.yml
View File

@ -32,12 +32,12 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='677msg'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><br>Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.<br><br><a href = '#677msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='671msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#671msgdesc'>See details ></a></td><td>OS Build 18362.295<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='670msg'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><br>Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.<br><br><a href = '#670msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='669msg'></div><b>Initiating a Remote Desktop connection may result in black screen</b><br>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.<br><br><a href = '#669msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='668msg'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><br>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates<br><br><a href = '#668msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 20, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='667msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#667msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='666msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#666msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='597msg'></div><b>Display brightness may not respond to adjustments</b><br>Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.<br><br><a href = '#597msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='546msg'></div><b>RASMAN service may stop working and result in the error “0xc0000005”</b><br>The Remote Access Connection Manager (RASMAN) service may stop working and result in the error “0xc0000005” with VPN profiles configured as an Always On VPN connection.<br><br><a href = '#546msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
@ -74,11 +74,11 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='670msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Workaround:</strong> To mitigate this issue before the safeguard hold is removed, you will need to update the Intel RST drivers for your device to version&nbsp;<strong>15.5.2.1054&nbsp;</strong>or a later.&nbsp;&nbsp;Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at&nbsp;<a href=\"https://downloadcenter.intel.com/download/28997/Intel-Rapid-Storage-Technology-Intel-RST-User-Interface-and-Driver\" target=\"_blank\">Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver</a>.&nbsp;Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><div><br></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. The safeguard hold is estimated to be removed in early September.</div><br><a href ='#670msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='677msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#677msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='669msgdesc'></div><b>Initiating a Remote Desktop connection may result in black screen</b><div>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#669msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 12, 2019 <br>04:42 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='667msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#667msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='666msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. The safeguard hold is estimated to be removed in early September.</div><br><a href ='#666msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
View File

@ -60,9 +60,9 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='641msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#641msgdesc'>See details ></a></td><td>OS Build 14393.3144<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='612msg'></div><b>Internet Explorer 11 and apps using the WebBrowser control may fail to render</b><br>JavaScript may fail to render as expected in Internet Explorer 11 and in apps using JavaScript or the WebBrowser control.<br><br><a href = '#612msgdesc'>See details ></a></td><td>OS Build 14393.3085<br><br>July 09, 2019<br><a href ='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='598msg'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><br> Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.<br><br><a href = '#598msgdesc'>See details ></a></td><td>OS Build 14393.3053<br><br>June 18, 2019<br><a href ='https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>August 01, 2019 <br>05:00 PM PT</td></tr>
@ -95,9 +95,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512495' target='_blank'>KB4512495</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 14393.3115<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507459' target='_blank'>KB4507459</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='612msgdesc'></div><b>Internet Explorer 11 and apps using the WebBrowser control may fail to render</b><div>Internet Explorer 11 may fail to render some JavaScript after installing <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>. You may also have issues with apps using JavaScript or the <strong>WebBrowser</strong> control, such as the present PowerPoint feature of Skype Meeting&nbsp;Broadcast.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a>.</div><br><a href ='#612msg'>Back to top</a></td><td>OS Build 14393.3085<br><br>July 09, 2019<br><a href ='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512517' target='_blank'>KB4512517</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 26, 2019 <br>04:58 PM PT</td></tr>
</table>
"

6
windows/release-information/status-windows-10-1703.yml
View File

@ -66,8 +66,8 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='641msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#641msgdesc'>See details ></a></td><td>OS Build 15063.1988<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512474' target='_blank'>KB4512474</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 15063.1868<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503279' target='_blank'>KB4503279</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='321msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#321msgdesc'>See details ></a></td><td>OS Build 15063.1563<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480973' target='_blank'>KB4480973</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
@ -95,8 +95,8 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 15063.1955<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507467' target='_blank'>KB4507467</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512507' target='_blank'>KB4512507</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/status-windows-10-1709.yml
View File

@ -60,9 +60,9 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='648msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#648msgdesc'>See details ></a></td><td>OS Build 16299.1331<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>August 16, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='320msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#320msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
@ -90,9 +90,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512494' target='_blank'>KB4512494</a></td><td>Resolved:<br>August 16, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 16299.1296<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507465' target='_blank'>KB4507465</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512516' target='_blank'>KB4512516</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/status-windows-10-1803.yml
View File

@ -65,10 +65,10 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='674msg'></div><b>Notification issue: \"Your device is missing important security and quality fixes.\"</b><br>Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"<br><br><a href = '#674msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 03, 2019 <br>12:32 PM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='649msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#649msgdesc'>See details ></a></td><td>OS Build 17134.950<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>August 19, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='498msg'></div><b>Startup to a black screen after installing updates</b><br>Your device may startup to a black screen during the first logon after installing updates.<br><br><a href = '#498msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>June 14, 2019 <br>04:41 PM PT</td></tr>
<tr><td><div id='319msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#319msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -106,9 +106,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512509' target='_blank'>KB4512509</a></td><td>Resolved:<br>August 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 17134.915<br><br>July 16, 2019<br><a href ='https://support.microsoft.com/help/4507466' target='_blank'>KB4507466</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512501' target='_blank'>KB4512501</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

6
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -64,9 +64,9 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='650msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#650msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='641msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#641msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='628msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#628msgdesc'>See details ></a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>August 13, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='598msg'></div><b>Apps and scripts using the NetQueryDisplayInformation API may fail with error</b><br> Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data.<br><br><a href = '#598msgdesc'>See details ></a></td><td>OS Build 17763.55<br><br>October 09, 2018<br><a href ='https://support.microsoft.com/help/4464330' target='_blank'>KB4464330</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>August 01, 2019 <br>05:00 PM PT</td></tr>
<tr><td><div id='498msg'></div><b>Startup to a black screen after installing updates</b><br>Your device may startup to a black screen during the first logon after installing updates.<br><br><a href = '#498msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>June 14, 2019 <br>04:41 PM PT</td></tr>
@ -98,9 +98,9 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='650msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a>.</div><br><a href ='#650msg'>Back to top</a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512534' target='_blank'>KB4512534</a></td><td>Resolved:<br>August 17, 2019 <br>02:00 PM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='628msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a>. To safeguard your upgrade experience, the compatibility hold on devices from being offered Windows 10, version 1903 or Windows Server, version 1903 is still in place. Once the issue is addressed on Windows 10, version 1903, this safeguard hold will be removed for all affected platforms. Check the <a href=\"https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1903\" target=\"_blank\">Windows 10, version 1903 section </a>of the release information dashboard for the most up to date information on this and other safeguard holds.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#628msg'>Back to top</a></td><td>OS Build 17763.652<br><br>July 22, 2019<br><a href ='https://support.microsoft.com/help/4505658' target='_blank'>KB4505658</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved:<br>August 13, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
</table>
"

