From e24d17efea14caa4e59f0ece8ec36fa0b1614f65 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Thu, 19 Aug 2021 09:55:15 -0600 Subject: [PATCH 01/37] dh-editpass-demonstrate-deployment-on-vm --- .../demonstrate-deployment-on-vm.md | 144 +++++++++--------- 1 file changed, 75 insertions(+), 69 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index d132aa99a6..effa84ef83 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -32,7 +32,7 @@ In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM > [!NOTE] > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune. > -> Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you are using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. +> Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. The following video provides an overview of the process: @@ -45,13 +45,13 @@ The following video provides an overview of the process: These are the things you'll need to complete this lab: - +
Windows 10 installation mediaWindows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.
Internet accessIf you are behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.
Internet accessIf you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.
Hyper-V or a physical device running Windows 10The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.
An account with Azure AD Premium licenseThis guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.
## Procedures -A summary of the sections and procedures in the lab is provided below. Follow each section in the order it is presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix. +A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix. If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version. @@ -91,11 +91,9 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C ## Verify support for Hyper-V -If you don't already have Hyper-V, we must first enable this on a computer running Windows 10 or Windows Server (2012 R2 or later). - -> If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you are using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10). - -If you are not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) below for details on verifying that Hyper-V can be successfully installed. +- If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later). +- If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10). +- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed. ## Enable Hyper-V @@ -111,7 +109,7 @@ This command works on all operating systems that support Hyper-V, but on Windows Install-WindowsFeature -Name Hyper-V -IncludeManagementTools ``` -When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. +When you're prompted to restart the computer, choose **Yes**. The computer might restart more than once. Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below: @@ -119,7 +117,7 @@ Alternatively, you can install Hyper-V using the Control Panel in Windows under ![Hyper-V](images/svr_mgr2.png) -

If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under Role Administration Tools\Hyper-V Management Tools. +If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**. After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box. @@ -127,15 +125,15 @@ To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](/virtual ## Create a demo VM -Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it is simpler to use Windows PowerShell. +Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it's simpler to use Windows PowerShell. -To use Windows PowerShell, we just need to know two things: +To use Windows PowerShell, you need to know two things: 1. The location of the Windows 10 ISO file. In the example, we assume the location is **c:\iso\win10-eval.iso**. -2. The name of the network interface that connects to the Internet. +2. The name of the network interface that connects to the internet. In the example, we use a Windows PowerShell command to determine this automatically. @@ -149,7 +147,7 @@ When asked to select a platform, choose **64 bit**. After you download this file, the name will be extremely long (ex: 19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso). -1. So that it is easier to type and remember, rename the file to **win10-eval.iso**. +1. So that it's easier to type and remember, rename the file to **win10-eval.iso**. 2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**. @@ -157,13 +155,13 @@ After you download this file, the name will be extremely long (ex: 19042.508.200 ### Determine network adapter name -The Get-NetAdaper cmdlet is used below to automatically find the network adapter that is most likely to be the one you use to connect to the Internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: +The Get-NetAdaper cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: ```powershell (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name ``` -The output of this command should be the name of the network interface you use to connect to the Internet. Verify that this is the correct interface name. If it is not the correct interface name, you'll need to edit the first command below to use your network interface name. +The output of this command should be the name of the network interface you use to connect to the internet. Verify that this is the correct interface name. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name. For example, if the command above displays Ethernet but you wish to use Ethernet2, then the first command below would be New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**. @@ -172,7 +170,10 @@ For example, if the command above displays Ethernet but you wish to use Ethernet All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands. > [!IMPORTANT] -> **VM switch**: a VM switch is how Hyper-V connects VMs to a network.

If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."

If you have never created an external VM switch before, then just run the commands below.

