| [Appendix B: Terminology in this guide](#appendix-b-terminology-used-in-this-guide) | Terms used in this guide. | Informational
diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
similarity index 54%
rename from windows/deployment/windows-10-enterprise-subscription-activation.md
rename to windows/deployment/windows-10-subscription-activation.md
index e57c8a14cc..914c40a5d6 100644
--- a/windows/deployment/windows-10-enterprise-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -1,6 +1,6 @@
---
title: Windows 10 Subscription Activation
-description: How to enable Windows 10 Enterprise E3 and E5 subscriptions
+description: How to dynamically enable Windows 10 Enterprise or Educations subscriptions
keywords: upgrade, update, task sequence, deploy
ms.prod: w10
ms.mktglfcycl: deploy
@@ -16,20 +16,33 @@ ms.topic: article
# Windows 10 Subscription Activation
-With Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.md) in your organization can now be accomplished with no keys and no reboots.
+Starting with Windows 10, version 1703 Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to **Windows 10 Enterprise** automatically if they are subscribed to Windows 10 Enterprise E3 or E5.
- If you are running Windows 10 version 1703 or later:
+With Windows 10, version 1903 the Subscription Activation feature also supports the ability to step-up from Windows 10 Pro Education to the Enterprise grade edition for educational institutions – **Windows 10 Education**.
+
+The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices.
+
+## Subscription Activation for Windows 10 Enterprise
+
+With Windows 10, version 1703 both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as online services via subscription. Deploying [Windows 10 Enterprise](planning/windows-10-enterprise-faq-itpro.md) in your organization can now be accomplished with no keys and no reboots.
+
+ If you are running Windows 10, version 1703 or later:
- Devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise.
- Product key-based Windows 10 Enterprise software licenses can be transitioned to Windows 10 Enterprise subscriptions.
Organizations that have an Enterprise agreement can also benefit from the new service, using traditional Active Directory-joined devices. In this scenario, the Active Directory user that signs in on their device must be synchronized with Azure AD using [Azure AD Connect Sync](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-whatis).
-See the following topics in this article:
+## Subscription Activation for Windows 10 Education
+
+Subscription Activation for Education works the same as the Enterprise version, but in order to use Subscription Activation for Education, you must have a device running Windows 10 Pro Education, version 1903 or later and an active subscription plan with a Windows 10 Enterprise license. For more information, see the [requirements](#windows-10-education-requirements) section.
+
+## In this article
+
- [Inherited Activation](#inherited-activation): Description of a new feature available in Windows 10, version 1803 and later.
- [The evolution of Windows 10 deployment](#the-evolution-of-deployment): A short history of Windows deployment.
-- [Requirements](#requirements): Prerequisites to use the Windows 10 Enterprise subscription model.
-- [Benefits](#benefits): Advantages of Windows 10 Enterprise + subscription-based licensing.
+- [Requirements](#requirements): Prerequisites to use the Windows 10 Subscription Activation model.
+- [Benefits](#benefits): Advantages of Windows 10 subscription-based licensing.
- [How it works](#how-it-works): A summary of the subscription-based licensing option.
- [Virtual Desktop Access (VDA)](#virtual-desktop-access-vda): Enable Windows 10 Subscription Activation for VMs in the cloud.
@@ -39,7 +52,7 @@ For information on how to deploy Windows 10 Enterprise licenses, see [Deploy Win
Inherited Activation is a new feature available in Windows 10, version 1803 that allows Windows 10 virtual machines to inherit activation state from their Windows 10 host.
-When a user with Windows 10 E3 or E5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
+When a user with Windows 10 E3/E5 or A3/A5 license assigned creates a new Windows 10 virtual machine (VM) using a Windows 10 local host, the VM inherits the activation state from a host machine independent of whether user signs on with a local account or using an Azure Active Directory (AAD) account on a VM.
To support Inherited Activation, both the host computer and the VM must be running Windows 10, version 1803 or later.
@@ -53,14 +66,17 @@ The following figure illustrates how deploying Windows 10 has evolved with each
- **Windows 7** required you to redeploy the operating system using a full wipe-and-load process if you wanted to change from Windows 7 Professional to Windows 10 Enterprise.
- **Windows 8.1** added support for a Windows 8.1 Pro to Windows 8.1 Enterprise in-place upgrade (considered a “repair upgrade” because the OS version was the same before and after). This was a lot easier than wipe-and-load, but it was still time-consuming.
-- **Windows 10 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU. This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
-- **Windows 10 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise. In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
-- **Windows 10 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
-- **Windows 10 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
-- **Windows 10 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.
+- **Windows 10, version 1507** added the ability to install a new product key using a provisioning package or using MDM to change the SKU. This required a reboot, which would install the new OS components, and took several minutes to complete. However, it was a lot quicker than in-place upgrade.
+- **Windows 10, version 1607** made a big leap forward. Now you can just change the product key and the SKU instantly changes from Windows 10 Pro to Windows 10 Enterprise. In addition to provisioning packages and MDM, you can just inject a key using SLMGR.VBS (which injects the key into WMI), so it became trivial to do this using a command line.
+- **Windows 10, version 1703** made this “step-up” from Windows 10 Pro to Windows 10 Enterprise automatic for those that subscribed to Windows 10 Enterprise E3 or E5 via the CSP program.
+- **Windows 10, version 1709** adds support for Windows 10 Subscription Activation, very similar to the CSP support but for large enterprises, enabling the use of Azure AD for assigning licenses to users. When those users sign in on an AD or Azure AD-joined machine, it automatically steps up from Windows 10 Pro to Windows 10 Enterprise.
+- **Windows 10, version 1803** updates Windows 10 Subscription Activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It is no longer necessary to run a script to perform the activation step on Windows 10 Pro prior to activating Enterprise. For virtual machines and hosts running Windows 10, version 1803 [Inherited Activation](#inherited-activation) is also enabled.
+- **Windows 10, version 1903** updates Windows 10 Subscription Activation to enable step up from Windows 10 Pro Education to Windows 10 Education for those with a qualifying Windows 10 or Microsoft 365 subscription.
## Requirements
+### Windows 10 Enterprise requirements
+
For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following:
- Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
@@ -70,33 +86,62 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
>[!NOTE]
>An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.
-For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3 or E5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
+For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
+### Windows 10 Education requirements
+
+1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
+2. A device with a Windows 10 Pro Education digital license. You can confirm this information in Settings > Update & Security> Activation.
+3. The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
+4. Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
+
+>If Windows 10 Pro is converted to Windows 10 Pro Education [using benefits available in Store for Education](https://docs.microsoft.com/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition.
+
+
## Benefits
-With Windows 10 Enterprise, businesses can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise E3 or E5 to their users. Now, with Windows 10 Enterprise E3 and E5 being available as a true online service, it is available in every channel thus allowing all organizations to take advantage of enterprise grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
+With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following:
- [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare)
- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-pricing)
You can benefit by moving to Windows as an online service in the following ways:
-1. Licenses for Windows 10 Enterprise are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization.
+1. Licenses for Windows 10 Enterprise and Education are checked based on Azure Active Directory (Azure AD) credentials, so now businesses have a systematic way to assign licenses to end users and groups in their organization.
2. User logon triggers a silent edition upgrade, with no reboot required
3. Support for mobile worker/BYOD activation; transition away from on-prem KMS and MAK keys.
-4. Compliance support via seat assignment.
+4. Compliance support via seat assignment.
+5. Licenses can be updated to different users dynamically, enabling you to optimize your licensing investment against changing needs.
## How it works
-When a licensed user signs in to a device that meets requirements using the Azure AD credentials associated with a Windows 10 Enterprise E3 or E5 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition, after a grace period of up to 90 days.
+The device is AAD joined from Settings > Accounts > Access work or school.
-Devices currently running Windows 10 Pro, version 1703 or later can get Windows 10 Enterprise Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel.
+The IT administrator assigns Windows 10 Enterprise to a user. See the following figure.
+
+
+
+When a licensed user signs in to a device that meets requirements using their Azure AD credentials, the operating system steps up from Windows 10 Pro to Windows 10 Enterprise (or Windows 10 Pro Education to Windows 10 Education) and all the appropriate Windows 10 Enterprise/Education features are unlocked. When a user’s subscription expires or is transferred to another user, the device reverts seamlessly to Windows 10 Pro / Windows 10 Pro Education edition, once current subscription validity expires.
+
+Devices running Windows 10 Pro, version 1703 or Windows 10 Pro Education, version 1903 or later can get Windows 10 Enterprise or Education Semi-Annual Channel on up to five devices for each user covered by the license. This benefit does not include Long Term Servicing Channel.