20
windows/release-information/status-windows-10-1903.yml
View File

@ -65,12 +65,13 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='678msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#678msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='677msg'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><br>Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.<br><br><a href = '#677msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='676msg'></div><b>Windows Desktop Search may not return any results and may have high CPU usage</b><br>Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.<br><br><a href = '#676msgdesc'>See details ></a></td><td>OS Build 18362.329<br><br>August 30, 2019<br><a href ='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>September 04, 2019 <br>02:25 PM PT</td></tr>
<tr><td><div id='671msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.<br><br><a href = '#671msgdesc'>See details ></a></td><td>OS Build 18362.295<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='670msg'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><br>Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.<br><br><a href = '#670msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='669msg'></div><b>Initiating a Remote Desktop connection may result in black screen</b><br>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.<br><br><a href = '#669msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='668msg'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><br>Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates<br><br><a href = '#668msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 20, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='667msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#667msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='666msg'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><br>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.<br><br><a href = '#666msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='634msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive an error, \"Updates Failed, There were problems installing some updates, but we'll try again later\" and \"Error 0x80073701.\"<br><br><a href = '#634msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>August 16, 2019 <br>04:28 PM PT</td></tr>
<tr><td><div id='610msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on Windows devices that installed updates on June 11, 2019 or later.<br><br><a href = '#610msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
<tr><td><div id='603msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#603msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Mitigated External<br></td><td>August 01, 2019 <br>08:44 PM PT</td></tr>
@ -89,6 +90,15 @@ sections:
<div>
</div>
"
- title: September 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='676msgdesc'></div><b>Windows Desktop Search may not return any results and may have high CPU usage</b><div>Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been&nbsp;disabled.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Next steps: </strong>We are working on a resolution and estimate a solution will be available in mid-September.</div><br><a href ='#676msg'>Back to top</a></td><td>OS Build 18362.329<br><br>August 30, 2019<br><a href ='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>September 04, 2019 <br>02:25 PM PT<br><br>Opened:<br>September 04, 2019 <br>02:25 PM PT</td></tr>
</table>
"
- title: August 2019
- items:
- type: markdown
@ -105,11 +115,11 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='670msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Workaround:</strong> To mitigate this issue before the safeguard hold is removed, you will need to update the Intel RST drivers for your device to version&nbsp;<strong>15.5.2.1054&nbsp;</strong>or a later.&nbsp;&nbsp;Check with your device manufacturer (OEM) to see if an updated driver is available and install it. You can also download the latest Intel RST drivers directly from Intel at&nbsp;<a href=\"https://downloadcenter.intel.com/download/28997/Intel-Rapid-Storage-Technology-Intel-RST-User-Interface-and-Driver\" target=\"_blank\">Intel® Rapid Storage Technology (Intel® RST) User Interface and Driver</a>.&nbsp;Once your drivers are updated, you can restart the installation process for Windows 10, version 1903. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><div><br></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. The safeguard hold is estimated to be removed in early September.</div><br><a href ='#670msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='678msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#678msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='677msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#677msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='669msgdesc'></div><b>Initiating a Remote Desktop connection may result in black screen</b><div>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#669msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 12, 2019 <br>04:42 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='667msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#667msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='666msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>. The safeguard hold is estimated to be removed in early September.</div><br><a href ='#666msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='536msgdesc'></div><b>The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the <strong>Scan for hardware changes</strong> button in the <strong>Action </strong>menu or on the toolbar in Device Manager.</div><div><br></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until this issue has been resolved.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#536msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>July 16, 2019 <br>09:04 AM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
</table>
"

BIN
windows/security/identity-protection/hello-for-business/images/howitworks/devreg-aadj-managed.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 70 KiB

1
windows/security/threat-protection/TOC.md
View File

@ -498,7 +498,6 @@
#### [Rules]()
##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)

15
windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
View File

@ -53,7 +53,7 @@ For tenants created on or after Windows 10, version 1809 the automated investiga
> - The result of the auto-resolve action may influence the Machine risk level calculation which is based on the active alerts found on a machine.
>- If a security operations analyst manually sets the status of an alert to "In progress" or "Resolved" the auto-resolve capability will not overwrite it.
## Block file
## Allow or block file
Blocking is only available if your organization uses Windows Defender Antivirus as the active antimalware solution, and if the cloud-based protection feature is enabled.
@ -71,6 +71,19 @@ To turn **Allow or block** files on:
Once you have enabled this feature, you can [block files](respond-file-alerts.md#allow-or-block-file) via the **Add Indicator** tab on a file's profile page.
## Custom network indicators
Enabling this feature allows you to create indicators for IP addresses, domains, or URLs which determine whether they will be allowed or blocked based on your custom indicator list.
To use this feature, machines must be running Windows 10 version 1709 or later. They should also have network protection in block mode and version 4.18.1906.3 or later of the antimalware platform [see KB 4052623](https://go.microsoft.com/fwlink/?linkid=2099834).
For more information, see [Manage indicators](manage-indicators.md).
>[!NOTE]
>Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Microsoft Defender ATP data.
## Show user details
When you enable this feature, you'll be able to see user details stored in Azure Active Directory including a user's picture, name, title, and department information when investigating user account entities. You can find user account information in the following views:

26
windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
View File

@ -44,30 +44,20 @@ The **Onboarding** card provides a high-level overview of your onboarding rate b
Microsoft Defender ATP provides several convenient options for [onboarding Windows 10 machines](onboard-configure.md). For Intune-managed machines, however, you can leverage Intune profiles to conveniently deploy the Microsoft Defender ATP sensor to select machines, effectively onboarding these devices to the service.
From the **Onboarding** card, select **Onboard more machines** to create and assign a profile on Intune. The link takes you to a similar overview of your onboarding state.
From the **Onboarding** card, select **Onboard more machines** to create and assign a profile on Intune. The link takes you to the device compliance page on Intune, which provides a similar overview of your onboarding state.
![Microsoft Defender ATP device compliance page on Intune device management](images/secconmgmt_onboarding_1deviceconfprofile.png)<br>
*Microsoft Defender ATP device compliance page on Intune device management*
>[!TIP]
>Alternatively, you can navigate to the Microsoft Defender ATP onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
From the overview, create a configuration profile specifically for the deployment of the Microsoft Defender ATP sensor and assign that profile to the machines you want to onboard.
From the device compliance page, create a configuration profile specifically for the deployment of the Microsoft Defender ATP sensor and assign that profile to the machines you want to onboard. To do this, you can either:
1. Select **Create a device configuration profile to configure ATP sensor**.
- Select **Create a device configuration profile to configure ATP sensor** to start with a predefined device configuration profile.
- Create the device configuration profile from scratch.
![Microsoft Defender ATP device compliance page on Intune device management](images/secconmgmt_onboarding_1deviceconfprofile.png)<br>
*Microsoft Defender ATP device compliance page on Intune device management*
2. Specify a name for the profile, specify desired configuration options for sample sharing and reporting frequency, and select **Create** to save the new profile.
![Configuration profile creation screen on Intune](images/secconmgmt_onboarding_2deviceconfprofile.png)<br>
*Configuration profile creation*
3. After creating the profile, assign it to all your machines. You can review profiles and their deployment status anytime by accessing **Device configuration > Profiles** on Intune.
![Profile assignment screen on Intune](images/secconmgmt_onboarding_3assignprofile.png)<br>
*Assigning the new profile to all machines*
>[!TIP]
>To learn more about Intune profiles, read about [assigning user and device profiles](https://docs.microsoft.com/intune/device-profile-assign).
For more information, [read about using Intune device configuration profiles to onboard machines to Microsoft Defender ATP](https://docs.microsoft.com/en-us/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)

4
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -20,15 +20,13 @@ ms.topic: article
**Applies to:**
- Windows Server 2008 R2 SP1 (pre-release)
- Windows Server 2008 R2 SP1
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server, version 1803
- Windows Server, 2019
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)

BIN
windows/security/threat-protection/microsoft-defender-atp/images/rules-indicators.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

68
windows/security/threat-protection/microsoft-defender-atp/manage-automation-allowed-blocked-list.md
View File