If you are not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). +> **VM switch**: a VM switch is how Hyper-V connects VMs to a network. +>- If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." +>- If you have never created an external VM switch before, then just run the commands below. +>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). ```powershell New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name @@ -228,22 +229,27 @@ PS C:\autopilot> ### Install Windows 10 > [!NOTE] -> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it is configured at this stage. The VM only needs to be connected to the Internet. +> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it's configured at this stage. The VM only needs to be connected to the Internet. -Ensure the VM booted from the installation ISO, click **Next** then click **Install now** and complete the Windows installation process. See the following examples: +Ensure the VM booted from the installation ISO, select **Next** then select **Install now** and complete the Windows installation process. See the following examples: ![Windows setup example 1](images/winsetup1.png) + ![Windows setup example 2](images/winsetup2.png) + ![Windows setup example 3](images/winsetup3.png) + ![Windows setup example 4](images/winsetup4.png) + ![Windows setup example 5](images/winsetup5.png) + ![Windows setup example 6](images/winsetup6.png) After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This will offer the fastest way to the desktop. For example: ![Windows setup example 7](images/winsetup7.png) -Once the installation is complete, sign in and verify that you are at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. +Once the installation is complete, sign in and verify that you're at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state. > [!div class="mx-imgBorder"] > ![Windows setup example 8](images/winsetup8.png) @@ -254,16 +260,16 @@ To create a checkpoint, open an elevated Windows PowerShell prompt on the comput Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install" ``` -Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane. +Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane. ## Capture the hardware ID > [!NOTE] -> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you are acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.). Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool. +> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.). Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool. Follow these steps to run the PowerShell script: -1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device: +1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you're using a VM or a physical device: ```powershell md c:\HWID @@ -274,7 +280,7 @@ Follow these steps to run the PowerShell script: Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv ``` -1. When you are prompted to install the NuGet package, choose **Yes**. +1. When you're prompted to install the NuGet package, choose **Yes**. See the sample output below. A **dir** command is issued at the end to show the file that was created. @@ -320,11 +326,11 @@ Follow these steps to run the PowerShell script: 1. Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH. > [!NOTE] - > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you are curious. The file format will be validated when it is imported into Autopilot. An example of the data in this file is shown below. + > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format will be validated when it's imported into Autopilot. An example of the data in this file is shown below. ![Serial number and hardware hash](images/hwid.png) - You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal. If you are using a physical device instead of a VM, you can copy the file to a USB stick. If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM). + You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB stick. If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM). If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this. @@ -335,8 +341,8 @@ Follow these steps to run the PowerShell script: With the hardware ID captured in a file, prepare your Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE. -On the Virtual Machine, go to **Settings > Update & Security > Recovery** and click on **Get started** under **Reset this PC**. -Select **Remove everything** and **Just remove my files**. If you are asked **How would you like to reinstall Windows**, select Local reinstall. Finally, click on **Reset**. +On the Virtual Machine, go to **Settings > Update & Security > Recovery** and select **Get started** under **Reset this PC**. +Select **Remove everything** and **Just remove my files**. If you're asked **How would you like to reinstall Windows**, select Local reinstall. Finally, select **Reset**. ![Reset this PC final prompt](images/autopilot-reset-prompt.jpg) @@ -365,11 +371,11 @@ If you already have company branding configured in Azure Active Directory, you c > [!IMPORTANT] > Make sure to sign-in with a Global Administrator account. -Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), click on **Configure** and configure any type of company branding you'd like to see during the OOBE. +Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure** and configure any type of company branding you'd like to see during the OOBE. ![Configure company branding](images/branding.png) -When you are finished, click **Save**. +When you're finished, select **Save**. > [!NOTE] > Changes to company branding can take up to 30 minutes to apply. @@ -378,9 +384,9 @@ When you are finished, click **Save**. If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step. -Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, click **Add application** and choose **Intune**. +Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, select **Add application** and choose **Intune**. -For the purposes of this demo, select **All** under the **MDM user scope** and click **Save**. +For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**. ![MDM user scope in the Mobility blade](images/ap-aad-mdm.png) @@ -403,9 +409,9 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B You should receive confirmation that the file is formatted correctly before uploading it, as shown above. -3. Click **Import** and wait until the import process completes. This can take up to 15 minutes. +3. Select **Import** and wait until the import process completes. This can take up to 15 minutes. -4. Click **Refresh** to verify your VM or device has been added. See the following example. +4. Select **Refresh** to verify your VM or device has been added. See the following example. ![Import HWID](images/enroll3.png) @@ -428,7 +434,7 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme ![Microsoft Store for Business](images/msfb.png) -Click the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added. +Select the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added. ![Microsoft Store for Business Devices](images/msfb-device.png) @@ -460,21 +466,21 @@ The Autopilot deployment profile wizard will ask for a device group, so we must 3. Azure AD roles can be assigned to the group: **No** 4. For **Membership type**, choose **Assigned**. -3. Click **Members** and add the Autopilot VM to the group. See the following example: +3. Select **Members** and add the Autopilot VM to the group. See the following example: > [!div class="mx-imgBorder"] > ![add members](images/group1.png) -4. Click **Create**. +4. Select **Create**. #### Create the deployment profile -To create a Windows Autopilot profile, scroll back to the left hand pane and click **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**. +To create a Windows Autopilot profile, scroll back to the left hand pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**. > [!div class="mx-imgBorder"] > ![Deployment profiles](images/dp.png) -Click on **Create profile** and then select **Windows PC**. +Select **Create profile** and then select **Windows PC**. > [!div class="mx-imgBorder"] > ![Create deployment profile](images/create-profile.png) @@ -487,7 +493,7 @@ On the **Create profile** blade, use the following values: | Description | Lab | | Convert all targeted devices to Autopilot | No | -Click **Next** to continue with the **Out-of-box experience (OOBE)** settings: +Select **Next** to continue with the **Out-of-box experience (OOBE)** settings: | Setting | Value | |---|---| @@ -502,19 +508,19 @@ Click **Next** to continue with the **Out-of-box experience (OOBE)** settings: | Automatically configure keyboard | Yes | | Apply device name template | No | -Click **Next** to continue with the **Assignments** settings: +Select **Next** to continue with the **Assignments** settings: | Setting | Value | |---|---| | Assign to | Selected groups | -1. Click **Select groups to include**. -2. Click the **Autopilot Lab** group, and then click **Select**. -3. Click **Next** to continue and then click **Create**. See the following example: +1. Select **Select groups to include**. +2. Select the **Autopilot Lab** group, and then choose **Select**. +3. Select **Next** to continue, and then select **Create**. See the following example: ![Deployment profile](images/profile.png) -Click on **OK** and then click on **Create**. +Select **OK**, and then select **Create**. > [!NOTE] > If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile). @@ -527,11 +533,11 @@ A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab. -Click **Manage** from the top menu, then click **Devices** from the left navigation tree. +Select **Manage** from the top menu, then select **Devices** from the left navigation tree. ![MSfB manage](images/msfb-manage.png) -Click the **Windows Autopilot Deployment Program** link in the **Devices** tile. +Select the **Windows Autopilot Deployment Program** link in the **Devices** tile. To CREATE the profile: @@ -545,7 +551,7 @@ On the Autopilot deployment dropdown menu, select **Create new profile**: > [!div class="mx-imgBorder"] > ![MSfB create step 2](images/msfb-create2.png) -Name the profile, choose your desired settings, and then click **Create**: +Name the profile, choose your desired settings, and then select **Create**: > [!div class="mx-imgBorder"] > ![MSfB create step 3](images/msfb-create3.png) @@ -577,7 +583,7 @@ If you shut down your VM after the last reset, it's time to start it back up aga Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up. > [!TIP] -> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you do not see the Autopilot OOBE experience, then reset the device again (Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Click on Reset). +> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you do not see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**. Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**). - Ensure your device has an internet connection. - Turn on the device @@ -603,7 +609,7 @@ To use the device (or VM) for other purposes after completion of this lab, you w ### Delete (deregister) Autopilot device -You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**. Select the device you want to delete, then click the Delete button along the top menu. +You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. > [!div class="mx-imgBorder"] > ![Delete device step 1](images/delete-device1.png) @@ -615,16 +621,16 @@ The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > [!NOTE] > A device will only appear in the All devices list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune. -To remove the device from the Autopilot program, select the device and click **Delete**. You will get a popup dialog box to confirm deletion. +To remove the device from the Autopilot program, select the device, and then select **Delete**. You will get a popup dialog box to confirm deletion. > [!div class="mx-imgBorder"] > ![Delete device](images/delete-device2.png) -At this point, your device has been unenrolled from Intune and also deregistered from Autopilot. After several minutes, click the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program: +At this point, your device has been unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program: -Once the device no longer appears, you are free to reuse it for other purposes. +Once the device no longer appears, you're free to reuse it for other purposes. -If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and click the delete button: +If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button: ## Appendix A: Verify support for Hyper-V @@ -702,7 +708,7 @@ Under **App Type**, select **Windows app (Win32)**: ![Add app step 2](images/app03.png) -On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then click **OK**: +On the **App package file** blade, browse to the **npp.7.6.3.installer.x64.intunewin** file in your output folder, open it, then select **OK**: > [!div class="mx-imgBorder"] > ![Add app step 3](images/app04.png) @@ -725,7 +731,7 @@ Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). -Click **OK** to save your input and activate the **Requirements** blade. +Select **OK** to save your input and activate the **Requirements** blade. On the **Requirements Configuration** blade, specify the **OS architecture** and the **Minimum OS version**: @@ -737,22 +743,22 @@ Next, configure the **Detection rules**. For our purposes, we will select manua > [!div class="mx-imgBorder"] > ![Add app step 7](images/app08.png) -Click **Add** to define the rule properties. For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule: +Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule: ![Add app step 8](images/app09.png) -Click **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration. +Select **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration. **Return codes**: For our purposes, leave the return codes at their default values: > [!div class="mx-imgBorder"] > ![Add app step 9](images/app10.png) -Click **OK** to exit. +Select **OK** to exit. You may skip configuring the final **Scope (Tags)** blade. -Click the **Add** button to finalize and save your app package. +Select the **Add** button to finalize and save your app package. Once the indicator message says the addition has completed. @@ -769,7 +775,7 @@ You will be able to find your app in your app list: > [!NOTE] > The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you have not done that, please return to the main part of the lab and complete those steps before returning here. -In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade. Then click **Assignments** from the menu: +In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade. Then select **Assignments** from the menu: > [!div class="mx-imgBorder"] > ![Assign app step 1](images/app13.png) @@ -788,7 +794,7 @@ Select **Included Groups** and assign the groups you previously created that wil > [!div class="mx-imgBorder"] > ![Assign app step 3](images/app15.png) -In the **Select groups** pane, click the **Select** button. +In the **Select groups** pane, choose the **Select** button. In the **Assign group** pane, select **OK**. @@ -809,7 +815,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap Log into the Azure portal and select **Intune**. -Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. +Navigate to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package. ![Create app step 1](images/app17.png) @@ -822,29 +828,29 @@ Under the **Configure App Suite** pane, select the Office apps you want to insta > [!div class="mx-imgBorder"] > ![Create app step 3](images/app19.png) -Click **OK**. +Select **OK**. In the **App Suite Information** pane, enter a unique suite name, and a suitable description. -Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal. +Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal. > [!div class="mx-imgBorder"] > ![Create app step 4](images/app20.png) -Click **OK**. +Select **OK**. In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab). Also select **Yes** for **Automatically accept the app end user license agreement**: ![Create app step 5](images/app21.png) -Click **OK** and then click **Add**. +Select **OK** and, then select **Add**. #### Assign the app to your Intune profile > [!NOTE] > The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you have not done that, please return to the main part of the lab and complete those steps before returning here. -In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade. Then click **Assignments** from the menu: +In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade. Then select **Assignments** from the menu: > [!div class="mx-imgBorder"] > ![Create app step 6](images/app22.png) @@ -862,7 +868,7 @@ Select **Included Groups** and assign the groups you previously created that wil > [!div class="mx-imgBorder"] > ![Create app step 8](images/app24.png) -In the **Select groups** pane, click the **Select** button. +In the **Select groups** pane, choose the **Select** button. In the **Assign group** pane, select **OK**. From 9cb21a66d89d04a468a7f8e9b1d807a57b806e87 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Thu, 19 Aug 2021 13:15:58 -0600 Subject: [PATCH 02/37] dh-make-bulleted-list --- .../demonstrate-deployment-on-vm.md | 77 ++++++++++--------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index effa84ef83..f41d64d23e 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -44,10 +44,13 @@ The following video provides an overview of the process: ## Prerequisites These are the things you'll need to complete this lab: - - - -
Windows 10 installation mediaWindows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.
Internet accessIf you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.
Hyper-V or a physical device running Windows 10The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.
An account with Azure AD Premium licenseThis guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.
+ +| | Description | +|:---|:---| +|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.| +|**Internet access**|If you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.| +|**Hyper-V or a physical device running Windows 10**|The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.| +|**An account with Azure AD Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.| ## Procedures @@ -55,39 +58,39 @@ A summary of the sections and procedures in the lab is provided below. Follow ea If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version. -[Verify support for Hyper-V](#verify-support-for-hyper-v) -
[Enable Hyper-V](#enable-hyper-v) -
[Create a demo VM](#create-a-demo-vm) -
    [Set ISO file location](#set-iso-file-location) -
    [Determine network adapter name](#determine-network-adapter-name) -
    [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm) -
    [Install Windows 10](#install-windows-10) -
[Capture the hardware ID](#capture-the-hardware-id) -
[Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe) -
[Verify subscription level](#verify-subscription-level) -
[Configure company branding](#configure-company-branding) -
[Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment) -
[Register your VM](#register-your-vm) -
    [Autopilot registration using Intune](#autopilot-registration-using-intune) -
    [Autopilot registration using MSfB](#autopilot-registration-using-msfb) -
[Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile) -
    [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) -
       [Create a device group](#create-a-device-group) -
       [Create the deployment profile](#create-the-deployment-profile) -
    [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) -
[See Windows Autopilot in action](#see-windows-autopilot-in-action) -
[Remove devices from Autopilot](#remove-devices-from-autopilot) -
    [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device) -
[Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v) -
[Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile) -
    [Add a Win32 app](#add-a-win32-app) -
       [Prepare the app for Intune](#prepare-the-app-for-intune) -
       [Create app in Intune](#create-app-in-intune) -
       [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) -
    [Add Office 365](#add-office-365) -
       [Create app in Intune](#create-app-in-intune) -
       [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) -