+
+The following figures summarize how the Subscription Activation model works:
+
+Before Windows 10, version 1903:
+
+
+After Windows 10, version 1903:
+
+
+Note:
+1. A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
+2. A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
### Scenarios
-**Scenario #1**: You are using Windows 10 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven’t yet deployed Windows 10 Enterprise).
+**Scenario #1**: You are using Windows 10, version 1803 or above, and just purchased Windows 10 Enterprise E3 or E5 subscriptions (or have had an E3 or E5 subscription for a while but haven’t yet deployed Windows 10 Enterprise).
All of your Windows 10 Pro devices will step-up to Windows 10 Enterprise, and devices that are already running Windows 10 Enterprise will migrate from KMS or MAK activated Enterprise edition to Subscription activated Enterprise edition when a Subscription Activation-enabled user signs in to the device.
@@ -118,15 +163,12 @@ If you’re running Windows 7, it can be more work. A wipe-and-load approach w
### Licenses
The following policies apply to acquisition and renewal of licenses on devices:
-- Devices that have been upgraded will attempt to acquire licenses every 30 days, and must be connected to the Internet to be successful.
-- Licenses are valid for 90 days. If a device is disconnected from the Internet until its current license expires, the operating system will revert to Windows 10 Pro. As soon as the device is connected to the Internet again, the license will automatically renew assuming the device is still present on list of user devices.
+- Devices that have been upgraded will attempt to renew licenses about every 30 days, and must be connected to the Internet to successfully acquire or renew a license.
+- If a device is disconnected from the Internet until its current subscription expires, the operating system will revert to Windows 10 Pro or Windows 10 Pro Education. As soon as the device is connected to the Internet again, the license will automatically renew.
- Up to five devices can be upgraded for each user license.
-- The list of devices is chronological and cannot be manually modified.
-- If a device meets requirements and a licensed user signs in on that device, it will be upgraded.
-- If five devices are already on the list and a subscribed user signs in on a sixth device, then this new device is added to the end of the list and the first device is removed.
-- Devices that are removed from the list will cease trying to acquire a license and revert to Windows 10 Pro when the grace period expires.
+- If a device the meets requirements and a licensed user signs in on that device, it will be upgraded.
-Licenses can also be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
+Licenses can be reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
When you have the required Azure AD subscription, group-based licensing is the preferred method to assign Enterprise E3 and E5 licenses to users. For more information, see [Group-based licensing basics in Azure AD](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-whatis-azure-portal).
@@ -154,7 +196,7 @@ changepk.exe /ProductKey %ProductKey%
)
-### Obtaining an Azure AD licence
+### Obtaining an Azure AD license
Enterprise Agreement/Software Assurance (EA/SA):
- Organizations with a traditional EA must order a $0 SKU, process e-mails sent to the license administrator for the company, and assign licenses using Azure AD (ideally to groups using the new Azure AD Premium feature for group assignment). For more information, see [Enabling Subscription Activation with an existing EA](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses#enabling-subscription-activation-with-an-existing-ea).
@@ -178,6 +220,6 @@ Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscr
## Related topics
-[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
-
[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
-
[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
+[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
+[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
+[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md
index 35cd9c6cba..30a33a05ff 100644
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@@ -6,6 +6,7 @@
### [Licensing requirements](windows-autopilot-requirements-licensing.md)
## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
### [Support for existing devices](existing-devices.md)
+### [White glove](white-glove.md)
### [User-driven mode](user-driven.md)
#### [Azure Active Directory joined](user-driven-aad.md)
#### [Hybrid Azure Active Directory joined](user-driven-hybrid.md)
diff --git a/windows/deployment/windows-autopilot/configure-autopilot.md b/windows/deployment/windows-autopilot/configure-autopilot.md
index 988b5d91f2..565ebcf3f6 100644
--- a/windows/deployment/windows-autopilot/configure-autopilot.md
+++ b/windows/deployment/windows-autopilot/configure-autopilot.md
@@ -20,17 +20,20 @@ ms.topic: article
- Windows 10
-## Deploying new devices
+
-When deploying new devices using Windows Autopilot, a common set of steps are required:
+## Configuring Autopilot to deploy new devices
-1. [Register devices with the Windows Autopilot deployment service](add-devices.md). Ideally, this step would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
-
-2. [Assign a profile of settings to each device](profiles.md), specifying how the device should be deployed and what user experience should be presented.
+When deploying new devices using Windows Autopilot, the following steps are required:
+1. [Register devices](add-devices.md). Ideally, this step would be performed by the OEM, reseller, or distributor from which the devices were purchased, but this can also be done by the organization by collecting the hardware identity and uploading it manually.
+2. [Configure device profiles](profiles.md), specifying how the device should be deployed and what user experience should be presented.
3. Boot the device. When the device is connected to a network with internet access, it will contact the Windows Autopilot deployment service to see if the device is registered, and if it is, it will download profile settings such as the [Enrollment Status page](enrollment-status.md), which are used to customize the end user experience.
-
+## Other configuration settings
+
+- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started.
+- [Cortana voiceover and speech recognition](windows-autopilot-scenarios.md): In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
## Related topics
diff --git a/windows/deployment/windows-autopilot/images/allow-white-glove-oobe.png b/windows/deployment/windows-autopilot/images/allow-white-glove-oobe.png
new file mode 100644
index 0000000000..da8a68d535
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/allow-white-glove-oobe.png differ
diff --git a/windows/deployment/windows-autopilot/images/choice.png b/windows/deployment/windows-autopilot/images/choice.png
new file mode 100644
index 0000000000..881744eec5
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/choice.png differ
diff --git a/windows/deployment/windows-autopilot/images/landing.png b/windows/deployment/windows-autopilot/images/landing.png
new file mode 100644
index 0000000000..13dea20b07
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/landing.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg01.png b/windows/deployment/windows-autopilot/images/wg01.png
new file mode 100644
index 0000000000..fa08be3f48
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg01.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg02.png b/windows/deployment/windows-autopilot/images/wg02.png
new file mode 100644
index 0000000000..5de01d6803
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg02.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg03.png b/windows/deployment/windows-autopilot/images/wg03.png
new file mode 100644
index 0000000000..89ac12747c
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg03.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg04.png b/windows/deployment/windows-autopilot/images/wg04.png
new file mode 100644
index 0000000000..a59ea766b7
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg04.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg05.png b/windows/deployment/windows-autopilot/images/wg05.png
new file mode 100644
index 0000000000..cea36fb6bd
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg05.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg06.png b/windows/deployment/windows-autopilot/images/wg06.png
new file mode 100644
index 0000000000..68cd29c24d
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg06.png differ
diff --git a/windows/deployment/windows-autopilot/images/wg07.png b/windows/deployment/windows-autopilot/images/wg07.png
new file mode 100644
index 0000000000..bc5a81bb3f
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/wg07.png differ
diff --git a/windows/deployment/windows-autopilot/images/white-glove-result.png b/windows/deployment/windows-autopilot/images/white-glove-result.png
new file mode 100644
index 0000000000..de3701e76d
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/white-glove-result.png differ
diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md
new file mode 100644
index 0000000000..88ac95d477
--- /dev/null
+++ b/windows/deployment/windows-autopilot/white-glove.md
@@ -0,0 +1,105 @@
+---
+title: Windows Autopilot for white glove deployment
+description: Windows Autopilot for white glove deployment
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, pre-provisioning
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: low
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greg-lindsay
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Windows Autopilot for white glove deployment
+
+**Applies to: Windows 10, version 1903**
+
+Windows Autopilot enables organizations to easily provision new devices - leveraging the preinstalled OEM image and drivers with a simple process that can be performed by the end user to help get their device business-ready.
+
+ 
+
+Windows Autopilot can also provide a white glove service that enables partners or IT staff to pre-provision a Windows 10 PC so that it is fully configured and business-ready. From the end user’s perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster.
+
+With **Windows Autopilot for white glove deployment**, the provisioning process is split. The time-consuming portions are performed by IT, partners, or OEMs. The end user simply completes a few neceesary settings and polices and then they can begin using their device.
+
+ 
+
+Enabled with Microsoft Intune in Windows 10, version 1903 and later, white glove deployment capabilities build on top of existing Windows Autopilot [user-driven scenarios](user-driven.md), supporting both the user-driven [Azure AD join](user-driven-aad.md) and [Hybrid Azure AD](user-driven-hybrid.md) join scenarios.
+
+## Prerequisites
+
+In addition to [Windows Autopilot requirements](windows-autopilot-requirements.md), Windows Autopilot for white glove deployment adds the following:
+
+- Windows 10, version 1903 or later is required.
+- An Intune subscription with additional flighted features that are not yet available publicly is currently required. Note: This feature will change soon from flighted to preview. Prior to this feature switching to preview status, attempts to perform white glove deployment without t flighted features will fail with an Intune enrollment error.
+- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements.
+- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device.
+
+## Preparation
+
+To be ready to try out Windows Autopilot for white glove deployment, ensure that you can first successfully use existing Windows Autopilot user-driven scenarios:
+
+- User-driven Azure AD join. Devices can be deployed using Windows Autopilot and joined to an Azure Active Directory tenant.
+- User-driven with Hybrid Azure AD join. Devices can be deployed using Windows Autopilot and joined to an on-premises Active Directory domain, then registered with Azure Active Directory to enable the Hybrid Azure AD join features.
+
+If these scenarios cannot be completed, Windows Autopilot for white glove deployment will also not succeed since it builds on top of these scenarios.
+
+To enable white glove deployment, an additional Autopilot profile setting must be configured:
+
+>[!TIP]
+>To see the white glove deployment Autopilot profile setting, use this URL to access the Intune portal: https://portal.azure.com/?microsoft_intune_enrollment_enableWhiteGlove=true. This is a temporary requirement.
+
+ 
+
+The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. **Note**: other user-targeted policies will not apply until the user signs into the device. To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users.
+
+## Scenarios
+
+Windows Autopilot for white glove deployment supports two distinct scenarios:
+- User-driven deployments with Azure AD Join. The device will be joined to an Azure AD tenant.
+- User-driven deployments with Hybrid Azure AD Join. The device will be joined to an on-premises Active Directory domain, and separately registered with Azure AD.
+Each of these scenarios consists of two parts, a technician flow and a user flow. At a high level, these parts are the same for Azure AD Join and Hybrid Azure AD join; differences are primarily seen by the end user in the authentication steps.
+
+### Technican flow
+
+The first part of the Windows Autopilot for white glove deployment process is designed to be carried out by a technician; this could be a member of the IT staff, a services partner, or an OEM – each organization can decide who should perform these activities.
+Regardless of the scenario, the process to be performed by the technician is the same:
+- Boot the device (running Windows 10 Pro, Enterprise, or Education SKUs, version 1903 or later).
+- From the first OOBE screen (which could be a language selection or locale selection screen), do not click **Next**. Instead, press the Windows key five times to view an additional options dialog. From that screen, choose the **Windows Autopilot provisioning** option and then click **Continue**.
+
+ 
+
+- On the **Windows Autopilot Configuration** screen, information will be displayed about the device:
+ - The Autopilot profile assigned to the device.
+ - The organization name for the device.
+ - The user assigned to the device (if there is one).
+ - A QR code containing a unique identifier for the device, useful to look up the device in Intune to make any configuration changes needed (e.g. assigning a user, adding the device to any additional groups needed for app or policy targeting).
+- Validate the information displayed. If any changes are needed, make these and then click **Refresh** to re-download the updated Autopilot profile details.
+
+ 
+
+- Click **Provision** to begin the provisioning process.
+If the pre-provisioning process completes successfully:
+- A green status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
+- Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user.
+
+If the pre-provisioning process fails:
+- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
+- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.
+
+ 
+
+### User flow
+
+If the pre-provisioning process completed successfully and the device was resealed, it can be delivered to the end user to complete the normal Windows Autopilot user-driven process. They will perform a standard set of steps:
+
+- Power on the device.
+- Select the appropriate language, locale, and keyboard layout.
+- Connect to a network (if using Wi-Fi). If using Hybrid Azure AD Join, there must be connectivity to a domain controller; if using Azure AD Join, internet connectivity is required.
+- On the branded sign-on screen, enter the user’s Azure Active Directory credentials.
+- If using Hybrid Azure AD Join, the device will reboot; after the reboot, enter the user’s Active Directory credentials.
+- Additional policies and apps will be delivered to the device, as tracked by the Enrollment Status Page (ESP). Once complete, the user will be able to access the desktop.
+
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index d73e7bb81f..e60e750555 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -1,5 +1,5 @@
---
-title: Windows Autopilot scenarios
+title: Windows Autopilot scenarios and capabilities
description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
@@ -14,10 +14,12 @@ ms.topic: article
---
-# Windows Autopilot scenarios
+# Windows Autopilot scenarios and capabilities
**Applies to: Windows 10**
+## Scenarios
+
Windows Autopilot includes support for a growing list of scenarios, designed to support common organization needs which can vary based on the type of organization and their progress moving to Windows 10 and [transitioning to modern management](https://docs.microsoft.com/windows/client-management/manage-windows-10-in-your-organization-modern-management).
For details about these scenarios, see these additional topics:
@@ -27,6 +29,34 @@ For details about these scenarios, see these additional topics:
- [Windows Autopilot self-deploying mode](self-deploying.md), for devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.
- [Windows Autopilot Reset](windows-autopilot-reset.md), to re-deploy a device in a business-ready state.
+## Capabilities
+
+### Windows Autopilot is self-updating during OOBE:
+
+Starting with the Windows 10, version 1903, Autopilot functional and critical updates will begin downloading automatically during OOBE after a device gets connected to a network and the [critical driver and Windows zero-day patch (ZDP) updates](https://docs.microsoft.com/windows-hardware/customize/desktop/windows-updates-during-oobe) have completed. The user or IT admin cannot opt-out of these Autopilot updates; they are required for Windows Autopilot deployment to operate properly. Windows will alert the user that the device is checking for, downloading and installing the updates.
+
+### Cortana voiceover and speech recognition during OOBE
+
+In Windows 10, version 1903 and later Cortana voiceover and speech recognition during OOBE is DISABLED by default for all Windows 10 Pro, Education and Enterprise SKUs.
+
+If desired, you can enable Cortana voiceover and speech recognition during OOBE by creating the following registry key. This key does not exist by default.
+
+HKLM\Software\Microsoft\Windows\CurrentVersion\OOBE\EnableVoiceForAllEditions
+
+The key value is a DWORD with **0** = disabled and **1** = enabled.
+
+| Value | Description |
+| --- | --- |
+| 0 | Cortana voiceover is disabled |
+| 1 | Cortana voiceover is enabled |
+| No value | Device will fall back to default behavior of the edition |
+
+To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+
+### Bitlocker encryption
+
+With Windows Autopilot, you can configure the BitLocker encryption settings to be applied before automatic encryption is started. For more information, see [Setting the BitLocker encryption algorithm for Autopilot devices](bitlocker.md)
+
## Related topics
[Windows Autopilot Enrollment Status page](enrollment-status.md)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index bbbde28edc..372e31aa2a 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -64,7 +64,7 @@ Windows Autopilot enables you to pre-register devices to your organization so th
Windows Autopilot enables you to:
* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
-* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites)).
+* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](windows-autopilot-requirements-configuration.md)).
* Restrict the Administrator account creation.
* Create and auto-assign devices to configuration groups based on a device's profile.
* Customize OOBE content specific to the organization.
diff --git a/windows/hub/index.md b/windows/hub/index.md
index dac41359d2..805d3fa7cd 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -15,19 +15,14 @@ ms.date: 10/02/2018
Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile.
-
-
-> [!video https://www.youtube.com/embed/hAva4B-wsVA]
-
-
-## Check out [what's new in Windows 10, version 1809](/windows/whats-new/whats-new-windows-10-version-1809).
+## Check out [what's new in Windows 10, version 1903](/windows/whats-new/whats-new-windows-10-version-1903).
-
+
What's New?
|
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md
index 35561d07af..9247b0b811 100644
--- a/windows/privacy/TOC.md
+++ b/windows/privacy/TOC.md
@@ -7,6 +7,7 @@
### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md)
## Basic level Windows diagnostic data events and fields
+### [Windows 10, version 1903 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
### [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -17,10 +18,14 @@
### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md)
### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md)
## Manage Windows 10 connection endpoints
-### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
-### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+### [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+### [Manage connections from Windows operating system components to Microsoft services using MDM](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md)
+### [Connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
-### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
-### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
-## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1903](windows-endpoints-1903-non-enterprise-editions.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1809](windows-endpoints-1809-non-enterprise-editions.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1803](windows-endpoints-1803-non-enterprise-editions.md)
+### [Connection endpoints for non-Enterprise editions of Windows 10, version 1709](windows-endpoints-1709-non-enterprise-editions.md)
+
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index ab42290c6b..4938d988d5 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
-audience: ITPro
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
---
@@ -33,6 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
@@ -1464,7 +1465,7 @@ The following fields are available:
### Census.Processor
-This event sends data about the processor (architecture, speed, number of cores, manufacturer, and model number), to help keep Windows up to date.
+This event sends data about the processor to help keep Windows up to date.
The following fields are available:
@@ -1822,61 +1823,6 @@ The following fields are available:
## Diagnostic data events
-### TelClientSynthetic.AbnormalShutdown_0
-
-This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date.
