deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-tea-CI-105366

Browse Source
This commit is contained in:
Teresa-Motiv
2019-10-21 10:16:52 -07:00
parent 96a586a9e4 f92832e76e
commit 0c7bf1366e
13 changed files with 193 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
author: jaimeo
ms.audience: itpro
author: greg-lindsay
author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
@ -19,6 +19,9 @@ ms.topic: article
# Frequently asked questions and troubleshooting Windows Analytics
>[!IMPORTANT]
>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
>[!IMPORTANT]
>**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences. See [Windows Analytics in the Azure Portal](windows-analytics-azure-portal.md) for steps to use Windows Analytics in the Azure portal. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
@ -150,7 +153,7 @@ For more information, see [Enrolling devices in Windows Analytics](windows-analy
### Apps not appearing in Device Health App Reliability
[![App Reliability tile showing relability events trend](images/app-reliability.png)](images/app-reliability.png)
[![App Reliability tile showing reliability events trend](images/app-reliability.png)](images/app-reliability.png)
If apps that you know are crashing do not appear in App Reliability, follow these steps to investigate the issue:

147
windows/deployment/update/windows-analytics-azure-portal.md
View File

@ -1,71 +1,76 @@
---
title: Windows Analytics in the Azure Portal
ms.reviewer:
manager: laurawi
description: Use the Azure Portal to add and configure Windows Analytics solutions
keywords: Device Health, oms, Azure, portal, operations management suite, add, manage, configure, Upgrade Readiness, Update Compliance
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
---
# Windows Analytics in the Azure Portal
Windows Analytics uses Azure Log Analytics workspaces (formerly known as Operations Management Suite or OMS), a collection of cloud-based services for monitoring and automating your on-premises and cloud environments.
**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences, which this topic will explain. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
## Navigation and permissions in the Azure portal
Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics workspaces*. Once it appears, you can select the star to add it to your favorites for easy access in the future.
[![Azure portal all services page with Log Analytics found and selected as favorite](images/azure-portal-LAfav1.png)](images/azure-portal-LAfav1.png)
### Permissions
It's important to understand the difference between Azure Active Directory and an Azure subscription:
**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices.
>[!IMPORTANT]
>Unlike the OMS portal (which only requires permission to access the Azure Log Analytics workspace), the Azure portal also requires access to be configured to either the linked *Azure subscription* or Azure resource group.
To check the Log Analytics workspaces you can access, select **Log Analytics workspaces**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to:
[![Log Analytics workspace page showing accessible workspaces and linked Azure subscriptions](images/azure-portal-LAmain-wkspc-subname-sterile.png)](images/azure-portal-LAmain-wkspc-subname-sterile.png)
If you do not see your workspace in this view, but you are able to access the workspace from the classic portal, that means you do not have access to the workspace's Azure subscription or resource group. To remedy this, you will need to find someone with admin rights to grant you access, which they can do by selecting the subscription name and selecting **Access control (IAM)** (alternatively they can configure your access at the resource group level). They should either grant you "Log Analytics Reader" access (for read-only access) or "Log Analytics Contributor" access (which enables making changes such as creating deployment plans and changing application readiness states).
When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page.
[![Log Analytics workspace page showing workspace summary](images/azure-portal-LA-wkspcsumm_sterile.png)](images/azure-portal-LA-wkspcsumm_sterile.png)
## Adding Windows Analytics solutions
In the Azure portal, the simplest way to add Windows Analytics solutions (Upgrade Readiness, Update Compliance, and Device Health) is to select **+ Create a resource** and then type the solution name in the search box. In this example, the search is for "Device Health":
[![Add WA solutions with "create a resource"](images/azure-portal-create-resource-boxes.png)](images/azure-portal-create-resource-boxes.png)
Select the solution from the list that is returned by the search, and then select **Create** to add the solution.
## Navigating to Windows Analytics solutions settings
To adjust settings for a Windows Analytics solution, first navigate to the **Solutions** tab for your workspace, and then select the solution to configure. In this example, Upgrade Readiness is being adjusted by selecting **CompatibilityAssessment**:
[![Select WA solution to adjust settings](images/temp-azure-portal-soltn-setting.png)](images/temp-azure-portal-soltn-setting.png)
From there, select the settings page to adjust specific settings:
[![Settings page for Upgrade Readiness in Azure portsl](images/azure-portal-UR-settings.png)](images/azure-portal-UR-settings.png)
---
title: Windows Analytics in the Azure Portal
ms.reviewer:
manager: laurawi
description: Use the Azure Portal to add and configure Windows Analytics solutions
keywords: Device Health, oms, Azure, portal, operations management suite, add, manage, configure, Upgrade Readiness, Update Compliance
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: jaimeo
ms.audience: itpro
author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
---
# Windows Analytics in the Azure Portal
>[!IMPORTANT]
>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
Windows Analytics uses Azure Log Analytics workspaces (formerly known as Operations Management Suite or OMS), a collection of cloud-based services for monitoring and automating your on-premises and cloud environments.
**The OMS portal has been deprecated; you should start using the [Azure portal](https://portal.azure.com) instead as soon as possible.** Many experiences are the same in the two portals, but there are some key differences, which this topic will explain. For much more information about the transition from OMS to Azure, see [OMS portal moving to Azure](https://docs.microsoft.com/azure/log-analytics/log-analytics-oms-portal-transition).
## Navigation and permissions in the Azure portal
Go to the [Azure portal](https://portal.azure.com), select **All services**, and search for *Log Analytics workspaces*. Once it appears, you can select the star to add it to your favorites for easy access in the future.
[![Azure portal all services page with Log Analytics found and selected as favorite](images/azure-portal-LAfav1.png)](images/azure-portal-LAfav1.png)
### Permissions
It's important to understand the difference between Azure Active Directory and an Azure subscription:
**Azure Active Directory** is the directory that Azure uses. Azure Active Directory (Azure AD) is a separate service which sits by itself and is used by all of Azure and also Office 365.
An **Azure subscription** is a container for billing, but also acts as a security boundary. Every Azure subscription has a trust relationship with at least one Azure AD instance. This means that a subscription trusts that directory to authenticate users, services, and devices.
>[!IMPORTANT]
>Unlike the OMS portal (which only requires permission to access the Azure Log Analytics workspace), the Azure portal also requires access to be configured to either the linked *Azure subscription* or Azure resource group.
To check the Log Analytics workspaces you can access, select **Log Analytics workspaces**. You should see a grid control listing all workspaces, along with the Azure subscription each is linked to:
[![Log Analytics workspace page showing accessible workspaces and linked Azure subscriptions](images/azure-portal-LAmain-wkspc-subname-sterile.png)](images/azure-portal-LAmain-wkspc-subname-sterile.png)
If you do not see your workspace in this view, but you are able to access the workspace from the classic portal, that means you do not have access to the workspace's Azure subscription or resource group. To remedy this, you will need to find someone with admin rights to grant you access, which they can do by selecting the subscription name and selecting **Access control (IAM)** (alternatively they can configure your access at the resource group level). They should either grant you "Log Analytics Reader" access (for read-only access) or "Log Analytics Contributor" access (which enables making changes such as creating deployment plans and changing application readiness states).
When permissions are configured, you can select the workspace and then select **Workspace summary** to see information similar to what was shown in the OMS overview page.
[![Log Analytics workspace page showing workspace summary](images/azure-portal-LA-wkspcsumm_sterile.png)](images/azure-portal-LA-wkspcsumm_sterile.png)
## Adding Windows Analytics solutions
In the Azure portal, the simplest way to add Windows Analytics solutions (Upgrade Readiness, Update Compliance, and Device Health) is to select **+ Create a resource** and then type the solution name in the search box. In this example, the search is for "Device Health":
[![Add WA solutions with "create a resource"](images/azure-portal-create-resource-boxes.png)](images/azure-portal-create-resource-boxes.png)
Select the solution from the list that is returned by the search, and then select **Create** to add the solution.
## Navigating to Windows Analytics solutions settings
To adjust settings for a Windows Analytics solution, first navigate to the **Solutions** tab for your workspace, and then select the solution to configure. In this example, Upgrade Readiness is being adjusted by selecting **CompatibilityAssessment**:
[![Select WA solution to adjust settings](images/temp-azure-portal-soltn-setting.png)](images/temp-azure-portal-soltn-setting.png)
From there, select the settings page to adjust specific settings:
[![Settings page for Upgrade Readiness in Azure portal](images/azure-portal-UR-settings.png)](images/azure-portal-UR-settings.png)
>[!NOTE]
>To access these settings, both the subscription and workspace require "contributor" permissions. You can view your current role and make changes in other roles by using the **Access control (IAM)** tab in Azure.