[Glossary](#glossary) +- [Verify support for Hyper-V](#verify-support-for-hyper-v) +- [Enable Hyper-V](#enable-hyper-v) +- [Create a demo VM](#create-a-demo-vm) + - [Set ISO file location](#set-iso-file-location) + - [Determine network adapter name](#determine-network-adapter-name) + - [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm) + - [Install Windows 10](#install-windows-10) +- [Capture the hardware ID](#capture-the-hardware-id) +- [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe) +- [Verify subscription level](#verify-subscription-level) +- [Configure company branding](#configure-company-branding) +- [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment) +- [Register your VM](#register-your-vm) + - [Autopilot registration using Intune](#autopilot-registration-using-intune) + - [Autopilot registration using MSfB](#autopilot-registration-using-msfb) +- [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile) + - [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) + - [Create a device group](#create-a-device-group) + - [Create the deployment profile](#create-the-deployment-profile) + - [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb) +- [See Windows Autopilot in action](#see-windows-autopilot-in-action) +- [Remove devices from Autopilot](#remove-devices-from-autopilot) + - [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device) +- [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v) +- [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile) + - [Add a Win32 app](#add-a-win32-app) + - [Prepare the app for Intune](#prepare-the-app-for-intune) + - [Create app in Intune](#create-app-in-intune) + - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) + - [Add Office 365](#add-office-365) + - [Create app in Intune](#create-app-in-intune) + - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) +- [Glossary](#glossary) ## Verify support for Hyper-V From f8d10fdcd5a4c3984b0ef6e46029d83089ab9828 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Fri, 20 Aug 2021 10:09:27 -0600 Subject: [PATCH 03/37] dh-word-choice --- .../demonstrate-deployment-on-vm.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index f41d64d23e..3f1ace4736 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -2,7 +2,7 @@ title: Demonstrate Autopilot deployment ms.reviewer: manager: laurawi -description: In this article, find step-by-step instructions on how to set-up a Virtual Machine with a Windows Autopilot deployment. +description: In this article, find step-by-step instructions on how to set up a Virtual Machine with a Windows Autopilot deployment. keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, upgrade ms.prod: w10 ms.mktglfcycl: deploy @@ -27,7 +27,7 @@ ms.custom: To get started with Windows Autopilot, you should try it out with a virtual machine (VM) or you can use a physical device that will be wiped and then have a fresh install of Windows 10. -In this topic you'll learn how to set-up a Windows Autopilot deployment for a VM using Hyper-V. +In this topic, you'll learn how to set up a Windows Autopilot deployment for a VM using Hyper-V. > [!NOTE] > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune. @@ -248,7 +248,7 @@ Ensure the VM booted from the installation ISO, select **Next** then select **In ![Windows setup example 6](images/winsetup6.png) -After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This will offer the fastest way to the desktop. For example: +After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen. This offers the fastest way to the desktop. For example: ![Windows setup example 7](images/winsetup7.png) @@ -363,7 +363,7 @@ For this lab, you need an AAD Premium subscription. You can tell if you have a If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in AAD Premium. -To convert your Intune trial account to a free Premium trial account, navigate to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5. +To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5. ![License conversion option](images/aad-lic1.png) @@ -374,7 +374,7 @@ If you already have company branding configured in Azure Active Directory, you c > [!IMPORTANT] > Make sure to sign-in with a Global Administrator account. -Navigate to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure** and configure any type of company branding you'd like to see during the OOBE. +Go to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure**, and then configure any type of company branding you'd like to see during the OOBE. ![Configure company branding](images/branding.png) @@ -478,7 +478,7 @@ The Autopilot deployment profile wizard will ask for a device group, so we must #### Create the deployment profile -To create a Windows Autopilot profile, scroll back to the left hand pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**. +To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**. > [!div class="mx-imgBorder"] > ![Deployment profiles](images/dp.png) @@ -612,7 +612,7 @@ To use the device (or VM) for other purposes after completion of this lab, you w ### Delete (deregister) Autopilot device -You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then navigate to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. +You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu. > [!div class="mx-imgBorder"] > ![Delete device step 1](images/delete-device1.png) @@ -633,7 +633,7 @@ At this point, your device has been unenrolled from Intune and also deregistered Once the device no longer appears, you're free to reuse it for other purposes. -If you also (optionally) want to remove your device from AAD, navigate to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button: +If you also (optionally) want to remove your device from AAD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button: ## Appendix A: Verify support for Hyper-V @@ -703,7 +703,7 @@ After the tool finishes running, you should have an .intunewin file in the Outpu Log into the Azure portal and select **Intune**. -Navigate to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. +Go to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. ![Add app step 1](images/app02.png) @@ -732,7 +732,7 @@ Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q ![Add app step 5](images/app06.png) -Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn't actually have an .msi version of their program, but we got an .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). +Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app. To actually install the program, we need to use the .msi file instead. Notepad++ doesn't actually have a .msi version of their program, but we got a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). Select **OK** to save your input and activate the **Requirements** blade. @@ -818,7 +818,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap Log into the Azure portal and select **Intune**. -Navigate to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package. +Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package. ![Create app step 1](images/app17.png) @@ -826,7 +826,7 @@ Under **App Type**, select **Office 365 Suite > Windows 10**: ![Create app step 2](images/app18.png) -Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this labe we have only selected Excel: +Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab we have only selected Excel: > [!div class="mx-imgBorder"] > ![Create app step 3](images/app19.png) From 75db81999f8d478c61fc1040c0e89f86f0b557a4 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 12:39:57 -0700 Subject: [PATCH 04/37] wds info --- windows/deployment/TOC.yml | 18 ++- .../deployment/planning/features-lifecycle.md | 16 ++- .../windows-11-deprecated-features.md | 29 +++++ .../planning/windows-11-removed-features.md | 30 +++++ windows/deployment/wds-boot-support.md | 111 ++++++++++++++++++ 5 files changed, 194 insertions(+), 10 deletions(-) create mode 100644 windows/deployment/planning/windows-11-deprecated-features.md create mode 100644 windows/deployment/planning/windows-11-removed-features.md create mode 100644 windows/deployment/wds-boot-support.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 048a630323..ac5cfe9aac 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -62,12 +62,20 @@ href: volume-activation/plan-for-volume-activation-client.md - name: Features removed or planned for replacement items: - - name: Windows 10 features lifecycle + - name: Windows client features lifecycle href: planning/features-lifecycle.md - name: Features we're no longer developing - href: planning/windows-10-deprecated-features.md + items: + - name: Windows 10 deprecated features + href: planning/windows-10-deprecated-features.md + - name: Windows 11 deprecated features + href: planning/windows-11-deprecated-features.md - name: Features we removed - href: planning/windows-10-removed-features.md + items: + - name: Windows 10 features removed + href: planning/windows-10-removed-features.md + - name: Windows 11 features removed + href: planning/windows-11-removed-features.md - name: Prepare items: @@ -287,8 +295,10 @@ href: windows-10-pro-in-s-mode.md - name: Windows 10 deployment tools items: - - name: Windows 10 deployment scenarios and tools + - name: Windows client deployment scenarios and tools items: + - name: Windows Deployment Services (WDS) image deployment + href: wds-boot-support.md - name: Convert MBR partition to GPT href: mbr-to-gpt.md - name: Configure a PXE server to load Windows PE diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md index 333be6284a..50c8adb217 100644 --- a/windows/deployment/planning/features-lifecycle.md +++ b/windows/deployment/planning/features-lifecycle.md @@ -1,5 +1,5 @@ --- -title: Windows 10 features lifecycle +title: Windows client features lifecycle description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature. ms.prod: w10 ms.mktglfcycl: plan @@ -14,21 +14,25 @@ ms.custom: seo-marvel-apr2020 --- # Windows 10 features lifecycle -- Applies to: Windows 10 +Applies to: +- Windows 10 +- Windows 11 -Each release of Windows 10 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option. +Each release of Windows 10 and Windows 11 contains many new and improved features. Occasionally we also remove features and functionality, usually because there is a better option. ## Features no longer being developed The following topic lists features that are no longer being developed. These features might be removed in a future release. -[Windows 10 features we're no longer developing](windows-10-deprecated-features.md) +[Windows 10 features we're no longer developing](windows-10-deprecated-features.md)
+[Windows 11 features we're no longer developing](windows-11-deprecated-features.md) ## Features removed -The following topic has details about features that have been removed from Windows 10. +The following topic has details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11. -[Windows 10 features we removed](windows-10-removed-features.md) +[Windows 10 features we removed](windows-10-removed-features.md)
+[Windows 11 features we removed](windows-11-removed-features.md) ## Terminology diff --git a/windows/deployment/planning/windows-11-deprecated-features.md b/windows/deployment/planning/windows-11-deprecated-features.md new file mode 100644 index 0000000000..ab1098d47a --- /dev/null +++ b/windows/deployment/planning/windows-11-deprecated-features.md @@ -0,0 +1,29 @@ +--- +title: Windows 11 features we’re no longer developing +description: Review the list of features that are no longer being developed in Windows 11 +ms.prod: w11 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.author: greglin +manager: laurawi +ms.topic: article +--- +# Windows 10 features we’re no longer developing + +> Applies to: Windows 11 + +Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md). + +The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources. + +**The following list is subject to change and might not include every affected feature or functionality.** + +> [!NOTE] +> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). + +|Feature | Details and mitigation | Announced in version | +| ----------- | --------------------- | ---- | +| Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 | \ No newline at end of file diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md new file mode 100644 index 0000000000..34cd47b43c --- /dev/null +++ b/windows/deployment/planning/windows-11-removed-features.md @@ -0,0 +1,30 @@ +--- +title: Windows 11 - Features that have been removed +description: In this article, learn about the features and functionality that has been removed or replaced in Windows 10. +ms.prod: w11 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.author: greglin +manager: laurawi +ms.topic: article +ms.custom: seo-marvel-apr2020 +--- + +# Features and functionality removed in Windows 11 + +> Applies to: Windows 11 + +Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10/11, but are removed in the specified versions of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** + +> [!NOTE] +> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 11 builds and test these changes yourself. + +The following features and functionalities have been removed from the installed product image for Windows 11. Applications or code that depend on these features won't function in the release when it was removed, or in later releases. + +|Feature | Details and mitigation | Removed in version | +| ----------- | --------------------- | ------ | +| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [WDS boot image support](wds-boot-support.md) | Windows 11 | + diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md new file mode 100644 index 0000000000..644071fbfa --- /dev/null +++ b/windows/deployment/wds-boot-support.md @@ -0,0 +1,111 @@ +--- +title: Windows Deployment Services (WDS) boot.wim support +description: This article provides details on the support capabilities of WDS for end to end operating system deployment. +ms.prod: w11 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.author: greglin +manager: laurawi +ms.topic: article +ms.custom: seo-marvel-apr2020 +--- + +# Windows Deployment Services (WDS) boot.wim support + +Applies to: +- Windows 10 +- Windows 11 + +The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partically deprecated. Starting with Windows 11, workflows that rely on boot.wim from installation media and/or on running Setup.exe in WDS mode will no longer be supported. + +When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following message will be displayed in this scenario: + +![WDS deprecation notice](images/wds-deprecation.png) + +## Deployment scenarios impacted + +See the following table for a summary of the impacted deployment scenarios. + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
       Windows 10Windows Server 2016Windows Server 2019Windows Server 2022Windows Windows 11
Boot image version
Windows 10Supported, using a boot image from matching or newer version.Supported, using a boot image from Windows 10, version 1607 or later.Supported, using a boot image from Windows 10, version 1809 or later.Not supported.Not supported.
Windows Server 2016Supported, using a boot image from Windows 10, version 1607 or later.Supported.Not supported.Not supported.Not supported.
Windows Server 2019Supported, using a boot image from Windows 10, version 1809 or later.Supported.Supported.Not supported.Not supported.
Windows Server 2022Deprecated, with a warning message.Deprecated, with a warning message.Deprecated, with a warning message.Deprecated, with a warning message.Not supported.
Windows 11Not supported, blocked.Not supported, blocked.Not supported, blocked.Not supported, blocked.Not supported, blocked.
+ +## What is not impacted + +WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use boot.wim as the boot image and run Windows Setup in WDS mode. + +You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change. + +## Reason for the change + +Alternatives to WDS, such as Configuration Manager and MDT provide a better, more flexible, and feature-rich experince for deploying Windows images. + +## Summary + +- Windows 11 workflows that rely on boot.wim from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS. +- Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change. +- Windows Server 2022 workflows that rely on boot.wim from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked. +- Windows Server workflows after Windows Server 2022 that rely on boot.wim from installation media will be blocked. + +If you currently use WDS with boot.wim from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as Microsoft Deployment Toolkit (MDT), Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. + +## Also see + +[Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) \ No newline at end of file From fee1a223340b6bbb231df6ff58b2c76028640a89 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 13:05:53 -0700 Subject: [PATCH 05/37] draft --- windows/deployment/TOC.yml | 2 +- windows/deployment/images/wds-deprecation.png | Bin 0 -> 66966 bytes .../planning/windows-11-deprecated-features.md | 7 ++++--- .../planning/windows-11-removed-features.md | 6 +++--- 4 files changed, 8 insertions(+), 7 deletions(-) create mode 100644 windows/deployment/images/wds-deprecation.png diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index b62f364080..1923bd541b 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -297,7 +297,7 @@ items: - name: Windows client deployment scenarios and tools items: - - name: Windows Deployment Services (WDS) image deployment + - name: WWindows Deployment Services (WDS) boot.wim support href: wds-boot-support.md - name: Convert MBR partition to GPT href: mbr-to-gpt.md diff --git a/windows/deployment/images/wds-deprecation.png b/windows/deployment/images/wds-deprecation.png new file mode 100644 index 0000000000000000000000000000000000000000..2c6b02022ef5de54fedd422e3846fc1cb5f09447 GIT binary patch literal 66966 zcmdqI1#DbhuqNol%*<@J*@@j|rZ%*hF=lqmF*7q`%#5*PcFfGo%*^bVVeUI8^_a9hHpCmx%6kTuE+eg_NDgEvhwvGHm3iB*Z-1@<$uBJ zf6eB<66s%Q{xh4UtIwIf>hh&f&bAwVXM`M^fr|N)O6stvXF6;o&^h))hx5cCG{gbC zXa0h*u=32PV@FuWM(CYqBAq87+P)Q0q*CL^H2xvSk9K_`;KDUT1T!2jyb|Icm4P;_7?w)kYWh%l|M>PYft{=Mn;@(2@X z?p)_`CITEljsp1j83;p>B10~Og60gFw8i{O?X>VGsSdA;gr*z!kK-TJUJGi=fXQNI z2}h*8u9Iu>{cn^*v>3Bj@GL=CGvAS}G%$31;GhflTwTWb0AQhZyEXMHH)Ue#j#i|K zM^=}j5gu5yum$pz0}vm6;R{N79QZR3W1X-&_6{tL_%B8H5Nd+~ly+1`hs)JO3^=0$ zFD_=AY0{s?=kADA9_SuQBKYkR7!{fl*xMS6m&z4~MC5h7V#sEkb{V6Q!=rHy$4J#3Lj6vJcIzWdhj0gOI zAiY+C6_?q33q7=~?6(K?hUQj-#y0z2+VTjBFuZ~p-9}Ng>4MJ|Q?UK})8E9y4ZlWF zI%KzbPk%nS&#tevf48)6Fg4qG+lXjk=Ow&<*IoU&wAA>1zil&i&Wi6spz8uRWQ-;( zFK}nG67l0_(&0uE=l0wf9DwgqtTc1ybK{OpqY+Zkb0FfCE5YwDK(g(6^cGDkLJxSNBkXYf+TZToqX%uJClb^b} ztE>K{hkKz5DmHE=A^LNP0e_KlU1n72buZlSS?(-p&KDwZ@DECo`3Y<8#9R9SU0nG{ z%vYQT1nH_;y5KOxJ=l6&^17~l+K@SP;3+74c1&0}+vp`ts>%LxvExV7B)RehP*JeLa?!dws# zNelN4m*C7ORGHq)7PMSw20NU0UaL;N@P8Zh{-@9WKM8vO(`Wxv?EIf>{;L4`|K9aO ze$AZtpeEJFG%p0m1wm`DAAm+vnLiwm@FF;^aO9?VcFT9?$i{6WTA==}U5PTLh}549 z(#Rk|;5Ag1Mq*;p4KK54f-cT?gTr~m+J$n7sm?C0_mPF1Z+ehnFm7G_s=ShTX_9z#-J5<4nW*Yg&)9Xg ztioG{qe*Hwo{VZ!j{wUCH8h397IH51Yf2@4;lvM0|{3?e$c*KyV$;@jP7qoPQQF=yCSPN@neqpK167$?($F6)kF|E##|ftGx>9-%ux6f$D_1aqg> z&`F5gRd2CZQOCPDsK13|Fz5gmz|sS!|j{p2bWShnrsK3sBWx9u5xKT)9jqGGp>XNP>-3p>`*sLgesN-fqYdEg!6*9G|vYTZhS zY*;8QG^Kv3JL0oEjM*2VPWx-wZvj#PR1 ze>a7R6cV+ZsuO?apD~9#@H2DYWd#9saaXUUpA$Lq3cwk+QvK!Sv>fPkZPE7As*{k+ zDvDt&8LKk_Z+mmt2es?c+~Y9xdN)EHseE`TT!08AySu2t>@W#8CAmGZm{uzAXUx<+~>>S8px48KderBNS>lTR2MZtAFSH3Hlq;uNzRxV zT+ia;bzO35dr(n${Mw#txe(R!fd~r2YNb2o50)nA7V3^8N3uVDFnvHjp2i$;xe!}0 ziXPb0dxoLEQ&o~sV6xU$jdO-3C@BIX71W6$mE3BJHytGf3e?V~qZ}|ya_p{Y2mPrm z7bX8BtCuoVQ7-`ygr_9x3;b}BanVPi0_HHV0PBfd7qJ}0Wbfr@9mAmr;sxUMO`Oa; z*%&j4I(kxv0HH4^#8zB8;>poUNfsfc~57iYNb%4%PK*|1xfeR&{KzxJ-ona}hr(4u5o)Fu%-wJW@ z6?y-&zXDvC24$bV2^C$!z>+b6yes-3lPJgm+jE_31b|$*F>nbKu)JrqfD|(TrZ8(I ze}(7lzPRrhshQ3t{ZVWVK(b{P(rh&kqn+3-0B8#&SAZ%GN3g2XcSHNSg7fNjz+$L6c}fxifrYbg^(#-!4P z#f85b9+E*07Vx;#OIGog(2Y$%qvm6#M0B_6f*11h-32IPxA!K~cI{i4G%Sat73&$> z*OlE)a^yPBrYS2O8~29^ylO@|kxxycLr(FGk>-ri{@r}N>?=&a4J167Os!Kw!uzFW z=jU@gLdKEOMY(Xq?Cm9b^ML?m*-KXhjR$XfXY|Yh#b)?@i7OgSF5MprF=~+h1(E{s zp*)-zrEu|Gcptk^gjNwnCHYD+FtbD&6X2mVE+xnI+sc{yG38^|B>g-zr-tA(vk~J; zz7MAzx#pMHMw4~q1U^c2T_9FNK|0d>HVkrWgI_*jRf{Lbm6YHCV^GEmDN)a-7`pqB z-H100!s%EM0fUkE_bB5428Q78D*+0+B!;6NfZ+CQ)&;(Ej9gRa?8z^-Muj zqt~kLJoT)757S@m%9S!P?uMGH`Uxz{tM_ME)8ME}PH#lKPdC2!S%2Z&KFp66vIc!} z!ov1uhI1irE!TvRO3Y#r`vb9#&omipWLjPs`O+{C!M7F= zsxvNLCK?0t&bOyb0FDmYH+$2p@O)}TTQy{a9RS{_B^R17BZ(;45h$0zzi}X-j4SjxiHFbC*7xvlZii!C5l^YjAC@>24QsbSr!ThPEvaO)4fEz6R<_i zg;xtO2{ocm@IR69-~`%@UUpsDDU~e15nXY+pFB{vu^a?WBn0DhmGW^*7NQi4PX%&) z?e~$>Wv`?89nzenek5_kNDTZLR<7%3De{vUUXCcg)%_--%KQwbeB&3aUi%w$qRW|Z zn~LrFC1E!NM)2%Agn>fQb{2EIZl*`3C|{-!MW@WK8-vwev&+SZn9Zu4=>9@nUH?K- z#{T}Mva8<_?cu)HobkO5sy(QtV^0KZikVHP{9`MU*Ex@JNrq4u=4}aZX z+-hYtH2hNwI+#6&M=K^lo)?=Kvd{dhg?K)1m&iTk;PlmiMkwP_$wZWfEdP4;)#qq| zBnzj>ufhmdRUDy3u`*|%xIrN!f?Q8E0AfWooqygoMV;vF57^KFNVtb#O+Nq@fWkr^ zvHOY|3pY9MN8Sf{{@*OWE>`_(KXaiTWV=vMd_o5IuEISbqRXFM&6hRCqhc;rXITD{-yC^GjnI0pW1N!)LNwYgdkdFSqfIGSqgXEw3>!U1 z5}E!OF2HRk^oLcg<9oxALzqeomvk#DYhb9AmRxo!`07ah^Ulv0=5h^$j8 znjsN#f(T<7V=hPQm}>|TiVKra@{-j{0lwx$=lxiSpP_s-(djvC`X;>ZSUvY(H@Xc% z?t>Tlwq@%jLTexQlRv?^jl_iqp+%pG(K7k!=RnQXKX2u4k2BGWIs{^)k4S`cLl9Ux z$72Dry-_8_5lPzb6%)U^NKAZq9o!|b?>_80)KCldSMVrE5Ds1o5Sk2 zfCQDlV2FO<1M8E1{LrRJ3-AleZLLFkKC#?FsYcP%*|K9bF@eae4+Q=*x`Gq{=ppmOr{19J_>ZR>ZI~+@q@ z0MMpCeT{_yBG1cgZdly0a;cP!BAPoSdY1U01OMP-S3-IA^rJvI%XMeZ?vs%Pi%}@8c{p)_`x$1yae~_ z&qU+I4hYew8|YC()Z>eYliJnUtiJ)j)YS8o7iJ-YLdG;3zdf$#bU*?m(VH6V!;ZWeyt5qX3TrI{%ywe%e+TPnd7h>ta<*tc?L>rkRAG9V)d(_pdhOwo9o4rEln zPtf5c1thld>V!7`V7ogv7vlOj8w+=O#g^l!fs5sQ64=&aImOBb;e`N0-pU))?}e_S zlzUQF7Qby6n7%_h%GB2{`$a)rFUCga+3>2Sp4L(?c;60h%^j(??&xBx2Jv%e?|0q) zQ)q|DvI&TnH!~OgvnS*fHX{nt_6EHC7`y;~U)=kb-{g@#P8dJ#RdSn6N&B;WcVgyJ!-q$Xw^`{IOwQHafie<&_ z&)25%Jy36w!oJF9haC5N`j@I=)F-_&qu2cd3Ox+iS+cf&+Omg zVY?<$$NRcDp-;7)maz6*LCI#^XWY$v>My&S4$8L=bW6I9Db_I+)Ioe57FFUY2z$d9 zkXp-m$ehVr10ehky&^{&mGC!+x5r5FooK~*ue3y{{ShnIvvU=@2B>mUhu*K$h~bvz zG&s({PT_E&Q?p+3^Pi43kL;bAgezZdMD(~DsPdM^zB{!PnR|0*<2Ys&Hwl48kI2<~ zKd)Pfkv+MmAaUAi1VV1zdt6PmI_;~shKFCH#Z;r^tE833+C`vBkh*>B?_kS1Wh5nB zP&a&QZ7L}(?P8VZ4;f*4j}PM<4^L$?pl)_13O>;D!sqllff>!HMk)+iQ_$25TWeuZ z)a*L)rblG}t8o0>2qht2F`D_6X}9OnIU~;>jwsJN&iFdp=PRyu9Ao=N5KYL9HPHsd zmlt?vp+K&8-481sdkeD3gwgM6E#$Jgv?JnlNAkXGBi-4>oXF9RN(@?J&$js}VEX|- zhp-wP{&?aqLF)B!fYgH`nNc@-f4}O{S$*$RXhVbRUX$=|4T7U>YC>C~>IZysLKWC#$neW`>-8mGAMkDzEHKHm97Q zU(h#Wi~Q~3LVn~zz8y}1o~Ja5YG6wd{Z;+rGeuM#4JeN#rltyHEQXE|k;TuO-)=x^ z_FOjgQ=0SkR3|WbUu!gzn=}CSj@%7R@=EvsJFw@Ix%x7Ek3^)gpV(xRGN+0J$@cs7guSsu#71bVT$5S{(G8_(;7 zYa!<+rcd2XbVCPd}~0wp$uJp#`7j7plHZ zd5&hiqf?ZZe_rFs^{5oda9HO~%tc%>Oks>QiFHhu7v34-(##=!gg%p5_iBegKturE z6(ne)e0DsY9a0DYGj_uiitLjr@8-dySa4}T;`~GJ#09yPi>+)=Uu6+HmoYYx7FA}_ zkY-ZkccOBo`_0(|&3z^hRUPhh5jwT;H~gybT`-wuCV>d!$x!$Qnk-AXN`WjYJTlsk%{8aYs?AZz}881Xq%%6?0eCSIcv42P58%9cBMA+Eajnej_C zOznQTgt8MALQ1ytUg6V`otXfWPX`FE$KmDC`Pct%M zweb)JTRmHBTt9k*c-3WoOqIcoGoxlR-eb@s?I#9S+mdg&>gZqDl7Sk3=;huZ(bbfq z81gqtx8kiPo{LeP+~x!4@(j`;Y!7K;T4SBdSeP=<&D_kHiUe-Iw=&{aUEw$Cn{VR+ zuj=>A#_D)~z*C+9p0KqjgHx;Ud}tL%es}UMX^M>Xki-@eS>z~i@J*GQEM#-?Z3ySF zus6LQ25HG)+u?jYq}ejib(P$eUs6{&G}v!Ojvrl&YFQM+Z(^s5u2|v2!E?3s3^mls zBT(PY=X9e97c%%()Z*T-T%(Dkty%dfh9sO{HOck3i3ZFJCPTOe-d<7yj~CxG+F$rv zZ%?sKS5!j?JM8g!oKVOF6JzQb?zd-I<%AY=Ey}-izz4t}4aAc3U+$;dZnndc2=kB( zu&ZaqT;GZ9w?bvIUfrEk8m%_cR2!~wWH@xCa#^1O4;9p+7j%7)F{#@nMS!F|sHA~h z@YB04x-=gK2jGq5IwSFwfhNZ*MM$u*qESRVSU09VzG=Z)tuIdzhpTObpIcs(9#WzO z=Im3GbG;Dd80?or-(KXe{yF1`c-Iq=;v&8OO=dQyDb|y~m%vP^bt4s6RfySFkqDF;o+?#G z-NmH5GNQlZ&7>F=kd3L%=E zW}-*;P7$r4`Y?w=$a)#^U%v_$P{0FjbV6fGb{n8J5#1)Y7tAvILODeh%hic(nmxcU zw3d0?{)vJRKDtm_$pi&?nS-;Qo)uzzIO5*Auyu8=TgXM5h#a|8qs;IE9!4t5(4nFq z?ZmnV5doVBy$TBoQNDtx0`d6;0@*U|XoJ!hg!o%o7I@X`AZ*De!TYjfsqYaUB zo;73FMZM|d$$PkL_5>(&PS`#I+b{RZn5}N(z(3->EJU@^(2VDfK7HrS%#o}?KV(f~ zOu!QUo2f6l%?+X_qHSi61~j>r)z3|LowE+hu|KR0>hOG7VC0N#xssLk60d~S8TFIv zN3{rGL>i05CLOJ{=d;`6TOoQeHfBD5hn$oGW$^}z&`-*V5tkN#gme%<%gCY)t~9;# zK~pO;#F+}wDyl^FE0$Z243-Q<c#+7q*_vBCr0%K!YrW(hh0ZDBp)6bjLlq%dkPF2>Z>dALo-=( z7b~*RZn9W7&XfytKvXdG z@D3F$60@NFQ;ZmzajLnK@Sf%IGMhMi;P^4hsIoEB>>w!+^RtI-DD0TuM*L)$Jhfa8`P)q; zfK54h>e#>HDFcuU&Z*$GiEehJBA6=e4MM|qtTSaA28q#vvB|KI$<#Cv)pd|DoRSXL z+OWvS=U1@ZC+k@y#Z;vDEwGBf!jZdOq?6H#K)QHe(OE0!*&z*g^{!^rKpajF`IJhtrlUuhoaPJP>LtE%EY@vqQ(yd`g*E{EDUm;j#H%^)%Y+8rsXx~lXem}*L+ z>$pj@yiFHu=8+$tTLgcf{&dgjSMcR_LQ{DBVMM#W4|qazve9^Q=PO%bfVU3zB6|1) zepum+#)MT+cY&4zQ=ACius}rrKj0a<}do)mz2aHEK(=>0f`ZuHF{1mPPM7|C2 zDbG!MhCfl2-4;O9N+}?Go>mFzKSt;!EJL?mjREUm|LL~DVgzWV8>o6L;dpDt*L(n+ z*5j1@yR(&aRt&7~p`mJ@jRSuj%I3$?fpD?`AAizq_yjY;g~U^GMrpgr@B~}!E_yMt zD0}Qz6c+Ynm`$a%{*~aJ{_P~4q!6NTbFCFsf&$#sYUhzEko|jDi12k+!pz9Bo(vBu z?EvnTK2rV;_!=E37d|T~&dh-5o=NsD)k81;PuYkV;e+f`+kI&vg231EBbNU}%LCzd zChNl)E?5E$EU^{V(3xQF$B7@zJKy_k+DmZPLu@OK&K-2Byyb4bkuw;yt-Kn}O1JrVg{A)a$Ma%-;D>xzYTt`gX)g zJNOoPPP~H#eZ#QXdi>J;KCOoI_r@lWMKMGP>coU5+o-pB);p^L<-Mum4Gu8?dd?@lEE)Ni@-Kh+{Ql%?E+it!S{rT5rlu*O)eu3h6)02BEHb)6+ASrB_%2 z$9U_vJq4*e$)EWM^$byRKjUG@4yKKA=7NN$ufn1fCeci9j&K1W{5Lnxv`X2(S`ZMN z{NcY8EJV4TqnuLDE-Wr+ma|hVcqb*IM*|fQM9XyI|MKE{gNdPaz99eQC{qM614MLtmf2IidbG?w3D)CU;jdFt4H313B#Hmx=;xy89 zKFeB~0I@uiil%$8LxZcOZa?h5*7(OuI$)*o{=*7T;QzN?g78iaCjV{?