@ -1,68 +0,0 @@
---
title: Manage automation allowed/blocked lists
description: Create lists that control what items are automatically blocked or allowed during an automatic investigation.
keywords: manage, automation, whitelist, blacklist, block, clean, malicious
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Manage automation allowed/blocked lists
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Create a rule to control which entities are automatically incriminated or exonerated during Automated investigations.
Entities added to the allowed list are considered safe and will not be analyzed during Automated investigations.
Entities added to the blocked list are considered malicious and will be remediated during Automated investigations.
You can define the conditions for when entities are identified as malicious or safe based on certain attributes such as hash values or certificates.
## Create an allowed or blocked list
1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**.
2. Select the tab of the type of entity you'd like to create an exclusion for. Currently, you can add a rule for certificates.
3. Select **Add allowed/blocked list rule**.
4. For each attribute specify the exclusion type, details, and their corresponding required values.
5. Click **Add rule**.
## Edit a list
1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**.
2. Select the tab of the entity type you'd like to edit the list from.
3. Update the details of the rule and click **Update rule**.
## Delete a list
1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**.
2. Select the tab of the entity type you'd like to delete the list from.
3. Select the list type by clicking the check-box beside the list type.
4. Click **Delete**.
## Related topics
- [Manage automation file uploads](manage-automation-file-uploads.md)
- [Manage indicators](manage-indicators.md)
- [Manage automation folder exclusions](manage-automation-folder-exclusions.md)

131
windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
View File

@ -1,4 +1,4 @@
---
---
title: Manage indicators
ms.reviewer:
description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
@ -23,32 +23,117 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Microsoft Defender ATP and gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
On the top navigation you can:
Currently supported sources are the cloud detection engine of Microsoft Defender ATP, the automated investigation and remediation engine, and the endpoint prevention engine (Windows Defender AV).
- Import a list
- Add an indicator
- Customize columns to add or remove columns
- Export the entire list in CSV format
- Select the items to show per page
- Navigate between pages
- Apply filters
**Cloud detection engine**<br>
The cloud detection engine of Microsoft Defender ATP regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC.
## Create an indicator
**Endpoint prevention engine**<br>
The same list of indicators is honored by the prevention agent. Meaning, if Windows Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Windows Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Windows Defender AV will not detect nor block the file from being run.
**Automated investigation and remediation engine**<BR>
The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad".
The current supported actions are:
- Allow
- Alert only
- Alert and block
You can create an indicator for:
- Files
- IP addresses
- URLs/domains
>[!NOTE]
>There is a limit of 5000 indicators per tenant.
![Image of indicators settings page](images/rules-indicators.png)
## Create indicators for files
You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
There are two ways you can create indicators for files:
- By creating an indicator through the settings page
- By creating a contextual indicator using the add indicator button from the file details page
### Before you begin
It's important to understand the following prerequisites prior to creating indicators for files:
- This feature is available if your organization uses Windows Defender Antivirus and Cloudbased protection is enabled. For more information, see [Manage cloudbased protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md).
- The Antimalware client version must be 4.18.1901.x or later.
- Supported on machines on Windows 10, version 1703 or later.
- To start blocking files, you first need to [turn the **Block or allow** feature on](advanced-features.md) in Settings.
- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time.
>[!IMPORTANT]
>- The allow or block function cannot be done on files if the file's classification exists on the device's cache prior to the allow or block action
>- Trusted signed files will be treated differently. Microsoft Defender ATP is optimized to handle malicious files. Trying to block trusted signed files, in some cases, may have performance implications.
>- The PE file needs to be in the machine timeline for you to be able to take this action.
>[!NOTE]
>There may be a couple of minutes of latency between the time the action is taken and the actual file being blocked.
### Create an indicator for files from the settings page
1. In the navigation pane, select **Settings** > **Indicators**.
2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
- File hash
- IP address
- URLs/Domains
3. Click **Add indicator**.
2. Select the **File hash** tab.
4. For each attribute specify the following details:
3. Select **Add indicator**.
4. Specify the following details:
- Indicator - Specify the entity details and define the expiration of the indicator.
- Action - Specify the action to be taken and provide a description.
- Scope - Define the scope of the machine group.
5. Review the details in the Summary tab, then click **Save**.
### Create a contextual indicator from the file details page
One of the options when taking [response actions on a file](respond-file-alerts.md) is adding an indicator for the file.
When you add an indicator hash for a file, you can choose to raise an alert and block the file whenever a machine in your organization attempts to run it.
Files automatically blocked by an indicator won't show up in the files's Action center, but the alerts will still be visible in the Alerts queue.
## Create indicators for IPs and URLs/domains (preview)
Microsoft Defender ATP can block what Microsoft deems as malicious IPs/URLs through SmartScreen for Microsoft browsers and Network Protection for non-Microsoft browsers and calls made outside the browser.
The threat intelligence data set for this has been managed by Microsoft.
By creating indicators for IPs and URLs or domains, you can now allow or block IPs, URLs or domains based on your own threat intelligence. You can do this through the settings page or by machine groups if you deem certain groups to be more or less at risk than others.
### Before you begin
It's important to understand the following prerequisites prior to creating indicators for IPS, URLs or domains:
- URL/IP allow and block relies on the Microsoft Defender ATP component Network Protection to be enabled in block mode. For more information on Network Protection and configuration instructions, see [Protect your network](network-protection.md).
- The Antimalware client version must be 4.18.1906.x or later.
- Supported on machines on Windows 10, version 1709 or later.
- Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center> Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
>[!NOTE]
>There may be up to 2 hours latency (usually less) between the time the action is taken, and the URL and IP being blocked.
### Create an indicator for IPs, URLs or domains from the settings page
1. In the navigation pane, select **Settings** > **Indicators**.
2. Select the **IP addresses or URLs/Domains** tab.
3. Select **Add indicator**.
4. Specify the following details:
- Indicator - Specify the entity details and define the expiration of the indicator.
- Action - Specify the action to be taken and provide a description.
- Scope - Define the scope of the machine group.
@ -56,10 +141,6 @@ On the top navigation you can:
5. Review the details in the Summary tab, then click **Save**.
>[!NOTE]
>Blocking IPs, domains, or URLs is currently available on limited preview only.
>This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforced which is an option that will be generally available soon.
>As it is not yet generally available, when Automated investigations finds this indicator during an investigation it will use the allowed/block list as the basis of its decision to automatically remediate (blocked list) or skip (allowed list) the entity.
## Manage indicators
@ -69,12 +150,14 @@ On the top navigation you can:
3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list.
## Import a list
## Import a list of IoCs
You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details.
Download the sample CSV to know the supported column attributes.
## Related topic
- [Create contextual IoC](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
- [Use the Microsoft Defender ATP indicators API](ti-indicator.md)
- [Use partner integrated solutions](partner-applications.md)
- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)

4
windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
View File

@ -29,6 +29,7 @@ ms.topic: article
- Submits or Updates new [Indicator](ti-indicator.md) entity.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
@ -116,3 +117,6 @@ Content-type: application/json
}
```
## Related topic
- [Manage indicators](manage-indicators.md)

4
windows/security/threat-protection/microsoft-defender-atp/preview.md
View File

@ -42,11 +42,11 @@ Turn on the preview experience setting to be among the first to try upcoming fea
## Preview features
The following features are included in the preview release:
- [Indicators for IP addresses, URLs/Domains](manage-indicators.md) <BR> You can now allow or block URLs/domains using your own threat intelligence.
- [Evaluation lab](evaluation-lab.md) <BR> The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can
focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016) <BR> You can now onboard Windows Server 2008 R2 SP1.
- [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac) <BR> Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices.
- [Live response](live-response.md)<BR> Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats real-time.

5
windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
View File

@ -28,6 +28,11 @@ The following features are generally available (GA) in the latest release of Mic
For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
## September 2019
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016) <BR> You can now onboard Windows Server 2008 R2 SP1.
## June 2019
- [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

5
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md
View File

@ -198,8 +198,9 @@ You can check that devices have been correctly onboarded by creating a script. F
mdatp --health healthy
```
This script returns:
- 0 if Microsoft Defender ATP is registered with the Microsoft Defender ATP service
The above command prints "1" if the product is onboarded and functioning as expected.
If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem:
- 1 if the device is not yet onboarded
- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running