9
windows/deployment/update/windows-analytics-get-started.md
View File

@ -17,6 +17,9 @@ ms.topic: article
# Enrolling devices in Windows Analytics
>[!IMPORTANT]
>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
If you have not already done so, consult the topics for any of the three Windows Analytics solutions (Update Compliance, Upgrade Readiness, and Device Health) you intend to use and follow the steps there to add the solutions to Azure Portal.
- [Get started with Device Health](device-health-get-started.md)
@ -37,7 +40,7 @@ To find your commercial ID, first navigate to the **Solutions** tab for your wor
From there, select the settings page, where you can find and copy your commercial ID:
[![Settings page for Upgrade Readiness in Azure portsl](images/azure-portal-UR-settings.png)](images/azure-portal-UR-settings.png)
[![Settings page for Upgrade Readiness in Azure portal](images/azure-portal-UR-settings.png)](images/azure-portal-UR-settings.png)
@ -107,7 +110,7 @@ The compatibility update scans your devices and enables application usage tracki
With Windows diagnostic data enabled, the Connected User Experience and Telemetry service (DiagTrack) collects system, application, and driver data. Microsoft analyzes this data, and shares it back to you through Windows Analytics. For the best experience, install these updates depending upon the operating system version.
- For Windows 10, install the latest Windows 10 cumulative update.
- For Windows 8.1, nstall the October 2018 monthly rollup, [KB4462926](https://support.microsoft.com/help/4462926)
- For Windows 8.1, install the October 2018 monthly rollup, [KB4462926](https://support.microsoft.com/help/4462926)
- For Windows 7, install the October 2018 monthly rollup, [KB4462923](https://support.microsoft.com/help/4462923)
@ -206,7 +209,7 @@ For more information about Internet Explorer Security Zones, see [About URL Secu
We recommend using the deployment script to configure devices. However if this is not an option, you can still manage settings by policy as described in the previous section. However, if you don't run the deployment script, you won't benefit from its error checking, and you might have to wait a long time (possibly weeks) before devices send the initial full inventory scan.
Note that it is possible to intiate a full inventory scan on a device by calling these commands:
Note that it is possible to initiate a full inventory scan on a device by calling these commands:
- CompatTelRunner.exe -m:generaltel.dll -f:DoCensusRun
- CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun ent

7
windows/deployment/update/windows-analytics-privacy.md
View File

@ -9,9 +9,9 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
author: jaimeo
ms.audience: itpro
author: greg-lindsay
author: jaimeo
ms.localizationpriority: high
ms.collection: M365-analytics
ms.topic: article
@ -19,6 +19,9 @@ ms.topic: article
# Windows Analytics and privacy
>[!IMPORTANT]
>The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](update-compliance-get-started.md) will continue to be supported. For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
Windows Analytics is fully committed to privacy, centering on these tenets:
- **Transparency:** We fully document the Windows Analytics diagnostic events (see the links for additional information) so you can review them with your companys security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).

2
windows/privacy/TOC.md
View File

@ -14,7 +14,7 @@
### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
### [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
## Enhanced level Windows diagnostic data events and fields
### [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
### [Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
## Full level categories
### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md)
### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)

16
windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -390,20 +390,26 @@ However, before more data is gathered, Microsofts privacy governance team, in
> [!NOTE]
> Crash dumps collected at this diagnostic data level may unintentionally contain personal data, such as portions of memory from a documents, a web page, etc.
## Limit Enhanced diagnostic data to the minimum required by Windows Analytics
## Limit Enhanced diagnostic data to the minimum required by Desktop Analytics
Windows Analytics Device Health reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. In the past, organizations sending **Enhanced** or **Full** level diagnostic data were able to participate in Device Health. However, organizations that required detailed event and field level documentation were unable to move from **Basic** to **Enhanced**.
> [!IMPORTANT]
> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data. For more info about Device Health, see the [Monitor the health of devices with Device Health](https://docs.microsoft.com/windows/deployment/update/device-health-monitor) topic.
Desktop Analytics reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events.
- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) topic.
In Windows 10, version 1709, we introduced the **Limit Enhanced diagnostic data to the minimum required by Windows Analytics** feature. When enabled, this feature lets you send only the following subset of **Enhanced** level diagnostic data.
- **Operating system events.** Limited to a small set required for analytics reports and documented in the [Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) topic.
- **Some crash dump types.** Triage dumps for user mode and mini dumps for kernel mode.
>[!NOTE]
> Triage dumps are a type of [minidumps](https://docs.microsoft.com/windows/desktop/debug/minidump-files) that go through a process of user-sensitive information scrubbing. Some user-sensitive information may be missed in the process, and will therefore be sent with the dump.
### Enable limiting enhanced diagnostic data to the minimum required by Windows Analytics
With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
### Enable limiting enhanced diagnostic data to the minimum required by Desktop Analytics
1. Set the diagnostic data level to **Enhanced**, using either Group Policy or MDM.