&O02e8lEVD_Fbg;zt(~n zp=RgH9Li8|rWEj3NHGTHz^>1X|5Ubr=!J4oHs(M68xr{6cNph?^CdabyEKi+$?OnT zJbuF4iZbmO{ybZ$d`kIiu}NTz4wYy;br!Hyeq`M5DjsGG-=9mX;x_h^v zJWP}2^kDa?F&3s422Ju%^{i;yk7a}K$vs}7zO|XCHt(=6P+6jE+v@z5pOvAO#4MIH zmYElLo`BzZd0kPdeRL2?XL}ti&>(3xebM?yS)O-)bZJie9`pX7k_=mC%3`Ms=Q4bT zwC#1J0o~&yh~GhV~fhEsUE|l+dHkMyY^y_GDZ~u zB-0>&a{P;pfDB_5zdRbv{qK1{Wmp`XA}J-*?oQh%3FF55w_gL}y!vT72V&7bg9zTl zRgB`0vl;$Ed1mPEg^GM-%{A2Og~Y8ycEkP?(G%rLw|M!_0VDg?&);RQHY@?(d5wtv zB*Vm_o9}@%2SZIHNZBnEvFxN06&C^OG@|o+`it@eyzjtvEn$u% z9|(0h?Ft{P?|%~p4_mlTc&z`>k2>uH=!<%yi?C~{ovG{ADOF|bSMqVD}RKCi85M9YD{765Os zyvYo%&eqx$aKR;~nm(Gw_y%Z`Ml-^iI7Vi%&We)=q>5S&M%_Zx;P}YP6`6+m>lplt zd6n-d6ZO^Zl9g$H%MOYZ{}xB)N`YS!>y^z^v-vP3wt~xtM8CtX{$sc9Ae;5&prjhB zGWvR!{r)Y%*(M%Gr~cQLc;o_JCA_XA5v{VbhuB@3Vrl^lTSk+Ic^ys94UijUy~RJ-aoPLq&R9FFT~KwrhMfXxAbSd z#=5`+K*N6vGtMx;l0igm4c8ki*u&XVwPBgHuVE#;-NP|TyZ*jJ5*tnPNM!IM5u`qV zNpno`Q8L)!R2xY@`OPg`rZ+Ndpqtu{ZB1ziPBtKcvA{UK71&5 zlVvc|sy^t-=nrv9r2pcp z#Z9J}V-8lD2h7M76Vn^jWI+yD{~O(x`in*JYJQ9Zl^CBQH}-$w5sGF zZ10mc^>s&2%f!ykF3jdNc?K7dq$bO+V8pszHnuS)u-)LW z_ay-gl(guIs;!@GF#H>9lRM2~7Az}X#V`z6LDD#U9kGy~<%8r*v1Ml)KVD&;f-8;VAI61k;?*WgL( zjRTuGi1PiDqw_GFAGuiXf=U;UW502-w43tS?O#MI*o$x7QE~Iy_zCKrKz;(?$<`SG zbiK%hP2{`LA}ovKsE7uQGz60vlbH5^1)Z1$N+xNa6zN5ln_dCfSlYW(M^yIkii%IA zGWZ`PqasB6N%L}A&({^BNZ&4TUCoZ!mSIy!Os?aZ8}nzkWN%4>SF&^XMj=fkbC(_@ z3(ae?wZicgmZS}&#T7&Nu~jwdOesf1E3M22YQV8FqK9TH^HOY_f%t+W%7BpQT^Uaf z=>8HR%>`k@#&^ONm*arQTah?4$aen}aTPcNh$LaAS926oNH7GQp z1dys;DLBaJ5u4|^B+n@(BT7W{jh6BYY%<^9^s@Ch-eA+DnvUdT9;2v`;r7c?J=k}n z5||xp`aO>2K|R>ptl#Z&7_T(7F7jto#83gEpD$t*vi+*p0#_^000r9(YK6n5Kcndc zXuFPqbUK5X$&01rrYM=Jj+t?#MAX131bs3OmByXhZRV-&&#Sv+sWN0- znBJ|@o>fmxA-CD$0+ktMIG@U`<9al;(ezl7vI4fNm25AUMMYzLx$PD+ALGvWm1Qhh z0|61Y!VphTDjeh}pU;iapJNa(S#1Qn%vwo8$|pd&=QNec>V#vW%>Yp+ubf(JK5c_K z1hEHKa$3(rW-?Ke$2fd{Vk zk2Zk^S|31v&F`bRI5kq4+e9W4H3mrlSmTco60)ke~P3CdBSQ9Bqt{)qWgMC z`LEy|Zq=a2XVM-mq#2v&-+hy z#fFVLS;f_rzs5_5WUqC)_pU+~hFM&Y;?t)@nmB!ejI9&ofbUwVLpfEANN2n*1EWhL%r0A|`Q<~vNvvoVQgSH7 za9W}faO!nDEiJ;nWCRjWHy!U{Kir+~^%(2aIy^UM{ps!`>|)iG*!}k*lC_ya28F^8 z;1#l0PwqPj2JBLh|FYB(naI+%`y@T&iHZlMu?+vo4-X%9O?CTBc}LPz50fbu01yl%AwzJ5#Zd% zisJn7#37|gA9J|*x9|Z9xhIz`C3Sl(#21&@t*rswPRN+nNE?0+L;d@^5`)!=j#~k> zipt&-%#EIi9U6mCNg6{vS;+GyTfQvMebv_cE~Q(1W~jYFVQfg8ip8LfRcAq6cWVUd ziIfmw5R9RZ4uatO7^SOqcZ=&?QUkO8A+sy!!|*lVK9fd3J>i|fNHk2M^KoEEe_KV8 z&+Yj#{@Cn~2|i9lm(^G1^>;hEq*r<(;8(72FYnPW?a-LTOkK^gs*MS~<}ZY`Q*B>3 zZ_jkY9TV#$7|+oGDVihxi4+>L1rZbKO0}(ZahcY7+J@*SAcTxu7~;DEX)L zbM-5qKa;w_Ohjcz>Uf+mABT2nv{^HqH=f{^FEtV~%%A0G0{{S^yx5&SlHjRKol~Pq_uYfQY#=HF6TM z=kB)gW+QIoK;Q*)H=uJbBXnQ`-MB}HOTK*;*08P{ zi5WxaTS)q;zb&RUa6JHK>zF}aykWcz__nlk$lgdO#f!C_T5M+U6zO9Bd(LbtekNMX zI)drD;DxO^D@A4qVsJTOV|4d6p6pnN&!Ae zf*1j>K+c!1MDb&{TxQzpglUp~9;o22$MaJ0QDLX9wi2U?CRoSL^%q%v>x@`zH9+*f zezjyiZp;T7o%1k$X@EY6RS18pWjR0+bWXBXw3`GaRmqvAdR}-1_}!cVfM> zdHr;CM#$7P*#pxfKd(ITknQo?OZ%;_*1oUMs5-6Ja;`awYk#oo5?HzK1PX_W#jPEh zuEW=WIBvC8M!x@%0s?%N4R|J{!~)26h^#aS!H0tzWlt6 z=WR@y@g8Jkr*UD^xc#DdsIiDn`f17L4&q@|H^XZl$aN8jjyGA!tM+Nh*Tk}{s)H(e zX@tW-&xoJne9^Dal4CQ|Wq*4%p?|x^A*OTFyUp%*p%HVA1YI=g68_nWN7ZIPpO6t= zgu1PSlLG=}i;I}9fdCK6*O)9FX~k`4awb7v5&Ctnmh@`pM*?lPv!KJd4%}#Rzoxs0 z1H-Lj`tprT5q$VLg8=ufVFr2TZ(gs%hzg17;m9p_smM{wIHl^86iA_kThT?6z}>!u z4tEZLmrF=SvM{?xf5v%~!Fyc8=R2uU&01(q?-K%~;}y(&nEU=d_3Q{}2AAAi0ddV6 zG)7vXY;yjo+Vaq=C$t-!?w#KTQ`_|=))4Kt^&`MWAJRyEXTZ4N4iv^uszuGUP-G7m zqoM0RV0LN$Fm}3Pb;nRFRBcJD6a~&y+ycITEP1HKcU(IBzo3%9%mZr7w$dwG>c|HW zKoW0zi1t=9H;3uNs_8+S_dHJ!n8oUaV@72`H5YUs!WKdq+Iw$w@+&i?!;YWc`K-IN z*in2yiPQhw)A4u}zruH++(Ka>&!bqWKaPX-wp9V{Y#DoI9-U$pteO#RaI^d=rNxn$ zfZzvkKd=X^;JH|z|Dgxgh2^XK#qavr3P@C44@({rpBLG3jb9%bzW?Nqnmln)_B+Ou z^ZL2DOC`CNN;WgKrBLrt_Q>hqgL2~Q6)Ek(JS_cU3TfiiCYK7%F?u$HdX2{eATq+L z6Ge?hiK8+wHGj1hKcMfW1O{3F-N8&5Zp(OlZ;M|RmC4=r#3_pi-5w9u8Za>} zIkqAqUM{Px(vJzzt<8nJy#Qm1x^4jSHCWHnr*d1{QW5kz!-U1Z15j7!<=z3NIJeBS*T@-8(5%I#6fY`ln6_9 zaz8Yg`e28NVD$wF1m+t^B`{l<@AXLt+TfmnOOS$cGNaQJM!mBmf*-fqI0$vU_ENzE zJ+3EFF6h^NbReiRsqi?f$Uk#OTGYw5$Mpt2P&O<4)z)+s3Nz#>-_{;~Sz`9<$(tXYRH$ z!#huhpObrznC8Ega@MAK<2#-x*0=b_cPSFn%k2@8E z`wIHjr$3MD-F0HEUKUyc>m+E1So27gK7DvOx|cT?IB!d-HHFnpzm5xA4uME!TJh!F z$cPE&_WPll)RS?b9C5+DH@l zUJYTE#Z81sBiFl4wNh<%pevKkLb}p$A%35=r}8Gds9jB3DeDQlGG7UjHbMy6^L8zD zVrZ}$cuV798^8pMf0>-dkXShH0jRajWG)f1Y=rbx43;8dzZF z(Rw|4v)JZ^%3-|}Vqx1JLJ8vnk{HHkq!n%~f>}|!5V3YZgqJ6p^SF;S7yC1bKv{q2 zZ{_gE`N-7zz)~ddO$@@nE92A&5b3~` zontSF5uYrR_o+j4M@OcqGC5EqlKVDW=m4wymFHP0gjrSnjHXFyE0i)M;kf#C(6iZ@ z7U%&Li)3_~lCPkJ(H$p&(wB9%ay6SDqklE6iU<5gThVbxgn`N#E`6=AvKUC0V46dQ zC33Oerl?tsDS>NU;i2*ZoCjbV)gY(54CM^@i_~ z)%~bKt2fRx3zR4vLUCl}r!Z~Z3sz#Z9*I;wYAW%puU4pp{-~SH{Vr4qUuU4?{OEQI zW>XaU)Ds~OAFuxA86G={K2GjM|Ko+Ax?bgC+FR@f-jEhMSNk)Y8|3B8r(V9kRMMfX z80L-00c^WF7{KoqWI6kQa=qO2Qn&c4JKxi$5(62M^tZg8TxCafVz(tMjKofbkK!d8 zg>Y5+Gsf&B#D5;j^0zN!IslDC!u9_Xyfj`e@=8nLzckp0#bO$CQ3Z+XqRV)Ng=)oJTSjIYK zW(<_qeqr{P&&0*Ot}I7;k7Le4`8|Bo;c4&@&$Ks;kZu071;3asX~xPT_&O#=_kX|X zKI4ioR`SI|50M+@m^>IRD<5=A_>eD$F@_3;D(?bONV2CZoHk4_kCJ@je*q7kxBo*$M{)r~6QDK}uRr>U41_m%0Wf zA7y$AH*zN@{8@FWsJ`t{&|OXI28s|0IWcwTI*O_JlOzkyIMiBcSKzfiMIjEK2b$?h z7I{9U1$9Tr45}S4xzheg)(6lc{n_ZVcw3uZ^Z%g`#G}r4vI6=PQ8gE^FhL&$twjhy zC=1wLI!v;Ql+Asd(TmlSg8)-(-Z=5;iiR|dN!RUz+53l`ft`GWi2BYl`~n$GWOQ#i#*BqTdHuyVQ%BI{^Y&dP{&XQ?(FrhaCUzR7R}gvgxN{)>DZz`sw$ z>4f(KpS~-K!f5uzvq$?okg*qBe5|3DG^iO?3TD*?5g9*}mp0W|E5QoTu`i$Gg;j;o zh~}%pt{tFZwT**=@RG%H#*m&Ytb*7jr*z+pFXk1c$LjI};yIa~s47ENg?fFd3o(&R zR5ApN9J>un%|4E8bd!t6bERLb)(r3Zi4##dNay=B?h5su zl_n4wAM|#~#O-n^9;Vt8PUkyeVoUT#yRr2bd~$(L2KLKW{5^kb6(%@W_RWuG;fcyo znhIcxk5uHt5L2gLbYwQF+mQ>GmC``qYLSc0d<_r2l;cV5CAVpBC7YWx3syRQ>h`@# zYj_D?pjBLw-U4QX28V$y{#ZR;X0c{N@+MUb7ND{}OV^~(BX}mSBa)~N5ft&FiSM)x ziWHY1;||w=zp|y4e4Xn!CGdSq$z%3OEwke3|NJa}pGxmQLS#fX@$E)|S^|dV;}F?& zry0nZNOR1EwkR^A#(uqu>y6kW7|1fzF&y1*oYjymvx2^wBG1G9@a69q>;z7MLFA9e z+Z@0bX<&YNBt?Q@e4O6WUYeCFotBy6>Wh8LX1<8yFGY-H?hygyt(p6m24OxaZ z&wfI+CldZNm7v^Hwv75cg{gZy5meCkOZ1;cMq9?(+J7i~ zqqa^vZ4Sk(KR-;klbR1KM#c4aG;5+od*}5|qG`IyHac6K(c|c#ZrzDRcI-UdHeRux z)f-~8jfSPcNg&)2bEBNvZtKS1;A!pJ0sr(&(MS~LF)?BB(E>Kbz~;^p!~aJ^^?)UD z<oFwvCQ$+fK*aNyoNr+Z}h3j&1JPcCusJ zxH<1R_m2Aqob{>JSYK+^8ly1h^ZY6rZkPc(Yv1L+=9{l4N|Bfq@E=9o*C;=|)&%$d z*8=oaWsUz|ZGM&E39l^vqbV@Dj3w7Ke-{@1pH65P8c6?VyP&0oj|vSF^nOkA zKVQ0`zbgJ&F#q%B_x)Aozx(&U-NFAa+ONL8T_s2J-~6ZY^CgJESpL7thA7cpFrykl z0ki*!><7?-KlJm_{S)Pb z!*!)0^`M&;=%?WeohN~tXM^2m=;!_STnVN4nJQy11*$ywgLone;YUdX>By@EX#lyg zqsuqSxwkwC-OX@k(gEDUcGxtbz%LtcIhTqYBk3c$Pm%E*kZXVF zDw;3?9TeAi#T=2mYx=|{Pd-?dq4DeEh@WAqt&pIQ>L`wLR7BTrQZzwGmh>dJ! zm@Zc)mr1Ejmh~?Zm=J~x2e{a$jH89bp+bTb*tX4u4OJF9&^AJcW`sRp&xj_&0Zhu1 z;02(>%;k20q*IO9RR20^=CbVK-f0blZSA~?~)l2AeB+Qn-62!K%*LJbtInIDKKB|SItGxA6g7NZS_i@2Y)9qNpf zmJ||#m5)qSS(X!2LnCa)F><2k@ZmFzSxMh&a58Y2hG?#%vp5r=1V>j>-f#YqXw z!!b8m%|8^G29rlqX38Ry^=i5{oZ0Lf2@8CtajDfLJHc&Gak!{6gAW<^#eOgV%qN|MFG)R`7g zB}T^?C3en}xF@Z0#qlcnpiMS?(NlOmz}tw2 zvq{OipCVUNb(C>mSj#KjI@cg&X9I-AV2$!f|o zN*p#`)p4={o--=*hL{iC?Gge2q43F(NB-b<8&68bcSmV3+P`W=Bf)CG7%@_Oot5L` zWDb57yy<~V>42Qz3~44i$H1`(r2c^PNU3+Za@=PYqkHSU!eXeJA!X@=YJny57zrR$5M@M}~53Nfk6cxEr#}_E!$h5Pc{# zjHy(o)a6_tnig(q*05;#9hQjUbgv;{$n@Q#)jp{#OALT10~RPkQk(HF<6^)`3gjPW z6K0Bo9%=@%FqIVVJEPr6;w+??RpUfjA=*e~R{0Pm-HgCVQh=+`&BgaAe@g;)OqAcd zThyv%D>9eEJgT`gs$p`RLx8z(Ehq+BM9pY7T9jW=!-Ie9EAr9@)D&Xf<~Wj{nLwzp ztOe`zc+E+%eKi|@M5Eu9+xB?=a{^4G<9?| zBWE*7Ap4RP4Y!Oj*+iHaqPj?stq|03BCTlAAodRoOKe#Fg)6krS=|1vS(ct4e>V~l zUOdGDpdmxCWHX6%_ouPiq-%s(6V*CPLm3g6bT?reEgd3Peqe&lO|Dx{N&QV%Ma0YE zAjJ_Y-NAD`ny7d%3fLT#kApUZQ`^sfNT(t2RKiU#Z$fT5WCPj)k>78$lj6BvlN~`U z&yHCmvT`N@{l_ap%7EEf@%!pK!8k4EA2hV!&u+cQago{(X+TKEbMK7B9z7eX?%DjnRn2nCeR=w!pdaaQymMY;*a$W00n9NQmdn2y|k+n zHLsLE!06Pz6BB}Zs6H7`!C2>Ed~vmZTbL7TJEel)J56GE3R0eURtDdAJV z0C}?#4wKPdVahQaDXk2AY~ZB}8<8~Ho}_Ix~EB13`(WJ)B* z^9Oml9SwGM)Oqqf=(;V3r!bmkv2-}&Z9pnn?+j0+awv9mqzr%JU-^2c0OK0{m|}!g zk9li_+n%y~Mia1Q$6V0l*K>m`i}x&$r6|y~p5NRF&vs@M_7(oLPqNT+MEqf7PbTIO zG>Jo<7kQmunES!;_**%HOG}@DgOZ4KN^M0^d#I9#@zpNU=U1D8X#k|yv)W^adN+Cj zGCGUxgKR9jz{shxeh!-%67^5%2}gBDXo}bG0tp7<$rBL~A;_b=R=s>->K|v90(mc( z8(LVTi*Qaq6tWMh-=@2>&Lx8<zD{O z#aX`A35|2Hi(fmAtuz#;)R<;jCSG%Rhd)+@9iF5U#Ky11RKomp<7C2=B|sHafl2slxU0Ea>ZKSCS=YnIY?bb?wbJrjQ|;u_7jbVT;^ zok|ZS=m#Z+au)BljB#C*)HvIXjw#E4|6ay)U2HhBNHEP6%WSA5AfK5vJXY_th-a_m zD(6b5ctcvp<(f4kz#+OV71o=}1;a=VeK<%>4Z0p4p+*^GbfMsKx#LuVWc`#VW{rlz z?Nph0N}QMbbzc~e^qqeD-YK+yMN5VbO2OKkvN)Awmtq>39RZrI36a)jU;H{s?e`B2 z1vSQBMpBj$?7TswYC|uF>ww=voNO8JpVT4?jp$jKZ2LFg(<{x7E0?JE4Oh~&&L@mrmc~osq?_>2LjuwJtA!@@pF~q3%+;)v$)z_k#k(E(X!6K?< zePZ85D%5AoDUH#ZQ3jX~`g9ZHEqwoSnNk%Ocm0Tx(8`tzvl;F{QvShus>v5f*7$pz zrl30v0^EHp)oNAr;MuOnea|-VDwF&efX#@ul-L;-BV0Fz1Ul_S`LloS6gKuh%^wJX>EWW?&p8WJ*9O;01nLz+X8;uu0eNr-1h|qAgLxkM8 z(nR9o9!iUW6urSL&-ojmK#bkdn^b+yZZEafoB-K9kzj+`IUB7D28bf~nsgjD9(7zO z$1CxzKst3b=S1wM?ugeB=g76T2U4vZ8)dofxK)bA)ivs~cP|@WRFg17yt%YKlC>}+ zFDBr-K1Y5&E zqYe8rH5dSsN}vKPSC_nGsi?-WDZK1drhVP;gwXMAh#b(>NdpruB)Sj9<90SEIUhYV zY;+-m#&nm-@3@5gDV{BoFKb#@s@Q`|hZEHyS?SB*?_Dwh&W9Hf(0353S@nbHR+Q;m z0>?yMHjZD9`#qBnW20|;eOb{kB8D{ak6o});nC#Z9JULJ<|+QqY+5% zQP+v^b^O0;C}vDwrR&bat7*H3uyF{uG1{T}Ak1vOYw9G;MkIR! zdU*@~TVjZ1V}{pYM#Q5Xu^=tvzO?-t^=F%Ud&1uYqPbN|qnB>;joJ|)hJTl~B^OSdl9ZNOAbYXWFKBPB|;PnW}8%c>iDrn zX?IU6UQL^`)Qq1dB{fk;L*d%~&H593wZc}LAzEQoxdigJpO8*~ z-FxZ!>pdqs!=Z-bPy`FG$2!*En5AYMbN{$S<$k9Q4>g+{a`4?ugUbGu8IzwRMAEE% zEHLE=FXCV>Z*yO9`Ka3}^e>oXvkWeC7lYly{VD#3mlXJ>cWECG91d zfpawaX+Axh*U&}}X?7S1Bo9hkRPMNXgHOM`-~%u*jZ)Y`VJl;?j#@;-PT|vVZ9buZ zf;f;!7REmg&tjCM07DF-!y@RL2wIZ}i_~5dVk}dkB-80;KCaFvgcC3g;L^`-_4I&A zZ=xk#r=JYnZ?yD!wWIS9u%ldJx^kQ3q%o$GMY#^~;16nN1DAI1KOZj2IU~mhvn{s* zG9pKq2wEuM8(E>50r{vb`%ltbGb+xLzqqh%HrgPj1o^>Z5anAwC)=5`pa<2^ zs$r3&RC;kQaH_Qjw|!)ur|VTc2O%o~l#)4P*NQkYCWon2E!RVKpz=fgnMjV)t`%z3 z`gPk;%^?!$*gpw-lW+kb;d-s}ex~9nhunF_TrpYl(AP^(R65McLh9cT42SBOG_epT zVGofhwb#EN2GiMCVaFgok8)nWMl>MDi}vbZ;Mm=D-F>J~69A4LKRw#MgE0dGd_c!2 z%+n+Gx0g*0=Jd~)D+Nut2@3h$m66H}W^~ol+jyd$)21;F(lK^K`=Hn~6?VHv6&Y{M zRS;t$H0mc`hj@eYT^*UYgYKm#i*#5B%S1-1y0ya;MJ`yJ(dwCfzjRuQ8RK&jkSP%X z&khcue?P1j=fys>QX_^aJMOlVmb>Z`_ebuiqeW<<=YX)G3zeEX2m!`|?mH2H8tcJd zp#JcxJ`-=6)Y1_~GVYp4ViPgrjruBHmGXf)x8Q5))#Ao+IiUrb*KR4<9;`hkGy0Wt zX?Lk6RJk}|^mvDKUGBPc5#nVqyov|VAQjMP?7(Msuo5~I9LU}%A_%OGsE!5RFX@I^ z{cHQyym5_JZ@ILP-BS_Q<$r&=l;xt(C2)YJs{W-(;x(S4_ zPyB-cg92Hll8)FY!wO9couR1ZXKQ$}@~2A4X$ejQwSFrnTE6|EF3+ph`vLmtoaiIG zQ$7a&sZfi_is6BC9@JtITIlx)u5eo507d0Q%E?SNc%9^|#ymL$+K`7UjXu=;*>i07dPH0*y-5fDpS{UC zopwiVLccwuY^R46uFpSFHSNZXyxwS{vE%qN)NJS|K(CxYa90H0_~q5=Vb$uUqU&7_Y~R{`#rT zp6iVmGz9@1z4p6xV`6+5rPLV-OUXXr93=BbBpA3S)k%y<8gir~brd zGX;wkFegXNKK^_G2oA*(wExK0>~x(*ZIsGf&9xLhfskvr+uG#19zc_8&0>?H^d65( z3RGRp`chU@RCgL{AVtfT`RivWBA)yPW=kI&?k5coF?-%oBjE831an;D6bee1@i2L~ zpcky#E@l;)dr(#N*Ck1kg?*dt4r4i-8M;HXR9`66AhT4i^??7lYu_SK7(AUA>#typ z1OCg=Io7$ZrC_e4-1xO39e#YHeT@TR1o0Jozf{Z%WVc#MPk|+i&(P%xp47ThmRC%a zW=JA>aF8cV#^OF|446$IszQx?vockMS7wtI7lOpU+anwJpz4B%m7d#lhnNz04TL?E z^Pca2E4d$@{5rKlyh4w?KVuDLEeWG4U%qch4;>>rydfArRA#``=ID9PJZp72vghJF zlFkZq>ifL2TW>YN3rl=42#-7B$32b^~ij0lRialTw=6m zqAei)g(q3Ue;*tjq#_j5yz)NOX^pD9WiiKu&9AcD!kjr{V09l*}4#rqf#O3y^Rkg53J1M%uwv5Ct zrRHX+l$6(zTust${~REmDcQX-7C^5;qe{eQLV(_&4*W3JkMJhyw#IVfcO~&_)jmR@ zlQ!(hqh@}jDQRA0vBQ>v8fPd9HMLN~Kir+n-{jmqjK8|p5qi$y;J1-$L~AD#6C~sg z4Sn9-?0ThvaYM|K1mc7Dq_JE#QqCu{7_W~PL%YQlN_v`cljpqo1$A%=EB<cl-1pV!*H!&#fIKcBBUHI)Xe2j%E28R6WvRntV<5{xPXd;RQ0 zAyVyDqoGEZ3MvusIPC`Y9zRm{F@>rL`KSLCEnA1{bXwDx`!KvpU+W}#@J;#8YFf>IT@R)mf z7|x|SpZ&sOifA7Uc5AuY{Z9Om67#(@^x8w!!6c?C?XK@u&6T2ji^1w+ zn%fbQ1|oS~ozulSfTlu~y(E8kQHHZM&4?7)MdKy?MUOC+CoSIvcJ{KWiorJasM@$k zihaFpg(4-rRtP$cpJoClN-ApRrapjKv1oyJwY&2L=n(ox`HEDK?IHjgwe-hWDng){ zRN#;UVCjR0jgzw=+-1ke4{jf;pe8>UPSD>cJAqNF2|*o^o%$zSMocha>SNRWTFn>j z7J<(gtf_J<`j7Xs+q#?GTBQ2eVtg`ZeuFIc7ePe{pW2ilq_+Dv-$@|}wVG~}r zByuS3pml>ZTnHi=Q8j7HSG5VJ7C@eVYmI0aufJ=3UKQxGS@9UV?nrs=Pvicnsnt`;i{$NyN@2rmPlgauZ=h)u&Y9lM?m>S+ zeZlznkC}ySIq+=7$$l2+FyAT66-O`ePb#b`vlr9r`wExqvO~*Wg@H&oxyj4gC1`wZ zs#on{zdw#JCZLm>L%q)Lr%u4=Do?W8NhD^h6P_l+(BgUfib5bY1GSimEX2OPTw*OO zB>t_4H5ISh#Xwz3h0@$~_yfTzS%D&D29UpbV4AKl5@63G0QV9a>tEpB;=P-rTbf2P2RY7SE@^6odVR9cLIg;phPs;+5X zVy~@@M`09y)eMHz2)17k97UI%uXfCAEVag=iIr|ahuaATUAla)kX$Vg`Ea~n-Jk=# z`Qrpx?ZO47$oL5fif(s` z#h=+R25-Bi>5nt0ZOKrz5fC%4@SNK%WT89dub<%&Nr0Wbxv3t>`Vyn-KXEmV z@2=}UQ$cDfV`W@n`3(*8OxI!!IA~OI0|~%5@wC`;ZY`)<+kVOucw`JCLc*3;#wWv% zZ(n{5f>`cd3%RT-KHpyL>CB()*DtJ~+IDl^p=@Wk5{1lIaJ`p&**M4bhqX1PkC+H8 zHZRJ*Znh?ew7@(fPbhvUWU*$~5O~gw^AsU8YeCSq?4skC@^s}eIZA((vfd=aCLV9q;-$79z8aAoK=%O#=Xt5U0 z7^AV}nwQgP=O26e^Q2l4R|}!TnZ?4qD89(h?PG~}BcPP#u;Bk#OxJ8`%8`V&ID8ZETB zv^A{lk~k{t2^(Jpu6BEgJXyG zVC{Abx$EuwMoNt?)?1&(2#~jTZzubwe4ofVxOUXXKkYdv`5#$$9xsFRJ6{clg5AF0 zbQ=LH_&*vI&3o75nCxa8*)%jwp2ESO=Fa0t8LPh!4ibLh6}o$~(5OJ2maJve71|0w zkXv^t)OkfacKB04KZxsOIKln&K8-2W)bi^T zZL&JXTH`h)A@{lsF@Wl8z0#KCFy5aaNf^ooz0G^!@qMAP-y{^-4DBJS$>~rJWIyTv z-0AhY=o_$9t+fGiERHeJ#<IaW4}F5Lf5zqA|=l8t>5KjUC-Q9S#MPv^|rIx&#nNHzO!#H3BIy#=CXjx zYSIs~Dt5=HD)OQ|lN?8&b0mWK-H&k^owuo{^O(>cjO#=)7b=QnlOMKX7{kLqB|=^HsH(hxl)? zH*?y-4zs=MaBR@7F{8cijMjZG`^#2a@pLq+2NFuNWgOSQ72ofTP(eJQ2^n z&`yinhn!o1_g{{Rg$O&tnG$Uq89Vr z@^Yzn$oHOsgnb}IzKG(AMdK$F$#^C<<8@UK6X>1$%R+$m690qmeVTt+c@5@!6my+{ z8{gwRD4pxxXZ-Do{|=A^SESqW&e^1CCY;$Py!{2|cd_ ztT)?Yl1f0e<`WWc_tkC*)@=@38*w}7Cb0wXAfVCu9H`cFf(M`3@jI2q87uj7MH>B( zNFwm$FD(L&0K!JQt2lY_lu+Z9@nRSf>23ZP@J!I;$tzfxzUNPsR4EsoYVW?u9(Pq;f^hA&S#<|%Zh1p&ydd@nOzLvj zt_E_Y=;-b8TMoenRKnpCYwCo=!)wm!1Up~DFv5Y( z{JBQQY;=O&@x02q+-{lSak%u)%Z>iPu%84;eT{SHFQaZ?Neg_+3|PvDQ_JxSBj~)D za<^&gGt?BsJvpB01Xc;$D+L;%0B-cS+W%Gj9eTZ-5Q&Cs*NG!^-?^5&+PL(FukLz7 z?RpwyG(O8X+-b&tV`#r4y&cg^WF44QAh2g#@uLB3ba$L1b=>yqTK{TCRpk3X=lL?; z)$O8oJgioftr`?cgZuiPUS403Db{pglC7Zj(<1#13PS|e7?DkIBbA$y<$AxtqJLjA zx!D_Wk7jYcTtHOhf1qEqU5{kQ;WZp zBB${rY~K3tQVj!SI|u+~JP!1_GUFZ$o;n@qf3aXG3UU)}v^xu<09fq0-f3|&aZzs4 zlqU^#TT6)se^1sxA#>wv8u&2Vz8oxFCtd2=NsywvRoFdoOyYaN`Ci}Vsd^BGmXvtb z&odr*xgO4~HfY;mbG+GiTpx&u!X2uToR@9Jg@iI!f$eRH+wWsqm2dFvOTh5Xn0OKHUH3}*<0r-k4 za}o8^#nyALt_!4uHoag?)ulrlL17oI(50~iLEYT-ilsnsFED0wyKp z%@cS_JFAR-u*|my{UPrWw1U^Z_70Wqfo**)ozB4TBo3%i3Z94h( zUabjp{wEll(|C$@yC=JX;Jw^2Pj~fVG7#lfQ%0JxhcUYbVUv4ym%(&!3AmAQ- zLJV!t9aK=-3K#Hs$*00A6;M3eEQUD2#hVdZn;M^mcSif< z{qvx<+(HbP?V`TnG@4o0zG}o1#p;gJ^E$C#A35AD$+God${D)n^o1V7WMIir z|KSjyI?K7`*@?Z=(`~uo>3qBli-NTM&RuanS5KwD3$n=eeyI(wW6gHBi8#{zHICzj za);=xF3KLs)gqCVS$>`udQiF)KhA}x&xs= z2yCM)U6h=k;(T?7DfLwh>91^B)j*H%JNMe9g~r041kAHTIpZUve)(rJr6mj}ig*9qHtBc=N)O|X}LUP2H2+yxs;t9S_tU?c|d zGGPc^O;G&WlpF2$Jx3r((9JDFieh4%QF1qWZ{Ig`Ow7Wz5+uaR3T(5vHQn369Erc~ ztgs>oJgP!4rd@bxUk#B8sh4PqJQ>fuVY28v1$-&cyhMuEV-}(f#49pOQ0{1B#y!db zz4m^^<1P=etigtuG*?^QS@7dx@zvH`db19_X`y4@Z zDXM5Wb-U}i!t6Jsj!dJHnQ;#EB_z&U%K{BHlS({B1-@(daUCYCq*6JNC0qWPRv%tk zmqxJ8_6K5Vmc=SfH*Zkb)}YEmz~$#2rgdedv1KiR(l*n`><+o8Bm$B6N4!M!WbqdU z8w+(@GLEowI>l&;@6tNkb-uiWv1Qml>-1!%N(T#p$2!;@*7HUmz|Iy=j6eBN*5LJc z9`lv2Bo(ZVmp9l)VG6GH>lWsESOy&dZB{+`PzS@RyMiLn3?!EbbEJikC7DkZpsid^ zCO^h#f0tJ;G~tMq4HpaPNO|%LAS>W`k)AwW4hBcq{Rav@*k#BuUz`4`&*AQj7wmjR zGIFKlmB^JVF&je?#||)=?N#@g>v>b&vfCj$PHv2T+WH!=PoIeHosDn7n#XZ^f3}rZ z$8yg9I^AW0b$2!gPnF}%*5&*xzTEA?J64KUp=e-8E!h*L$S?7SDFn3o1HqJ6fq8PZ)}LF5N9} zT84u9{V<-&$Ldnr(G}H7*hP>1o3P+$6dbe5iLJKFIUp37WZ)lnAEw@)=@+e8-#oT$Q!vpvYwVO`oam>D8yWW$>Tp19arLpG;#A{1C zG%7wk9e~fSuf*09*K$jZ#~kH6=e$*7Pn&&~Cgd%k3o!b7aCAWpOpp8No_(MauyxV0 zofu`mr%bkUAe8S2quL8q)}lz@MSIcpN{IAbI@|e9N=@@zR8Jo9=62199Dt%)+8tvi zn`UwtOK=chCg9`ccyI|^0pyJIUVp21GZ~&P$acV&4}_@HYv)$ovqVY_l6JninvG&K zzCDmv6XL<;7H`EHUnUjb-|=4wAs_7rzb`9{9fJJ2>VgC!w5DseOf$nnPc6`)e&Da! z)t|So_4qhVB+h^~^owbw zDsYlqiT`To6s^W~%$#k$QOV&jLp=hqLgNcKO3v(%kl!*LGHTi%>Y~-;UF^Zw>2;}p zSBP5ix6&-vnJ4!cM@?&j9{8(LuND=M=SA3dcQ&NWza}(mqmYlV4?W?v#newucz z{d*X3)vwlXb6;e!YB!F5TSBuQ2r0j*j`Ay26?iZXb36pTkjtS2?XF~)3W@Wr%Sh6{ z8l{tcz8t+V+OU?Izk+ElM_H}#R@%Cx^j5>yQ0<-$iY@SV-ecc-G(WtOoP<| zYI)s!{X%R=9nQ(tdZnr>duUp3c45s?Dh%8}!ZSNf^0C#+JD<+3%%AV5~ z+)I_?FR_R}3iLS48@c9}pd8h|Aj9vZ10wlOb83 zY8X!M6x!cJP#Ir$#9f`K#yLr-hvvRZ7|&1lOF_jB7U8HeU9=vKc*9?V@;-*Gw{Ko= zYF%C#ysyU$L_8c|517x60l7h&ktKa(5ngFe$15rK}rN*ZB z37Fgmn1Uny1e)m7wlF;9dB)9sd zkb3sdMOxk&AGar(Df0{3U`0p0@;A{$KUHHzGuGln7B?~*Pno>urBX-igQY2(tkeu6|rNgbe48|!w7p5A-`&@)~azCUiU7zUcV z+*qORPlNQ<=#)1Ll35#b%PRj$IMMsVPx0a2tMgtHo0a`THaUX@Y}W+%)OZhmyCdRH z3?2wmF<_46F@nLEQs{VFm2*B_!6OSrF6hfcZWaudWo%bDq_0(^khaiK5=BLgc%DgP zy%*egu^AfAl3EAgy_Kr0;)D9vM`Awwi`z2>Ppj#BBU8t=|n9$M?a+ zT@~f=xO-MVC8AxvsYx}njQy2wWmR5N3OF?IjxfE1cNPSvcn)!YKW}Eb@7Er`P2lnw zhqd^(6=G_{9ZJBAO2B3NmGgw1Qusnr`@E89Xhwk-N;r8R1)pr_)C3j1)LC@}8ZRme z-MW7ur>5E;5PqqFK5-`SMP+zhdlRVg!kNjCCAIUxx;t-OJ6?uP%K&+nX_~?8PMEdl zw*7djTSJ;%4iHF0OfWhcc0#_=IA&Z3{4b9}4aKmJ8_!^`Z((II;`aL(SR~3iL4q6a z)Ft#<0VI+{5h(mT+r`(6pw8B@>E=(RYz}jDp48{-#l6Q`QymQ3jx+0IrKUC8PxwvW zS46cXjop)quISN7TE3@Y2y*1-qxE7si9BZ{%Fg%L6$|g>Z4&z=7}=_`RgHkybDo0F z=}lZM?J0as?#h2_O*rqNNI)E_?C^Ilj-A}si~g)jxd1A)=sAhFzSAkeQQs#4CdqH|eQZe_kQ>euLc{Xf*zoqvojDq=SD;l(uPfX>m zdie<(#KvGbv3KUVg{zUd=3nyC`vhPuZaQT|IFcEQWZGXd$C`NrniRuKZ&xpuU{n)1 zN|ZbMR3aOeytCuvG&z8l$3%9bgBzqu058p&0g# zzslr2^v9@b8lWkhM7DSGOc{s%t7S)#;oOiXnlE;xbZr4u{y0au#e>&79}xCEV#kF` zgE$E=g!L!s#&&N+O%-1C))DheGY6m#JIJm1KOnlhM5! zRm*To4vm+>eWJN_$gHl=oi0eU+we7sm7qcJ^GJmb=&P3>At9)d|Fn-{LN(&~`{EOw zXVX`q&OrO`JLtj6Cwo#_BN~%_oWwX%HnAns!@zoXp{`Ej$B$CpwY)mInFTp{e>Jjq zbf#qJi<*-h$74gt#bEH)Xxf61z#}KA+iw(uPa6Va%Lgt;$ycv}Z_%v%wb-l&2pD17 z1WwIoL7ZBBfT2M)y~;f7kbCB9=U)JY8vn#-p%9?#e18IcCgt-2Rbt&dDvRoTA|&I4 zGqQ?8Tw8Wps=&imFkY@ZJfPpUNS8+=M*$~;axy*q_0kuSk&hRNVo+Mc>Z>~cuZPk1 z8H?|2xs#f43UFRqnL`PD39oH3R(s00PBKf&H*}#7bZjfqMs8#vikwf&Kn8^zSkkV1 zr-Dv1xTR1+n2Xi5L{9Wfq0nv^QCQf0{1fq0xI06|`bL3DUyZ7|^M+O+lMm0Y^^zf9 z$tMyd%m!x{i4wf*x?;|zz>U}!gb5{6Cx|XWrv^@*wP8W-AXn3w3S15q2{}N3x=kJH zAdMhChR>+igyZ@s+c|cVFH&0`ljryH4hgS~eJgQLf?CK}#SA)yc_kks>r0Klq-B}N zG)`w>`6@rR;!_#_HZS3%)AUt!sZ~Q4|BW801i1^qTWkR``R1IZ{v1ZATPR4-D6VAI zq1vhgXa3ow+UW?|lRA`15AA)U*x+%_K96e#`f`Q5ruvREAn;{xbDA!+z8{7&>6>N-JJB6qHv;vZ++M4$vPrLKl6$M83IEz9ZvRrhMJ$& zt~kjo0u|UHr(RVGQrlB;ObqGz1};Y3Y<>~gfmulA;|Qklg^Zs*=5I?9sHoHm(&@To zw_Z&d@F*pSA{8fCzx8h-|qH;@msqT>cmK>^>9>%VAZ+FH(7 zwecdQ24<4NVwhb1HOWkM=h0yJA^M67X9LY-EdmeHkIZt0B=j6a-fl1Sj&q$u-#38NQ`kEFcZk9}VY zHlF4Dh{B}rS>oos|32o>S4&0G^YSp56O^(3p>m*Dq)W8tpk)3T&oW!Uzj{_GHao5v z>=0>vj1US&w$OgS2Akr`D(;dF=UDbgP7Q%kgA(V5%{TE-T_q7oHYh;V*J5?+y8Z$( z*sd^WM-u$px3hm<05}cN_i95~&+#0Rom2o;$_b#fG}Lrg*8#Xeu@ow@lyclsf7oQy z(|C{rO$*eTa9lMzo8bi8_JQf$rW6WCaHNVZ7+q$1;1@#Knl zaK%Mp0}H>MCxz9W&`u?ODvofn9x{;6mp)nhMv;y&XubSN4sq7xZng-r&dqZrpSMnv zMin~uV>a!50vz!1*oguxOSl+j0z8yg68dIy(TG{UewV!Xfiot=+#Wp*MWO4UyR%wX znn^x4p0Gob_|ajdvwM0{y5~QE?&!Htlf2C8zG5rx&A(N(y5n4!=6tJsmEq48qxzh< zJ_{!3ag~jp3aAw=>^u3olr4Xwj7S~M#}ci7D=R!l!k1ePuH>qQQD64 zTkT0-Ar2v)Y4Si%jR|F`+pK_Jd{C3Gq`xiUq!^CG24m4?NnR$qK7Vpj6QvFAWK&Tv zyA%&qy2o^vj~4jNAnJLB7XGD^{WG)IXk{ z#8J_DEy{_#b(OanbIOV!o3h~~wf&RsXa;dengq5iIcB0&-J-m=1&09?6oR20Dq(o5 z5^J{Zw>s;xj)`i}6L-i|ZNW)x$#(sP8BxqFAvI3dbMH!BUi6FK34@;^0-_B`f@v2iJit<*@=A%cR zh7p$0rggNhG>ZU3$B_svRVoffu);C|1{CvMnbFaFIbBN47Cmal0`Y@9oP!d>!CJ?O z8DaKivMG7<8Gg6)1OK@h*X>z7v&A&nZ6(RT@ueU9V5wsq&;#g;j&SUT#HLZCH0khq zl^~ffTKZ5a+r;}IpW=}Cth$-qR4t{}JexTAR4_Y(%qMMBl4OL+Qas`H;qrnVGqXzS z3n%$aHsqKR+yt4V*NE3x(AA31sI^UcS4T=DMR3N1KsaY!EJ~SLpwy>c?#^(vdKFJL z9EoQ|MbM*UDTcO@ZG@Ja^tJdz@%vCVNDdwaqAwaisfi?)A?v$RP7%3B+l}Nitq;i_ zoZMx>QqgFgG9EXJP#@#2O^He~csDGp2$LZ+Ru|czeq6 z$Z0uZx&=!RB~ZK#N~)dhyLXb29E9x z0wNY*`GIUN%fph~G3l|S%E#MDkjk$Y$Pf8htw-cDqm<9exuVIv#r6Y&Bhq9 z_!;E}$op4$P5!hsnYh46No{7IhOqsbfFmG$!?JPb&_&!lh^S|d?7^j~wKL7Rmm0_v z?+oMJO`R;Q%L50UocWa5!z4DGJkLfJqXRLtTuj4TDwH~Ll12rqW=cK+FhM0uX7_Jv z+KV<9hWO%kvrHB%rqM>0l(1Ylhf2^qraBDf&@V49J}>kIk#od${p z-4NMO@*o<Y9mRBeZlb@Zi{)~O&Ovo zFzt<$!`-oroY|Tc6OLvTKkVfgO~IWJPmBL!eWq|rxFq$?Y-)u6?&h|-0R`mAH8PPt zEP8k%(+)OCKo&q&?EA5sbvbsg`?*T%6?#sRVF>+LjY+F`HS*{JI|bx$d{jbZ)DyQQ z|FFxsjZtc170u$Ym;T)$wy`0Re!!E;jDS>>^NA4I!4JOtNz+43e?=s&_XIyp#A|^^ zkxdqKvzoXlR>$p}L}c>98LdyF2E_xFLx91^;b~e=rVm7bC|oKHp90?E7a+?`D9>KH zb&&N&p*MQn^fC17u%!=;fP-YfuIan7W5H^;9%*U(4nIy#8woBllKm6$^Gi3yX+rE! zvdvhS1XzorZ2P=Dt}31I9p22O_`Zu!4)Hi?^at;Xm3iwOoTLUhhnIY5QkCDIuiBR; zP*;)6=YtudMw-dZTSST04gTrfs=MjN16Da1#Afo>PY{b$Ht{&<5t2pSDgFI2c$26$ zCZT(q1LL{bUh|b&6r}oAKReJBd_M;VLoeg{Ig$1F|GKKe;xg(@Jx-}(%}Gi1gMmS2 zktUUFp3%f)s6|C8x)Ea!o=P#RcpAydv?vBnLpv&bi6)^>hyhc53Nn9Ftq>8^@Cfhni19kQ1k@PH7yP zlTu@_bhyArO@?H=<(E>w@R`Clb@_o~XDzI_CK>v;-)*FUv_R0)v9gExQEwTy8j5D% z>2(e)U-$`OC0VHR<`AGjk)$28qrhME=X{eqa#+3;0{7rXXJHfuWKWyP534UrXrPR5 z$z~-waOH4B0+Z94I>d~V*pSdjieIU@^sB5uwf4uicid)lHjqj)8?%>cp_U~RnL8O9 zZlJ;59AP4c#6((O?UVqtuDWJK&N7L%@GluU!1Ne8#4g*gN?=28&L95GffkIBDi@%p z(^*BOg7Un@0u5z&*Q|Kc8W~~;ttY3N$-72}1KQQnet>4bX}THlqqy08s+m#5$7wADo!m$>B8$B=~8%colGhV8IR2@6Ia!cLs^SiDt zTZXw=nM;0I8Nu=TV;jepxss56p?axdF&r6ZlTy)p$>htU?3ckoMPL5XDp>Ycyc}d} zTx`5CQj}Ey&WveE=A{3RFXi=CtZ%zRi;a!QPZZw$v&HJwUXXamt)(8}m+9>^qJk3^ zn@g01x#k}ha^zrvGc?AFZlNPO3 zO#(B&>C4srF1L4>O1bZ{nh}ikQ1@iokY)aF?8a!RThAXRF2ye?3siM;i^<;_bchZv z(#@4jQshR~eRj>;?$=o;4#dXJ${+3)DuAA!7G^5(JR2&3N)vq1OP`WAL-}8!O~yTl zm?`B3KR>%y-8SN1p&t#Zc5{#kKfG&{)zMM!8FIFG`1&J;n(AfIgz}o&cQ4 zs7$Uft&!{uZQk2O!-wlr6oZ9m?E)`#!GfR472{t8ZR_OS3B>8so2Yw7t@rwyxm+|8 z?2gC>jJiDsB)>>mU%vSfDSa4M+38+{t@4<&08`yQ7v0pS#a>#OMA-;)8v4GU9xgVx z)6e{FFZfO7hpNCxZa{6dUX^HV!*7bi4c?Gg?{-<}`YmFWnFtBH6vcFk$mn2&E(PO& z$>i@8%ZQL+E+uG&qh%`TCn?!!R$NXUvHjNi7KE}#=RB7zJ>oLp_#pNB8Eipbb}w#Nb06F7UN$Peu-bY-0Rt&y_hCx;9mBDor?ivv?(Y;24i zKX@pbVg)W#54=9zcTaAOf0UEr1kq7bGj60Di&@=_m`4asJ^ye=%n*IPVw%xMl0H_6 zI%1Fox}wUnC+5Q_xqSXEb}=vW$F`U0`w!pIv4Na!Eq)zV-z6@uLreCpK|bv&<9u27 zoe$OKyfF7?5p&0C>HAAWK7NKVy!}?H+*d(pmj_K^7rl;hn^iiYTSKAQLO7z>Y(c3<=5_;djuRZ`OnH8M%#v^WJnX&hCsK^tkxsClH zYZ6?NK)(2#6GS7?J?UK;&et*F^kEXVa=kaMCaFXsiVDB$5yzgJYxg%zJ6|v=T3;Z3 zJLl!8ZlOm-YZA`W9(_ppO=hp0L1GF8JB?XAmE-fdq!Kb0MVSy1yD!CA>DAc8JHVa^ zb=t^)fsnlNQ*NFC`qL-ufFxPg{7E#SEdHPYB47M(?A9#nB7&nwA9EKjz)bc(ALlAT zi)aH?i)#g$+~1gc2k2hDkrVd~-r1@S7s239Co%sty)GB?V2x3x@c>ZH<$Ck&Sz;lN z=h;z&zVRe^c9kU@5;P!7&!EH_8#w9BSF9BkSM=$gd-|!NIuBDr0Mzjdwe9#iJYJFd z$4w395NDu>?d?o11Aaj9zy+sZhIhCVrw=;0h;&^*x+f^I z-a5-m)(#tG)w*1v{jsOf=(F$%4078`HLdb`bTHg+Lw)kJvoFvV@+E5-4XxHs=`ko5 zNE5qLcuh%U_GNz|jc=O)3ro8ZKzR$I+h65wWZV0=`j>+#!c`C`d%SQ>rps6u#*IE+ zT|rRMv8{w2#*juvh#JQFSZ2D$&SUd92wDpwEc$WZ@PQUS#k_dnxBK-twFb4?w><~9n|J1g9ozdva&C)@3 zo0m|FkeSu!wB+#fA-HmTM7Ie7PqnhkP>weo2@f;f@!r>GL?-3&t<~*hN^I;A?tH>4 zhPi%YON{@4SeExzndf@KgS6pmZ- z2#V&N|GlxgY7pJe`}P3h$a%OJ{zeaKsr14C=MrKR$h`~jW~uu1DCe+YwYeZYMLIo-RF{xpu@T$#UYv z@Z3bXXR~|v3;%TM4(7OT8)2~RaHN{O>Lbei(YSuFSj*qyLdQP9d2R^)xAhiljel_69m68duo4BGp~JX-AHbvMjpFsR-1BQVXI`@%Bm*4np)z%;`L z#^?H&zv?G%3a>4p&s!e|9W_O#Uq{1WBvvS>Vou0g4 zqfWQRekOpvR%gC;l%-%ox1$GN$Z=l7bTh`cY3=i5d4|2u^|y^)wT>%mFY%rlA0X~e z$J5)Uhixg2QXjQB84gla7X1G2{4XEJdH0=o?zbbuERLk}H~u_4v3EvBR<=Qbvb+&M z+4!NZ`{OuVUg*_gdcN==!2^s}sqi&`&m_7`U-96DM?5=dmTVgn#~o=Ji8);v-;Sz zMw?t~e?7)8qM`y;w<-N(a}~h?w&6k(UM&B;y1z*VIpH9?!Kqioh$my!p3y~xg|TO*)*$b_TFSWNy{fXqC}Kpv%5v*)5QT=25nt$wfBHYL#%CH zK?Mx!7MzaPF4FbU6+M3|h6DkEXz;1w^CW_RP$+k`g~$bd&wk%*IGSB|YVuazHC^9! z44;7prTv1g`g~z_^rwl=4@6+i0*C#rTv(#~jLre_6UXGAE*Pq|>!Da#9_XL2zV}S{ zTz-=FwI%M~c>JJ~`GU)Kx*nqIb!_^ubEs-eR)0Ld<=WYf z;oW-M{fRzmpcyMOhEy!7e~jH5js1O74F9X_0LBTAZqp0G$x0)N9RDpM_o8`IV(qLe zg$yv_&o>6ceimd^!{QIw4E({~gs{IxIDf$%vs?8fjcJY97bvcJx}5hv-5%TZe&K3h z6WMiu8Rvh;cRErJNgn8orZUys{X?F@WsQJIuMt-Hay73v$YEU5DQL4Q$-V zve}+)oY%BhZ?p-F-94h$4ks0j>az8{#rkRANB*$xTG`jjUTAoKrzxHCKr(|LLP_Mi zn1M>&!*bkyKb2*_?kLKn#W4j-eCz!n93$q-!e6CA% z4W@&J7HjLL+f*kd`(E$)qH;q~x*+kf@kqzi+sw$r<*;6E{h#d~$+5QM9O?S7D&HWE zGf0(5BA6$5i6{vj$-sOjBpEDEc04~w)Kyf1VTpXOO|zU32%F9;7n6%9?bQSF zp5l#d&Pxv&;=>iTv%=4@)|17c)c&Nz-o6#13EF-UYP&)WS0IbnP}1<)T|U0pghYvV zs~8A!T^HTW;#IFTAg62J`E)STn5_WE>)}M2%MCkI*d7DGWBDZocp5Dc{NW9mIBq?- zZ&lmT3=b`cl* z-4ycc_lA+m>n`Y-+=GETaKH)^&HY^R#I74xO8to>fEx(Vc)=U@Hq)OKvfs}iShC1R ztJQ$o?s*5Cdjdpyo*A#KhB=ON!amo%