-
-The following fields are available:
-
-- **AbnormalShutdownBootId** Retrieves the Boot ID for which the abnormal shutdown was observed.
-- **CrashDumpEnabled** Indicates whether crash dumps are enabled.
-- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
-- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
-- **FirmwareResetReasonEmbeddedController** Firmware-supplied reason for the reset.
-- **FirmwareResetReasonEmbeddedControllerAdditional** Additional data related to the reset reason provided by the firmware.
-- **FirmwareResetReasonPch** Hardware-supplied reason for the reset.
-- **FirmwareResetReasonPchAdditional** Additional data related to the reset reason provided by the hardware.
-- **FirmwareResetReasonSupplied** Indicates whether the firmware supplied any reset reason.
-- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
-- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
-- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
-- **LastBugCheckBootId** The Boot ID of the last captured crash.
-- **LastBugCheckCode** Code that indicates the type of error.
-- **LastBugCheckContextFlags** Additional crash dump settings.
-- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
-- **LastBugCheckOtherSettings** Other crash dump settings.
-- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
-- **LastBugCheckProgress** Progress towards writing out the last crash dump.
-- **LastSuccessfullyShutdownBootId** The Boot ID of the last fully successful shutdown.
-- **PowerButtonCumulativePressCount** Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released").
-- **PowerButtonCumulativeReleaseCount** Indicates the number of times the power button has been released ("released" not to be confused with "pressed").
-- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record Power Button metrics (e.g.: due to a failure to lock/update the bootstat file).
-- **PowerButtonLastPressBootId** The Boot ID of the last time the Power Button was detected to have been pressed ("pressed" not to be confused with "released").
-- **PowerButtonLastPressTime** The date and time the Power Button was most recently pressed ("pressed" not to be confused with "released").
-- **PowerButtonLastReleaseBootId** The Boot ID of the last time the Power Button was released ("released" not to be confused with "pressed").
-- **PowerButtonLastReleaseTime** The date and time the Power Button was most recently released ("released" not to be confused with "pressed").
-- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
-- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the Power Button was pressed.
-- **PowerButtonPressLastPowerWatchdogStage** The last stage completed when the Power Button was most recently pressed.
-- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
-- **TransitionInfoBootId** The Boot ID of the captured transition information.
-- **TransitionInfoCSCount** The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved.
-- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited").
-- **TransitionInfoCSExitReason** Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered").
-- **TransitionInfoCSInProgress** Indicates whether the system was in or entering Connected Standby mode when the last marker was saved.
-- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp.
-- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
-- **TransitionInfoPowerButtonTimestamp** The most recent date and time when the Power Button was pressed (collected via a different mechanism than PowerButtonLastPressTime).
-- **TransitionInfoSleepInProgress** Indicates whether the system was in or entering Sleep mode when the last marker was saved.
-- **TransitionInfoSleepTranstionsToOn** The total number of times the system transitioned from Sleep mode to on, when the last marker was saved.
-- **TransitionInfoSystemRunning** Indicates whether the system was running when the last marker was saved.
-- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
-- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
-- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.
-- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint.
-- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
-
-
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect.
@@ -3009,26 +2955,43 @@ The following fields are available:
- **winInetError** The HResult of the operation.
+## Privacy logging notification events
+
+### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
+
+This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
+
+The following fields are available:
+
+- **cleanupTask** Indicates whether the task that launched the dialog should be cleaned up.
+- **cleanupTaskResult** The return code of the attempt to clean up the task used to show the dialog.
+- **deviceEvaluated** Indicates whether the device was eligible for evaluation of a known issue.
+- **deviceImpacted** Indicates whether the device was impacted by a known issue.
+- **modalAction** The action the user took on the dialog that was presented to them.
+- **modalResult** The return code of the attempt to show a dialog to the user explaining the issue.
+- **resetSettingsResult** The return code of the action to correct the known issue.
+
+
## Remediation events
### Microsoft.Windows.Remediation.Applicable
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+deny
The following fields are available:
- **ActionName** The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid.
+- **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
- **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times.
-- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled.
+- **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
- **DaysSinceLastSIH** The number of days since the most recent SIH executed.
- **DaysToNextSIH** The number of days until the next scheduled SIH execution.
-- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run.
+- **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@@ -3042,12 +3005,12 @@ The following fields are available:
- **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Reload** True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
@@ -3097,7 +3060,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available:
@@ -3113,12 +3076,12 @@ The following fields are available:
- **CV** The Correlation Vector.
- **DateTimeDifference** The difference between the local and reference clocks.
- **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
-- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in megabytes.
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
- **HResult** The result of the event execution.
- **LatestState** The final state of the plug-in component.
- **PackageVersion** The package version for the current Remediation.
@@ -3173,7 +3136,7 @@ The following fields are available:
- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
-- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **WindowsHyberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in Megabytes.
- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in Megabytes.
@@ -3302,13 +3265,13 @@ The following fields are available:
### Microsoft.Windows.Remediation.Started
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+deny
The following fields are available:
- **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of Remediation.
+- **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
@@ -3717,7 +3680,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Applicable
-Indicates whether a given plugin is applicable.
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3733,7 +3696,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed
-Indicates whether a given plugin has completed its work.
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3779,7 +3742,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Started
-This event indicates that a given plug-in has started.
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3817,7 +3780,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Applicable
-This event indicates whether a given plug-in is applicable.
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3833,7 +3796,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed
-This event indicates whether a given plug-in has completed its work.
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3886,7 +3849,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Started
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4042,7 +4005,7 @@ The following fields are available:
### SIHEngineTelemetry.EvalApplicability
-This event is sent when targeting logic is evaluated to determine if a device is eligible a given action.
+This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action.
@@ -4236,7 +4199,7 @@ The following fields are available:
- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5127,12 +5090,12 @@ This event lists the reboot reason when an app is going to reboot.
The following fields are available:
-- **BootId** The boot ID.
+- **BootId** The system boot ID.
- **BoottimeSinceLastShutdown** The boot time since the last shutdown.
- **RebootReason** Reason for the reboot.
-## Microsoft Store events
+## Windows Store events
### Microsoft.Windows.Store.Partner.ReportApplication
@@ -6296,6 +6259,12 @@ This event sends data specific to the FixupEditionId mitigation used for OS Upda
## Windows Update Reserve Manager events
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+
+
### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 658324d8b4..e6c8d962cb 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
-audience: ITPro
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
---
@@ -33,6 +33,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -68,7 +69,7 @@ The following fields are available:
- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device.
- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
-- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine.
- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
- **InventorySystemBios** The count of the number of this particular object type present on this device.
- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
@@ -1329,7 +1330,7 @@ The following fields are available:
### Census.App
-Provides information on IE and Census versions running on the device
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
The following fields are available:
@@ -1538,7 +1539,7 @@ The following fields are available:
### Census.Processor
-Provides information on several important data points about Processor settings
+This event sends data about the processor to help keep Windows up to date.
The following fields are available:
@@ -1912,6 +1913,41 @@ The following fields are available:
- **pendingDecision** Indicates the cause of reboot, if applicable.
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState** Indicates the highest applicable state of the optional content.
+- **buildVersion** The build version of the package being installed.
+- **clientId** The name of the application requesting the optional content change.
+- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult** The return code of the download operation.
+- **hrStatusUpdate** The return code of the servicing operation.
+- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion** The major version of the package being installed.
+- **minorVersion** The minor version of the package being installed.
+- **packageArchitecture** The architecture of the package being installed.
+- **packageLanguage** The language of the package being installed.
+- **packageName** The name of the package being installed.
+- **rebootRequired** Indicates whether a reboot is required to complete the operation.
+- **revisionVersion** The revision number of the package being installed.
+- **stackBuild** The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
+- **stackRevision** The revision number of the servicing stack binary performing the installation.
+- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState** A value indicating the state of the optional content before the operation started.
+- **updateTargetState** A value indicating the desired state of the optional content.
+
+
## Diagnostic data events
### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
@@ -3107,25 +3143,42 @@ The following fields are available:
- **winInetError** The HResult of the operation.
+## Privacy logging notification events
+
+### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
+
+This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
+
+The following fields are available:
+
+- **cleanupTask** Indicates whether the task that launched the dialog should be cleaned up.
+- **cleanupTaskResult** The return code of the attempt to clean up the task used to show the dialog.
+- **deviceEvaluated** Indicates whether the device was eligible for evaluation of a known issue.
+- **deviceImpacted** Indicates whether the device was impacted by a known issue.
+- **modalAction** The action the user took on the dialog that was presented to them.
+- **modalResult** The return code of the attempt to show a dialog to the user explaining the issue.
+- **resetSettingsResult** The return code of the action to correct the known issue.
+
+
## Remediation events
### Microsoft.Windows.Remediation.Applicable
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+deny
The following fields are available:
- **ActionName** The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid.