30
windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md
View File

@ -1,6 +1,6 @@
---
description: Use this article to learn more about the enhanced diagnostic data events used by Windows Analytics
title: Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics (Windows 10)
description: Use this article to learn more about the limit enhanced diagnostic data events policy used by Desktop Analytics
title: Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy (Windows 10)
keywords: privacy, diagnostic data
ms.prod: w10
ms.mktglfcycl: manage
@ -18,19 +18,24 @@ ms.reviewer:
---
# Windows 10 enhanced diagnostic data events and fields used by Windows Analytics
# Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy
**Applies to**
- Windows 10, version 1709 and newer
Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced.
> [!IMPORTANT]
> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
In Windows 10, version 1709, we introduce a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
Desktop Analytics reports are powered by diagnostic data not included in the Basic level.
In Windows 10, version 1709, we introduced a new feature: "Limit Enhanced diagnostic data to the minimum required by Windows Analytics". When enabled, this feature limits the operating system diagnostic data events included in the Enhanced level to only those described below. Note that the Enhanced level also includes limited crash reports, which are not described below. For more information on the Enhanced level, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md).
With the retirement of Windows Analytics, this policy will continue to be supported by Desktop Analytics, but will not include Office related diagnostic data.
## KernelProcess.AppStateChangeSummary
This event summarizes application usage and performance characteristics to help Microsoft improve performance and reliability. Organizations can use this event with Windows Analytics to gain insights into application reliability.
This event summarizes application usage and performance characteristics to help Microsoft improve performance and reliability. Organizations can use this event with Desktop Analytics to gain insights into application reliability.
The following fields are available:
@ -241,7 +246,7 @@ This event is fired when the office application suspends as per app life-cycle c
- **SuspendType:** Type of suspend
## Microsoft.OSG.OSS.CredProvFramework.ReportResultStop
This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve logon reliability. Using this event with Windows Analytics can help organizations monitor and improve logon success for different methods (for example, biometric) on managed devices.
This event indicates the result of an attempt to authenticate a user with a credential provider. It helps Microsoft to improve logon reliability. Using this event with Desktop Analytics can help organizations monitor and improve logon success for different methods (for example, biometric) on managed devices.
The following fields are available:
@ -261,7 +266,7 @@ The following fields are available:
- **UserTag:** Count of the number of times a user has selected a provider
## Microsoft.Windows.Kernel.Power.OSStateChange
This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Windows Analytics, organizations can use this to monitor reliability and performance of managed devices
This event denotes the transition between operating system states (e.g., On, Off, Sleep, etc.). By using this event with Desktop Analytics, organizations can use this to monitor reliability and performance of managed devices
The following fields are available:
@ -322,7 +327,7 @@ The following field is available:
- **ticksSinceBoot:** Duration of boot event (milliseconds)
## Microsoft.Windows.Shell.Desktop.LogonFramework.AllLogonTasks
This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Windows Analytics organizations can help identify logon problems on managed devices.
This event summarizes the logon procedure to help Microsoft improve performance and reliability. By using this event with Desktop Analytics organizations can help identify logon problems on managed devices.
The following fields are available:
@ -359,7 +364,7 @@ The following fields are available:
- **status:** Indicates whether errors occurred during WIP learning events
## Win32kTraceLogging.AppInteractivitySummary
Summarizes which app windows are being used (for example, have focus) to help Microsoft improve compatibility and user experience. Also helps organizations (by using Windows Analytics) to understand and improve application reliability on managed devices.
Summarizes which app windows are being used (for example, have focus) to help Microsoft improve compatibility and user experience. Also helps organizations (by using Desktop Analytics) to understand and improve application reliability on managed devices.
The following fields are available:
@ -415,8 +420,11 @@ A previous revision of this list stated that a field named PartA_UserSid was a m
### Office events added
In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 16 events were added, describing Office app launch and availability. These events were added to improve the precision of Office data in Windows Analytics.
> [!NOTE]
> Office data will no longer be provided through this policy in Desktop Analytics.
### CertAnalytics events removed
In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 3 "CertAnalytics" events were removed, as they are no longer required for Windows Analytics.
In Windows 10, version 1809 (also applies to versions 1709 and 1803 starting with [KB 4462932](https://support.microsoft.com/help/4462932/windows-10-update-kb4462932) and [KB 4462933](https://support.microsoft.com/help/4462933/windows-10-update-kb4462933) respectively), 3 "CertAnalytics" events were removed, as they are no longer required for Desktop Analytics.
>[!NOTE]
>You can use the Windows Diagnostic Data Viewer to observe and review events and their fields as described in this topic.