77
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md
View File

@ -34,7 +34,7 @@ If you decide to deploy updates by using your software distribution tools, you s
## Use msupdate
MAU includes a command line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
MAU includes a command-line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
In MAU, the application identifier for Microsoft Defender ATP for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender ATP for Mac, execute the following command from a Terminal window:
@ -86,6 +86,17 @@ Change how MAU searches for updates.
| **Possible values** | Manual <br/> AutomaticCheck <br/> AutomaticDownload |
| **Comment** | Note that AutomaticDownload will do a download and install silently if possible. |
### Change whether the "Check for Updates" button is enabled
Change whether local users will be able to click the "Check for Updates" option in the Microsoft AutoUpdate user interface.
|||
|:---|:---|
| **Domain** | com.microsoft.autoupdate2 |
| **Key** | EnableCheckForUpdatesButton |
| **Data type** | Boolean |
| **Possible values** | True (default) <br/> False |
### Disable Insider checkbox
Set to true to make the "Join the Office Insider Program..." checkbox unavailable / greyed out to users.
@ -116,6 +127,8 @@ The following configuration profile is used to:
- Enable the "Check for updates" button in the user interface
- Allow users on the device to enroll into the Insider channels
### JAMF
```XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@ -135,6 +148,68 @@ The following configuration profile is used to:
</plist>
```
### Intune
```XML
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>B762FF60-6ACB-4A72-9E72-459D00C936F3</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.autoupdate2</string>
<key>PayloadDisplayName</key>
<string>Microsoft AutoUpdate settings</string>
<key>PayloadDescription</key>
<string>Microsoft AutoUpdate configuration settings</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>5A6F350A-CC2C-440B-A074-68E3F34EBAE9</string>
<key>PayloadType</key>
<string>com.microsoft.autoupdate2</string>
<key>PayloadOrganization</key>
<string>Microsoft</string>
<key>PayloadIdentifier</key>
<string>com.microsoft.autoupdate2</string>
<key>PayloadDisplayName</key>
<string>Microsoft AutoUpdate configuration settings</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>ChannelName</key>
<string>InsiderFast</string>
<key>HowToCheck</key>
<string>AutomaticDownload</string>
<key>EnableCheckForUpdatesButton</key>
<true/>
<key>DisableInsiderCheckbox</key>
<false/>
<key>SendAllTelemetryEnabled</key>
<true/>
</dict>
</array>
</dict>
</plist>
```
To configure MAU, you can deploy this configuration profile from the management tool that your enterprise is using:
- From JAMF, upload this configuration profile and set the Preference Domain to *com.microsoft.autoupdate2*.
- From Intune, upload this configuration profile and set the custom configuration profile name to *com.microsoft.autoupdate2*.

118
windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md
View File

@ -1,118 +0,0 @@
---
title: Compare the features in Exploit protection with EMET
keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert
description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET.
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: levinec
ms.author: ellevin
ms.date: 08/08/2018
ms.reviewer:
manager: dansimp
---
# Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!IMPORTANT]
>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP.
>
>You can [convert an existing EMET configuration file into Exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Microsoft Defender ATP.
Exploit protection in Microsoft Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
EMET is a standalone product for earlier versions of Windows and provides some mitigation against older, known exploit techniques.
After July 31, 2018, it will not be supported.
For more information about the individual features and mitigations available in Microsoft Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics:
- [Protect devices from exploits](exploit-protection-exploit-guard.md)
- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
## Feature comparison
The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.
&nbsp; | Windows Defender Exploit Guard | EMET
-|:-:|:-:
Windows versions | [!include[Check mark yes](images/svg/check-yes.svg)] <br />All versions of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Windows 8.1; Windows 8; Windows 7<br />Cannot be installed on Windows 10, version 1709 and later
Installation requirements | [Windows Security in Windows 10](../windows-defender-security-center/windows-defender-security-center.md) <br />(no additional installation required)<br />Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device
User interface | Modern interface integrated with the [Windows Security app](../windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training
Supportability | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Dedicated submission-based support channel](https://www.microsoft.com/wdsi/filesubmission)<sup id="ref1">[[1](#fn1)]</sup><br />[Part of the Windows 10 support lifecycle](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]<br />Ends after July 31, 2018
Updates | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.svg)]<br />No planned updates or development
Exploit protection | [!include[Check mark yes](images/svg/check-yes.svg)] <br />All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison))<br />[Can convert and import existing EMET configurations](import-export-exploit-protection-emet-xml.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited set of mitigations
Attack surface reduction<sup id="ref2-1">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps block known infection vectors](attack-surface-reduction-exploit-guard.md)<br />[Can configure individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited ruleset configuration only for modules (no processes)
Network protection<sup id="ref2-2">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps block malicious network connections](network-protection-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Controlled folder access<sup id="ref2-3">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps protect important folders](controlled-folders-exploit-guard.md)<br/>[Configurable for apps and folders](customize-controlled-folders-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Configuration with GUI (user interface) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Windows Security app to customize and manage configurations](customize-exploit-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires installation and use of EMET tool
Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Group Policy to deploy and manage configurations](import-export-exploit-protection-emet-xml.md#manage-or-deploy-a-configuration) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Available
Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires use of EMET tool (EMET_CONF)
System Center Configuration Manager | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
<span id="fn1"></span>([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx).
<span id="fn2"></span>([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [Exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus.
## Mitigation comparison
The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [exploit protection feature](exploit-protection-exploit-guard.md).
The table in this section indicates the availability and support of native mitigations between EMET and Exploit protection.
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
-|:-:|:-:
Arbitrary code guard (ACG) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]<br />As "Memory Protection Check"
Block remote images | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]<br/>As "Load Library Check"
Block untrusted fonts | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Data Execution Prevention (DEP) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Export address filtering (EAF) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
NullPage Security Mitigation | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Included natively in Windows 10<br/>See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](images/svg/check-yes.svg)]
Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Simulate execution (SimExec) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Validate API invocation (CallerCheck) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Validate exception chains (SEHOP) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Validate stack integrity (StackPivot) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Certificate trust (configurable certificate pinning) | Windows 10 provides enterprise certificate pinning | [!include[Check mark yes](images/svg/check-yes.svg)]
Heap spray allocation | Ineffective against newer browser-based exploits; newer mitigations provide better protection<br/>See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](images/svg/check-yes.svg)]
Block low integrity images | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Code integrity guard | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Disable extension points | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Disable Win32k system calls | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Do not allow child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Import address filtering (IAF) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Validate handle usage | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
>[!NOTE]
>The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process.
>
>See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology.
## Related topics
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
- [Evaluate exploit protection](evaluate-exploit-protection.md)
- [Enable exploit protection](enable-exploit-protection.md)
- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)