+- **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
- **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times.
-- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled.
+- **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
- **DaysSinceLastSIH** The number of days since the most recent SIH executed.
- **DaysToNextSIH** The number of days until the next scheduled SIH execution.
-- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run.
+- **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@@ -3139,12 +3192,12 @@ The following fields are available:
- **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Reload** True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
@@ -3214,7 +3267,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available:
@@ -3232,12 +3285,12 @@ The following fields are available:
- **CV** The Correlation Vector.
- **DateTimeDifference** The difference between the local and reference clocks.
- **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
-- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in megabytes.
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
- **hasRolledBack** Indicates whether the client machine has rolled back.
- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
- **hResult** The result of the event execution.
@@ -3298,7 +3351,7 @@ The following fields are available:
- **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in.
- **ServiceHealthPlugin** The nae of the Service Health plug-in.
- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully.
-- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs.
+- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive, in megabytes.
- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes.
- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Microsoft Store cache after cleanup, measured in Megabytes.
@@ -3313,7 +3366,7 @@ The following fields are available:
- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
-- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
- **windowsEditionId** Event to report the value of Windows Edition ID.
@@ -3347,13 +3400,13 @@ The following fields are available:
### Microsoft.Windows.Remediation.Started
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available:
- **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of Remediation.
+- **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
@@ -3615,7 +3668,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Applicable
-Indicates whether a given plugin is applicable.
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3631,7 +3684,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed
-Indicates whether a given plugin has completed its work.
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3678,7 +3731,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Started
-This event indicates that a given plug-in has started.
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3716,7 +3769,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Applicable
-This event indicates whether a given plug-in is applicable.
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3732,7 +3785,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed
-This event indicates whether a given plug-in has completed its work.
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -3786,7 +3839,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Started
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4128,7 +4181,7 @@ The following fields are available:
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Unique revision number of Update
- **ServerId** Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **SystemBIOSMajorRelease** Major version of the BIOS.
- **SystemBIOSMinorRelease** Minor version of the BIOS.
- **UpdateId** Unique Update ID
@@ -4192,7 +4245,7 @@ The following fields are available:
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5298,7 +5351,7 @@ The following fields are available:
- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
-## Microsoft Store events
+## Windows Store events
### Microsoft.Windows.Store.Partner.ReportApplication
@@ -6514,12 +6567,29 @@ The following fields are available:
## Windows Update Reserve Manager events
+### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+
+
### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
+### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed.
+
+
+
## Winlogon events
### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index 55e5adf886..afc2c72f17 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
-audience: ITPro
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
---
@@ -32,7 +32,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -1374,7 +1374,7 @@ The following fields are available:
### Census.App
-Provides information on IE and Census versions running on the device.
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
The following fields are available:
@@ -1582,9 +1582,53 @@ The following fields are available:
- **SLICVersion** Returns OS type/version from SLIC table.
+### Census.PrivacySettings
+
+This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **FindMyDevice** Current state of the "find my device" setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
### Census.Processor
-Provides information on several important data points about Processor settings.
+This event sends data about the processor to help keep Windows up to date.
The following fields are available:
@@ -1695,6 +1739,50 @@ The following fields are available:
- **SpeechInputLanguages** The Speech Input languages installed on the device.
+### Census.UserPrivacySettings
+
+This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **InkTypePersonalization** Current state of the inking and typing personalization setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
### Census.VM
This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date.
@@ -1819,7 +1907,6 @@ The following fields are available:
- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts).
- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
@@ -1845,16 +1932,6 @@ The following fields are available:
- **ver** Represents the major and minor version of the extension.
-### Common Data Extensions.receipts
-
-Represents various time information as provided by the client and helps for debugging purposes.
-
-The following fields are available:
-
-- **originalTime** The original event time.
-- **uploadTime** The time the event was uploaded.
-
-
### Common Data Extensions.sdk
Used by platform specific libraries to record fields that are required for a specific SDK.
@@ -2027,6 +2104,41 @@ The following fields are available:
- **transactionCanceled** Indicates whether the uninstall was cancelled.
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState** Indicates the highest applicable state of the optional content.
+- **buildVersion** The build version of the package being installed.
+- **clientId** The name of the application requesting the optional content change.
+- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult** The return code of the download operation.
+- **hrStatusUpdate** The return code of the servicing operation.
+- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion** The major version of the package being installed.
+- **minorVersion** The minor version of the package being installed.
+- **packageArchitecture** The architecture of the package being installed.
+- **packageLanguage** The language of the package being installed.
+- **packageName** The name of the package being installed.
+- **rebootRequired** Indicates whether a reboot is required to complete the operation.
+- **revisionVersion** The revision number of the package being installed.
+- **stackBuild** The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
+- **stackRevision** The revision number of the servicing stack binary performing the installation.
+- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState** A value indicating the state of the optional content before the operation started.
+- **updateTargetState** A value indicating the desired state of the optional content.
+
+
## Deployment extensions
### DeploymentTelemetry.Deployment_End
@@ -4120,26 +4232,43 @@ The following fields are available:
- **threadId** The ID of the thread the activity was run on.
+## Privacy logging notification events
+
+### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted
+
+This event returns data to report the efficacy of a single-use tool to inform users impacted by a known issue and to take corrective action to address the issue.
+
+The following fields are available:
+
+- **cleanupTask** Indicates whether the task that launched the dialog should be cleaned up.
+- **cleanupTaskResult** The return code of the attempt to clean up the task used to show the dialog.
+- **deviceEvaluated** Indicates whether the device was eligible for evaluation of a known issue.
+- **deviceImpacted** Indicates whether the device was impacted by a known issue.
+- **modalAction** The action the user took on the dialog that was presented to them.
+- **modalResult** The return code of the attempt to show a dialog to the user explaining the issue.
+- **resetSettingsResult** The return code of the action to correct the known issue.
+
+
## Remediation events
### Microsoft.Windows.Remediation.Applicable
-This event indicates a remedial plug-in is applicable if/when such a plug-in is detected. This is used to ensure Windows is up to date.
+deny
The following fields are available:
- **ActionName** The name of the action to be taken by the plug-in.
-- **AppraiserBinariesValidResult** Indicates whether plug-in was appraised as valid.
+- **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
- **AppraiserDetectCondition** Indicates whether the plug-in passed the appraiser's check.
- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
- **AppraiserTaskDisabled** Indicates the appraiser task is disabled.
- **AppraiserTaskValidFailed** Indicates the Appraiser task did not function and requires intervention.
- **CV** Correlation vector
- **DateTimeDifference** The difference between local and reference clock times.
-- **DateTimeSyncEnabled** Indicates whether the datetime sync plug-in is enabled.
+- **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
- **DaysSinceLastSIH** The number of days since the most recent SIH executed.
- **DaysToNextSIH** The number of days until the next scheduled SIH execution.
-- **DetectedCondition** Indicates whether detect condition is true and the perform action will be run.
+- **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
- **EvalAndReportAppraiserBinariesFailed** Indicates the EvalAndReportAppraiserBinaries event failed.
- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
- **EvalAndReportAppraiserRegEntriesFailed** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
@@ -4153,12 +4282,12 @@ The following fields are available:
- **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Reload** True if SIH reload is required.
-- **RemediationNoisyHammerAcLineStatus** Event that indicates the AC Line Status of the machine.
+- **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
-- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent hammer task ran.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
@@ -4228,7 +4357,7 @@ The following fields are available:
### Microsoft.Windows.Remediation.Completed
-This event enables completion tracking of a process that remediates issues preventing security and quality updates.
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available:
@@ -4246,12 +4375,12 @@ The following fields are available:
- **CV** The Correlation Vector.
- **DateTimeDifference** The difference between the local and reference clocks.
- **DaysSinceOsInstallation** The number of days since the installation of the Operating System.
-- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in Megabytes.
+- **DiskMbCleaned** The amount of space cleaned on the hard disk, measured in megabytes.
- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
-- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in Megabytes.
+- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
- **hasRolledBack** Indicates whether the client machine has rolled back.
- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
- **hResult** The result of the event execution.
@@ -4316,7 +4445,7 @@ The following fields are available:
- **ServiceHealthInstalledBitMap** List of services installed by the plugin.
- **ServiceHealthPlugin** The nae of the Service Health plug-in.
- **StartComponentCleanupTask** TRUE if the Component Cleanup task started successfully.
-- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive in MBs.
+- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive, in megabytes.
- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
- **TotalSizeofOrphanedInstallerFilesInMegabytes** The size of any orphaned Windows Installer files, measured in Megabytes.
- **TotalSizeofStoreCacheAfterCleanupInMegabytes** The size of the Microsoft Store cache after cleanup, measured in Megabytes.