ZBOTgVt}c4_x{gz+^jt+`{ibU zc7>bKY*3F!Oo+$#jAzyJUe|t3MQv*fmWagMvR{nsc_g{KE1RPtAvwv>$_*pg=h6b- zT^+>>lyt6tQv?JyggkO#tvO#m~>s{+>&PA)L{xT<6LStEy zcO$!Ik^}bpx^Dqb%bFQ(M>vZb)eA2vtNR$>#Orv5?9%2zw;!i=Ls)d(TY;W>JCnI^ zVAcd}cN`4e&+Q)f!i99+ZrPza?Jc=wWr#8W0R9a<_{k;)u!1>lEE)0;c1|SWM9b||e4~!9<-0v$3 zr|(jm{Njy_=TEHtiQ%xEeX{!AE+Hv_gfQmo*?o_U@3d_!0&18WDgi9IJ*HNWmTfC6 z|7$nE?KE7h+U*Q10*?tg8+ePV^nKQRx$SGLjPgeT6qGRsqlft$Mh9Zf) z^Lg8i2Pfw^4$v*uy3)5e9Yq+%=)d0OWzZqn@CoDgL^ZN^IA1qT7U~k+oUUO7!lLwi z0U{5G$JKezbgVt!rRC?-bDVqK;7r0&W;&ESR#O1tAfImfG)yylQlo(@nQ+*C-%O8m_~in@sqbX4kN7!ScOvp&jTQ{BnARIC(NP;-Lo@Jmxaef9 zFHs#mZC4tK$=28c#P&6I@p#kW|6t2WMGc$Sz#u^Ap*yCuX8Cdyh*28Zv=0^)P z8F2Ictilf*$Osn5gSN!15D0Aj0E{6DG_V~W?FvOX3d|QH9PdRfvMd@Hsq6?q;ZF%~ z={LFNYZc%J{ZtMh{sCKiCNxgznC9*Xqob@Ic7;r^7$O#nJqm;+8fVreIe=YMwy9P} z{}F=7*vaY8{fL!ooBeh&^28h4zF6&8s3BsuO{>VSd#119^_XU9KYQ^J+w+QA`4{=3 zcJ0aw+fZ>~c8}9=wXH2ugUy<4m^8^;m;eE?w|8(05#%8g@9_PJ>_+jGwD?RCY zP8KYF+i^8qnsS?~YB5W(ZPLc|xD#)G!$@jB9d0O}kQ^Fun=U^8vnhhiUcPgkBdlq!KdD`)RUSN%yBiH3A7>Ae$+|y8!Dd z;3GJ&*Zm?e`ztrlj!i;~=q^)+jFSW&OV{hm6A~{3W!woX8>KudLQa|X=QWQz0pfx2 zyf%_~f2?XFs8A$A|9EhQeIdRp)3W2}s#^1e7u;t=D9*i)yY3M+w(vPNtb1M|Eq z)jRo*R@wEFFgFw5_&PbCQHZ%Gd-JWjM71FpuL&1o%$S1r3SMvW*{d_OMSD(m#*slU zZC^|QmghVlZmEvy-`mF~JMF_?#DIDz`%xK>Vy9gAqF#ToArqN1+@bnmzVUt(2ndp07Sgk>mUh4c2Z zA9@k$d1ey6uT^nVfhDQp7E0&>hjz(iWlZe}t-D>Uq}vOm?aLAoS(C3EkEe;n#PT-z z4POwXV*-e;K&@5|-t(4^xwsy0N7#6;Ja1N9-Wi(Er$}_0@Cjsy`a^0Wb)m#F=XC7f z$#)~>bi7Wq=IJ7)F&NW&{=f^-!7v=C{Tay&U21G~D8p~napM)cV}L;zg0p`_a-Z$8 z3Q}RdzDMTrr`p27DstX1O0`q7{xz3!!sC>(n%DwU*-};N{fRw}uB9U>uI5gKpx<6j zOCEb3%kSHF8`TYvG&{yA#F-!2N^Vbq(wBzm~Ms39mF`-`?cFcH!M}hnPB!8;AAhy zrxNQdF@A>)Z;tbT>&xTT^E~|$0h)L*4qW@wr6FYqMucQ>vaoO9@ETp)PGr+_)-%KH zF8it)2h(Vp0T&L)UJKn<19#N9$e5y3v&!Jy!dcqNFuckC{+B(8wDmTx=e=l-^`|U% z9|V}0ixX}OxV^SpRFXAMCYg}Q24|&eTlk?r7`o7-8Vp#r<0;_0{nz+(hdmkF#p^7Y@tS2T>7T0R30LZ%ct(83+1LvH z9`F0NFJkyE96c;v$MYC7O|<$oY0$5hEA1FUJ#75p@qs=+*@|{EUd1j+2KD zpPJBdc2)g*{64L}CD@+TbRK_yA(Y5x@Mf~VkZdOzHeWQlH)BbvTCdvy-~I#}_lO14 z>sQwzqv!Qfonn-c`Hkn*B3Vr{=DK0TpDRjvmGWc$u&w;io^&~qL_Mfy;JB@~0BUp* zzc3Vt`a@y+3k3AMD!%tkwb`=bK9?JcK^AIxNl-yW%>H!PE{jb8pYJRd5m-6;*^{c1 zfX4`KUSYO=wh=Q^9qveRCD^`w-P%^)+;;>VMlpRBg4`@-4ha~T)|qfGtu1eC~NPOJkIB9 zUVCUM=UCaGLL@XqUs#XFpRRhge&m%jMzesdB7lr_Znr>?sNLrdkFj0aU>P9a^J!@7 z`7?pf^NLpHuui=NMu*#F-@{chU3Yh=w9xxU?~BOv&QLIbH2|I~GN0d(#m93YlLg9E z@9m{ec?Gt*ZYmfDg2D673Y>%$Wub$n^=GQQAvE3YD8q5QKgRZj_?lQ}L(7g}w!?X? zk-_PK;ip3%>*Dlc6z-FKzp0$V7zJ+%PNjA&CjU#f>(pvPc&bEDs>xJX>nPdDu2gO^ z)9*JCufCM#waaf_kJBSxB3bn>a=I65>c9LDi{4_y^{>H(&A(g5%kqL~Z?!z($SF|s z1q*b;0-tD$U@UxjYle3&PVB_uO(*K z>FN;kc0OGxQ=VJZoqQogQxo{v)h)ccno2eZM@9tz4I{#R-5YY+l-5ZVz{W*w_U5SL zxS(rRQ9oCR+o*R5cz&8rdm0SU^?aH&qG@^8?VCz7}3oY$kw)CUxx z1hkm`8}`B(7RIfr1fNrIY@*Wk5jtAm{B=8Wyzffnx_V)e@nNX317NC?5wZ1r9!T_Z z(P=+KuIrGklsMBxHMOgrhXTclEDi^LX6T&&voKV=ccb87@=JjqZ@$Yw4oEvMuA_l- z>q0?6Gck^@Up<`g{2=dELtT?i;IOgK_520U>+8SN_2EXceu$dWO!^&qdw!bc!V*5U z$OvL^y`#mi+Q_1_smYRm{tS!~GC9I+S8%izPVJZDeMRSadO)Ksf0ozKiX1+o`RTqp z=jJ)jgZnWHh}sxcA)FpHom|<3@A|gKhKSGbIS|HjPsUq9DW{2V6u#RqhC9h%+va}B zi7B&J11nojp$d6`$PxU4bx)g=mMz8#ebZXI0hB1z^;@xR#h@hcgrEuVibnjwq~V29 z(R8HP#(Hgx?>NfH0lIO#T;0&=b?tnX0fT>(7o;yUk2^!HhR;oaFT-kd-M0(AE18A3 zLAgI*LH&5PJDyLbd+^Bym)m_T1!ABm=J8(L_b0@e{ztdH!$SL>p@A*%Tayq@aA84R z66*}ZO}y@8#7A;L}q#P6OEs zIs>n9#tT{!(cR0j`5b&{HQEr88OCf1KC0PXmO%meJoSOYC=4E>W?=r7=z#cuVDn<% zdmHgSP3q;;M)}_+kF>XRrOXu+*dxZQIcP(@_9x+{dR=}#99z9;cH=nvdYHjG8m7MM zYv&S_89}x_p!ACV3eWrXs82+Sv}N$OBjHa}5vkEI$avA`I_}?1q;>twtpAAWh4QNi z@DLda{(`282>r0}+XGV>nd?N4#kw3A?nTkr_PQ|Ycst~btoHK}gXf|*pCfJJ-ch&d zL*C^xv^VugPWq8zwQ|nG(t{8q4qv73VgS4uD>Vs;TX0ty+BQ7{>BHUQ>fenlSyZQ*6 zO!}_3`$CS*?FP4u%Wn9Xrc!h|w@`e_5ZqUics*rnhh?Ipk6H2KV7e9|TpeM|*?!h( z?zg5!nJ$_uj)s!e_xZB*06OiKTBzg!smiwC5xRCLL4K*vmmCgLHqsR3W=m}u}=8k@DXs4+XeXbk=UB16EK zC3~Kf@%I1){^@cYTHSX1@?5aWCT?g1qLjrU6dQYmXh#WNN$OV8Zo7KD0l~bD&cw9a zhiAY>Is{Yb*fE|wW`!QiPk$(>{gUQM_SbZFwwjxnbO^EI<6rrg$`d!Md)Nj`=p|40 zP83#`qpk{O5(a}=qzY5*xXmq?EbLdQH>c3LVX0KvYtQH3h09pO&6*HN2X0))^wPk2 z9B}%#%dF@@kqp0j=+MhVP?9)U{bxeI&F57AiCvI0T%A-H?DxNCuNdfh^Pb|B?+W-c z@+(|9$5IC6rldkJg4~y0s;JuxW8P|2NKgsDI>IL$*dxTa7_-efqNof_R+NIHwAt3_ z01vRmHN0Q{gkj8TW@D}2k(J|ju$MN=R`}sTmhQRdU^O>A2I}m zAmnV0Hg|7E`rg@0W|~3XY)qE{3oLNb-h$k9@ufZ16fClX{^Y&8*z#w{nc{S*6ou)K z0p{+T*l(Vgu}^8$Rx=cJjNkD2-M$h&EyesQA`F1!ccf}b7MXNaR;#;ut1WFmK&=pJ ziVF_CVo;^k4MD;?c0-~E^Z7>cwR`Fv#w9K`*+YsbvBIDnM5^aOe^V>VX$sGg%YJjJ z%+0j~wz(5Ay%Pkzy*?WPLy&AjG;n;HZ_n27A~C-k_$UliAq%LJM4boo7wv_r>Qwp} zOU>sN|AF^@x^;R@*3@h_vy?UH%Ap%|O`EE!#_^^eX4O2(gD#yE0xjq3V(k$dpS90W z_CgmV3$cYg?O|`I>><@F+*2ECNkwlR^&FE`nQJq9+?~h}9{`h(Eaeq2{QIBPtBf$t zNdbgB6%8f0{>q$5<+{=86-b^;V`gVDP8?BHl)*^fFt6S3eu%gu9jR3cehW5pEr6VO z@|acXQbRtAtjE)uVjfoXY9rLr1cf2uhErV^N7y0U1Wj=C^~^c!8EQmfa|fOK&|4XF z)S7KM2$Slc@SF39kj|{Ph<4C_QFa9|oJT9=>`c{rA_I`ptGq-L87E13It+#g08aB1tO4f z=&y8q^1L)-@VWKBk2H!S*9dQ$?N*4kC`$4iCNQ?8XDuL;)0uqMLi>$!-fgIAKQqTb zR6Z(T#}9GbL#tmQR()6+z3_~^tWFRC5={%R@rc!*Mxc5-L|8#U6N09MIf;Ip4lwpp z=1eR_FsdS&(q#tFKTKU-)l+8+JM*3JnVycOp*ZCPg{mBmyUu{-(p+h51rqK6@MnC7!omj_0j zio6J=83TkYY&JO&BTJK3A2%jDy+_{pnn(#XD+I2{9xEoZ5C1TFweb`R5K|uGu0rh=sCBX~WDqYhQ&W zQEqwwxQF|R7;H$mqV&u-Ner*Mr#cK{JJd9*z&-eq>PxH{cd0z2M7nmbAR5}$-R3h{ zwMpjFY`QC)VwXj4@}+Pq(fn|lGcUvy7xQ@YW&y~3_}M0z#AfI0jrJWcC!A`cnH81O zGx)l%(R42ZDmyHxctkaF+3)qB0HJDhWeCec0mgjSBHp?cc_Qdryf3JJGzzW-*KgJb z5N#6>Goto+tuYnx1ziq@u>(bW!j9oZ)S|4aX}Ig;ZR3|cAR|~7QwchdznnL`c-o<$ zx2{tamvpOOP0$r4($~DNyDYMyXRVG8DZ{m^F0!MI4;`Lu3cph@0}wvx!lBfnF+b>LZKntHm^1sI!w$VuBONaZkkf*-dWQ|Y68wmce zeP&^YMQdEw+g&Tc5E3NKbI{JOq9I(#mmSl^^(7{ZX~ymN92_Fm=moE$bZwu4H$pM^ z?vkM6G_peUc-~7V<}v#dwZ-0B$Apyk3}L+!wV6WN03q&j{=oesg`G@x9@au-?08cN z4*43+s5(X^r^!n_IH-P42z1Mu@K(vO?Zc=au4DaK!lY84NfY{MvS|0gz)W3*@4IkO z$F+nB!YIQ-iGm%2!i;#)E7Jg?czxh-2kV)yC>lC72Q|vZ0!thM^TgDH*SZ%Tv!hNt zgnT|d*Hm|umf?iuSFE+P=Z5rsBkCyhf;I}f+|E9KJ(j9ZYi>~%f4san+uixkQ}s>V znpWB)Z5#+p5YC{J{P#Kxg3x_~bPNEh8bSUJMILjz3`C?Se1S7Me?%l0d-&6|`1?-V z@0KIU-H~j|MwMU$=ZY1guo(juE}5cl+KliMzBxe&$x(E9QrR4PIy6d2WFF9b?2or} zJm(03HA94sS+-n`L8G(bGRAFzHV)|Pu5_YXaQ1q(B*S7Sq4K>I(~WF>k!)Nz+e55Q z>)I)>?)S$FD|8d)?z22#7W8J;>FqkG@T(L1LsA7m27u>udp2a zx4r7Bsup&-y=GLFmG2-?9lll#)W+_Yu0P?(d@U~fpw$QDl}mfyW&1*A+RSN4vJiRiP-!^YXf4Aqz5T?XhGb9-*{HWWQUR3_s>4}5i~aT zwXa)-cNtsU$SysMbL&WLa^z0?dH;`nD^uN8=l|}RF!Mw zW3F-}2_$(4hwvltBFNRosH%xJrOuLxt`Z2F^edgCBrC6W^Rs0ZmnYbSc)Gj7gQc5Ep4eCIzIUiWen} z49E6bGHNeJfy3 z%&nW#YLYr59f-?8Ha;C|;i(dMIAOXuvKK3B9IKbY8qHlf8jr22#w*z!Kh!L(keZeL zF2qXSR_8IqyhsD(KqN)zBu$~jqpA{-MjNtVp_14ntju`*^4{GbolaFdUz9vN$qf~d z7JXxG0gHPy-y2ZfO7-V}_gwskhc0)eRG9^Be6-U;bzGyqmn1djMAVv4;;%I4nqN|e z$4PT$Hdf9dv(7>Z-9}lt@af9!l}PMs-woY{p3lMLU9HHs;U+c~Tvpl4Ru*qcw>d8f z3geFu7qG)kJxFu-MKaMa8bte#=I5y8!&OuyJQ^md=uj;=a?C5mxPVkG)mPM6RUG_*H?_9FINJ0Q$9P~tc9!rk}sgf8DdsuAtK5RRj zy|(rR3u>oHfBfc!s1Oy3n?m>TE-!V0^GremA`G;IIw&`kT$~CjKwsEx%#3RA7}kvC zki2r2tJIwZM+SPfO=oa2tiS*rnUE0pYN3;}rDp996R7B!nMPvM`KrqEx-hWJEI~LB zPdZhFEJ71s&}xCF%zNwzInKhuGF8bSA~K9)ho$g7;$*blq9a!Dz58p1-?n3{+b{KB zW|NnFRXC#N2_bbrdzYQ#q*wrtOzBKK9q&)!VEfX-d8^ zI`oQ5dp{bl`s}YgY_2VUBj5DOb1trE#YH4-KDS(Lyq*+C>Q}y3Z=I7(kb(D$z`nhW zw)tB&uGi>qyzfuVQ6YhNEE?bg}6ng;y% z!nOb-v|v%TaC5|osK=4D$u6HKE~5iI+6-1SDbvw`Pphu)Gjh3Fm4XK=wIS^CUFSCM ztZy%i@#+(H0DMkV{Rscg3(d5T=eePTJ&{U<+d%hgg)hau2i1lb(^B-??46I_P1?bn zR~dF+XGF1;3V1>{Uf=Hf1dG^MKveA0+T=*ijLgpFBBwePq=*>OV$0_5k75cG<%&6J z#7?}dKg7R^ql?p;bxMXUH@+HRw+i(L7zmh41}Gg$96z0kYjK%8-x!&XJk(Xy%El;u z>_6*y$@w*w+g5`Q-dz15(x@3xYSG4gtFiiY%&o9gOSIfDzh%n*!pLT}!=lz>TA+y8 z?Rh@dGmQ~xu3Tz=JYm}tf^^J~8u9?<^bvgbfvhqa<7#8_PCFJXvvt56&yMWmdnF4& zCKURy0UQ1k^?ucxf1Yk()Iy)<>894rv7d)!o^^Xzif&+q+0;O9fv)L(eC2X0gf->u zP0WgZ=8i(nh!Wk zcS4#zJa9WqyjE=-eBszjh_@RQM622a9AfjDp!?hazS*zccbvn_YBbxlw-9k$U2-6u z3H)^KOMIAT?*zd#OfgJ+!W0jk_om?#=06^gLkc?k{E5KIH$(p<;uKn7|0dr%DJkk*n0D@+ps7Jx&1yV9 zmvwLXMx*%CCIz*2eZiFD ze`o~&x@sT7nG*U}2`f!acWik0ls#wHKP z#XC+VF5&mXlKIYvkaXGfI=^yp!Yl`RUeJa0)+}lME-VTXd{FMWYI(ew`$?RT-C~cl zyhQiTiU?$Q8>`|2?_u;Qius$cM5Z#E=slg>PyQ)@@%Fgyj-Qa}Z&N8{^d44rI-JKS z%y{HfLn5Nxk#BV2J!{&(S8sIww(fKMomRIVRqf{+hO&z4))Hk_PYbJMwb`yBd){)G z&+97Xuj7UCe`vVky2Izj1!ooXW!!HJ)Gg==J6qS|ZM@q~ykd-~(G5)ZeM^-@C@SD^-+X(< z>7PrvypyKYsYBk+yoYYP8df%{v3EM022ckd_TB31k)g8)$a*d_Zs}o%T+)w?KQW}} zJ#bHTi9I>!ZBFLe(1oVa)pJ}mp-q*Fv6rd04UXYmCRX~)%|Y#$Kd^e&l?-?~oree* zO^4j7yi zT^=lyV$E0R0x7qFze%IJ6haB1CicLDjoes)_Zw)p06^14z$b>^6CY@O&Iwpp2IS{! z@$xX{nxY{7FyVKt!=5AQ(t)0&qgH(RGd$+^V@LMnweb4ZJ8Y_&* z=kU0KX8%OiL*zVZ7}avQ+WzFhbQRk=X*ao!KVd(m9c9b$B(2Z)>{398sKD%}pHZ#NN%lfw<`!RYkbWmf&vamB=&SZx1PvG%@?jwa8Lhb_+R1J1hPbF1mRmIR* z<=pd0K_@9ibtAJBa(XW~mHE6DH56P|4>I2w&Ih41(>xB&gnlEc9nCM(ZYVqynQ~3t zDax@43#OTAuXL$mG(*Qzi5t_qSrrER#I znufDUR>r?qm?=_a?iT=l#Yb`Zu3pw{KjC(ROn~w7TOSdBnc&Rk;{G1W{J}1Bei6(6 z0!rkFrMG#)e~XJwpNfS>fUV$kK8&8M?gMf4(Ac^KZ;OV4*qq8RrPxFCvES)VYC^gn zf+l}Skx`-E9%n2kTYt;M$}?;f@u0lF%O)W>yHZ}*EZOmE6@4B$OVfNIe4xUNcxxc) zf@GC(6adPO$WRWadh%ZtHvM^mF2}fcu*d83wwbZUsw_}>Jymzq;>t0+_WdfBY59-s ztssZ%XonnxWN_W!?}}j`Ke(@f43Y)`-Txe;;!^bfIU?qhQDFab1X6{=!~8E_vJDl8 zbYb>S$^8|Js=&R;cxNW!2ePF5L>riyd2IymsB%n=v5`b{k6{}m{sDRmWL>y zq9OjPrM*yrfA1w{>;^A*`q-ip(hUFWmr!D__9|&w4T}A%c)z)SyEo1{pqnC_=^tAS zO*y*tzJK{!+X;eY-2a8^|4T>gDE(W}rTYI?^a@m<44?7e9vZg`=+-3pS3h9Pll`^y zf6v1Ie?NiU`Xv|XAHx?hRxGfs8YKVag#Q2J`v~ZNoey^QVELyd|7XMQzqCEw7CG-!>}v;!L&^O z+b@Q&>PY`LL+yX+2>XC;7`MM3HB_@I)&GzA_V4}N0RJDY+JXwK7ydi2tG|^=^!#n= zf9pc4ie@#tz7|ZZ~IYLc6{$I<%|Jj`TuN)!6^QSMw>tD|J4?izaU|U^L z|Er5a&=BWQ{|C zll_;pnVr>}@C{!>SsHo52Bxuj+^}gzM*Q25ho&;W5fUxP=>Ajjdq~qGO4Ck_-$p3w zw|RrxJrARRk3kUsPi=1*6j%54i3WG~hT!fHTp9=-+yVr53l5>t#vwQ%!QCZ52oS7s z_h2Exy^#RjxHJ7c|EZ~WX5J6CZr$78cJ-;=r_SlU_F8NI#5__;HeGFMJE~ za&*aWpo9)$tt8SQ>XM23XX21$ASncK^jM4(_jr(kUbfx09+xmoGsOxS z3O=DGr~QV*aw)?vBtIn;2W)^YPAwuvJ{jLE8Bj22n;h4*yn2I;{+~b%to^yhs7Rz; zXmvS9`Fyyh{4=mS0w$+NO>81k$hi<{gsF1#8q=N;6DkPv*Hy_-ZYX1kUOK}DrHSv% zIqg82Vt@pLF$A}kFa8AKhg73m^eXqJybfdR)hc$Ew)61)`w{^=tdz0d>6ur8HuICGu&IWsDki&^g91T$=OpLs-;@XzW7MvdeS zI(g{bGIIvm-Tdh!unO@8q;4X7BGyXyzpliHxZ|s`Q6gjRdTH_t&GE=v5h70Dv{2|u zc`oiAN%2Tggnp~?7HNl4SYj1~7v~}u^{}K(6#;-k72A&Gsiy|!(R+8Oi5{3A3x|dE z^lkO~wPjbdNXB8ew$8Ul0P5D_cW78>j|=%zM-p#_Yeb4tt{IdWK402#&_jGG<}u6t zeWU9eLaXT92C{iB_uKb0R<07&i0~d!gmM2(h7z=dg+NhX-y4(Df(iW|Hu*p<2TJNv z2(xLx3^fWwXho=<18{9gjwxxAE6=+Vws@rYT|BAUF;Kup5;} zFry9Em4g6VTVKHmX7h)}x~bp`QoT!gp^|JIvfL{6n4nbhFtb6kEJPP;YKlBJh5e@< zdPgg7+XgQq1&{M*7(ec^2nXPWOg}wCDgpVl)^O;-k>Jhv&M4*l4?(M!37K9K6P;*-QKB2#=Cl*3a^B_kvltXQXrmr2lhi)1~(qXlk7s?)qO+t3(Am zPO+unRQuF13dKX$-oqC&6sHR0aIu;|j+Hh2j_2hYM}Xe;yUUwBzpfH)RhlZUOM;g_U!}&cdAG_8ZsG6e}@o zNK5&9^!&q07wpm2!&t58f79n}z2phoC1?@Sl`is&$tUD3GGJ5Gqho1otRBsPlVjSk zTEdp>vcDEmQ8>Zv4`%E?xh_TP?ap{>AUIjVOHq8A=)|6SZ~)0$KC`56GO>pqq;_5O zW8n-pPFCwV0yyqnFbT&a9RpfLSqqucMp&6{>`lKEZ(QXP|0k!LB}vU_lnXXM6dTGN zRqtUG4!ow|L3FEDHJ{|QtVNLRS)D5LNnh6MaJAVC*|8jjxMBuPB!=tq*J0O&J-=Qf zyUx6b!Xz7K`%gLyrweO;abqg;0t=JC>#n8&dq-AaW71>PzNi6kcFT=@n{Y%xI2O36 zVRw5J!FQxMPci`OitvO}bSE6ucjD^+ZiUqhnYOU3&Z{po@2>(gFZa|Jujw&m0^a%z zk13AB)+YRZzN3(5rrSXNYW^Mh)mjiv4LPqOSyY$=cYqf#F5yomeC)_^bqV(!7(t;G zF%LRH;|75lw(xi`ZLvq#zN<8|uv?y)lJ4PRo2ICB4EBGkVX_BiDD%sv7VlB|oethV zGvCxbjWvsEAM*Fjx6MT0GJP#C$9dgrsq^W8U_lkWy`UAs@J||W)BW0hLb>D3cy!@n zM9X?!{G`c0PJSv0)pd&3Kg3>VaX%Ongj3Ol3w4D6%*l7mx-r0<1lg7dbcb~?3T@z_ zs*wFBBMEl_PRG9lGEYWAq9WUMCZ|0(eCmUer&9yp8v19xRgv*M9}7?1dZ0g@-Pky~ z!ZuPKuZut+y!G2BE!a}d9BgTxV_$cfEFv0j_>n*+%3?j}mAxhyrO}>GHhB#NKD$k@ zkw-vbX%kF*e=H98lFAP$s-({3NO{AQ3upXX#y?_DSY(dr%*>9BP7tM7NjP}7Cq>R{ z8f|_+o-5@9zJY{Lut_rIX_iz~VTFLXcQd`neev^w|4rXPrALz)wF_A+c}ynZXmVm-PM7$|XfeGtJ$ z8%SE;b;gL0_)pfRj~%8BL_GjuujwN#THND3>SFd6CCg2#O&b^jeXeT6X?((2Ux3e;ogCfKu|ASB_0lzgOg#%Nt3 zj98g7{WXN=qgX$U!_5*gwjb_CAM7g9{)xaj%(TPoO})j0tz$6be=50W@g~F1E*qt| z8K_>dyWeA>Z7|XF@e-Z_d9Dod(o|g@dDf4nB8l7?KCFsFGjVI30UPC#?t^F)K}ge5 zkEkN=-zD1$CRN8_UmPru^ef>GGbq!9+j1s(+6-C3Hjpa6a>|PV2FJdPbLd)A3i|L% zg%F@$9QV&cC=k}Z3iQOU?d-$}FKnheuU?x-CH?rtikJJsz)r^! zJt+%I(7EH@tghv69ICpCnTc;Lf)iNnHH|i!D6h%5aDYVr*`A(hmhkNJ`{W|n>)Uai`$vgd6E8H6x)f{ z>q><#;!-p8SK>Faxgl%Dlub|%Au?hRcr*wi4HhY%&Wegw$CZw`QnovNr@k#t$88Zw z;Q&FmP{fqKrs;LDgR>^zTb{g^5BJC1Wke4OpcZxeB2}~LJne+`rQE5iQW558%MJ6>+uM5zm&D;04fxAiui$D0#mP1EC*qa8)czIn*oi-Szhdh(Lb zAWA>DQMLXclXPLkmagPZohw?>b)TrFeC8SP!@?78eX1u^QmYvT)`TydY)#pLNM+7+ zN8ikp_9~Nd`mwct5TJiB{3_y8ArSP2xIJIe$ef)P1i?Ys?gClDE0~_X>+jOmC+Pt= zh78QDK7renx3+p~_w^s=8aV@YUTfnfnZ)^R8^o?Uv>hg4dDxI=ij=j&>k`HUU!dS zi;9Gw>1ix|wmFbeme=wghop!yOQuBZZ}xy(JFa7DMk~! zY?}M#*{}4l*%b(Dffj7Tspj8)kk<>wG0%S@w(pe0Kv;KUDJ9b;bVUSg*6UgHlO#W7 zh1_{Qu~;ZH{U8rU$M2={fAUVV=rJc@-PqqwmN%G>xZax@#+gIB5Ua{+UgaffS#Bbm zx=#^&8ZOWwBkh8CWI^6_tFGyZGQtFF0~Z|fTJyL!1D+FdBt(uaRFXCh!IV$QYz5BX z@a2v6fDeM_QGBx}ZxxF4%Hv*>n*)Cqvh4%K)uMED; zL8cQ#Ha4`|#)>2yo87Q`MXGG&Ky7E?g-G3O36ZLWs1mqIQgGGMhgA`ZF!2UiqMZ{k zqf6j|Uwwcql2%qnQVRH1s9s|bI>Tk%;0aDZvd|L%1jL z+dAbtV%jB0NhzZ@$~M<*s=UHAiJj&i8K|~W!BIyIdois_Hrav9>AA7pS-QK0!yn*J zm(Wl6Sn~PTA0Z?C>RzE@%#tW9zA?Q=+99&X>H89?#o=}C=QD`wz*9Cd)>wLES_^7ZM;_n=R>jR}^T1?U1RxY(zON}_2>MysF7 zUPuk<3>9XCQGC4J-BYBxCKF7^xWY2osuEEM3i_DE>%+Gel!As2BR-rC7*V^@7t*;kjuWc)Q!^Ga}U|$ATx7DkQvz+$03SnXu?#apssb2 zLWEV(P2_lB(0A7fx*)(<)@_hTjzgEia$m6Vl0bpXj#B(Z^_+F6KlV9I0XEGco+tKI`=uKE zk-96Q;|Yebii~VUH;b#64XsA4%YH!xLq6SH?Cv7VF#jOl6})yS~|L5c^@PZh2<5yls(EDcbmY1&(=+8x!Nqa+Dyt-7Q;E6*ybH z72(wGXZ@rq{h{$Sea9RkE@_H^&VfF`0v5aSE zE`IKv$I(aFQ-%bNYf*`E1VOzU13cX%$VV>op^c%}V@iKUiQ z450Xbb9S+vLBTZ%4QCmuOx+*tz>R2N?*>&S-=7nUsk_h;pt1Xn@S#(9mrwWUO-n(S zv{&ydyjw>cY5~!3t>VYk;vv2ej$WzSp8$EZb*Es?EITq${`H+tMJgk6JhD+l zmcU&HIksYCn)8t#LrU-8H4tmm{3^0K4tQ_eiSF7Y03>g{Y_pBz^QHoiUtER{nT{|M z**P(ODzN~J>fAbgx)nGt5ZuE+B1d>5zEATvp{Ip-PEFc-Jj& zk5}mdw4c9jwH-ZKc`{38*5RvY7R+RxcO{{eOck{h$64xxN(#6n?!4II(@VYOKY*#m zDlze%gHIVj83;#D30?Sr%uF){ae` zn2;jeAv1DLFT&A=qfya0pK0HxC%C4(nNwqWEiQY_pFtRM9$#Sn=T0KmX9Wu(gV>RI z`4mGb8q&m7^=62jF*_$4{&@OGFi{{ACRYi53c0E+1|5wBp%McGuHQ5?TIptSVh7*OHb!uy=N~LJ0&}m&&)0V9{k!=|{7Fv5TMOi@Esomrr;P<6qDpQmWkH-~ZppH7m zNEQ@<5(Ew&;ZIf*bWc8y()>4gu3Xn`969`~^89<3I{_sld z@P>px=~kP>6)&Ftq9Ej(Y+uVutPSL$0E!Q+tw;(*&U_Th3ucJaE=>(1hJ$G0; zXb?XOhRc-+P>o$XXgc^nbSW9(+FZAvae84(`fov@bq7-cWt zNJ65bh0V=)CL#+nJwA%^!P4ox#?fzCOC7}&n226;ruKb8(B#V8aKd-VDhuz^@h**i zSko?9yCP~v6b;|Y)=TJfB1)13)-a7HYJTf8!-R1wCd%~+wb}gkg0L?Lp0f-dzrWbR zkhwv+TJ^K|+jt7xUu&i=7W#Xu4v0_Z9@v}A(SB=wkS_-*!!i+RDRlFeHgJ2Tn~-y7 z1mH^NDSk6m__dlm)$&CxFufS;4pzpM`WSOU7Wjm>t;&0PPyOO6J8 zf;VCt8*D2(l18Y{26c&7!@|1^_SDJ%VZK~@8>`n2)&u*V3ENUi2`ea8faR9;019cB z0IQAA6OiA@dv%Eu=Fb@Ym;%RS-#yD#d5)%;&(WHf;>5EstGYMsG=8) znnR>d1!CWjK#Tj9{5F2y5 zt6Ac$A2*M3Z;>q+74TYeCI5NTpragNW=h~@@~ph_G#o-M0dUk>Ix`n~l~!pJJ=3Fj z{c{YWYoYO8gSEl&67VjNJS5Yd&huw}-M2Qbr%N=HXI1_n*vT?x405LUk+kXkZNZaWVT%lgNV2%G15gLAF7r^tlEgM}VE+ zvkfSj_vWOfewg-N!6!`<&cPjR}NP5=G!S_q#g+N+h!ZIpbt@eC`>PH{)U~X zOZ9rEH<$mM&+f_5k_jV7=e4!Q-RS8YDwYEHHe-V!*T7uQAu38C+iyqPg$QqN|A7Um z2l!f`$J}I#<=AJ6Z=eHgbt#xErIXPV+>+ zP0JM&6{>FRQHR9JNQ1hM*c*jO28!+z`%y%nUdTMI<{7nqU>d?(LYW3$(&q>48AC44 zB=_ga=$?v!5?haemxB9MS(ZR z^Y-eIQi6l`sMK$laefCrQ2HF{sG(Hg=W%D94|?0#Vwd>Ycf}><{MuHt=pqLDUx@$p z>v^iIi{1F+P*JF?;eK(T_mQHaGn`3N5~Z2cvZ=vH?AXrqths)3(3sBJNCS~+Zgx<9 zKV5T7bbwvfgE6M1AKC4@&+(r`{8=@n?;Ixrj{PCs&LsIkA)NV-+h&x4&SI=uIbj*k zB2+n|ZhbHvX@T9_49_Fi?!mxD3d{Q7p~AoxOdJZLujY+N&|H72as*m5;Ii&@bsJfC z`>hB>>e!%*eUh^0;_AHM85it-L-f_Ci-rV0Gq#N`D3j;t0yxaJL0F-R)wN$( zOTi}2L6^H34O^XmC?!KI;*z~qo;ud8ZezS>N`3&Iea~w%&t~<%LcPU2R`Nlo$D;5B zceD8G^}IykbMlfO?(Q^R6ApxKU>#;ked?mc=}zAQSo15~l2_Gs zB|V8h2^AkLy7v9jFfmry_-@Db%XKx}*Y~crpOYNl(ABvwdWiCuXtVV~y3*HL_g?3x zI`{V_fz)psWLtu4UZ&S=`{UIbH8xkZ&Nn}QFkjDFzPk6@`SBPMt!4E#%x`W_;;TEs zeKe2Bw~&7HwQ+lg8)1zhV2KjrIP6q3fW5e=nD951Bnj?V@{<;O$V-@v&KFoY;wUV6 zc%}ku;p0%%om(biAg9o`d3BYs)#l9S=45y97uHW`qZ&k%h>(JIC~{Z_?*HkOM4kfO z8sE8Fvi|MO1K%+*&UmQ@Z=%`n`xUAs=R3NoTRyZt!jG2ShjH{+OG5O>`80!(y6+!( zG9UiB7@ci;P2`D^ROESL=Y#%w{+%X1uWeb4LJG#PI{Qq4$hN@L1WyMTx-TXlp9$(EHu+#9xQT5DksF8zWz4y3#(x%nz!vBPh zPRqndhFk}#BYNj9zkYR887n9KMiG5{V51ZXAjHq(C$bsB9e(h~AxwO`J)U6}m!@^k z9r9rtukz#Pj)sYIe*(9=U01Qcu}q-Es()2B=JlrO8;Y=8gXFHt*aJ7C9DY{#5kQ`n zT!gxGh6FWUqSd@(nSc8!p}9C|_@r?f^d z6`^N*k6ZV6x47!lgizS(b*b-~5)vfKS#%#F0Q)e7_#V~k=$M7&xOZhOj@u0U4u(%9 zWZk4N3MiC?3?XR!w+;o0p?${@e)dJY8N<=#O1S}tRINwDGK1-p)Eq&q)`MHSnU{Ce zptDqE&s{RZjUo)%Vt%SfBknyRe~fp>zdw5*fMx}u=B(tiLENM@1oFN^@zJ+xDdx>c zIl#=AGWX6zJNM~c3@N5T1UTj0{Wfd;_w|slKYX1@ zEU(u4i>VqL&N}_wjGsE4DFN7+MXy@?e3~ zn_U{1dW~klUxpFIg{-rTicDEK;W7!mMW*WBPK3e({q zO}O-UZp<#v5<;ASzXTnu|19cnOYhy&$obiFDl38Le(uxbuG=sJ0Ph@y z_y+HUT@Ys4K^UjC@1hkrqc;0}k}x9B@$H@3=l}qdls8A-G|hrDj;wl+4C|bxcHO=2 zRQmHDytk|n%zmFQwdah4_+m$eA(+AUSBl2|RIiKphZ0{Ray`bGr8q0dTVG#HfjbT+ z&=y>|4MQ|?sJyoJ%a~WZBs!@)3I@SYtMql>I~Ky~fnKTd+$V_erRxK{E6|B~{AY)j zMO->RHiV#CLTQ%IUF@)Wp5!C5qB`v(x*+XH$o=UsF~}Vuuaw336@yhXSC#?2eW5jV z&p>GzG5DXhm0cj0$eQ~?I_GVfS z6Sh4r4~Dm0DqhC8Xi6fl1LLFOUM2M`RM14$2VYqRolh`%Y*Wa@)0uiO^2)e@gC3jY zTX+l$q()!fC%(e(7uAFo|Cd#;4jxLqSvpYe;J5Hh4@tKAojhpR8U$}Df$uhI4n$SZ zMKBE!^oQ~i(Rkm0^bP!)XdfOQ3b3M&Q+q#)i(77488yAf8sp+LdcBHqf6_sxJBl0P zImgHEl`KtoR?`9&@LssSyhD~NILy2GqX!@9CulGK?9qzdaHZ)iXEz`edY9m7*&TA@ zF=Z;csVpy#l1MYXn7fFXfKE#gZfwPkYuBM5nq1|AMLw$+4=&T52jsS zWNSg&8rYRQpn~h!ZVNix{pFW9$3W$O+WqpOr+9w`5;6P6k2E0JmMO zS4(^|+E7IO6Z)Dx63=DP#>IwY7NW$MrI5i(R>@x9vvR#Q{Ht9;>inWHp#nDm|8L9> zqZ;Y}ecM^V?{e2)wVp?20q$oA#oxeDyoO^$ORx+F;gfFKCq{;GB93)FuGMpA0}e!wkkt{n|N zJaoAGs9TvxD@|_EeF(rF@D{L?1!E)Hf{5q28F3BeH+x^Y`~v%1QR^N8fLcQ@!Df_grXX!Mb95(zp2{y3DWW^oM19IYt*|q`ZG^&K>{I`>tT%VG6C|0( zL}c^Q&|=8GyhfilCVG$jx~<}lr*cmf{%L&AG#3G=CMc$ObNh{}=tYS#Za;_e%doU$ zG0b7QpchG5O$14M#p^b0x%{3oxg+6YSR_N+tyqCxR#wM_ot|Sw_nZ5V!yA>4O52$z zLtBk8$6D8Lv5+lux0ySvw78?^<#A7vYkQ;Nj@`_wU9srL(vSCB^Qssdtti*MqZo9t zB=`l9CBRo$7&PCfWo$2>?NH@YAzW4k{!`Gbk8Xo$TGCMz=Af{$AGY`^G(6&THMHI= z@MV-Djk0=XEEiuVp*a}eA^#Cg>b?c)F}e$7nwRb?%W!F&`W7qpRQS=TJAlQl?Ut3< z_!A!~WD0ho42O3<-vQm)51^zB(2Wj+J}NdOxs%{G0Rfo+WY^2 zIBD2m)i047yq9Ivv>_jK?2^H#OCo1bK#O^9HwTSGcs?jh=Sw5h{N6nr{_4=tD#?-u zjH<`iSa-v=_%=(^GzY3Gg2|x;_h{~kLVXlzKdRK%8|$(q|Thq`vrly2}jQ9 zHyDMC`%&H8adE)l8#fG(r#}u1IqDmb^Dcxf2%oGmm7-iv@)MI%aq;(+;H;k&&z2V_ zGZ@Ww41a~)2p)DEM7PM|D(If}m2aNF!HMDA$xO*ov1M1tv*LL0>_MZodi#>|yJ}b` zwOh|NqJ*?bl0m1i@DYd_J!;)oquBms0#2MMQL<)E?hG4#IR4|{ap92E*9Nsn_;cDF zqngHA1UA6Cs4A^j*21L{KrR6hFx_86U)p&NUUx_Ea2akq*d+BrfqwXFfnbq31ZRlf z{|tweFhh6ahCSiBfA6lg^>)v~dNX{G`;m0TTboCvfp3P58y|ss##_wFe8(^@n5P8d z7SSZ9SlH&E=KS@^IT>5Ylb184a-=Na0o+@*fg6F-0*vwVS2XusGLDu)A(tzxJ5znK zsq4Gn+2Z-N6hgexqp?rf`mqcS`dc98p{JZ_O5~-yA3BA!i00qQaeXvF-nirbP@-r%~HOQs4r0P+YxS{yG}Fj=LYtW71-I+Vq+lW48=)xKTo2|Mh}oV7F|n*sDph8sT=`qM$&E+m>O zP4-PQRv5eV;=_?RNKnYSh}|oSw66;{85*z_PpQ`1`)!EK5_t-aHXh)(?`*cxmP*+v z4scHVW-Lp!{bn5>I?Dq?e{{6D2{w-YGL1|H6dkgtsmJ|78YU-Ajs2>izE3*P6DsYu zb-B2=l^S?j3dL&T2O2bL%lFqeY&JsZ+=u#oW`-QNi^`!ymO*E?XS9#Nwbs5tQ+XSM z(mB#XDPF?LBKA?nGEZL6vpJANw76n6d-^nc>{G*Mm+vYwJd+N@m#@rV{!yIHR0IH& z@OqwUxJwGBwCLsBhPTF2{UWMnnO8ap>FOAHzVd6nt2xO#s%RSA3gG%>64J`q<;`sh~aM&$Y zEgB&!vd5Mc3cOoX&dhGmy{v|C(U!2<;vF^B1agXd%ypwr_+*V%1KwVrpwn5a&MPxz zmg#7BzreFE^~56$2rf5zTjYsFg(hVChdYrZnT!7|G6NsPinap4?oMkb6woF{#-w&@ zXZNM9v~KNzSpM#{0uKc(tzjWQrgC51p;Sf%+|n7l(ltk^FxR>_t;9>MN#ar8SVv=% zSSg*V8$F>o$}72u^EEgE7)2;N!``nZ^IDD#^%M8ZcxB``V;zY@lT`5r6H)R^0S%)R zaKt8_AX+OnTIkd|Vwl-WNJ1!SS4V+S$CeWFwyd10EY-1eLRii*h2Rghw!RbSI5v5+ zWad}vi&T~7`}v>2Y@>nml(u95vrpC)vfJehIleM)Y*YFB5%>XG&XRf?sUQ)6c4T_) zX1PE`15VR*>!f5Gxg5J`FO<;cx1i?2oWiWOo{x$VN1@c$4XhrL1l?HvDVE=q$_b8( z5YoMK4<4}~;9;iN^{OB2oZ7wAs2v>~u+KmP-qNYVLMe)^8Cxt8n#1Ml@4G0f&ybhzJizZBi{~}cevxJ07@ni@2bT6Du`I9>H&d_x4VT2 z8kXKr%t}cSVfENW0x~I%@CDoP-E1XFg;sc|Q+bNktHhhsawA#Zk7p``3+gq%RVH`d ziEmu*oxvU&gmG*#iWG{4UF}oM92+dMAn?lwe=0=(Q-}9(Te6I1VLV}^L@ram^QX>2 zPk2&Ixb|B5c3`%hTmHhx2h-{C&fo*1|1?wmU^KJ`jBvj!UYN01h zm=mdwu*3Y>CcKG`_>w>DB2OVtQRr^O6ZAOTiMm3t4_OC-p%bACbv3iy;e|wZLR-Zv zK>+=TA*G0eCi_geS45~;=K)TbXQTj6b3>{Y>QTOWcUH%Ms`l(gEPyNk<*rII?o4@o z3aZ~J&rJBK3i67wy)s)?$hlBI9r$v-M-CvT-Aw4V?- z5p6H&kc=)+GI<&#;qc=#23U$tqnvV3+B#)kGYHi>i;;dnw|J)z!FJ0L5S{S5Us%WS zLfN-|zDM&85qKlinX**uwQ22(3v-4@4ZUN~ac23;+Z}@24;L;;MR5bekkv}?Ss|+F zxg4aeGR0|5e}zRO5)4w1Ig#RowaA}n@L14{^Ecn-Ht9-L2~DvLdYpv_3e_0{sbx<4 z$1MPpL(!S9`d%mZ;V}=kjM*Edp*^9BDuU1H1G&Z*pCFZoyYny-U zPnN{D5PKA2b0&s3lugo~4j0%;>2Q+?MRGKfi8~>>8y2(oX%;Xme?_HmMoOmcMIy zfjF3=!7KT^+mYw+R2U?Gn&}+uB)7WJ4EQBI9Mr$NJC&CdG#!7{41!4h+8w5QbUS4Y zT=aiFX%A-X{$e38!I9xUL))5=CrOD=QA~8&)0r^HguZg$c2D=G@m72~+Q(|Oc{9aQ zbmh?gJL(jI!V;;}1#};ycD?^C>;q>G~Q(Q;q_$*+;U% zESj(p?=?Tpyi)CwZ$;07UPyFksVBsWqFEeGV zwbkT#zG>+Bd3Cu0va(;b*oLr#cJLczlF+&$=X=71rXe4`8oo??Hy*c%4dU zapni7=;+mY0Ex6kIf}IMHTTU|A(EJZ@C^p3n2;KwVh8nxB6~sKH}k22spuAm|iWg%}IwyremHj=3&GP}n_4|KW zB~I7PL}&aFy($IhW3@$Dl&3VWEyh?