174
windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
View File

@ -1,174 +0,0 @@
---
title: Apply mitigations to help prevent attacks through vulnerabilities
keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet
description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET.
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: levinec
ms.author: ellevin
ms.date: 04/02/2019
ms.reviewer:
manager: dansimp
---
# Protect devices from exploits
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps.
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Exploit protection is supported beginning with Windows 10, version 1709 and Windows Server 2016, version 1803.
>[!TIP]
>You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
Exploit protection works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
You can [enable exploit protection](enable-exploit-protection.md) on an individual machine, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
When a mitigation is encountered on the machine, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled.
Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See [Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard](emet-exploit-protection-exploit-guard.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to exploit protection on Windows 10.
>[!IMPORTANT]
>If you are currently using EMET you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows 10. You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
>[!WARNING]
>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
## Review exploit protection events in the Microsoft Security Center
Microsoft Defender ATP provides detailed reporting into events and blocks as part of its alert investigation scenarios.
You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how exploit protection settings could affect your environment.
Here is an example query:
```
MiscEvents
| where ActionType startswith 'ExploitGuard' and ActionType !contains 'NetworkProtection'
```
## Review exploit protection events in Windows Event Viewer
You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app:
Provider/source | Event ID | Description
-|:-:|-
Security-Mitigations | 1 | ACG audit
Security-Mitigations | 2 | ACG enforce
Security-Mitigations | 3 | Do not allow child processes audit
Security-Mitigations | 4 | Do not allow child processes block
Security-Mitigations | 5 | Block low integrity images audit
Security-Mitigations | 6 | Block low integrity images block
Security-Mitigations | 7 | Block remote images audit
Security-Mitigations | 8 | Block remote images block
Security-Mitigations | 9 | Disable win32k system calls audit
Security-Mitigations | 10 | Disable win32k system calls block
Security-Mitigations | 11 | Code integrity guard audit
Security-Mitigations | 12 | Code integrity guard block
Security-Mitigations | 13 | EAF audit
Security-Mitigations | 14 | EAF enforce
Security-Mitigations | 15 | EAF+ audit
Security-Mitigations | 16 | EAF+ enforce
Security-Mitigations | 17 | IAF audit
Security-Mitigations | 18 | IAF enforce
Security-Mitigations | 19 | ROP StackPivot audit
Security-Mitigations | 20 | ROP StackPivot enforce
Security-Mitigations | 21 | ROP CallerCheck audit
Security-Mitigations | 22 | ROP CallerCheck enforce
Security-Mitigations | 23 | ROP SimExec audit
Security-Mitigations | 24 | ROP SimExec enforce
WER-Diagnostics | 5 | CFG Block
Win32K | 260 | Untrusted Font
## Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard
>[!IMPORTANT]
>If you are currently using EMET, you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Microsoft Defender ATP.
>
>You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
This section compares exploit protection in Microsoft Defender ATP with the Enhance Mitigation Experience Toolkit (EMET) for reference.
The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.
&nbsp; | Windows Defender Exploit Guard | EMET
-|:-:|:-:
Windows versions | [!include[Check mark yes](images/svg/check-yes.svg)] <br />All versions of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Windows 8.1; Windows 8; Windows 7<br />Cannot be installed on Windows 10, version 1709 and later
Installation requirements | [Windows Security in Windows 10](../windows-defender-security-center/windows-defender-security-center.md) <br />(no additional installation required)<br />Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device
User interface | Modern interface integrated with the [Windows Security app](../windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training
Supportability | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Dedicated submission-based support channel](https://www.microsoft.com/wdsi/filesubmission)<sup id="ref1">[[1](#fn1)]</sup><br />[Part of the Windows 10 support lifecycle](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]<br />Ends after July 31, 2018
Updates | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.svg)]<br />No planned updates or development
Exploit protection | [!include[Check mark yes](images/svg/check-yes.svg)] <br />All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison))<br />[Can convert and import existing EMET configurations](import-export-exploit-protection-emet-xml.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited set of mitigations
Attack surface reduction<sup id="ref2-1">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps block known infection vectors](attack-surface-reduction-exploit-guard.md)<br />[Can configure individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited ruleset configuration only for modules (no processes)
Network protection<sup id="ref2-2">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps block malicious network connections](network-protection-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Controlled folder access<sup id="ref2-3">[[2](#fn2)]</sup> | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Helps protect important folders](controlled-folders-exploit-guard.md)<br/>[Configurable for apps and folders](customize-controlled-folders-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Configuration with GUI (user interface) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Windows Security app to customize and manage configurations](customize-exploit-protection.md) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires installation and use of EMET tool
Configuration with Group Policy | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Group Policy to deploy and manage configurations](import-export-exploit-protection-emet-xml.md#manage-or-deploy-a-configuration) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Available
Configuration with shell tools | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use PowerShell to customize and manage configurations](customize-exploit-protection.md#powershell-reference) | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Requires use of EMET tool (EMET_CONF)
System Center Configuration Manager | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Configuration Manager to customize, deploy, and manage configurations](https://docs.microsoft.com/sccm/protect/deploy-use/create-deploy-exploit-guard-policy) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Use Intune to customize, deploy, and manage configurations](https://docs.microsoft.com/intune/whats-new#window-defender-exploit-guard-is-a-new-set-of-intrusion-prevention-capabilities-for-windows-10----1063615---) | [!include[Check mark no](images/svg/check-no.svg)]<br />Not available
Reporting | [!include[Check mark yes](images/svg/check-yes.svg)] <br />With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md) <br />[Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)] <br />Limited Windows event log monitoring
Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)] <br />[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]<br />Limited to EAF, EAF+, and anti-ROP mitigations
<span id="fn1"></span>([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx).
<span id="fn2"></span>([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus.
## Mitigation comparison
The mitigations available in EMET are included in Windows Defender Exploit Guard, under the [exploit protection feature](exploit-protection-exploit-guard.md).
The table in this section indicates the availability and support of native mitigations between EMET and exploit protection.
Mitigation | Available in Windows Defender Exploit Guard | Available in EMET
-|:-:|:-:
Arbitrary code guard (ACG) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]<br />As "Memory Protection Check"
Block remote images | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]<br/>As "Load Library Check"
Block untrusted fonts | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Data Execution Prevention (DEP) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Export address filtering (EAF) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Force randomization for images (Mandatory ASLR) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
NullPage Security Mitigation | [!include[Check mark yes](images/svg/check-yes.svg)]<br />Included natively in Windows 10<br/>See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](images/svg/check-yes.svg)]
Randomize memory allocations (Bottom-Up ASLR) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Simulate execution (SimExec) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Validate API invocation (CallerCheck) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Validate exception chains (SEHOP) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Validate stack integrity (StackPivot) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
Certificate trust (configurable certificate pinning) | Windows 10 provides enterprise certificate pinning | [!include[Check mark yes](images/svg/check-yes.svg)]
Heap spray allocation | Ineffective against newer browser-based exploits; newer mitigations provide better protection<br/>See [Mitigate threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information | [!include[Check mark yes](images/svg/check-yes.svg)]
Block low integrity images | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Code integrity guard | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Disable extension points | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Disable Win32k system calls | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Do not allow child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Import address filtering (IAF) | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Validate handle usage | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Validate heap integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
Validate image dependency integrity | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)]
>[!NOTE]
>The Advanced ROP mitigations that are available in EMET are superseded by ACG in Windows 10, which other EMET advanced settings are enabled by default in Windows Defender Exploit Guard as part of enabling the anti-ROP mitigations for a process.
>
>See the [Mitigation threats by using Windows 10 security features](../overview-of-threat-mitigations-in-windows-10.md#understanding-windows-10-in-relation-to-the-enhanced-mitigation-experience-toolkit) for more information on how Windows 10 employs existing EMET technology.
## Related topics
- [Protect devices from exploits](exploit-protection-exploit-guard.md)
- [Evaluate exploit protection](evaluate-exploit-protection.md)
- [Enable exploit protection](enable-exploit-protection.md)
- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)
- [Troubleshoot exploit protection](troubleshoot-exploit-protection-mitigations.md)