4
windows/release-information/resolved-issues-windows-10-1903.yml
View File

@ -32,7 +32,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 11, 2019 <br>03:15 PM PT</td></tr>
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 18362.357<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522016' target='_blank'>KB4522016</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='335msg'></div><b>Audio in games is quiet or different than expected</b><br>Microsoft has received reports that audio in certain games is quieter or different than expected.<br><br><a href = '#335msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>September 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
@ -95,7 +95,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='248msgdesc'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolved:&nbsp;</strong>To resolve this issue, you will need to update the firmware of your Surface Book 2&nbsp;device. Please see the <a href=\"https://support.microsoft.com/help/4055398/surface-book-2-update-history\" target=\"_blank\">Surface Book 2 update history page</a><strong>&nbsp;</strong>for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.</div><div>&nbsp;</div><div>The safeguard hold will be removed in the coming weeks.</div><br><a href ='#248msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>October 11, 2019 <br>03:15 PM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='248msgdesc'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolved:&nbsp;</strong>To resolve this issue, you will need to update the firmware of your Surface Book 2&nbsp;device. Please see the <a href=\"https://support.microsoft.com/help/4055398/surface-book-2-update-history\" target=\"_blank\">Surface Book 2 update history page</a><strong>&nbsp;</strong>for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.</div><div>&nbsp;</div><div>The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.</div><br><a href ='#248msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>October 18, 2019 <br>04:33 PM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='255msgdesc'></div><b>Domain connected devices that use MIT Kerberos realms will not start up</b><div>Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of <a href='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a>. Devices that are domain controllers or domain members are both affected.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903.</div><div><br></div><div><strong>Note </strong>If you are not sure if your device is affected, contact your administrator.&nbsp;Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -&gt; Policies -&gt; Administrative Templates &gt; System -&gt; Kerberos or check if this registry key exists:</div><pre class=\"ql-syntax\" spellcheck=\"false\">HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#255msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='254msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#254msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>

4
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -64,7 +64,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>October 17, 2019 <br>05:14 PM PT</td></tr>
<tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:23 PM PT</td></tr>
<tr><td><div id='330msg'></div><b>Windows Mixed Reality Portal users may intermittently receive a 15-5 error code</b><br>You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not wake up from sleep.<br><br><a href = '#330msgdesc'>See details ></a></td><td>OS Build 17763.678<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4511553' target='_blank'>KB4511553</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>October 15, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='244msg'></div><b>Startup to a black screen after installing updates</b><br>Your device may startup to a black screen during the first logon after installing updates.<br><br><a href = '#244msgdesc'>See details ></a></td><td>OS Build 17763.557<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>October 15, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 17763.740<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522015' target='_blank'>KB4522015</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
@ -87,7 +87,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><div>The Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a&nbsp;0xc0000409 error in <strong>Event Viewer</strong> on MsSense.exe.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;At this time, we suggest that devices in an affected environment do not install <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>. We are working on a resolution and estimate a solution will be available in mid-November.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>October 17, 2019 <br>05:14 PM PT<br><br>Opened:<br>October 17, 2019 <br>05:14 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='360msgdesc'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><div>After installing the optional non-security&nbsp;update (<a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>), the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data. You might also receive a&nbsp;0xc0000409 error in <strong>Event Viewer</strong> on MsSense.exe.</div><div><br></div><div><strong>Note</strong> Microsoft Windows Defender Antivirus is not affected by this issue.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;At this time, we suggest that devices in an affected environment do not install the optional non-security&nbsp;update, <a href='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a>. We are working on a resolution and estimate a solution will be available in mid-November.</div><br><a href ='#360msg'>Back to top</a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>October 18, 2019 <br>04:23 PM PT<br><br>Opened:<br>October 17, 2019 <br>05:14 PM PT</td></tr>
</table>
"

4
windows/release-information/status-windows-10-1903.yml
View File

@ -64,7 +64,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 11, 2019 <br>03:15 PM PT</td></tr>
<tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
<tr><td><div id='351msg'></div><b>Intermittent issues when printing</b><br>The print spooler service may intermittently have issues completing a print job and results print job failure.<br><br><a href = '#351msgdesc'>See details ></a></td><td>OS Build 18362.357<br><br>September 23, 2019<br><a href ='https://support.microsoft.com/help/4522016' target='_blank'>KB4522016</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='335msg'></div><b>Audio in games is quiet or different than expected</b><br>Microsoft has received reports that audio in certain games is quieter or different than expected.<br><br><a href = '#335msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517211' target='_blank'>KB4517211</a></td><td>September 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='336msg'></div><b>IME may become unresponsive or have High CPU usage</b><br>Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.<br><br><a href = '#336msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>September 19, 2019 <br>04:08 PM PT</td></tr>
@ -113,7 +113,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='248msgdesc'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolved:&nbsp;</strong>To resolve this issue, you will need to update the firmware of your Surface Book 2&nbsp;device. Please see the <a href=\"https://support.microsoft.com/help/4055398/surface-book-2-update-history\" target=\"_blank\">Surface Book 2 update history page</a><strong>&nbsp;</strong>for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.</div><div>&nbsp;</div><div>The safeguard hold will be removed in the coming weeks.</div><br><a href ='#248msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>October 11, 2019 <br>03:15 PM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='248msgdesc'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolved:&nbsp;</strong>To resolve this issue, you will need to update the firmware of your Surface Book 2&nbsp;device. Please see the <a href=\"https://support.microsoft.com/help/4055398/surface-book-2-update-history\" target=\"_blank\">Surface Book 2 update history page</a><strong>&nbsp;</strong>for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.</div><div>&nbsp;</div><div>The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.</div><br><a href ='#248msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>October 18, 2019 <br>04:33 PM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
</table>
"