|#GiO3`4}OBS?S1~sdeTS-#P%m=V|J_~S-+L%|Me^7$|6HrW`@(VM z%YMB=qQ~-GS(MLHYvPCDD+4(!9bCiv@nTKWpveepi>NLcIC zy))I85Lt1;HXOcP?zQpBWLGk|SDoslbU#@<=6E8%_U4cv7ri~Yf)lVH8&Y~75BtR8 zQ5Z^?Pl|haaCU>N1tK4YHS+fGy@y+0(rs!o=dB`;yd5(&r3yeL^A|7B0#p^`^xvTu zEvlYc49AxRzf{9`S#K)Pt;1`mFznd5ZRqoXB=7pPE@vMCR(2~s4?x-?25&`*d*)R+A0C z?39<_EjbE)$i7ex5r1BKe6Orbmi*U8$}rwwv^sc$Z256{GdRUstl7Qeaq3{(O=4EH zRrBPf%SraK$P)PD+xVP8n2*>#h;Fs1_3=zkDSwk=s6aB}+2?en9;X8(zQ}{Iq<^%? zoAkb#XQtkJ=_C_BuI`R&-4yqIJVvjt0iG`R{`Z#|Ct@Kc+7dJ?O3?F`h^dpSAIEMM zo^FGe){aZ3E&cUZ{SqOoMaM_W)^#=o%Uk|SzYbPTcd8_ZA3c>@`)?hVt@^}26oXn3 zY$5u9M2WLD>-+_HImNonF3VW0M0zq*RHC@m=j-VNVo&Wj`tkVmvdy*I0!;RHp}YF& zj~&^dnVZ>t(;vBE>0sSl3tcWZPs3OLvJY>>@&*wA00a$b2><^T)AGM#ef?MZo5!}D z--O%0Gepl|{V$s3|G!+w|1T+cYp;t+rLmAO$1KXYG;v?Cw!T<)6!<;RlST?;n-PFxpI~urTU}k5(X?+9OV3 zro2ayVT)XF?a#Qt?v_dti3N%OdAx^N3_vK$O`oCVU}OGZOw;PyzNF6@VE|N> zO2HU&reLCp$lq6>(E7{Ne<*ngT1>>4y_SSo>gc1k#9^{MZ5Z;v9l?2|aSAt1)bUTT zEG8*@q#M_Y+Uz%NbIp3NpQMnGW|#jEiW0QAsx?v^Js!z!j;`-hH7kg)=boVFu!#^C z)uQSe3UMv$toP`0;LmKgrt49m5)#_{HxIONSOkl;#{aS$fr*vW;p7Yam8!3gs`Rmo z3h5FrCt=6ZTO-uyc(maj^l?6d@hLLMe1l;Dif6E`NPSlFfBv%DdKwHCq0=U$*te!@ z2QPv#Q`OM;?K@s>IWbSJb9i2Vf44FH z6W~wUKTaV|^#1pN-*NQMIQ5^vH_^fqzAOh9@HGbLl z&m@cgeE;80`v2%A{>!BQ-qe2?{}Ubmn@JBUw!Pm36Uj9YVx!H>uOy(I)(@V7FKM3W Y-fF(s5=3uAeS!F>Drzd!y|xVhA9>m_UH||9 literal 0 HcmV?d00001 diff --git a/windows/deployment/planning/windows-11-deprecated-features.md b/windows/deployment/planning/windows-11-deprecated-features.md index ab1098d47a..7688a3ec96 100644 --- a/windows/deployment/planning/windows-11-deprecated-features.md +++ b/windows/deployment/planning/windows-11-deprecated-features.md @@ -11,11 +11,12 @@ ms.author: greglin manager: laurawi ms.topic: article --- -# Windows 10 features we’re no longer developing + +# Windows 11 features we’re no longer developing > Applies to: Windows 11 -Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 10. For information about features that have been removed, see [Features we removed](windows-10-removed-features.md). +Each version of Windows 11 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 11. For information about features that have been removed, see [Features we removed](windows-11-removed-features.md). The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources. @@ -26,4 +27,4 @@ The features described below are no longer being actively developed, and might b |Feature | Details and mitigation | Announced in version | | ----------- | --------------------- | ---- | -| Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 | \ No newline at end of file +| Feature | Description | Version | \ No newline at end of file diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md index 34cd47b43c..4c06d90db1 100644 --- a/windows/deployment/planning/windows-11-removed-features.md +++ b/windows/deployment/planning/windows-11-removed-features.md @@ -1,6 +1,6 @@ --- title: Windows 11 - Features that have been removed -description: In this article, learn about the features and functionality that has been removed or replaced in Windows 10. +description: In this article, learn about the features and functionality that has been removed or replaced in Windows 11. ms.prod: w11 ms.mktglfcycl: plan ms.localizationpriority: medium @@ -17,7 +17,7 @@ ms.custom: seo-marvel-apr2020 > Applies to: Windows 11 -Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10/11, but are removed in the specified versions of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** +Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10 or Windows 11, but are removed in the specified version of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** > [!NOTE] > Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 11 builds and test these changes yourself. @@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | -| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [WDS boot image support](wds-boot-support.md) | Windows 11 | +| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](..\wds-boot-support.md) | Windows 11 | From 714385cf3680030f1eb2231d9a7c3c6864b9788d Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 13:10:54 -0700 Subject: [PATCH 06/37] link? --- windows/deployment/planning/windows-11-removed-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md index 4c06d90db1..e4cbcdea4b 100644 --- a/windows/deployment/planning/windows-11-removed-features.md +++ b/windows/deployment/planning/windows-11-removed-features.md @@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | -| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](..\wds-boot-support.md) | Windows 11 | +| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | From d99ce40cd68160a8b8e9098d5dbd6d422face5ae Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 13:36:42 -0700 Subject: [PATCH 07/37] draft --- windows/deployment/TOC.yml | 2 - .../windows-11-deprecated-features.md | 30 -------------- .../planning/windows-11-removed-features.md | 2 +- windows/deployment/wds-boot-support.md | 39 ++++++++++--------- 4 files changed, 21 insertions(+), 52 deletions(-) delete mode 100644 windows/deployment/planning/windows-11-deprecated-features.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 1923bd541b..fef24107a3 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -68,8 +68,6 @@ items: - name: Windows 10 deprecated features href: planning/windows-10-deprecated-features.md - - name: Windows 11 deprecated features - href: planning/windows-11-deprecated-features.md - name: Features we removed items: - name: Windows 10 features removed diff --git a/windows/deployment/planning/windows-11-deprecated-features.md b/windows/deployment/planning/windows-11-deprecated-features.md deleted file mode 100644 index 7688a3ec96..0000000000 --- a/windows/deployment/planning/windows-11-deprecated-features.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: Windows 11 features we’re no longer developing -description: Review the list of features that are no longer being developed in Windows 11 -ms.prod: w11 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro -author: greg-lindsay -ms.author: greglin -manager: laurawi -ms.topic: article ---- - -# Windows 11 features we’re no longer developing - -> Applies to: Windows 11 - -Each version of Windows 11 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that are no longer being developed in Windows 11. For information about features that have been removed, see [Features we removed](windows-11-removed-features.md). - -The features described below are no longer being actively developed, and might be removed in a future update. Some features have been replaced with other features or functionality and some are now available from other sources. - -**The following list is subject to change and might not include every affected feature or functionality.** - -> [!NOTE] -> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). - -|Feature | Details and mitigation | Announced in version | -| ----------- | --------------------- | ---- | -| Feature | Description | Version | \ No newline at end of file diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md index e4cbcdea4b..da5a28c992 100644 --- a/windows/deployment/planning/windows-11-removed-features.md +++ b/windows/deployment/planning/windows-11-removed-features.md @@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | -| WDS image deployment | End to end WDS deployment workflows that use boot.wim from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | +| WDS image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 644071fbfa..49e0b790d2 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -19,15 +19,15 @@ Applies to: - Windows 10 - Windows 11 -The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partically deprecated. Starting with Windows 11, workflows that rely on boot.wim from installation media and/or on running Setup.exe in WDS mode will no longer be supported. +The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partially deprecated. Starting with Windows 11, workflows that rely on **boot.wim** from installation media or on running Windows Setup in WDS mode will no longer be supported. -When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following message will be displayed in this scenario: +When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. In this scenario, the following message is displayed: -![WDS deprecation notice](images/wds-deprecation.png) + ![WDS deprecation notice](images/wds-deprecation.png) ## Deployment scenarios impacted -See the following table for a summary of the impacted deployment scenarios. +The following table provides support details for possible deployment scenarios:
@@ -42,10 +42,10 @@ See the following table for a summary of the impacted deployment scenarios. Windows Windows 11 - Boot image version + Boot image version - Windows 10 + Windows 10 Supported, using a boot image from matching or newer version. Supported, using a boot image from Windows 10, version 1607 or later. Supported, using a boot image from Windows 10, version 1809 or later. @@ -53,7 +53,7 @@ See the following table for a summary of the impacted deployment scenarios. Not supported. - Windows Server 2016 + Windows Server 2016 Supported, using a boot image from Windows 10, version 1607 or later. Supported. Not supported. @@ -61,7 +61,7 @@ See the following table for a summary of the impacted deployment scenarios. Not supported. - Windows Server 2019 + Windows Server 2019 Supported, using a boot image from Windows 10, version 1809 or later. Supported. Supported. @@ -69,7 +69,7 @@ See the following table for a summary of the impacted deployment scenarios. Not supported. - Windows Server 2022 + Windows Server 2022 Deprecated, with a warning message. Deprecated, with a warning message. Deprecated, with a warning message. @@ -77,7 +77,7 @@ See the following table for a summary of the impacted deployment scenarios. Not supported. - Windows 11 + Windows 11 Not supported, blocked. Not supported, blocked. Not supported, blocked. @@ -86,15 +86,15 @@ See the following table for a summary of the impacted deployment scenarios. -## What is not impacted - -WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use boot.wim as the boot image and run Windows Setup in WDS mode. - -You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change. - ## Reason for the change -Alternatives to WDS, such as Configuration Manager and MDT provide a better, more flexible, and feature-rich experince for deploying Windows images. +Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experince for deploying Windows images. + +## What is not impacted + +WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image and run Windows Setup in WDS mode. + +You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change. ## Summary @@ -103,9 +103,10 @@ Alternatives to WDS, such as Configuration Manager and MDT provide a better, mor - Windows Server 2022 workflows that rely on boot.wim from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked. - Windows Server workflows after Windows Server 2022 that rely on boot.wim from installation media will be blocked. -If you currently use WDS with boot.wim from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as Microsoft Deployment Toolkit (MDT), Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. +If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. ## Also see [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) \ No newline at end of file +[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
+[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022) \ No newline at end of file From c4c5ebeb89eb50e0ece480f66cb9dca4ba4a3cd2 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 13:43:30 -0700 Subject: [PATCH 08/37] Update features-lifecycle.md --- windows/deployment/planning/features-lifecycle.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md index 50c8adb217..af22f20db2 100644 --- a/windows/deployment/planning/features-lifecycle.md +++ b/windows/deployment/planning/features-lifecycle.md @@ -24,12 +24,11 @@ Each release of Windows 10 and Windows 11 contains many new and improved feature The following topic lists features that are no longer being developed. These features might be removed in a future release. -[Windows 10 features we're no longer developing](windows-10-deprecated-features.md)
-[Windows 11 features we're no longer developing](windows-11-deprecated-features.md) +[Windows 10 features we're no longer developing](windows-10-deprecated-features.md) ## Features removed -The following topic has details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11. +The following topics have details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11. [Windows 10 features we removed](windows-10-removed-features.md)
[Windows 11 features we removed](windows-11-removed-features.md) From 72060dff51ee58fb2c716347323879299309fa94 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 14:02:45 -0700 Subject: [PATCH 09/37] draft --- windows/deployment/wds-boot-support.md | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 49e0b790d2..cf45e04e2e 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -21,17 +21,16 @@ Applies to: The operating system deployment functionality of [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831764(v=ws.11)) (WDS) is being partially deprecated. Starting with Windows 11, workflows that rely on **boot.wim** from installation media or on running Windows Setup in WDS mode will no longer be supported. -When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. In this scenario, the following message is displayed: +When you PXE-boot from a WDS server that uses the **boot.wim** file from installation media as its boot image, Windows Setup automatically launches in WDS mode. This workflow is deprecated for Windows 11 and newer boot images. The following deprecation message is displayed: ![WDS deprecation notice](images/wds-deprecation.png) ## Deployment scenarios impacted -The following table provides support details for possible deployment scenarios: - +The table below provides support details for specific deployment scenarios.
- +
@@ -42,7 +41,7 @@ The following table provides support details for possible deployment scenarios: - + @@ -88,22 +87,22 @@ The following table provides support details for possible deployment scenarios: ## Reason for the change -Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experince for deploying Windows images. +Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images. -## What is not impacted +## Not impacted -WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image and run Windows Setup in WDS mode. +WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image, and run Windows Setup in WDS mode. -You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are also not affected by this change. +You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are not affected by this change. ## Summary -- Windows 11 workflows that rely on boot.wim from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS. +- Windows 11 workflows that rely on **boot.wim** from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS. - Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change. -- Windows Server 2022 workflows that rely on boot.wim from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked. -- Windows Server workflows after Windows Server 2022 that rely on boot.wim from installation media will be blocked. +- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked. +- Windows Server workflows after Windows Server 2022 that rely on **boot.wim** from installation media are blocked. -If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, you can use other deployment tools, such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. +If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, it is recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. ## Also see From a1294a0538f65738cc57ae52834351bdd77983ef Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 14:09:45 -0700 Subject: [PATCH 10/37] typos and grammar --- .../planning/windows-11-removed-features.md | 2 +- windows/deployment/wds-boot-support.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md index da5a28c992..447473ea86 100644 --- a/windows/deployment/planning/windows-11-removed-features.md +++ b/windows/deployment/planning/windows-11-removed-features.md @@ -26,5 +26,5 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | -| WDS image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | +| Windows Deployment Services (WDS) image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index cf45e04e2e..37ede74a28 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -25,7 +25,7 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install ![WDS deprecation notice](images/wds-deprecation.png) -## Deployment scenarios impacted +## Deployment scenarios affected The table below provides support details for specific deployment scenarios. @@ -38,7 +38,7 @@ The table below provides support details for specific deployment scenarios. - + @@ -89,17 +89,17 @@ The table below provides support details for specific deployment scenarios. Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images. -## Not impacted +## Not affected -WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with a custom boot images, but you will no longer be able to use **boot.wim** as the boot image, and run Windows Setup in WDS mode. +WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with custom boot images, but you cannot use **boot.wim** as the boot image and run Windows Setup in WDS mode. -You can still run Windows Setup from a network share. Workflows that leverage a custom boot.wim, such as MDT or Configuration Manager are not affected by this change. +You can still run Windows Setup from a network share. Workflows that use a custom boot.wim, such as MDT or Configuration Manager are not affected by this change. ## Summary - Windows 11 workflows that rely on **boot.wim** from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS. - Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change. -- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice that can be dismissed, but the workflow is not blocked. +- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice. The notice can be dismissed, and currently the workflow is not blocked. - Windows Server workflows after Windows Server 2022 that rely on **boot.wim** from installation media are blocked. If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, it is recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. From 47f544489a88546a3a7094de151b7dea5eac423b Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 14:19:40 -0700 Subject: [PATCH 11/37] table --- windows/deployment/TOC.yml | 2 +- windows/deployment/wds-boot-support.md | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index fef24107a3..d604286b18 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -295,7 +295,7 @@ items: - name: Windows client deployment scenarios and tools items: - - name: WWindows Deployment Services (WDS) boot.wim support + - name: Windows Deployment Services (WDS) boot.wim support href: wds-boot-support.md - name: Convert MBR partition to GPT href: mbr-to-gpt.md diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 37ede74a28..0d7de399b5 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -33,7 +33,7 @@ The table below provides support details for specific deployment scenarios.
        Windows Windows 11
Boot image versionBoot image version
Windows 10Windows Server 2016 Windows Server 2019 Windows Server 2022Windows Windows 11Windows 11
Boot image version
- + @@ -41,7 +41,8 @@ The table below provides support details for specific deployment scenarios. - + From 35e7570e47702114b51cc54135e46b1f1e9f9b89 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 20 Aug 2021 14:23:56 -0700 Subject: [PATCH 12/37] table --- windows/deployment/wds-boot-support.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 0d7de399b5..82ad38d20c 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -33,7 +33,7 @@ The table below provides support details for specific deployment scenarios.
       OS deployed Windows 10 Windows Server 2016 Windows Server 2019Windows 11
Boot image version +
 