90
windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -1,90 +0,0 @@
---
title: Use Windows Defender Exploit Guard to protect your network
description: Windows Defender EG employs features that help protect your network from threats, including helping prevent ransomware encryption and exploit attacks
keywords: emet, exploit guard, Controlled folder access, Network protection, Exploit protection, Attack surface reduction, hips, host intrusion prevention system
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.date: 08/09/2018
ms.reviewer:
manager: dansimp
---
# Windows Defender Exploit Guard
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
There are four features in Windows Defender EG:
- [Exploit protection](exploit-protection-exploit-guard.md) can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV).
- [Attack surface reduction rules](attack-surface-reduction-exploit-guard.md) can reduce the attack surface of your applications with intelligent rules that stop the vectors used by Office-, script- and mail-based malware. Requires Windows Defender AV.
- [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
- [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
Windows 10, version 1803 provides additional protections:
- New Attack surface reduction rules
- Controlled folder access can now block disk sectors
You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:
- [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)
You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for the features, which provides you with basic event logs that indicate how the feature would have responded if it had been fully enabled. This can be useful when evaluating the impact of Windows Defender EG and to help determine the impact of the features on your network's security.
>[!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
Windows Defender EG can be managed and reported on in the Windows Security app as part of the Microsoft Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies.
You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [sign up for a free trial of Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
## Requirements
This section covers requirements for each feature in Windows Defender EG.
| Symbol | Support |
|--------|---------|
| ![not supported](./images/ball_empty.png) | Not supported |
| ![supported](./images/ball_50.png) | Supported |
| ![supported, full reporting](./images/ball_full.png) | Recommended. Includes full, automated reporting into the Microsoft Defender ATP console. Provides additional cloud-powered capabilities, including the Network protection ability to block apps from accessing low-reputation websites and an attack surface reduction rule that blocks executable files that meet age or prevalence criteria.|
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 Enterprise | Windows 10 with Enterprise E3 subscription | Windows 10 with Enterprise E5 subscription |
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | :--------------------------------------: |
| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, enhanced](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Attack surface reduction rules | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
>[!NOTE]
> The [Identity & Threat Protection package](https://www.microsoft.com/microsoft-365/blog/2019/01/02/introducing-new-advanced-security-and-compliance-offerings-for-microsoft-365/), available for Microsoft 365 E3 customers, provides the same Windows Defender ATP capabilities as the Enterprise E5 subscription.
The following table lists which features in Windows Defender EG require enabling [real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) from Windows Defender Antivirus.
| Feature | Real-time protection |
|-----------------| ------------------------------------ |
| Exploit protection | No requirement |
| Attack surface reduction rules | Must be enabled |
| Network protection | Must be enabled |
| Controlled folder access | Must be enabled |
## In this library
Topic | Description
---|---
[Protect devices from exploits](exploit-protection-exploit-guard.md) | Exploit protection provides you with many of the features in now-retired Enhanced Mitigations Experience Toolkit - and adds additional configuration and technologies. These features can help prevent threats from using vulnerabilities to gain access to your network and devices. You can create a template of settings that can be exported and copied to multiple machines in your network at once.
[Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) | Use pre-built rules to manage mitigations for key attack and infection vectors, such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts.
[Protect your network](network-protection-exploit-guard.md) | Minimize the exposure of your devices from network and web-based infection vectors.
[Protect important folders with controlled folder access](controlled-folders-exploit-guard.md) | Prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing sensitive or business-critical data.

78
windows/whats-new/index.md
View File

@ -1,38 +1,40 @@
---
title: What's new in Windows 10 (Windows 10)
description: Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more.
ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
keywords: ["What's new in Windows 10", "Windows 10"]
ms.prod: w10
audience: itpro
author: greg-lindsay
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# What's new in Windows 10
Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more.
## In this section
- [What's new in Windows 10, version 1903](whats-new-windows-10-version-1903.md)
- [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
- [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
- [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
- [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
- [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
- [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
## Learn more
- [Windows 10 release information](https://technet.microsoft.com/windows/release-info)
- [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history)
- [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210)
- [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkId=690485)
## See also
[Windows 10 Enterprise LTSC](ltsc/index.md)<br>
[Edit an existing topic using the Edit link](contribute-to-a-topic.md)
---
title: What's new in Windows 10 (Windows 10)
description: Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more.
ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
keywords: ["What's new in Windows 10", "Windows 10"]
ms.prod: w10
audience: itpro
author: greg-lindsay
ms.author: greglin
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# What's new in Windows 10
Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more.
## In this section
- [What's new in Windows 10, version 1903](whats-new-windows-10-version-1903.md)
- [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
- [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
- [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
- [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
- [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
- [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
## Learn more
- [Windows 10 release information](https://technet.microsoft.com/windows/release-info)
- [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history)
- [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210)
- [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkId=690485)
## See also
[Windows 10 Enterprise LTSC](ltsc/index.md)<br>
[Edit an existing topic using the Edit link](contribute-to-a-topic.md)