@@ -4331,7 +4460,7 @@ The following fields are available:
- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
-- **usoScanPastThreshold** TRUE if the most recent USO (Update Session Orchestrator) scan is past the threshold (late).
+- **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
- **windowsEditionId** Event to report the value of Windows Edition ID.
@@ -4365,13 +4494,13 @@ The following fields are available:
### Microsoft.Windows.Remediation.Started
-This event reports whether a plug-in started, to help ensure Windows is up to date.
+This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
The following fields are available:
- **CV** Correlation vector.
- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
-- **PackageVersion** Current package version of Remediation.
+- **PackageVersion** The version of the current remediation package.
- **PluginName** Name of the plugin specified for each generic plugin event.
- **Result** This is the HRESULT for detection or perform action phases of the plugin.
- **RunCount** The number of times the remediation event started (whether it completed successfully or not).
@@ -4598,7 +4727,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Applicable
-Indicates whether a given plugin is applicable.
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4614,7 +4743,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Completed
-Indicates whether a given plugin has completed its work.
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4629,7 +4758,7 @@ The following fields are available:
### Microsoft.Windows.SedimentLauncher.Started
-This event indicates that a given plug-in has started.
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4642,7 +4771,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Applicable
-This event indicates whether a given plug-in is applicable.
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4658,7 +4787,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Completed
-This event indicates whether a given plug-in has completed its work.
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4680,7 +4809,7 @@ The following fields are available:
### Microsoft.Windows.SedimentService.Started
-This event indicates a specified plug-in has started. This information helps ensure Windows is up to date.
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
The following fields are available:
@@ -4934,7 +5063,7 @@ The following fields are available:
- **FlightId** The specific id of the flight the device is getting
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Identifies the revision number of this specific piece of content
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **SystemBIOSMajorRelease** Major release version of the system bios
- **SystemBIOSMinorRelease** Minor release version of the system bios
- **UpdateId** Identifier associated with the specific piece of content
@@ -4997,7 +5126,7 @@ The following fields are available:
- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5988,7 +6117,7 @@ The following fields are available:
- **PertProb** Constant used in algorithm for randomization.
-## Microsoft Store events
+## Windows Store events
### Microsoft.Windows.Store.StoreActivating
@@ -7646,6 +7775,12 @@ This event is sent when the Update Reserve Manager returns an error from one of
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+
+
### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index f8a042ef3d..5747f6f777 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -7,13 +7,13 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
-audience: ITPro
author: brianlic-msft
ms.author: brianlic
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 02/15/2019
+audience: ITPro
+ms.date: 04/19/2019
---
@@ -32,7 +32,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
You can learn more about Windows functional and diagnostic data through these articles:
-
+- [Windows 10, version 1903 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md)
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
@@ -311,6 +311,7 @@ The following fields are available:
- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers.
- **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers.
- **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS3Setup** The count of the number of this particular object type present on this device.
- **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device.
- **DatasourceApplicationFile_RS4Setup** The count of the number of this particular object type present on this device.
- **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device.
@@ -349,6 +350,7 @@ The following fields are available:
- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device.
- **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS3Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device.
@@ -361,6 +363,7 @@ The following fields are available:
- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
- **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS3Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device.
@@ -373,6 +376,7 @@ The following fields are available:
- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device.
- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device.
- **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device.
@@ -398,6 +402,7 @@ The following fields are available:
- **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS3Setup** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS4Setup** The count of the number of this particular object type present on this device.
- **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device.
@@ -436,6 +441,7 @@ The following fields are available:
- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device.
- **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device.
- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device.
+- **DecisionMatchingInfoBlock_RS3Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoBlock_RS4** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1803 present on this device.
- **DecisionMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device.
@@ -448,6 +454,7 @@ The following fields are available:
- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device.
- **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device.
- **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device.
+- **DecisionMatchingInfoPassive_RS3Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device.
@@ -460,6 +467,7 @@ The following fields are available:
- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device.
- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device.
- **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device.
@@ -472,6 +480,7 @@ The following fields are available:
- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device.
- **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device.
- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device.
+- **DecisionMediaCenter_RS3Setup** The count of the number of this particular object type present on this device.
- **DecisionMediaCenter_RS4** The total DecisionMediaCenter objects targeting Windows 10 version 1803 present on this device.
- **DecisionMediaCenter_RS4Setup** The count of the number of this particular object type present on this device.
- **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device.
@@ -522,6 +531,7 @@ The following fields are available:
- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
- **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers.
- **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers.
+- **Wmdrm_RS3Setup** The count of the number of this particular object type present on this device.
- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
- **Wmdrm_RS4Setup** The count of the number of this particular object type present on this device.
- **Wmdrm_RS5** The count of the number of this particular object type present on this device.
@@ -624,6 +634,17 @@ The following fields are available:
- **AppraiserVersion** The version of the appraiser file generating the events.
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
+
+This event indicates that the DatasourceDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
This event indicates that a new set of DatasourceDriverPackageAdd events will be sent.
@@ -1780,7 +1801,7 @@ The following fields are available:
### Census.App
-Provides information on IE and Census versions running on the device
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
The following fields are available:
@@ -1796,6 +1817,17 @@ The following fields are available:
- **IEVersion** The version of Internet Explorer that is running on the device.
+### Census.Azure
+
+This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets.
+
+The following fields are available:
+
+- **CloudCoreBuildEx** The Azure CloudCore build number.
+- **CloudCoreSupportBuildEx** The Azure CloudCore support build number.
+- **NodeID** The node identifier on the device that indicates whether the device is part of the Azure fleet.
+
+
### Census.Battery
This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date.
@@ -2038,7 +2070,7 @@ The following fields are available:
### Census.Processor
-Provides information on several important data points about Processor settings
+This event sends data about the processor to help keep Windows up to date.
The following fields are available:
@@ -2325,7 +2357,6 @@ The following fields are available:
- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs).
- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
-- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts).
- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
@@ -2351,16 +2382,6 @@ The following fields are available:
- **ver** Represents the major and minor version of the extension.
-### Common Data Extensions.receipts
-
-Represents various time information as provided by the client and helps for debugging purposes.
-
-The following fields are available:
-
-- **originalTime** The original event time.
-- **uploadTime** The time the event was uploaded.
-
-
### Common Data Extensions.sdk
Used by platform specific libraries to record fields that are required for a specific SDK.
@@ -2580,6 +2601,41 @@ The following fields are available:
- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update.
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState** Indicates the highest applicable state of the optional content.
+- **buildVersion** The build version of the package being installed.
+- **clientId** The name of the application requesting the optional content change.
+- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds** The number of seconds required to complete the optional content download.
+- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult** The return code of the download operation.
+- **hrStatusUpdate** The return code of the servicing operation.
+- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion** The major version of the package being installed.
+- **minorVersion** The minor version of the package being installed.
+- **packageArchitecture** The architecture of the package being installed.
+- **packageLanguage** The language of the package being installed.
+- **packageName** The name of the package being installed.
+- **rebootRequired** Indicates whether a reboot is required to complete the operation.
+- **revisionVersion** The revision number of the package being installed.
+- **stackBuild** The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
+- **stackRevision** The revision number of the servicing stack binary performing the installation.
+- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState** A value indicating the state of the optional content before the operation started.
+- **updateTargetState** A value indicating the desired state of the optional content.
+
+
## Deployment extensions
### DeploymentTelemetry.Deployment_End
@@ -2730,6 +2786,7 @@ The following fields are available:
- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe.
- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC.
- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events).
+- **PrivacyBlockedCount** The number of events blocked due to privacy settings or tags.
- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer.
- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
@@ -2769,6 +2826,7 @@ The following fields are available:
- **LastEventSizeOffender** Event name of last event which exceeded max event size.
- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
- **PreviousHeartBeatTime** The FILETIME of the previous heartbeat fire.
+- **PrivacyBlockedCount** The number of events blocked due to privacy settings or tags.
- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer.
- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
- **SettingsHttpFailures** Number of failures from contacting OneSettings service.
@@ -2837,6 +2895,33 @@ The following fields are available:
## Direct to update events
+### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability
+
+Event to indicate that the Coordinator CheckApplicability call succeeded.
+
+The following fields are available:
+
+- **ApplicabilityResult** Result of CheckApplicability function.
+- **CampaignID** Campaign ID being run.
+- **ClientID** Client ID being run.
+- **CoordinatorVersion** Coordinator version of DTU.
+- **CV** Correlation vector.
+- **IsDeviceAADDomainJoined** Indicates whether the device is logged in to the AAD (Azure Active Directory) domain.
+- **IsDeviceADDomainJoined** Indicates whether the device is logged in to the AD (Active Directory) domain.
+- **IsDeviceCloverTrail** Indicates whether the device has a Clover Trail system installed.