 
 
 
 
 
 
 
 
 
Boot image version
Windows 10
- + @@ -41,8 +41,8 @@ The table below provides support details for specific deployment scenarios. - + From df9f5b6c8a7d8d9507d3b4f1e47e829e18ee7e74 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Mon, 23 Aug 2021 17:57:14 -0600 Subject: [PATCH 13/37] edits to line 732 --- .../demonstrate-deployment-on-vm.md | 111 +++++++++--------- 1 file changed, 56 insertions(+), 55 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 3f1ace4736..0c231195de 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -32,7 +32,7 @@ In this topic, you'll learn how to set up a Windows Autopilot deployment for a V > [!NOTE] > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune. > -> Hyper-V and a VM are not required for this lab. You can also use a physical device. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. +> Hyper-V and a VM are not required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. The following video provides an overview of the process: @@ -54,7 +54,7 @@ These are the things you'll need to complete this lab: ## Procedures -A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendix. +A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendices. If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version. @@ -95,8 +95,8 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C ## Verify support for Hyper-V - If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later). -- If you already have Hyper-V enabled, skip to the [create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10). -- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed. +- If you already have Hyper-V enabled, skip to the [Create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10). +- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [Appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed. ## Enable Hyper-V @@ -106,7 +106,7 @@ To enable Hyper-V, open an elevated Windows PowerShell prompt and run the follow Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All ``` -This command works on all operating systems that support Hyper-V, but on Windows Server operating systems you must type an additional command (below) to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed, so if you're using Windows Server, you can just type the following command instead of using the Enable-WindowsOptionalFeature command: +This command works on all operating systems that support Hyper-V. However, on Windows Server operating systems you must type an additional command (below) to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed. So, if you're using Windows Server, you can just type the following command instead of using the **Enable-WindowsOptionalFeature** command: ```powershell Install-WindowsFeature -Name Hyper-V -IncludeManagementTools @@ -120,7 +120,7 @@ Alternatively, you can install Hyper-V using the Control Panel in Windows under ![Hyper-V](images/svr_mgr2.png) -If you choose to install Hyper-V using Server Manager, accept all default selections. Also be sure to install both items under **Role Administration Tools\Hyper-V Management Tools**. +If you choose to install Hyper-V using Server Manager, accept all default selections. Make sure to install both items under **Role Administration Tools\Hyper-V Management Tools**. After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box. @@ -158,7 +158,7 @@ After you download this file, the name will be extremely long (ex: 19042.508.200 ### Determine network adapter name -The Get-NetAdaper cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: +The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt: ```powershell (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name @@ -166,7 +166,7 @@ The Get-NetAdaper cmdlet is used to automatically find the network adapter that' The output of this command should be the name of the network interface you use to connect to the internet. Verify that this is the correct interface name. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name. -For example, if the command above displays Ethernet but you wish to use Ethernet2, then the first command below would be New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**. +For example, if the command above displays **Ethernet** but you wish to use **Ethernet2**, then the first command below would be **New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2**. ### Use Windows PowerShell to create the demo VM @@ -174,6 +174,7 @@ All VM data will be created under the current path in your PowerShell prompt. Co > [!IMPORTANT] > **VM switch**: a VM switch is how Hyper-V connects VMs to a network. +> >- If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." >- If you have never created an external VM switch before, then just run the commands below. >- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). @@ -185,9 +186,9 @@ Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot Start-VM -VMName WindowsAutopilot ``` -After entering these commands, connect to the VM that you just created and wait for a prompt to press a key and boot from the DVD. You can connect to the VM by double-clicking it in Hyper-V Manager. +After you enter these commands, connect to the VM that you just created. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD. -See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the vmconnect.exe command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM. +See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM. 
 PS C:\autopilot> dir c:\iso
@@ -232,9 +233,9 @@ PS C:\autopilot>
 ### Install Windows 10
 
 > [!NOTE]
-> The VM will be booted to gather a hardware ID, then it will be reset. The goal in the next few steps is to get to the desktop quickly so don't worry about how it's configured at this stage. The VM only needs to be connected to the Internet.
+> The VM will be booted to gather a hardware ID. Then it will be reset. The goal in the next few steps is to get to the desktop quickly, so don't worry about how it's configured at this stage. The VM only needs to be connected to the internet.
 