102
windows/whats-new/ltsc/index.md
View File

@ -1,50 +1,52 @@
---
title: Windows 10 Enterprise LTSC
description: New and updated IT Pro content about new features in Windows 10, LTSC (also known as Windows 10 LTSB).
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 LTSC", "Windows 10 LTSB"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
manager: laurawi
ms.localizationpriority: low
ms.topic: article
---
# Windows 10 Enterprise LTSC
**Applies to**
- Windows 10 Enterprise LTSC
## In this topic
This topic provides links to articles with information about what's new in each release of Windows 10 Enterprise LTSC, and includes a short description of this servicing channel.
[What's New in Windows 10 Enterprise 2019 LTSC](whats-new-windows-10-2019.md)<br>
[What's New in Windows 10 Enterprise 2016 LTSC](whats-new-windows-10-2016.md)<br>
[What's New in Windows 10 Enterprise 2015 LTSC](whats-new-windows-10-2015.md)
## The Long Term Servicing Channel (LTSC)
The following table summarizes equivalent feature update versions of Windows 10 LTSC and semi-annual channel (SAC) releases.
| LTSC release | Equivalent SAC release | Availability date |
| --- | --- | --- |
| Windows 10 Enterprise 2015 LTSC | Windows 10, Version 1507 | 7/29/2015 |
| Windows 10 Enterprise 2016 LTSC | Windows 10, Version 1607 | 8/2/2016 |
| Windows 10 Enterprise 2019 LTSC | Windows 10, Version 1809 | 11/13/2018 |
>[!NOTE]
>The Long Term Servicing Channel was previously called the Long Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
With the LTSC servicing model, customers can delay receiving feature updates and instead only receive monthly quality updates on devices. Features from Windows 10 that could be updated with new functionality, including Cortana, Edge, and all in-box Universal Windows apps, are also not included. Feature updates are offered in new LTSC releases every 23 years instead of every 6 months, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. Microsoft is committed to providing bug fixes and security patches for each LTSC release during this 10 year period.
>[!IMPORTANT]
>The Long Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and dont need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
## See Also
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See whats new in other versions of Windows 10.<br>
---
title: Windows 10 Enterprise LTSC
description: New and updated IT Pro content about new features in Windows 10, LTSC (also known as Windows 10 LTSB).
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 LTSC", "Windows 10 LTSB"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.author: greglin
manager: laurawi
ms.localizationpriority: low
ms.topic: article
---
# Windows 10 Enterprise LTSC
**Applies to**
- Windows 10 Enterprise LTSC
## In this topic
This topic provides links to articles with information about what's new in each release of Windows 10 Enterprise LTSC, and includes a short description of this servicing channel.
[What's New in Windows 10 Enterprise 2019 LTSC](whats-new-windows-10-2019.md)<br>
[What's New in Windows 10 Enterprise 2016 LTSC](whats-new-windows-10-2016.md)<br>
[What's New in Windows 10 Enterprise 2015 LTSC](whats-new-windows-10-2015.md)
## The Long Term Servicing Channel (LTSC)
The following table summarizes equivalent feature update versions of Windows 10 LTSC and semi-annual channel (SAC) releases.
| LTSC release | Equivalent SAC release | Availability date |
| --- | --- | --- |
| Windows 10 Enterprise 2015 LTSC | Windows 10, Version 1507 | 7/29/2015 |
| Windows 10 Enterprise 2016 LTSC | Windows 10, Version 1607 | 8/2/2016 |
| Windows 10 Enterprise 2019 LTSC | Windows 10, Version 1809 | 11/13/2018 |
>[!NOTE]
>The Long Term Servicing Channel was previously called the Long Term Servicing Branch (LTSB). All references to LTSB are changed in this article to LTSC for consistency, even though the name of previous versions might still be displayed as LTSB.
With the LTSC servicing model, customers can delay receiving feature updates and instead only receive monthly quality updates on devices. Features from Windows 10 that could be updated with new functionality, including Cortana, Edge, and all in-box Universal Windows apps, are also not included. Feature updates are offered in new LTSC releases every 23 years instead of every 6 months, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. Microsoft is committed to providing bug fixes and security patches for each LTSC release during this 10 year period.
>[!IMPORTANT]
>The Long Term Servicing Channel is not intended for deployment on most or all the PCs in an organization. The LTSC edition of Windows 10 provides customers with access to a deployment option for their special-purpose devices and environments. These devices typically perform a single important task and dont need feature updates as frequently as other devices in the organization. These devices are also typically not heavily dependent on support from external apps and tools. Since the feature set for LTSC does not change for the lifetime of the release, over time there might be some external tools that do not continue to provide legacy support. See [LTSC: What is it, and when it should be used](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181).
For detailed information about Windows 10 servicing, see [Overview of Windows as a service](/windows/deployment/update/waas-overview).
## See Also
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See whats new in other versions of Windows 10.<br>
[Windows 10 - Release information](https://docs.microsoft.com/windows/windows-10/release-information): Windows 10 current versions by servicing option.

7
windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
View File

@ -3,14 +3,13 @@ title: What's new in Windows 10, versions 1507 and 1511 (Windows 10)
description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile.
ms.assetid: 75F285B0-09BE-4821-9B42-37B9BE54CEC6
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.localizationpriority: high
ms.date: 10/16/2017
ms.topic: article
---

7
windows/whats-new/whats-new-windows-10-version-1607.md
View File

@ -5,12 +5,11 @@ keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
ms.localizationpriority: high
ms.date: 10/16/2017
ms.reviewer:
manager: dansimp
ms.author: dansimp
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.topic: article
---

7
windows/whats-new/whats-new-windows-10-version-1703.md
View File

@ -5,13 +5,12 @@ keywords: ["What's new in Windows 10", "Windows 10", "creators update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
ms.localizationpriority: high
ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.date: 10/16/2017
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.topic: article
---

7
windows/whats-new/whats-new-windows-10-version-1709.md
View File

@ -5,11 +5,10 @@ keywords: ["What's new in Windows 10", "Windows 10", "Fall Creators Update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
ms.date: 01/24/2018
ms.reviewer:
manager: dansimp
ms.author: dansimp
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.localizationpriority: high
ms.topic: article
---

7
windows/whats-new/whats-new-windows-10-version-1803.md
View File

@ -5,11 +5,10 @@ keywords: ["What's new in Windows 10", "Windows 10", "April 2018 Update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
ms.date: 07/07/2018
ms.reviewer:
manager: dansimp
ms.author: dansimp
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.localizationpriority: high
ms.topic: article
---

6
windows/whats-new/whats-new-windows-10-version-1809.md
View File

@ -1,14 +1,14 @@
---
title: What's new in Windows 10, version 1809
ms.reviewer:
manager: dansimp
ms.author: dansimp
description: New and updated features in Windows 10, version 1809
keywords: ["What's new in Windows 10", "Windows 10", "Windows 10 October 2018 Update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: dansimp
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.localizationpriority: high
ms.topic: article
---