103
windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
View File

@ -9,83 +9,83 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.author: dansimp
ms.date: 09/03/2018
author: denisebmsft
ms.author: deniseb
ms.date: 10/18/2019
ms.reviewer:
manager: dansimp
ms.custom: nextgen
---
# Manage the sources for Windows Defender Antivirus protection updates
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- [Microsoft Defender Advanced Threat Protection](https://go.microsoft.com/fwlink/p/?linkid=2069559)
<a id="protection-updates"></a>
<!-- this has been used as anchor in VDI content -->
There are two components to managing protection updates - where the updates are downloaded from, and when updates are downloaded and applied.
Keeping your antivirus protection up to date is critical. There are two components to managing protection updates for Windows Defender Antivirus:
- *Where* the updates are downloaded from; and
- *When* updates are downloaded and applied.
This topic describes where you can specify the updates should be downloaded from, also known as the fallback order.
This article describes the *where* - how to specify where updates should be downloaded from (this is also known as the fallback order). See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates).
> [!IMPORTANT]
> Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update and starting Monday, October 21, 2019, all security intelligence updates will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to update your security intelligence. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).
See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) topic for an overview on how updates work, and how to configure other aspects of updates (such as scheduling updates).
<a id="fallback-order"></a>
There are five locations where you can specify where an endpoint should obtain updates. Typically, you would configure endpoints to individually download the updates from a primary source, followed by the other sources in order of priority based on your network configuration.
## Fallback order
Updates will be obtained from the sources in the order you specify. If a source is not available, the next source in the list will be used.
Typically, you configure endpoints to individually download updates from a primary source, followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used.
You can use the following sources:
When updates are published, some logic is applied to minimize the size of the update. In most cases, only the differences between the latest update and the update that is currently installed (this is referred to as the delta) on the device is downloaded and applied. However, the size of the delta depends on two main factors:
- The age of the last update on the device; and
- The source used to download and apply updates.
The older the updates on an endpoint, the larger the download will be. However, you must also consider download frequency as well. A more frequent update schedule can result in more network usage, whereas a less-frequent schedule can result in larger file sizes per download.
- Microsoft Update
- [Windows Server Update Service (WSUS)](https://technet.microsoft.com/windowsserver/bb332157.aspx)
- System Center Configuration Manager
- A network file share
- The [Microsoft Malware Protection Center Security intelligence page (MMPC)](https://www.microsoft.com/security/portal/definitions/adl.aspx)
There are five locations where you can specify where an endpoint should obtain updates:
- [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq)
- [Windows Server Update Service](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus)
- [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/servers/manage/updates)
- [Network file share](https://docs.microsoft.com/windows-server/storage/nfs/nfs-overview)
- [Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.)
When updates are published, some logic will be applied to minimize the size of the update. In most cases, only the "delta" (or the differences between the latest update and the update that is currently installed on the endpoint) will be downloaded and applied. However, the size of the delta depends on:
- How old the current update on the endpoint is
- Which source you use
The older the updates on an endpoint, the larger the download. However, you must also consider frequency versus size - a more frequent update schedule may result in more ad hoc network usage, while a less-frequent schedule may result in larger file sizes.
Microsoft Update allows for rapid releases, which means it will download small deltas on a frequent basis. This ensures the best protection, but may increase network bandwidth.
The WSUS, Configuration Manager, and MMPC sources will deliver less frequent updates. The size of the updates may be slightly larger than the frequent release from Microsoft Update (as the delta, or differences between the latest version and what is on the endpoint will be larger). This ensures consistent protection without increasing ad hoc network usage (although the amount of data may be the same or increased as the updates will be fewer, but may be slightly larger).
To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, System Center Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads.
> [!IMPORTANT]
> If you have set MMPC as a fallback source after WSUS or Microsoft Update, updates will only be downloaded from MMPC when the current update is considered to be out-of-date (by default, this is 14 consecutive days of not being able to apply updates from the WSUS or Microsoft Update services).
> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).
> If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).
> You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).<p>
> Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).
Each source has typical scenarios that depend on how your network is configured, in addition to how often they publish updates, as described in the following table:
Location | Sample scenario
---|---
WSUS | You are using WSUS to manage updates for your network.
Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use WSUS to manage your updates.
File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.
Configuration Manager | You are using System Center Configuration Manager to update your endpoints.