-Ensure the VM booted from the installation ISO, select **Next** then select **Install now** and complete the Windows installation process. See the following examples:
+Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples:
 
    ![Windows setup example 1](images/winsetup1.png)
 
@@ -252,12 +253,12 @@ After the VM restarts, during OOBE, it's fine to select **Set up for personal us
 
    ![Windows setup example 7](images/winsetup7.png)
 
-Once the installation is complete, sign in and verify that you're at the Windows 10 desktop, then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
+Once the installation is complete, sign in and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
 
    > [!div class="mx-imgBorder"]
    > ![Windows setup example 8](images/winsetup8.png)
 
-To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM) and run the following:
+To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM), and then run the following:
 
 ```powershell
 Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
@@ -326,14 +327,14 @@ Follow these steps to run the PowerShell script:
     PS C:\HWID>
     ```
     
-1. Verify that there is an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size.  This file contains the complete 4K HH.
+1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH.
 
    > [!NOTE]
-   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format will be validated when it's imported into Autopilot. An example of the data in this file is shown below.
+   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. An example of the data in this file is shown below.
 
    ![Serial number and hardware hash](images/hwid.png)
 
-   You will need to upload this data into Intune to register your device for Autopilot, so the next step is to transfer this file to the computer you will use to access the Azure portal.  If you're using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the AutopilotHWID.csv file and copy it, then right-click and paste the file to your desktop (outside the VM).
+   You'll need to upload this data into Intune to register your device for Autopilot. So the next step is to transfer this file to the computer you will use to access the Azure portal.  If you're using a physical device instead of a VM, you can copy the file to a USB stick.  If you’re using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
 
    If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this.
 
@@ -355,13 +356,13 @@ Resetting the VM or device can take a while. Proceed to the next step (verify su
 
 ## Verify subscription level
 
-For this lab, you need an AAD Premium subscription.  You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example:
+For this lab, you need an Azure AD Premium subscription.  You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example:
 
 **Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**
 
 ![MDM and Intune](images/mdm-intune2.png)
 
-If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in AAD Premium.
+If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure Active Directory (Azure AD) Premium.
 
 To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
 
@@ -369,7 +370,7 @@ To convert your Intune trial account to a free Premium trial account, go to **Az
 
 ## Configure company branding
 
-If you already have company branding configured in Azure Active Directory, you can skip this step.
+If you already have company branding configured in Azure AD, you can skip this step.
 
 > [!IMPORTANT]
 > Make sure to sign-in with a Global Administrator account.
@@ -385,7 +386,7 @@ When you're finished, select **Save**.
 
 ## Configure Microsoft Intune auto-enrollment
 
-If you already have MDM auto-enrollment configured in Azure Active Directory, you can skip this step.
+If you already have MDM auto-enrollment configured in Azure AD, you can skip this step.
 
 Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, select **Add application** and choose **Intune**.
 
@@ -395,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s
 
 ## Register your VM
 
-Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but only pick one for purposes of this lab. We highly recommend using Intune rather than MSfB.
+Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for purposes of this lab. We highly recommend using Intune rather than MSfB.
 
 ### Autopilot registration using Intune
 
@@ -404,17 +405,17 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
     ![Intune device import](images/enroll1.png)
 
     > [!NOTE]
-    > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI.  You might need to provide Intune configuration privileges in a challenge window that appeared.
+    > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI.  You might need to provide Intune configuration privileges in a challenge window that appears.
 
-2. Under **Add Windows Autopilot devices** in the far right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer.  The file should contain the serial number and 4K HH of your VM (or device).  It's okay if other fields (Windows Product ID) are left blank.
+2. Under **Add Windows Autopilot devices** in the far-right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer.  The file should contain the serial number and 4K HH of your VM (or device).  It's okay if other fields (Windows Product ID) are left blank.
 
     ![HWID CSV](images/enroll2.png)
 
-    You should receive confirmation that the file is formatted correctly before uploading it, as shown above.
+    You should receive confirmation that the file is formatted correctly before you upload it, as shown above.
 
 3. Select **Import** and wait until the import process completes. This can take up to 15 minutes.
 
-4. Select **Refresh** to verify your VM or device has been added. See the following example.
+4. Select **Refresh** to verify your VM or device is added. See the following example.
 
    ![Import HWID](images/enroll3.png)
 
@@ -437,14 +438,14 @@ Select **Manage** from the top menu, then click the **Windows Autopilot Deployme
 
 ![Microsoft Store for Business](images/msfb.png)
 
-Select the **Add devices** link to upload your CSV file. A message will appear indicating your request is being processed. Wait a few moments before refreshing to see your new device has been added.
+Select the **Add devices** link to upload your CSV file. A message appears indicating your request is being processed. Wait a few moments before refreshing to see that your new device is added.
 
 ![Microsoft Store for Business Devices](images/msfb-device.png)
 
 ## Create and assign a Windows Autopilot deployment profile
 
 > [!IMPORTANT]
-> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB.  Both processes are shown here, but only pick one for purposes of this lab:
+> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB.  Both processes are shown here, but only *pick one for purposes of this lab*:
 
 Pick one:
 - [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
@@ -453,13 +454,13 @@ Pick one:
 ### Create a Windows Autopilot deployment profile using Intune
 
 > [!NOTE]
-> Even if you registered your device in MSfB, it will still appear in Intune, though you might have to **sync** and then **refresh** your device list.
+> Even if you registered your device in MSfB, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list.
 
 ![Devices](images/enroll4.png)
 
 #### Create a device group
 
-The Autopilot deployment profile wizard will ask for a device group, so we must create one first.  To create a device group:
+The Autopilot deployment profile wizard asks for a device group, so we must create one first. To create a device group:
 
 1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
 
@@ -478,7 +479,7 @@ The Autopilot deployment profile wizard will ask for a device group, so we must
 
 #### Create the deployment profile
 
-To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**, then under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
+To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**. Then, under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
 
 > [!div class="mx-imgBorder"]
 > ![Deployment profiles](images/dp.png)
@@ -526,11 +527,11 @@ Select **Next** to continue with the **Assignments** settings:
 Select **OK**, and then select **Create**.
 
 > [!NOTE]
-> If you want to add an app to your profile via Intune, the OPTIONAL steps for doing so can be found in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
+> If you want to add an app to your profile via Intune, use the *optional* steps in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
 
 ### Create a Windows Autopilot deployment profile using MSfB
 
-If you have already created and assigned a profile via Intune by using the steps immediately above, then skip this section.
+If already created and assigned a profile via Intune by using the steps immediately above, then skip this section.
 
 A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below.
 
@@ -563,30 +564,30 @@ The new profile is added to the Autopilot deployment list.
 
 To ASSIGN the profile:
 
-To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab, then select the profile you want to assign from the **Autopilot deployment** dropdown menu as shown:
+To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab. Then, select the profile you want to assign from the **Autopilot deployment** dropdown menu, as shown:
 
 > [!div class="mx-imgBorder"]
 > ![MSfB assign step 1](images/msfb-assign1.png)
 
-Confirm the profile was successfully assigned to the intended device by checking the contents of the **Profile** column:
+Confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
 
 > [!div class="mx-imgBorder"]
 > ![MSfB assign step 2](images/msfb-assign2.png)
 
 > [!IMPORTANT]
-> The new profile will only be applied if the device has not been started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
+> The new profile is only applied if the device isn't started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
 
 ## See Windows Autopilot in action
 
-If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience but do not attempt to start your device again until the **PROFILE STATUS** for your device in Intune has changed from **Not assigned** to **Assigning** and finally **Assigned**:
+If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
 
 > [!div class="mx-imgBorder"]
 > ![Device status](images/device-status.png)
 
-Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding), otherwise these changes might not show up.
+Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up.
 
 > [!TIP]
-> If you reset your device previously after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting.  If you do not see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
+> If you reset your device previously, after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
 
 - Ensure your device has an internet connection.
 - Turn on the device
@@ -594,46 +595,46 @@ Also, make sure to wait at least 30 minutes from the time you've [configured com
 
 ![OOBE sign-in page](images/autopilot-oobe.png)
 
-Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device.  Go into the Intune Azure portal, and select **Devices > All devices**, then **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
+Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device.  Go into the Intune Azure portal, and select **Devices > All devices**. Then, **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated.
 
 > [!div class="mx-imgBorder"]
 > ![Device enabled](images/devices1.png)
 
-Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure Active Directory credentials and you're all done.
+Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure AD credentials. Then you're all done.
 
 > [!TIP]
-> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you have correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
+> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
 
-Windows Autopilot will now take over to automatically join your device into Azure Active Directory and enroll it to Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
+Windows Autopilot takes over to automatically join your device into Azure AD and enroll it into Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below.
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure Active Directory), log into the MEM admin center, then go to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1](images/delete-device1.png)
 
-This will remove the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot, so the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
+This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
 
 The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores.  The former (All devices) is the list of devices currently enrolled into Intune.
 
 > [!NOTE]
-> A device will only appear in the All devices list once it has booted.  The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
+> A device only appears in the All devices list once it has booted.  The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
 
-To remove the device from the Autopilot program, select the device, and then select **Delete**. You will get a popup dialog box to confirm deletion.
+To remove the device from the Autopilot program, select the device, and then select **Delete**. A popup dialog box appears to confirm deletion.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device](images/delete-device2.png)
 
-At this point, your device has been unenrolled from Intune and also deregistered from Autopilot.  After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program:
+At this point, your device is unenrolled from Intune and also deregistered from Autopilot.  After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
 
 Once the device no longer appears, you're free to reuse it for other purposes.
 
-If you also (optionally) want to remove your device from AAD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
+If you also (optionally) want to remove your device from Azure AD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
 
 ## Appendix A: Verify support for Hyper-V
 
@@ -654,7 +655,7 @@ Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
 In this example, the computer supports SLAT and Hyper-V.
 
 > [!NOTE]
-> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V.  However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting will depend on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
+> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V.  However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
 
 You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
 
@@ -682,7 +683,7 @@ EPT             *       Supports Intel extended page tables (SLAT)
 
 #### Prepare the app for Intune
 
-Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool).  After downloading the tool, gather the following three bits of information to use the tool:
+Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool:
 
 1. The source folder for your application
 2. The name of the setup executable file
@@ -690,7 +691,7 @@ Before we can pull an application into Intune to make it part of our AP profile,
 
 For the purposes of this lab, we'll use the Notepad++ tool as our Win32 app.
 
-Download the Notepad++ msi package [here](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available) and then copy the file to a known location, such as C:\Notepad++msi.
+Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi.
 
 Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
 
@@ -701,7 +702,7 @@ After the tool finishes running, you should have an .intunewin file in the Outpu
 
 #### Create app in Intune
 
-Log into the Azure portal and select **Intune**.
+Log in to the Azure portal, and then select **Intune**.
 
 Go to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package.
 
@@ -728,7 +729,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 ```
 
 > [!NOTE]
-> Likely, you do not have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
+> Likely, you don't have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
 
 ![Add app step 5](images/app06.png)
 

From a3369733d619fe6cdd8089bcc99b6bc579da9a74 Mon Sep 17 00:00:00 2001
From: v-dihans 
Date: Tue, 24 Aug 2021 20:03:56 -0600
Subject: [PATCH 14/37] dh-ep-various

---
 .../demonstrate-deployment-on-vm.md           | 60 +++++++++----------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 0c231195de..476b544dc0 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -733,7 +733,7 @@ Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
 
 ![Add app step 5](images/app06.png)
 
-Simply using an install command like "notepad++.exe /S" will not actually install Notepad++; it will only launch the app.  To actually install the program, we need to use the .msi file instead.  Notepad++ doesn't actually have a .msi version of their program, but we got a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
+Simply using an install command like "notepad++.exe /S" doesn't actually install Notepad++; it only launches the app.  To install the program, you need to use the .msi file instead. Notepad++ doesn't have a .msi version of their program, but there's a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
 
 Select **OK** to save your input and activate the **Requirements** blade.
 
@@ -742,12 +742,12 @@ On the **Requirements Configuration** blade, specify the **OS architecture** and
 > [!div class="mx-imgBorder"]
 > ![Add app step 6](images/app07.png)
 
-Next, configure the **Detection rules**.  For our purposes, we will select manual format:
+Next, configure the **Detection rules**.  For the purpose of this lab, select manual format:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 7](images/app08.png)
 
-Select **Add** to define the rule properties.  For **Rule type**, select **MSI**, which will automatically import the right MSI product code into the rule:
+Select **Add** to define the rule properties.  For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
 
 ![Add app step 8](images/app09.png)
 
@@ -760,16 +760,16 @@ Select **OK** twice to save, as you back out to the main **Add app** blade again
 
 Select **OK** to exit.
 
-You may skip configuring the final **Scope (Tags)** blade.
+You can skip configuring the final **Scope (Tags)** blade.
 
 Select the **Add** button to finalize and save your app package.
 
-Once the indicator message says the addition has completed.
+Wait for indicator message that says the addition has completed.
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 10](images/app11.png)
 
-You will be able to find your app in your app list:
+Find your app in your app list:
 
 > [!div class="mx-imgBorder"]
 > ![Add app step 11](images/app12.png)
@@ -777,16 +777,16 @@ You will be able to find your app in your app list:
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you haven't done that, return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
 > [!div class="mx-imgBorder"]
 > ![Assign app step 1](images/app13.png)
 
-Select **Add Group** to open the **Add group** pane that is related to the app.
+Select **Add Group** to open the **Add group** pane that's related to the app.
 
-For our purposes, select **Required** from the **Assignment type** dropdown menu.
+For the purpose of this lab, select **Required** from the **Assignment type** dropdown menu.
 
 > [!NOTE]
 > **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
@@ -817,7 +817,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap
 
 #### Create app in Intune
 
-Log into the Azure portal and select **Intune**.
+Log in to the Azure portal and select **Intune**.
 
 Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
 
@@ -827,14 +827,14 @@ Under **App Type**, select **Office 365 Suite > Windows 10**:
 
 ![Create app step 2](images/app18.png)
 
-Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this lab we have only selected Excel:
+Under the **Configure App Suite** pane, select the Office apps you want to install.  For the purposes of this lab, only select Excel:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 3](images/app19.png)
 
 Select **OK**.
 
-In the **App Suite Information** pane, enter a unique suite name, and a suitable description.
+In the **App Suite Information** pane, enter a *unique* suite name, and a suitable description.
 
 Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
 
@@ -843,7 +843,7 @@ Enter the name of the app suite as it's displayed in the company portal. Make su
 
 Select **OK**.
 
-In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection would be fine for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
+In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection is okay for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
 
 ![Create app step 5](images/app21.png)
 
@@ -852,14 +852,14 @@ Select **OK** and, then select **Add**.
 #### Assign the app to your Intune profile
 
 > [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you have not done that, please return to the main part of the lab and complete those steps before returning here.
+> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group).  If you haven't done that, return to the main part of the lab and complete those steps before returning here.
 
 In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade.  Then select **Assignments** from the menu:
 
 > [!div class="mx-imgBorder"]
 > ![Create app step 6](images/app22.png)
 
-Select **Add Group** to open the **Add group** pane that is related to the app.
+Select **Add Group** to open the **Add group** pane that's related to the app.
 
 For our purposes, select **Required** from the **Assignment type** dropdown menu.
 
@@ -886,23 +886,23 @@ At this point, you have completed steps to add Office to Intune.
 
 For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
 
-If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list, although it could take several minutes to populate:
+If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list. It might take several minutes to populate.
 
 ![Create app step 10](images/app26.png)
 
 ## Glossary
 
-
      OS deployed  Windows 10 Windows Server 2016 Windows Server 2019Windows 11
-
 
 
 
 
 
 
 
 
 
 
Boot image version		 +
 
 
 
 
 
 
 
 
 
Boot image version
Windows 10
- - - - - - - - - - - - -
OEMOriginal Equipment Manufacturer
CSVComma Separated Values
MPCMicrosoft Partner Center
CSPCloud Solution Provider
MSfBMicrosoft Store for Business
AADAzure Active Directory
4K HH4K Hardware Hash
CBRComputer Build Report
ECEnterprise Commerce (server)
DDSDevice Directory Service
OOBEOut of the Box Experience
VMVirtual Machine
\ No newline at end of file +| | Description | +|:---|:---| +|**OEM** | Original Equipment Manufacturer | +|**CSV** | Comma Separated Values | +|**MPC** | Microsoft Partner Center | +|**CSP** | Cloud Solution Provider | +|**MSfB** | Microsoft Store for Business | +|**Azure AD** | Azure Active Directory | +|**4K HH** | 4K Hardware Hash | +|**CBR** | Computer Build Report | +|**EC** | Enterprise Commerce (server) | +|**DDS** | Device Directory Service | +|**OOBE** | Out of the Box Experience | +|**VM** |Virtual Machine | From c9e3804d059d509595f8ed4171d75aceb825c502 Mon Sep 17 00:00:00 2001 From: v-dihans Date: Wed, 25 Aug 2021 15:50:17 -0600 Subject: [PATCH 15/37] dh-removing we --- .../demonstrate-deployment-on-vm.md | 108 +++++++++--------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 476b544dc0..dedf8c406a 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -31,7 +31,7 @@ In this topic, you'll learn how to set up a Windows Autopilot deployment for a V > [!NOTE] > Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Intune. -> +> > Hyper-V and a VM are not required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to 'device' in the guide refer to the client device, either physical or virtual. The following video provides an overview of the process: @@ -50,7 +50,7 @@ These are the things you'll need to complete this lab: |**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.| |**Internet access**|If you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.| |**Hyper-V or a physical device running Windows 10**|The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.| -|**An account with Azure AD Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.| +|**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.| ## Procedures @@ -134,13 +134,13 @@ To use Windows PowerShell, you need to know two things: 1. The location of the Windows 10 ISO file. - In the example, we assume the location is **c:\iso\win10-eval.iso**. + In the example, the location is **c:\iso\win10-eval.iso**. 2. The name of the network interface that connects to the internet. - In the example, we use a Windows PowerShell command to determine this automatically. + In the example, you'll use a Windows PowerShell command to determine this automatically. -After we have set the ISO file location and determined the name of the appropriate network interface, we can install Windows 10. +After you determine the ISO file location and the name of the appropriate network interface, you can install Windows 10. ### Set ISO file location @@ -175,9 +175,9 @@ All VM data will be created under the current path in your PowerShell prompt. Co > [!IMPORTANT] > **VM switch**: a VM switch is how Hyper-V connects VMs to a network. > ->- If you have previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." +>- If you previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." >- If you have never created an external VM switch before, then just run the commands below. ->- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that is used to connect to the Internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). +>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). ```powershell New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name @@ -186,7 +186,7 @@ Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot Start-VM -VMName WindowsAutopilot ``` -After you enter these commands, connect to the VM that you just created. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD. +After you enter these commands, connect to the VM that you just created. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD. See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used (which is only available on Windows Server). If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM. @@ -269,7 +269,7 @@ Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see ** ## Capture the hardware ID > [!NOTE] -> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.). Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool. +> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For the purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.). Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool. Follow these steps to run the PowerShell script: @@ -327,19 +327,19 @@ Follow these steps to run the PowerShell script: PS C:\HWID> ``` -1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that is about 8 KB in size. This file contains the complete 4K HH. +1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that's about 8 KB in size. This file contains the complete 4K HH. > [!NOTE] - > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. An example of the data in this file is shown below. + > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. Here's an example of the data in this file: ![Serial number and hardware hash](images/hwid.png) - You'll need to upload this data into Intune to register your device for Autopilot. So the next step is to transfer this file to the computer you will use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB stick. If you’re using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM). + You'll need to upload this data into Intune to register your device for Autopilot. So, the next step is to transfer this file to the computer you'll use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB drive. If you’re using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM). - If you have trouble copying and pasting the file, just view the contents in Notepad on the VM and copy the text into Notepad outside the VM. Do not use another text editor to do this. + If you have trouble copying and pasting the file, just view the contents in Notepad on the VM, and then copy the text into Notepad outside the VM. Don't use another text editor to do this. > [!NOTE] - > When copying and pasting to or from VMs, avoid clicking other things with your mouse cursor between the copy and paste process as this can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste. + > When copying and pasting to or from VMs, avoid selecting other things with your mouse cursor in between the copy and paste process. Doing so can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste. ## Reset the VM back to Out-Of-Box-Experience (OOBE) @@ -356,13 +356,13 @@ Resetting the VM or device can take a while. Proceed to the next step (verify su ## Verify subscription level -For this lab, you need an Azure AD Premium subscription. You can tell if you have a Premium subscription by navigating to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example: +For this lab, you need an Azure AD Premium subscription. To tell if you have a Premium subscription, go to the [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) blade. See the following example: **Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune** ![MDM and Intune](images/mdm-intune2.png) -If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in Azure Active Directory (Azure AD) Premium. +If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in Azure AD Premium. To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5. @@ -388,7 +388,7 @@ When you're finished, select **Save**. If you already have MDM auto-enrollment configured in Azure AD, you can skip this step. -Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you do not see Microsoft Intune, select **Add application** and choose **Intune**. +Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you don't see Microsoft Intune, select **Add application** and choose **Intune**. For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**. @@ -396,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s ## Register your VM -Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for purposes of this lab. We highly recommend using Intune rather than MSfB. +Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommend to use Intune rather than MSfB. ### Autopilot registration using Intune @@ -405,9 +405,9 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B ![Intune device import](images/enroll1.png) > [!NOTE] - > If menu items like **Windows enrollment** are not active for you, then look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appears. + > If menu items like **Windows enrollment** aren't active for you, look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appears. -2. Under **Add Windows Autopilot devices** in the far-right pane, browse to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank. +2. Under **Add Windows Autopilot devices** in the far-right pane, go to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank. ![HWID CSV](images/enroll2.png) @@ -430,22 +430,22 @@ Optional: see the following video for an overview of the process. > [!video https://www.youtube.com/embed/IpLIZU_j7Z0] -First, you need a MSfB account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one. +First, you need a MSfB account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one. -Next, sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) using your test account by clicking **Sign in** on the upper-right-corner of the main page. +Next, to sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/en-us/store) with your test account, select **Sign in** on the upper-right-corner of the main page. -Select **Manage** from the top menu, then click the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example: +Select **Manage** from the top menu, then select the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example: ![Microsoft Store for Business](images/msfb.png) -Select the **Add devices** link to upload your CSV file. A message appears indicating your request is being processed. Wait a few moments before refreshing to see that your new device is added. +Select the **Add devices** link to upload your CSV file. A message appears that indicates your request is being processed. Wait a few moments before refreshing to see that your new device is added. ![Microsoft Store for Business Devices](images/msfb-device.png) ## Create and assign a Windows Autopilot deployment profile > [!IMPORTANT] -> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB. Both processes are shown here, but only *pick one for purposes of this lab*: +> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or MSfB. Both processes are shown here, but only *pick one for the purposes of this lab*: Pick one: - [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune) @@ -460,7 +460,7 @@ Pick one: #### Create a device group -The Autopilot deployment profile wizard asks for a device group, so we must create one first. To create a device group: +The Autopilot deployment profile wizard asks for a device group, so you must create one first. To create a device group: 1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**. @@ -531,7 +531,7 @@ Select **OK**, and then select **Create**. ### Create a Windows Autopilot deployment profile using MSfB -If already created and assigned a profile via Intune by using the steps immediately above, then skip this section. +If you already created and assigned a profile via Intune with the steps immediately above, then skip this section. A [video](https://www.youtube.com/watch?v=IpLIZU_j7Z0) is available that covers the steps required to create and assign profiles in MSfB. These steps are also summarized below. @@ -569,17 +569,17 @@ To assign (or reassign) the profile to a device, select the checkboxes next to t > [!div class="mx-imgBorder"] > ![MSfB assign step 1](images/msfb-assign1.png) -Confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column: +To confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column: > [!div class="mx-imgBorder"] > ![MSfB assign step 2](images/msfb-assign2.png) > [!IMPORTANT] -> The new profile is only applied if the device isn't started, and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. +> The new profile is only applied if the device hasn't started and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. ## See Windows Autopilot in action -If you shut down your VM after the last reset, it's time to start it back up again, so it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**: +If you shut down your VM after the last reset, it's time to start it back up again so it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**: > [!div class="mx-imgBorder"] > ![Device status](images/device-status.png) @@ -587,15 +587,15 @@ If you shut down your VM after the last reset, it's time to start it back up aga Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up. > [!TIP] -> If you reset your device previously, after collecting the 4K HH info, and then let it restart back to the first OOBE screen, then you might need to restart the device again to ensure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**. Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**). +> If you reset your device previously, after collecting the 4K HH info, let it restart back to the first OOBE screen. Then you might need to restart the device again to make sure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**. Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**). -- Ensure your device has an internet connection. -- Turn on the device -- Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip). +1. Make sure your device has an internet connection. +1. Turn on the device. +1. Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip). ![OOBE sign-in page](images/autopilot-oobe.png) -Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go into the Intune Azure portal, and select **Devices > All devices**. Then, **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated. +Soon after reaching the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go into the Intune Azure portal, and select **Devices > All devices**. Then, **Refresh** the data to verify that your device has changed from disabled to enabled, and the name of the device is updated. > [!div class="mx-imgBorder"] > ![Device enabled](images/devices1.png) @@ -620,17 +620,17 @@ You need to delete (or retire, or factory reset) the device from Intune before d This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**. -The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune. +The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune. > [!NOTE] -> A device only appears in the All devices list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune. +> A device only appears in the **All devices** list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune. -To remove the device from the Autopilot program, select the device, and then select **Delete**. A popup dialog box appears to confirm deletion. +To remove the device from the Autopilot program, select the device, and then select **Delete**. A pop-up dialog box appears to confirm deletion. > [!div class="mx-imgBorder"] > ![Delete device](images/delete-device2.png) -At this point, your device is unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program. +At this point, your device is unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program. Once the device no longer appears, you're free to reuse it for other purposes. @@ -640,7 +640,7 @@ If you also (optionally) want to remove your device from Azure AD, go to **Azure Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information. -To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press ENTER, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: +To verify your computer supports SLAT, open an administrator command prompt, type **systeminfo**, press **ENTER**, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example: ```console C:>systeminfo @@ -655,7 +655,7 @@ Hyper-V Requirements: VM Monitor Mode Extensions: Yes In this example, the computer supports SLAT and Hyper-V. > [!NOTE] -> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. +> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example: @@ -683,13 +683,13 @@ EPT * Supports Intel extended page tables (SLAT) #### Prepare the app for Intune -Before we can pull an application into Intune to make it part of our AP profile, we need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool: +Before you can pull an application into Intune to make it part of your AP profile, you need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following three bits of information to use the tool: 1. The source folder for your application 2. The name of the setup executable file 3. The output folder for the new file -For the purposes of this lab, we'll use the Notepad++ tool as our Win32 app. +For the purposes of this lab, we'll use the Notepad++ tool as the Win32 app. Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi. @@ -698,13 +698,13 @@ Run the IntuneWinAppUtil tool, supplying answers to the three questions, for exa > [!div class="mx-imgBorder"] > ![Add app example](images/app01.png) -After the tool finishes running, you should have an .intunewin file in the Output folder, which you can now upload into Intune using the following steps. +After the tool finishes running, you should have an .intunewin file in the Output folder. You can upload the file into Intune by using the following steps. #### Create app in Intune Log in to the Azure portal, and then select **Intune**. -Go to **Intune > Clients apps > Apps**, and then click the **Add** button to create a new app package. +Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package. ![Add app step 1](images/app02.png) @@ -733,7 +733,7 @@ Uninstall: msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q ![Add app step 5](images/app06.png) -Simply using an install command like "notepad++.exe /S" doesn't actually install Notepad++; it only launches the app. To install the program, you need to use the .msi file instead. Notepad++ doesn't have a .msi version of their program, but there's a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). +Simply using an install command like "notepad++.exe /S" doesn't actually install Notepad++; it only launches the app. To install the program, you need to use the .msi file instead. Notepad++ doesn't have a .msi version of their program, but there's a .msi version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available). Select **OK** to save your input and activate the **Requirements** blade. @@ -742,18 +742,18 @@ On the **Requirements Configuration** blade, specify the **OS architecture** and > [!div class="mx-imgBorder"] > ![Add app step 6](images/app07.png) -Next, configure the **Detection rules**. For the purpose of this lab, select manual format: +Next, configure the **Detection rules**. For the purposes of this lab, select manual format: > [!div class="mx-imgBorder"] > ![Add app step 7](images/app08.png) -Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule: +Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule: ![Add app step 8](images/app09.png) Select **OK** twice to save, as you back out to the main **Add app** blade again for the final configuration. -**Return codes**: For our purposes, leave the return codes at their default values: +**Return codes**: For the purposes of this lab, leave the return codes at their default values: > [!div class="mx-imgBorder"] > ![Add app step 9](images/app10.png) @@ -777,7 +777,7 @@ Find your app in your app list: #### Assign the app to your Intune profile > [!NOTE] -> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here. +> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here. In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties blade. Then select **Assignments** from the menu: @@ -786,7 +786,7 @@ In the **Intune > Client Apps > Apps** pane, select the app package you already Select **Add Group** to open the **Add group** pane that's related to the app. -For the purpose of this lab, select **Required** from the **Assignment type** dropdown menu. +For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu. > [!NOTE] > **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website. @@ -827,7 +827,7 @@ Under **App Type**, select **Office 365 Suite > Windows 10**: ![Create app step 2](images/app18.png) -Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab, only select Excel: +Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab, only select Excel: > [!div class="mx-imgBorder"] > ![Create app step 3](images/app19.png) @@ -852,7 +852,7 @@ Select **OK** and, then select **Add**. #### Assign the app to your Intune profile > [!NOTE] -> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here. +> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here. In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties blade. Then select **Assignments** from the menu: @@ -861,7 +861,7 @@ In the **Intune > Client Apps > Apps** pane, select the Office package you alrea Select **Add Group** to open the **Add group** pane that's related to the app. -For our purposes, select **Required** from the **Assignment type** dropdown menu. +For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu. **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website. From 8b0f8c20faf7cc845d58e4fbfb75ec94ddfcc59b Mon Sep 17 00:00:00 2001 From: v-dihans Date: Wed, 25 Aug 2021 16:07:16 -0600 Subject: [PATCH 16/37] dh acro fixes --- .../demonstrate-deployment-on-vm.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index dedf8c406a..caf50f2f1d 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -47,14 +47,14 @@ These are the things you'll need to complete this lab: | | Description | |:---|:---| -|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you do not already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.| +|**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you don't already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.| |**Internet access**|If you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.| -|**Hyper-V or a physical device running Windows 10**|The guide assumes that you will use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.| +|**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.| |**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.| ## Procedures -A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that do not apply to you. Optional procedures are provided in the appendices. +A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that don't apply to you. Optional procedures are provided in the appendices. If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or a later version. @@ -273,7 +273,7 @@ Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see ** Follow these steps to run the PowerShell script: -1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you're using a VM or a physical device: +1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device: ```powershell md c:\HWID @@ -362,7 +362,7 @@ For this lab, you need an Azure AD Premium subscription. To tell if you have a P ![MDM and Intune](images/mdm-intune2.png) -If the configuration blade shown above does not appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in Azure AD Premium. +If the configuration blade shown above doesn't appear, it's likely that you don't have a **Premium** subscription. Auto-enrollment is a feature only available in Azure AD Premium. To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5. @@ -618,7 +618,7 @@ You need to delete (or retire, or factory reset) the device from Intune before d > [!div class="mx-imgBorder"] > ![Delete device step 1](images/delete-device1.png) -This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this does not yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**. +This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this doesn't yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**. The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two completely separate datastores. The former (All devices) is the list of devices currently enrolled into Intune. @@ -655,7 +655,7 @@ Hyper-V Requirements: VM Monitor Mode Extensions: Yes In this example, the computer supports SLAT and Hyper-V. > [!NOTE] -> If one or more requirements are evaluated as **No** then the computer does not support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. +> If one or more requirements are evaluated as **No** then the computer doesn't support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings. You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example: From 322e80329d7217a147f31d0178530beec13f894a Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 27 Aug 2021 16:26:58 -0600 Subject: [PATCH 17/37] tweak --- .../windows-autopilot/demonstrate-deployment-on-vm.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index caf50f2f1d..b2291cb3a2 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -48,7 +48,7 @@ These are the things you'll need to complete this lab: | | Description | |:---|:---| |**Windows 10 installation media**|Windows 10 Professional or Enterprise (ISO file) for a supported version of Windows 10, semi-annual channel. If you don't already have an ISO to use, a link is provided to download an evaluation version of Windows 10 Enterprise.| -|**Internet access**|If you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the Internet.| +|**Internet access**|If you're behind a firewall, see the detailed networking requirements. Otherwise, just ensure that you have a connection to the internet.| |**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.| |**An account with Azure Active Directory (AD) Premium license**|This guide will describe how to obtain a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.| @@ -175,7 +175,7 @@ All VM data will be created under the current path in your PowerShell prompt. Co > [!IMPORTANT] > **VM switch**: a VM switch is how Hyper-V connects VMs to a network. > ->- If you previously enabled Hyper-V and your Internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." +>- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal." >- If you have never created an external VM switch before, then just run the commands below. >- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch). @@ -396,7 +396,7 @@ For the purposes of this demo, select **All** under the **MDM user scope** and s ## Register your VM -Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommend to use Intune rather than MSfB. +Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB). Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than MSfB. ### Autopilot registration using Intune From ad7d3b6a0ac37674265933fb4a6f3e7096b5fbbe Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Thu, 2 Sep 2021 11:03:14 -0700 Subject: [PATCH 18/37] add link to server article --- windows/deployment/planning/windows-11-removed-features.md | 3 +++ windows/deployment/wds-boot-support.md | 1 + 2 files changed, 4 insertions(+) diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md index 447473ea86..12f618fbfe 100644 --- a/windows/deployment/planning/windows-11-removed-features.md +++ b/windows/deployment/planning/windows-11-removed-features.md @@ -28,3 +28,6 @@ The following features and functionalities have been removed from the installed | ----------- | --------------------- | ------ | | Windows Deployment Services (WDS) image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | +## Also see + +[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)
\ No newline at end of file diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index 82ad38d20c..b484c3dc45 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -107,6 +107,7 @@ If you currently use WDS with **boot.wim** from installation media for end-to-en ## Also see +[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)
[Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022) \ No newline at end of file From 035ff0a4b331e2c1877428ed4d2596704b6387ee Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 3 Sep 2021 15:44:49 +0530 Subject: [PATCH 19/37] removed word as per user feedback #9934 , so i removed the word **Infrastructure** --- windows/security/threat-protection/auditing/event-4768.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index fb7930f6d2..e73c3e0daa 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -322,7 +322,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested. | **Field** | **Issue to discover** | |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **Certificate Issuer Name** | Certification authority name is not from your PKI infrastructure. | +| **Certificate Issuer Name** | Certification authority name is not from your PKI. | | **Certificate Issuer Name** | Certification authority name is not authorized to issue smart card authentication certificates. | | **Pre-Authentication Type** | Value is **0**, which means that pre-authentication was not used. All accounts should use Pre-Authentication, except accounts configured with “Do not require Kerberos preauthentication,” which is a security risk. For more information, see [Table 5. Kerberos Pre-Authentication types](#kerberos-preauthentication-types). | | **Pre-Authentication Type** | Value is **not 15** when account must use a smart card for authentication. For more information, see [Table 5. Kerberos Pre-Authentication types](#kerberos-preauthentication-types). | From e8c02c2bf71fa560ab840f8a6859607e8a8d09d0 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 09:11:30 -0700 Subject: [PATCH 20/37] update instructions --- windows/whats-new/windows-11-prepare.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index f2dedd5144..677e65d57f 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.author: greglin -ms.date: 06/24/2021 +ms.date: 09/03/2021 ms.reviewer: manager: laurawi ms.localizationpriority: high @@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil #### Cloud-based solutions -- If you use Windows Update for Business Group Policy or Configuration Service Provider (CSP) policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). +- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the September 1st optional update or later ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)): **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version. - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies. - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. From ca479ecb16a7ee5efa4ece4dccc06dca951c51fa Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 09:18:23 -0700 Subject: [PATCH 21/37] tweaks --- windows/whats-new/windows-11-prepare.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 677e65d57f..1e02cc6857 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil #### Cloud-based solutions -- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the September 1st optional update or later ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)): **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version. +- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version. - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies. - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. @@ -56,7 +56,7 @@ If you aren’t already taking advantage of cloud-based management capabilities, The following are some common use cases and the corresponding Microsoft Endpoint Manager capabilities that support them: - **Provision and pre-configure new Windows 11 devices**: [Windows Autopilot](/mem/autopilot/windows-autopilot) enables you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies. It can also be used to change the edition of Windows. For example, you can upgrade from Pro to Enterprise edition and gain the use of advanced features. The [Windows Autopilot diagnostics page](/mem/autopilot/windows-autopilot-whats-new#preview-windows-autopilot-diagnostics-page) is new feature that is available when you use in Windows Autopilot to deploy Windows 11. -- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multi-factor authentication (MFA) for specific apps. +- **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multifactor authentication (MFA) for specific apps. - **Streamline device management for frontline, remote, and onsite workers**: Introduced with Windows 10, [cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. It can be deployed to devices running the Pro, Enterprise, and Education editions of Windows 11 by using Microsoft Endpoint Manager. If you are exclusively using an on-premises device management solution (for example, Configuration Manager), you can still use the [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview), enable [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions), or enable [co-management](/mem/configmgr/comanage/overview) with Microsoft Intune. These solutions can make it easier to keep devices secure and up-to-date. From c745c9b36fba66ff65121e3c1bd4036e8d2d9f71 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 09:22:33 -0700 Subject: [PATCH 22/37] tweaks --- windows/whats-new/windows-11-prepare.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 1e02cc6857..48240c5e85 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil #### Cloud-based solutions -- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **product version** and **target version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version. +- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version. - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies. - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. From 5d93c27bc8d4247869053429c0888b44044d571a Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 09:25:54 -0700 Subject: [PATCH 23/37] more tweaks --- windows/whats-new/windows-11-prepare.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 48240c5e85..09f40237a9 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -45,7 +45,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil #### Cloud-based solutions -- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only target version is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version 21H1, even if multiple products have that same version. +- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version. - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies. - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. From f8afbc2df3012830227ab2421d91cec18aac6477 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 09:32:45 -0700 Subject: [PATCH 24/37] more tweaks --- windows/whats-new/windows-11-prepare.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 09f40237a9..b301ed3de2 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -45,7 +45,10 @@ The tools that you use for core workloads during Windows 10 deployments can stil #### Cloud-based solutions -- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1), but do not enable you to move between products (Windows 10 to Windows 11). In Group Policy, the **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version. +- If you use Windows Update for Business policies, you will need to use the **Target Version** capability rather than feature update deferrals to upgrade from Windows 10 to Windows 11. Feature update deferrals are great to move to newer versions of your current product (for example, Windows 10, version 20H2 to 21H1, but do not enable you to move between products (Windows 10 to Windows 11). + - In Group Policy, **Select target Feature Update version** has two entry fields after taking the 9/1/2021 optional update ([KB5005101](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1)) or a later update: **Product Version** and **Target Version**. + - The product field must specify Windows 11 in order for devices to upgrade to Windows 11. If only the target version field is configured, the device will be offered matching versions of the same product. + - For example, if a device is running Windows 10, version 2004 and only the target version is configured to 21H1, this device will be offered version Windows 10, version 21H1, even if multiple products have a 21H1 version. - Quality update deferrals will continue to work the same across both Windows 10 and Windows 11. This is true regardless of which management tool you use to configure Windows Update for Business policies. - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use feature update deployments to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. From 99738c3f09bd6e166b4dbfbaf3283e37fec73201 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 3 Sep 2021 09:50:39 -0700 Subject: [PATCH 25/37] fixing typo --- .../deployment/update/update-compliance-configuration-manual.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md index dcb6a6b2fe..339e8ed571 100644 --- a/windows/deployment/update/update-compliance-configuration-manual.md +++ b/windows/deployment/update/update-compliance-configuration-manual.md @@ -67,7 +67,7 @@ To enable data sharing between devices, your network, and Microsoft's Diagnostic | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. Census.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. | +| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. | | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. | | `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. | | `http://adl.windows.com` | Required for Windows Update functionality. | From 47ab294a2e5c691fed43ad4061837172c50010d7 Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Fri, 3 Sep 2021 11:16:10 -0700 Subject: [PATCH 26/37] Update for Windows 11 Added Windows 11 Removed Windows Mobile Revised ICD -> WCD --- .../provisioning-how-it-works.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index 5942a86179..b0bacdf90b 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -1,7 +1,7 @@ --- -title: How provisioning works in Windows 10 (Windows 10) +title: How provisioning works in Windows description: A provisioning package (.ppkg) is a container for a collection of configuration settings. -ms.prod: w10 +ms.prod: w10,w11 ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay @@ -13,15 +13,15 @@ ms.reviewer: manager: dansimp --- -# How provisioning works in Windows 10 +# How provisioning works in Windows **Applies to** - Windows 10 -- Windows 10 Mobile +- Windows 11 -Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the Microsoft Store. +Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 and 11 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from Microsoft Store. ## Provisioning packages @@ -69,7 +69,7 @@ When the provisioning engine selects a configuration, the Windows provisioning X ## Provisioning engine -The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10. +The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10 or 11. The provisioning engine provides the following functionality: @@ -82,7 +82,7 @@ The provisioning engine provides the following functionality: ## Configuration manager -The configuration manager provides the unified way of managing Windows 10 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. +The configuration manager provides the unified way of managing Windows 10 and 11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied. @@ -130,7 +130,7 @@ The following table shows how device provisioning can be initiated when a user f | Package delivery | Initiation method | Supported device | | --- | --- | --- | | Removable media - USB drive or SD card
(Packages must be placed at media root) | 5 fast taps on the Windows key to launch the provisioning UI |All Windows devices | -| From an administrator device through machine-to-machine NFC or NFC tag
(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows 10 Mobile devices and IoT Core devices | +| From an administrator device through machine-to-machine NFC or NFC tag
(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows IoT Core devices | The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device. @@ -144,7 +144,7 @@ At device runtime, stand-alone provisioning packages can be applied by user init | --- | --- | --- | | Removable media - USB drive or SD card
(Packages must be placed at media root) | **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** | All Windows devices | | Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows 10 for desktop editions devices | -| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows 10 Mobile devices and IoT Core devices | +| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows IoT Core devices | When applying provisioning packages from a removable media attached to the device, the Settings UI allows viewing contents of a package before selecting the package for provisioning. To minimize the risk of the device being spammed by applying provisioning packages from unknown sources, a provisioning package can be signed and encrypted. Partners can also set policies to limit the application of provisioning packages at device runtime. Applying provisioning packages at device runtime requires administrator privilege. If the package is not signed or trusted, a user must provide consent before the package is applied to the device. If the package is encrypted, a valid password is needed to decrypt the package before it can be applied to the device. @@ -157,7 +157,7 @@ After a stand-alone provisioning package is applied to the device, the package i - Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) -- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) + ## Related topics @@ -178,4 +178,4 @@ After a stand-alone provisioning package is applied to the device, the package i   -  \ No newline at end of file +  From 07394c37a641872f6822760b783d7e292dfca23a Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 14:20:08 -0700 Subject: [PATCH 27/37] remove article --- .../planning/windows-11-removed-features.md | 33 ------------------- 1 file changed, 33 deletions(-) delete mode 100644 windows/deployment/planning/windows-11-removed-features.md diff --git a/windows/deployment/planning/windows-11-removed-features.md b/windows/deployment/planning/windows-11-removed-features.md deleted file mode 100644 index 12f618fbfe..0000000000 --- a/windows/deployment/planning/windows-11-removed-features.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Windows 11 - Features that have been removed -description: In this article, learn about the features and functionality that has been removed or replaced in Windows 11. -ms.prod: w11 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro -author: greg-lindsay -ms.author: greglin -manager: laurawi -ms.topic: article -ms.custom: seo-marvel-apr2020 ---- - -# Features and functionality removed in Windows 11 - -> Applies to: Windows 11 - -Windows 11 adds new features and functionality; however some features are removed. Below is a summary of features and functionalities that are present in earlier versions of Windows 10 or Windows 11, but are removed in the specified version of Windows 11. **The list below is subject to change and might not include every affected feature or functionality.** - -> [!NOTE] -> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 11 builds and test these changes yourself. - -The following features and functionalities have been removed from the installed product image for Windows 11. Applications or code that depend on these features won't function in the release when it was removed, or in later releases. - -|Feature | Details and mitigation | Removed in version | -| ----------- | --------------------- | ------ | -| Windows Deployment Services (WDS) image deployment | End to end WDS deployment workflows that use **boot.wim** from installation media are affected. For more information, see [Windows Deployment Services (WDS) boot.wim support](../wds-boot-support.md) | Windows 11 | - -## Also see - -[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)
\ No newline at end of file From 1e47b7dceee7a56b758ddc1a93e178918834b316 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 14:23:21 -0700 Subject: [PATCH 28/37] remove dupe link --- windows/deployment/wds-boot-support.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md index b484c3dc45..f141ef1446 100644 --- a/windows/deployment/wds-boot-support.md +++ b/windows/deployment/wds-boot-support.md @@ -109,5 +109,4 @@ If you currently use WDS with **boot.wim** from installation media for end-to-en [Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022#features-were-no-longer-developing)
[Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-[Features removed or no longer developed starting with Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server-2022) \ No newline at end of file +[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
\ No newline at end of file From ecbd27bfe59fec6ec3043a1370f5bd91ac7f00f2 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 14:28:53 -0700 Subject: [PATCH 29/37] rm feature file --- windows/deployment/TOC.yml | 4 +--- windows/deployment/planning/features-lifecycle.md | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 6602391574..8daccb955a 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -71,9 +71,7 @@ - name: Features we removed items: - name: Windows 10 features removed - href: planning/windows-10-removed-features.md - - name: Windows 11 features removed - href: planning/windows-11-removed-features.md + href: planning/windows-10-removed-features.md - name: Prepare items: diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md index af22f20db2..6aa1667383 100644 --- a/windows/deployment/planning/features-lifecycle.md +++ b/windows/deployment/planning/features-lifecycle.md @@ -30,8 +30,7 @@ The following topic lists features that are no longer being developed. These fea The following topics have details about features that have been removed from Windows 10 or Windows 11. This includes features that are present in Windows 10, but are removed in Windows 11. -[Windows 10 features we removed](windows-10-removed-features.md)
-[Windows 11 features we removed](windows-11-removed-features.md) +[Windows 10 features we removed](windows-10-removed-features.md) ## Terminology From 163f72577ee9815237b05cf42dde843a01deb2bd Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 3 Sep 2021 14:35:24 -0700 Subject: [PATCH 30/37] fix warning --- .../provisioning-packages/provisioning-how-it-works.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index b0bacdf90b..71b38c30f7 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -1,14 +1,14 @@ --- title: How provisioning works in Windows description: A provisioning package (.ppkg) is a container for a collection of configuration settings. -ms.prod: w10,w11 +ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay ms.author: greglin ms.topic: article ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/03/2021 ms.reviewer: manager: dansimp --- From 9545dc05845bb583d26b759d16da3822d10907cb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 17:23:16 -0700 Subject: [PATCH 31/37] Changed word wrap around image via updated image wrap The layout in my browser looked bad. --- windows/security/threat-protection/auditing/event-4768.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index e73c3e0daa..f06e21d952 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -21,7 +21,7 @@ ms.technology: mde - Windows Server 2016 -Event 4768 illustration +:::image type="content" alt-text="Event 4768 illustration." source="images/event-4768.png"::: ***Subcategory:*** [Audit Kerberos Authentication Service](audit-kerberos-authentication-service.md) From eba388115f2a0cbb600ef3112c9ea7c43db74d7c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 17:28:31 -0700 Subject: [PATCH 32/37] Corrected notes style --- .../threat-protection/auditing/event-4768.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index f06e21d952..55854d8774 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -35,7 +35,8 @@ If TGT issue fails then you will see Failure event with **Result Code** field no This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “[4771](event-4771.md): Kerberos pre-authentication failed.” generates instead. -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@@ -101,7 +102,8 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “ - Uppercase full domain name: CONTOSO.LOCAL -> **Note**  A **Kerberos Realm** is a set of managed nodes that share the same Kerberos database. The Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure room. Active Directory domain is the example of Kerberos Realm in the Microsoft Windows Active Directory world. + > [!NOTE] + > A **Kerberos Realm** is a set of managed nodes that share the same Kerberos database. The Kerberos database resides on the Kerberos master computer system, which should be kept in a physically secure room. Active Directory domain is the example of Kerberos Realm in the Microsoft Windows Active Directory world. - **User ID** \[Type = SID\]**:** SID of account for which (TGT) ticket was requested. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. @@ -109,7 +111,8 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “ - **NULL SID** – this value shows in [4768](event-4768.md) Failure events. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). + > [!NOTE] + > A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). **Service Information:** @@ -149,7 +152,10 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “ - Using **MSB 0** bit numbering we have bit 1, 8, 15 and 27 set = Forwardable, Renewable, Canonicalize, Renewable-ok. -> **Note**  In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left.
MSB illustration +> [!NOTE] +> In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left. +> +> :::image type="content" alt-text="MSB illustration." source="images/msb.png"::: The most common values: @@ -186,8 +192,9 @@ The most common values: | 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. | > Table 2. Kerberos ticket flags. -> -> **Note**  [KILE](/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels. + +> [!NOTE] +> [KILE](/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels. - **Result Code** \[Type = HexInt32\]**:** hexadecimal result code of TGT issue operation. The “Table 3. TGT/TGS issue error codes.” contains the list of the most common error codes for this event. From cb0080914f28ec187aeccdc186467b08b6de47d4 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 17:29:40 -0700 Subject: [PATCH 33/37] Labeled code block --- windows/security/threat-protection/auditing/event-4768.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 55854d8774..59ba63d70c 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -41,7 +41,7 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
***Event XML:*** -``` +```xml - - From f1704dc9a9a4e6e9f8cbdb5f08990aee12a47c78 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 17:35:39 -0700 Subject: [PATCH 34/37] Fixed broken headings Headings don't work and are not rendered correctly when HTML is next to them, such as the SPAN tags in this article. --- .../security/threat-protection/auditing/event-4768.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 59ba63d70c..81482d1771 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -191,7 +191,7 @@ The most common values: | 30 | Renew | The RENEW option indicates that the present request is for a renewal. The ticket provided is encrypted in the secret key for the server on which it is valid. This option will only be honored if the ticket to be renewed has its RENEWABLE flag set and if the time in it’s renew-till field has not passed. The ticket to be renewed is passed in the padata field as part of the authentication header. | | 31 | Validate | This option is used only by the ticket-granting service. The VALIDATE option indicates that the request is to validate a postdated ticket. Should not be in use, because postdated tickets are not supported by KILE. | -> Table 2. Kerberos ticket flags. +## Table 2. Kerberos ticket flags > [!NOTE] > [KILE](/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9) **(Microsoft Kerberos Protocol Extension)** – Kerberos protocol extensions used in Microsoft operating systems. These extensions provide additional capability for authorization information including group memberships, interactive logon information, and integrity levels. @@ -259,12 +259,15 @@ The most common values: | 0x43 | KRB\_AP\_ERR\_NO\_TGT | No TGT was presented or available | In user-to-user authentication if the service does not possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT. | | 0x44 | KDC\_ERR\_WRONG\_REALM | Incorrect domain or principal | Although this error rarely occurs, it occurs when a client presents a cross-realm TGT to a realm other than the one specified in the TGT. Typically, this results from incorrectly configured DNS. | -> Table 3. TGT/TGS issue error codes. + + +## Table 3. TGT/TGS issue error codes - **Ticket Encryption Type** \[Type = HexInt32\]: the cryptographic suite that was used for issued TGT. + ## Table 4. Kerberos encryption types | Type | Type Name | Description | @@ -281,7 +284,8 @@ The most common values: - **Pre-Authentication Type** \[Type = UnicodeString\]: the code number of [pre-Authentication](/previous-versions/windows/it-pro/windows-server-2003/cc772815(v=ws.10)) type which was used in TGT request. -## Table 5. Kerberos Pre-Authentication types. + +## Table 5. Kerberos Pre-Authentication types | Type | Type Name | Description | |------------------------------------------------------------------------|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| From e0a2435af96be4e6cebd4b89a1f8ac1c1739466c Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 17:41:08 -0700 Subject: [PATCH 35/37] Corrected font weight of table headings Table headings are bold by default, and the font weight is heavier without formatting for bold (**). --- windows/security/threat-protection/auditing/event-4768.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 81482d1771..340264fa1e 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -312,7 +312,7 @@ The most common values: For 4768(S, F): A Kerberos authentication ticket (TGT) was requested. -| **Type of monitoring required** | **Recommendation** | +| Type of monitoring required | Recommendation | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| | **High-value accounts**: You might have high-value domain or local accounts for which you need to monitor each action.
Examples of high-value accounts are database administrators, built-in local administrator account, domain administrators, service accounts, domain controller accounts and so on. | Monitor this event with the **“User ID”** that corresponds to the high-value account or accounts. | | **Anomalies or malicious actions**: You might have specific requirements for detecting anomalies or monitoring potential malicious actions. For example, you might need to monitor for use of an account outside of working hours. | When you monitor for anomalies or malicious actions, use the **“User ID”** (with other information) to monitor how or when a particular account is being used. | @@ -331,7 +331,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested. - Also consider monitoring the fields shown in the following table, to discover the issues listed: -| **Field** | **Issue to discover** | +| Field | Issue to discover | |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Certificate Issuer Name** | Certification authority name is not from your PKI. | | **Certificate Issuer Name** | Certification authority name is not authorized to issue smart card authentication certificates. | From be7ae41db9b05b8f7e9bbc87c6307de7099b15cb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 3 Sep 2021 18:16:28 -0700 Subject: [PATCH 36/37] Restored HTML image reference, though curiously... ...I've had little success with docs.microsoft.com respecting sizing of images. I don't understand why it apparently works in this instance. --- windows/security/threat-protection/auditing/event-4768.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 340264fa1e..9406edbf43 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -155,7 +155,7 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “ > [!NOTE] > In the table below **“MSB 0”** bit numbering is used, because RFC documents use this style. In “MSB 0” style bit numbering begins from left. > -> :::image type="content" alt-text="MSB illustration." source="images/msb.png"::: +> MSB illustration The most common values: From b9a96725e62af48b3ecedad954f4d801f48e7f62 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Sun, 5 Sep 2021 10:31:07 -0700 Subject: [PATCH 37/37] Added "address" after "IP" --- windows/security/threat-protection/auditing/event-4768.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 9406edbf43..64156ecd85 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -321,7 +321,7 @@ For 4768(S, F): A Kerberos authentication ticket (TGT) was requested. | **External accounts**: You might be monitoring accounts from another domain, or “external” accounts that are not allowed to perform certain actions (represented by certain specific events). | Monitor this event for the **“Supplied Realm Name”** corresponding to another domain or “external” location. | | **Account naming conventions**: Your organization might have specific naming conventions for account names. | Monitor “**User ID”** for names that don’t comply with naming conventions. | -- You can track all [4768](event-4768.md) events where the **Client Address** is not from your internal IP range or not from private IP ranges. +- You can track all [4768](event-4768.md) events where the **Client Address** is not from your internal IP address range or not from private IP address ranges. - If you know that **Account Name** should be used only from known list of IP addresses, track all **Client Address** values for this **Account Name** in [4768](event-4768.md) events. If **Client Address** is not from the allowlist, generate the alert.