304
windows/whats-new/whats-new-windows-10-version-1903.md
View File

@ -1,151 +1,153 @@
---
title: What's new in Windows 10, version 1903
description: New and updated IT Pro content about new features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update).
keywords: ["What's new in Windows 10", "Windows 10", "May 2019 Update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# What's new in Windows 10, version 1903 IT Pro content
**Applies to**
- Windows 10, version 1903
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1809.
>[!NOTE]
>New disk space requirement for Windows 10, version 1903 applies only to OEMs for the manufacture of new PCs. This new requirement does not apply to existing devices. PCs that dont meet new device disk space requirements will continue to receive updates and the 1903 update will require about the same amount of free disk space as previous updates. For more information, see [Reserved storage](#reserved-storage).
## Deployment
### Windows Autopilot
[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. The following Windows Autopilot features are available in Windows 10, version 1903 and later:
- [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in this version of Windows. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
- The Intune [enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
- [Cortana voiceover](https://docs.microsoft.com/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
- Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
### Windows 10 Subscription Activation
Windows 10 Education support has been added to Windows 10 Subscription Activation.
With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions Windows 10 Education. For more information, see [Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation).
### SetupDiag
[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) version 1.4.1 is available.
SetupDiag is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available.
### Reserved storage
[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space. Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed, and for clean installs. It will not be enabled when updating from a previous version of Windows 10.
## Servicing
- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon!
- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again.
- **Improved update notifications**: When theres an update requiring you to restart your device, youll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
## Security
### Windows Information Protection
With this release, Windows Defender ATP extends discovery and protection of sensitive information with [Auto Labeling](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels#how-wip-protects-automatically-classified-files).
### Security configuration framework
With this release of Windows 10, Microsoft is introducing a [new taxonomy for security configurations](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework), called the **SECCON framework**, comprised of 5 device security configurations.
### Security baseline for Windows 10 and Windows Server
The draft release of the [security configuration baseline settings](https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/) for Windows 10, version 1903 and for Windows Server version 1903 is available.
### Intune security baselines
[Intune Security Baselines](https://docs.microsoft.com/intune/security-baselines) (Preview): Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams.
### Microsoft Defender Advanced Threat Protection (ATP):
- [Attack surface area reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URLs and IP addresses.
- [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
- Integrity enforcement capabilities Enable remote runtime attestation of Windows 10 platform.
- Tamper-proofing capabilities Uses virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers.
- [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) In addition to Windows 10, Windows Defender ATPs functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities.
### Microsoft Defender ATP next-gen protection technologies:
- **Advanced machine learning**: Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware.
- **Emergency outbreak protection**: Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected.
- **Certified ISO 27001 compliance**: Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place.
- **Geolocation support**: Support geolocation and sovereignty of sample data as well as configurable retention policies.
### Threat Protection
- [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
- [Microphone privacy settings](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy): A microphone icon appears in the notification area letting you see which apps are using your microphone.
- [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements:
- Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
- WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAGs browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigations to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
To try this extension:
1. Configure WDAG policies on your device.
2. Go to the Chrome Web Store or Firefox Add-ons and search for Application Guard. Install the extension.
3. Follow any additional configuration steps on the extension setup page.
4. Reboot the device.
5. Navigate to an untrusted site in Chrome and Firefox.
- WDAG allows dynamic navigation: Application Guard now allows users to navigate back to their default host browser from the WDAG Microsoft Edge. Previously, users browsing in WDAG Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in WDAG Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates.
- [Windows Defender Application Control (WDAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC has a number of new features that light up key scenarios and provide feature parity with AppLocker.
- [Multiple Policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side-by-side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new supplemental policy.
- [Path-Based Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.<br>
This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker.
- [Allow COM Object Registration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
#### System Guard
[System Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) has added a new feature in this version of Windows called **SMM Firmware Measurement**. This feature is built on top of [System Guard Secure Launch](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) to check that the System Management Mode (SMM) firmware on the device is operating in a healthy manner - specifically, OS memory and secrets are protected from SMM. There are currently no devices out there with compatible hardware, but they will be coming out in the next few months.
This new feature is displayed under the Device Security page with the string “Your device exceeds the requirements for enhanced hardware security” if configured properly:
![System Guard](images/system-guard.png "SMM Firmware Measurement")
### Identity Protection
- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD.
- [Streamlined Windows Hello PIN reset experience](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web.
- Sign-in with [Password-less](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/passwordless-strategy) Microsoft accounts: Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience!
- [Remote Desktop with Biometrics](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
### Security management
- [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes.
- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations.
- [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features.
## Microsoft Edge
Several new features are coming in the next version of Edge. See the [news from Build 2019](https://blogs.windows.com/msedgedev/2019/05/06/edge-chromium-build-2019-pwa-ie-mode-devtools/#2QJF4u970WjQ2Sv7.97) for more information.
## See Also
[What's New in Windows Server, version 1903](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1903): New and updated features in Windows Server.<br>
[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.<br>
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See whats new in other versions of Windows 10.<br>
[What's new in Windows 10](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See whats new in Windows 10 hardware.<br>
---
title: What's new in Windows 10, version 1903
description: New and updated IT Pro content about new features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update).
keywords: ["What's new in Windows 10", "Windows 10", "May 2019 Update"]
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
audience: itpro
author: greg-lindsay
ms.author: greglin
manager: laurawi
ms.localizationpriority: high
ms.topic: article
---
# What's new in Windows 10, version 1903 IT Pro content
**Applies to**
- Windows 10, version 1903
This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1809.
>[!NOTE]
>New disk space requirement for Windows 10, version 1903 applies only to OEMs for the manufacture of new PCs. This new requirement does not apply to existing devices. PCs that dont meet new device disk space requirements will continue to receive updates and the 1903 update will require about the same amount of free disk space as previous updates. For more information, see [Reserved storage](#reserved-storage).
## Deployment
### Windows Autopilot
[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. The following Windows Autopilot features are available in Windows 10, version 1903 and later:
- [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in this version of Windows. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
- The Intune [enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
- [Cortana voiceover](https://docs.microsoft.com/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
- Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
### Windows 10 Subscription Activation
Windows 10 Education support has been added to Windows 10 Subscription Activation.
With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions Windows 10 Education. For more information, see [Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation).
### SetupDiag
[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) version 1.4.1 is available.
SetupDiag is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available.
### Reserved storage
[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space. Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed, and for clean installs. It will not be enabled when updating from a previous version of Windows 10.
## Servicing
- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon!
- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again.
- **Improved update notifications**: When theres an update requiring you to restart your device, youll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
## Security
### Windows Information Protection
With this release, Windows Defender ATP extends discovery and protection of sensitive information with [Auto Labeling](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels#how-wip-protects-automatically-classified-files).
### Security configuration framework
With this release of Windows 10, Microsoft is introducing a [new taxonomy for security configurations](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework), called the **SECCON framework**, comprised of 5 device security configurations.
### Security baseline for Windows 10 and Windows Server
The draft release of the [security configuration baseline settings](https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/) for Windows 10, version 1903 and for Windows Server version 1903 is available.
### Intune security baselines
[Intune Security Baselines](https://docs.microsoft.com/intune/security-baselines) (Preview): Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams.
### Microsoft Defender Advanced Threat Protection (ATP):
- [Attack surface area reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URLs and IP addresses.
- [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
- Integrity enforcement capabilities Enable remote runtime attestation of Windows 10 platform.
- Tamper-proofing capabilities Uses virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers.
- [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) In addition to Windows 10, Windows Defender ATPs functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities.
### Microsoft Defender ATP next-gen protection technologies:
- **Advanced machine learning**: Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware.
- **Emergency outbreak protection**: Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected.
- **Certified ISO 27001 compliance**: Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place.
- **Geolocation support**: Support geolocation and sovereignty of sample data as well as configurable retention policies.
### Threat Protection
- [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
- [Microphone privacy settings](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy): A microphone icon appears in the notification area letting you see which apps are using your microphone.
- [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements:
- Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
- WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAGs browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigations to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
To try this extension:
1. Configure WDAG policies on your device.
2. Go to the Chrome Web Store or Firefox Add-ons and search for Application Guard. Install the extension.
3. Follow any additional configuration steps on the extension setup page.
4. Reboot the device.
5. Navigate to an untrusted site in Chrome and Firefox.
- WDAG allows dynamic navigation: Application Guard now allows users to navigate back to their default host browser from the WDAG Microsoft Edge. Previously, users browsing in WDAG Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in WDAG Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates.
- [Windows Defender Application Control (WDAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC has a number of new features that light up key scenarios and provide feature parity with AppLocker.
- [Multiple Policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side-by-side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new supplemental policy.
- [Path-Based Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.<br>
This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker.
- [Allow COM Object Registration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
#### System Guard
[System Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows) has added a new feature in this version of Windows called **SMM Firmware Measurement**. This feature is built on top of [System Guard Secure Launch](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) to check that the System Management Mode (SMM) firmware on the device is operating in a healthy manner - specifically, OS memory and secrets are protected from SMM. There are currently no devices out there with compatible hardware, but they will be coming out in the next few months.
This new feature is displayed under the Device Security page with the string “Your device exceeds the requirements for enhanced hardware security” if configured properly:
![System Guard](images/system-guard.png "SMM Firmware Measurement")
### Identity Protection
- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD.
- [Streamlined Windows Hello PIN reset experience](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web.
- Sign-in with [Password-less](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/passwordless-strategy) Microsoft accounts: Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience!
- [Remote Desktop with Biometrics](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
### Security management
- [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes.
- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations.
- [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features.
## Microsoft Edge
Several new features are coming in the next version of Edge. See the [news from Build 2019](https://blogs.windows.com/msedgedev/2019/05/06/edge-chromium-build-2019-pwa-ie-mode-devtools/#2QJF4u970WjQ2Sv7.97) for more information.
## See Also
[What's New in Windows Server, version 1903](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1903): New and updated features in Windows Server.<br>
[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.<br>
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See whats new in other versions of Windows 10.<br>
[What's new in Windows 10](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See whats new in Windows 10 hardware.<br>
[What's new in Windows 10 for developers](https://blogs.windows.com/buildingapps/2019/04/18/start-developing-on-windows-10-may-2019-update-today/#2Lp8FUFQ3Jm8KVcq.97): New and updated features in Windows 10 that are of interest to developers.