+- **IsDeviceFeatureUpdatingPaused** Indicates whether Feature Update is paused on the device.
+- **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network.
+- **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device.
+- **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device.
+- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date.
+- **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated.
+- **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications.
+- **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services).
+- **IsDeviceZeroExhaust** Indicates whether the device subscribes to the Zero Exhaust policy to minimize connections from Windows to Microsoft.
+- **IsGreaterThanMaxRetry** Indicates whether the DTU (Direct to Update) service has exceeded its maximum retry count.
+- **IsVolumeLicensed** Indicates whether a volume license was used to authenticate the operating system or applications on the device.
+
+
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure
This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call.
@@ -3813,6 +3898,8 @@ The following fields are available:
- **COMPID** The list of “Compatible IDs” for this device.
- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to.
- **Description** The description of the device.
+- **DeviceDriverFlightId** The test build (Flight) identifier of the device driver.
+- **DeviceExtDriversFlightIds** The test build (Flight) identifier for all extended device drivers.
- **DeviceInterfaceClasses** The device interfaces that this device implements.
- **DeviceState** Identifies the current state of the parent (main) device.
- **DriverId** The unique identifier for the installed driver.
@@ -3822,8 +3909,10 @@ The following fields are available:
- **DriverVerVersion** The version number of the driver installed on the device.
- **Enumerator** Identifies the bus that enumerated the device.
- **ExtendedInfs** The extended INF file names.
+- **FirstInstallDate** The first time this device was installed on the machine.
- **HWID** A list of hardware IDs for the device.
- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf).
+- **InstallDate** The date of the most recent installation of the device on the machine.
- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
- **InventoryVersion** The version number of the inventory process generating the events.
- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device.
@@ -3879,6 +3968,7 @@ The following fields are available:
This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent.
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
@@ -3980,12 +4070,18 @@ The following fields are available:
This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
+The following fields are available:
+
+- **key** The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
+The following fields are available:
+
+- **key** The globally unique identifier (GUID) used to identify the specific Json Trace logging session.
### Microsoft.Windows.Inventory.General.AppHealthStaticAdd
@@ -4437,6 +4533,43 @@ The following fields are available:
- **UserInputTime** The amount of time the loader application spent waiting for user input.
+## Migration events
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]** Predefined folder path locations.
+- **migDiagSession->CString** The phase of the upgrade where migration occurs. (E.g.: Validate tracked content)
+- **objectCount** The count for the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
+
+This event returns data about the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **knownFoldersSys[i]** The predefined folder path locations.
+- **migDiagSession->CString** Identifies the phase of the upgrade where migration happens.
+- **objectCount** The count of the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]** Predefined folder path locations.
+- **migDiagSession->CString** The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
+- **objectCount** The number of objects that are being transferred.
+
+
## Miracast events
### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
@@ -4669,6 +4802,354 @@ The following fields are available:
- **threadId** The ID of the thread on which the activity is executing.
+## Remediation events
+
+### Microsoft.Windows.Remediation.Applicable
+
+This event indicates whether Windows Update sediment remediations need to be applied to the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
+
+The following fields are available:
+
+- **AllowAutoUpdateExists** Indicates whether the Automatic Update feature is turned on.
+- **AllowAutoUpdateProviderSetExists** Indicates whether the Allow Automatic Update provider exists.
+- **AppraiserBinariesValidResult** Indicates whether the plug-in was appraised as valid.
+- **AppraiserRegistryValidResult** Indicates whether the registry entry checks out as valid.
+- **AppraiserTaskRepairDisabled** Task repair performed by the Appraiser plug-in is disabled.
+- **AppraiserTaskValid** Indicates that the Appraiser task is valid.
+- **AUOptionsExists** Indicates whether the Automatic Update options exist.
+- **CTACTargetingAttributesInvalid** Indicates whether the Common Targeting Attribute Client (CTAC) attributes are valid. CTAC is a Windows Runtime client library.
+- **CTACVersion** The Common Targeting Attribute Client (CTAT) version on the device. CTAT is a Windows Runtime client library.
+- **CV** Correlation vector
+- **DataStoreSizeInBytes** Size of the data store, in bytes.
+- **DateTimeDifference** The difference between local and reference clock times.
+- **DateTimeSyncEnabled** Indicates whether the Datetime Sync plug-in is enabled.
+- **daysSinceInstallThreshold** The maximum number of days since the operating system was installed before the device is checked to see if remediation is needed.
+- **daysSinceInstallValue** Number of days since the operating system was installed.
+- **DaysSinceLastSIH** The number of days since the most recent SIH executed.
+- **DaysToNextSIH** The number of days until the next scheduled SIH execution.
+- **DetectConditionEnabled** Indicates whether a condition that the remediation tool can repair was detected.
+- **DetectedCondition** Indicates whether detected condition is true and the perform action will be run.
+- **DetectionFailedReason** Indicates why a given remediation failed to fix a problem that was detected.
+- **DiskFreeSpaceBeforeSedimentPackInMB** Number of megabytes of disk space available on the device before running the Sediment Pack.
+- **DiskSpaceBefore** The amount of free disk space available before a remediation was run.
+- **EditionIdFixCorrupted** Indicates whether the Edition ID is corrupted.
+- **EscalationTimerResetFixResult** The result of fixing the escalation timer.
+- **EvalAndReportAppraiserRegEntries** Indicates the EvalAndReportAppraiserRegEntriesFailed event failed.
+- **FixedEditionId** Indicates whether we fixed the edition ID.
+- **FlightRebootTime** The amount of time before the system is rebooted.
+- **ForcedRebootToleranceDays** The maximum number of days before a system reboot is forced on the devie.
+- **FreeSpaceRequirement** The amount of free space required.
+- **GlobalEventCounter** Client side counter that indicates ordering of events sent by the remediation system.
+- **HResult** The HRESULT for detection or perform action phases of the plugin.
+- **installDateValue** The date of the installation.
+- **IsAppraiserLatestResult** The HRESULT from the appraiser task.
+- **IsConfigurationCorrected** Indicates whether the configuration of SIH task was successfully corrected.
+- **IsEscalationTimerResetFixNeeded** Determines whether a fix is applicable.
+- **IsForcedModeEnabled** Indicates whether forced reboot mode is enabled.
+- **IsHomeSku** Indicates whether the device is running the Windows 10 Home edition.
+- **IsRebootForcedMode** Indicates whether the forced reboot mode is turned on.
+- **IsServiceHardeningEnabled** Indicates whether the Windows Service Hardening feature was turned on for the device.
+- **IsServiceHardeningNeeded** Indicates whether Windows Service Hardening was needed for the device (multiple instances of service tampering were detected.)
+- **isThreshold** Indicates whether the value meets our threshold.
+- **IsUsoRebootPending** Indicates whether a system reboot is pending.
+- **IsUsoRebootPendingInUpdateStore** Indicates whether a reboot is pending.
+- **IsUsoRebootTaskEnabled** Indicates whether the Update Service Orchestrator (USO) reboot task is enabled
+- **IsUsoRebootTaskExists** Indicates whether the Update Service Orchestrator (USO) reboot task exists.
+- **IsUsoRebootTaskValid** Indicates whether the Update Service Orchestrator (USO) reboot task is valid.
+- **LastHresult** The HRESULT for detection or perform action phases of the plugin.
+- **LastRebootTaskRunResult** Indicates the result of the last reboot task.
+- **LastRebootTaskRunTime** The length of time the last reboot task took to run.
+- **LastRun** The date of the most recent SIH run.
+- **LPCountBefore** The number of language packs on the device before remediation started.
+- **NextCheck** Indicates when remediation will next be attempted.
+- **NextRebootTaskRunTime** Indicates when the next system reboot task will run.
+- **NextRun** Date of the next scheduled SIH run.
+- **NoAutoUpdateExists** Indicates whether the Automatic Updates feature is turned off.
+- **NumberOfDaysStuckInReboot** The number of days tht the device has been unable to successfully reboot.
+- **OriginalEditionId** The Windows edition ID before remediation started.
+- **PackageVersion** The version of the current remediation package.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **ProductType** The product type of Windows 10.
+- **QualityUpdateSedimentFunnelState** Provides information about whether Windows Quality Updates are missing on the device.
+- **QualityUpdateSedimentJsonSchemaVersion** The schema version of the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentLastRunSeconds** The number of seconds since the Quality Updates were run.
+- **QualityUpdateSedimentLocalStartTime** Provides information about when Quality Updates were run.
+- **QualityUpdateSedimentLocaltTime** The local time of the device running the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentTargetedPlugins** Provides the list of remediation plug-ins that are applicable to enable Quality Updates on the device.
+- **QualityUpdateSedimentTargetedTriggers** Provides information about remediations that are applicable to enable Quality Updates on the device.