MMPC | You need to download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from WSUS or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).
|Location | Sample scenario |
|---|---|
|Windows Server Update Service | You are using Windows Server Update Service to manage updates for your network.|
|Microsoft Update | You want your endpoints to connect directly to Microsoft Update. This can be useful for endpoints that irregularly connect to your enterprise network, or if you do not use Windows Server Update Service to manage your updates.|
|File share | You have non-Internet-connected devices (such as VMs). You can use your Internet-connected VM host to download the updates to a network share, from which the VMs can obtain the updates. See the [VDI deployment guide](deployment-vdi-windows-defender-antivirus.md) for how file shares can be used in virtual desktop infrastructure (VDI) environments.|
|System Center Configuration Manager | You are using System Center Configuration Manager to update your endpoints.|
|Security intelligence updates for Windows Defender Antivirus and other Microsoft antimalware (formerly referred to as MMPC) |[Make sure your devices are updated to support SHA-2](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update, and starting Monday October 21, 2019 security intelligence updates will be SHA-2 signed exclusively. <br/>Download the latest protection updates because of a recent infection or to help provision a strong, base image for [VDI deployment](deployment-vdi-windows-defender-antivirus.md). This option should generally be used only as a final fallback source, and not the primary source. It will only be used if updates cannot be downloaded from Windows Server Update Service or Microsoft Update for [a specified number of days](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).|
You can manage the order in which update sources are used with Group Policy, System Center Configuration Manager, PowerShell cmdlets, and WMI.
> [!IMPORTANT]
> If you set WSUS as a download location, you must approve the updates - regardless of what management tool you use to specify the location. You can set up an automatic approval rule with WSUS, which may be useful as updates arrive at least once a day. See [To synchronize endpoint protection updates in standalone WSUS](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus) for more details.
> If you set Windows Server Update Service as a download location, you must approve the updates, regardless of the management tool you use to specify the location. You can set up an automatic approval rule with Windows Server Update Service, which might be useful as updates arrive at least once a day. To learn more, see [synchronize endpoint protection updates in standalone Windows Server Update Service](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-definitions-wsus#to-synchronize-endpoint-protection-definition-updates-in-standalone-wsus).
The procedures in this article first describe how to set the order, and then how to set up the **File share** option if you have enabled it.
**Use Group Policy to manage the update location:**
## Use Group Policy to manage the update location
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
2. In the **Group Policy Management Editor** go to **Computer configuration**.
@ -103,7 +103,7 @@ The procedures in this article first describe how to set the order, and then how
4. Double-click the **Define file shares for downloading security intelligence updates** setting and set the option to **Enabled**.
5. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://msdn.microsoft.com/library/gg465305.aspx) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates.
5. Enter the file share source. If you have multiple sources, enter each source in the order they should be used, separated by a single pipe. Use [standard UNC notation](https://docs.microsoft.com/openspecs/windows_protocols/ms-dtyp/62e862f4-2a51-452e-8eeb-dc4ff5ee33cc) for denoting the path, for example: `\\host-name1\share-name\object-name|\\host-name2\share-name\object-name`. If you do not enter any paths then this source will be skipped when the VM downloads updates.
6. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting.
@ -111,12 +111,12 @@ The procedures in this article first describe how to set the order, and then how
> For Windows 10, versions 1703 up to and including 1809, the policy path is **Windows Components > Windows Defender Antivirus > Signature Updates**
> For Windows 10, version 1903, the policy path is **Windows Components > Windows Defender Antivirus > Security Intelligence Updates**
**Use Configuration Manager to manage the update location:**
## Use Configuration Manager to manage the update location
See [Configure Security intelligence Updates for Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-definition-updates) for details on configuring System Center Configuration Manager (current branch).
**Use PowerShell cmdlets to manage the update location:**
## Use PowerShell cmdlets to manage the update location
Use the following PowerShell cmdlets to set the update order.
@ -125,14 +125,14 @@ Set-MpPreference -SignatureFallbackOrder {LOCATION|LOCATION|LOCATION|LOCATION}
Set-MpPreference -SignatureDefinitionUpdateFileSharesSource {\\UNC SHARE PATH|\\UNC SHARE PATH}
```
See the following for more information:
- [Set-MpPreference -SignatureFallbackOrder](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturefallbackorder)
- [Set-MpPreference -SignatureFallbackOrder](https://docs.microsoft.com/powershell/module/defender/set-mppreference)
- [Set-MpPreference -SignatureDefinitionUpdateFileSharesSource](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference#-signaturedefinitionupdatefilesharessources)
- [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)
- [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx)
- [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index)
**Use Windows Management Instruction (WMI) to manage the update location:**
## Use Windows Management Instruction (WMI) to manage the update location
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
Use the [**Set** method of the **MSFT_MpPreference**](https://docs.microsoft.com/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)) class for the following properties:
```WMI
SignatureFallbackOrder
@ -140,21 +140,14 @@ SignatureDefinitionUpdateFileSharesSource
```
See the following for more information:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
- [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)
**Use Mobile Device Management (MDM) to manage the update location:**
## Use Mobile Device Management (MDM) to manage the update location
See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-signatureupdatefallbackorder) for details on configuring MDM.
## Related topics
## Related articles
- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)

24
windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
View File

@ -70,16 +70,16 @@ If you are a home user, or you are not subject to settings managed by a security
## Turn Tamper Protection on (or off) for your organization using Intune
If you are part of your organization's security team, you can turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune). (This feature is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender ATP](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) and that you meet the prerequisites listed below.)
If you are part of your organization's security team, you can turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management portal (Intune). (This feature is rolling out now; if you don't have it yet, you should very soon, assuming your organization has [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) (Microsoft Defender ATP) and that you meet the prerequisites listed below.)
You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task.
1. Make sure your organization meets the following requirements:
- Your organization must have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in Microsoft 365 E5. See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.)
- Your organization must have [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (this is included in Microsoft 365 E5. See [Microsoft 365 Enterprise overview](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview) for more details.)
- Your organization's devices must be managed by [Intune](https://docs.microsoft.com/intune/device-management-capabilities).
- Your Windows machines must be running [Windows OS 1903](https://docs.microsoft.com/windows/release-information/status-windows-10-1903) or later.
- You must be using Windows security and update [security intelligence](https://www.microsoft.com/wdsi/definitions) to version 1.287.60.0 (or above)
- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above)
- Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). (See [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md).)
2. Go to the Microsoft 365 Device Management portal ([https://devicemanagement.microsoft.com](https://devicemanagement.microsoft.com)) and sign in with your work or school account.
@ -108,7 +108,7 @@ No
No, third-party antivirus will continue to register with the Windows Security application.
### What happens if Microsoft Defender is not active on a device?
### What happens if Microsoft Defender Antivirus is not active on a device?
Tamper Protection will not have any impact on such devices.
@ -116,14 +116,14 @@ Tamper Protection will not have any impact on such devices.
If you are a home user, see [Turn Tamper Protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
If you are an organization using [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage Tamper Protection in Intune similar to how you manage other endpoint protection features. See [Turn Tamper Protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
### How does configuring Tamper Protection in Intune affect how I manage Windows Defender through my group policy?
### How does configuring Tamper Protection in Intune affect how I manage Windows Defender Antivirus through my group policy?
Your regular group policy doesnt apply to Tamper Protection, and changes to Windows Defender settings will be ignored when Tamper Protection is on.
Your regular group policy doesnt apply to Tamper Protection, and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is on.
### For Microsoft Defender Advanced Threat Protection E5, is configuring Tamper Protection in Intune targeted to the entire organization only?
### For Microsoft Defender ATP E5, is configuring Tamper Protection in Intune targeted to the entire organization only?
Configuring Tamper Protection in Intune can be targeted to your entire organization as well as to devices and user groups with Intune.
@ -135,7 +135,7 @@ Currently we do not have support to manage Tamper Protection through System Cent
Currently, configuring Tamper Protection in Intune is only available for customers who have [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
### What happens if I try to change Microsoft Defender settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
### What happens if I try to change Microsoft Defender ATP settings in Intune, System Center Configuration Manager, and Windows Management Instrumentation when Tamper Protection is enabled on a device?
You wont be able to change the features that are protected by Tamper Protection; those change requests are ignored.
@ -143,11 +143,11 @@ You wont be able to change the features that are protected by Tamper Protecti
No. Local admins cannot change or modify Tamper Protection settings.
### What happens if my device is onboarded with Microsoft Defender Advanced Threat Protection and then goes into an off-boarded state?
### What happens if my device is onboarded with Microsoft Defender ATP and then goes into an off-boarded state?
In this case, Tamper Protection status changes, and this feature is no longer applied.
### Will there be an alert about Tamper Protection status changing in the Microsoft Defender Advanced Threat Protection portal?
### Will there be an alert about Tamper Protection status changing in the Microsoft Defender Security Center?
Yes. The alert is shown in [https://securitycenter.microsoft.com](https://microsoft.securitycenter.com) under **Alerts**.
@ -167,4 +167,4 @@ No.
[Microsoft 365 Enterprise overview (at a glance)](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview#at-a-glance)
[Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
[Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)