+- **RegkeysExist** Indicates whether specified registry keys exist.
+- **Reload** True if SIH reload is required.
+- **RemediationAutoUAAcLineStatus** Indicates the power status returned by the Automatic Update Assistant tool.
+- **RemediationAutoUAAutoStartCount** Indicates the number of times the Automatic Update Assistant tool has automatically started.
+- **RemediationAutoUACalendarTaskEnabled** Indicates whether an Automatic Update Assistant tool task is enabled.
+- **RemediationAutoUACalendarTaskExists** Indicates whether an Automatic Update Assistant tool task exists.
+- **RemediationAutoUACalendarTaskTriggerEnabledCount** Indicates the number of times an Automatic Update Assistant tool task has been triggered.
+- **RemediationAutoUADaysSinceLastTaskRunTime** Indicates the last run time an Automatic Update Assistant tool task was run.
+- **RemediationAutoUAGetCurrentSize** Indicates the current size of the Automatic Update Assistant tool.
+- **RemediationAutoUAIsInstalled** Indicates whether the Automatic Update Assistant tool is installed.
+- **RemediationAutoUALastTaskRunResult** Indicates the result from the last time the Automatic Update Assistant tool was run.
+- **RemediationAutoUAMeteredNetwork** Indicates whether the Automatic Update Assistant tool is running on a metered network.
+- **RemediationAutoUATaskEnabled** Indicates whether the Automatic Update Assistant tool task is enabled.
+- **RemediationAutoUATaskExists** Indicates whether an Automatic Update Assistant tool task exists.
+- **RemediationAutoUATasksStalled** Indicates whether an Automatic Update Assistant tool task is stalled.
+- **RemediationAutoUATaskTriggerEnabledCount** Indicates how many times an Automatic Update Assistant tool task was triggered.
+- **RemediationAutoUAUAExitCode** Indicates any exit code provided by the Automatic Update Assistant tool.
+- **RemediationAutoUAUAExitState** Indicates the exit state of the Automatic Update Assistant tool.
+- **RemediationAutoUAUserLoggedIn** Indicates whether a user is logged in.
+- **RemediationAutoUAUserLoggedInAdmin** Indicates whether a user is logged in as an Administrator.
+- **RemediationCorruptionRepairBuildNumber** The build number to use to repair corruption.
+- **RemediationCorruptionRepairCorruptionsDetected** Indicates whether corruption was detected.
+- **RemediationCorruptionRepairDetected** Indicates whether an attempt was made to repair the corruption.
+- **RemediationDeliverToastBuildNumber** Indicates a build number that should be applicable to this device.
+- **RemediationDeliverToastDetected** Indicates that a plug-in has been detected.
+- **RemediationDeliverToastDeviceExcludedNation** Indicates the geographic identity (GEO ID) that is not applicable for a given plug-in.
+- **RemediationDeliverToastDeviceFreeSpaceInMB** Indicates the amount of free space, in megabytes.
+- **RemediationDeliverToastDeviceHomeSku** Indicates whether the plug-in is applicable for the Windows 10 Home edition.
+- **RemediationDeliverToastDeviceIncludedNation** Indicates the geographic identifier (GEO ID) that is applicable for a given plug-in.
+- **RemediationDeliverToastDeviceProSku** Indicates whether the plug-in is applicable for the Windows 10 Professional edition.
+- **RemediationDeliverToastDeviceSystemDiskSizeInMB** Indicates the size of a system disk, in megabytes.
+- **RemediationDeliverToastGeoId** Indicates the geographic identifier (GEO ID) that is applicable for a given plug-in.
+- **RemediationDeviceSkuId** The Windows 10 edition ID that maps to the version of Windows 10 on the device.
+- **RemediationGetCurrentFolderExist** Indicates whether the GetCurrent folder exists.
+- **RemediationNoisyHammerAcLineStatus** Indicates the AC Line Status of the device.
+- **RemediationNoisyHammerAutoStartCount** The number of times hammer auto-started.
+- **RemediationNoisyHammerCalendarTaskEnabled** Event that indicates Update Assistant Calendar Task is enabled.
+- **RemediationNoisyHammerCalendarTaskExists** Event that indicates an Update Assistant Calendar Task exists.
+- **RemediationNoisyHammerCalendarTaskTriggerEnabledCount** Event that indicates calendar triggers are enabled in the task.
+- **RemediationNoisyHammerDaysSinceLastTaskRunTime** The number of days since the most recent Noisy Hammer task ran.
+- **RemediationNoisyHammerGetCurrentSize** Size in MB of the $GetCurrent folder.
+- **RemediationNoisyHammerIsInstalled** TRUE if the noisy hammer is installed.
+- **RemediationNoisyHammerLastTaskRunResult** The result of the last hammer task run.
+- **RemediationNoisyHammerMeteredNetwork** TRUE if the machine is on a metered network.
+- **RemediationNoisyHammerTaskEnabled** Indicates whether the Update Assistant Task (Noisy Hammer) is enabled.
+- **RemediationNoisyHammerTaskExists** Indicates whether the Update Assistant Task (Noisy Hammer) exists.
+- **RemediationNoisyHammerTasksStalled** Indicates whether a task (Noisy Hammer) is stalled.
+- **RemediationNoisyHammerTaskTriggerEnabledCount** Indicates whether counting is enabled for the Update Assistant (Noisy Hammer) task trigger.
+- **RemediationNoisyHammerUAExitCode** The exit code of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUAExitState** The code for the exit state of the Update Assistant (Noisy Hammer) task.
+- **RemediationNoisyHammerUserLoggedIn** TRUE if there is a user logged in.
+- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
+- **RemediationNotifyUserFixIssuesBoxStatusKey** Status of the remediation plug-in.
+- **RemediationNotifyUserFixIssuesBuildNumber** The build number of the remediation plug-in.
+- **RemediationNotifyUserFixIssuesDetected** Indicates whether the remediation is necessary.
+- **RemediationNotifyUserFixIssuesDiskSpace** Indicates whether the remediation is necessary due to low disk space.
+- **RemediationNotifyUserFixIssuesFeatureUpdateBlocked** Indicates whether the remediation is necessary due to Feature Updates being blocked.
+- **RemediationNotifyUserFixIssuesFeatureUpdateInProgress** Indicates whether the remediation is necessary due to Feature Updates in progress.
+- **RemediationNotifyUserFixIssuesIsUserAdmin** Indicates whether the remediation requires that an Administrator is logged in.
+- **RemediationNotifyUserFixIssuesIsUserLoggedIn** Indicates whether the remediation can take place when a non-Administrator is logged in.
+- **RemediationProgramDataFolderSizeInMB** The size (in megabytes) of the Program Data folder on the device.
+- **RemediationProgramFilesFolderSizeInMB** The size (in megabytes) of the Program Files folder on the device.
+- **RemediationShellDeviceApplicabilityFailedReason** The reason the Remediation is not applicable to the device (expressed as a bitmap).
+- **RemediationShellDeviceEducationSku** Indicates whether the Windows 10 Education edition is detected on the device.
+- **RemediationShellDeviceEnterpriseSku** Indicates whether the Windows 10 Enterprise edition is detected on the device.
+- **RemediationShellDeviceFeatureUpdatesPaused** Indicates whether Feature Updates are paused on the device.
+- **RemediationShellDeviceHomeSku** Indicates whether the Windows 10 Home edition is detected on the device.
+- **RemediationShellDeviceIsAllowedSku** Indicates whether the Windows 10 edition is applicable to the device.
+- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
+- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
+- **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected.
+- **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device.
+- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
+- **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress.
+- **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry.
+- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
+- **RemediationShellHasExpired** Indicates whether the remediation iterations have ended.
+- **RemediationShellHasUpgraded** Indicates whether the device upgraded.
+- **RemediationShellIsDeviceApplicable** Indicates whether the remediation is applicable to the device.
+- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
+- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
+- **RemediationTaskHealthChkdskProactiveScan** True/False based on the health of the Check Disk task.
+- **RemediationTaskHealthDiskCleanup_SilentCleanup** True/False based on the health of the Disk Cleanup task.
+- **RemediationTaskHealthMaintenance_WinSAT** True/False based on the health of the Health Maintenance task.
+- **RemediationTaskHealthServicing_ComponentCleanupTask** True/False based on the health of the Health Servicing Component task.
+- **RemediationTaskHealthUSO_ScheduleScanTask** True/False based on the health of the USO (Update Session Orchestrator) Schedule task.
+- **RemediationTaskHealthWindowsUpdate_ScheduledStartTask** True/False based on the health of the Windows Update Scheduled Start task.
+- **RemediationTaskHealthWindowsUpdate_SihbootTask** True/False based on the health of the Sihboot task.
+- **RemediationUHServiceDisabledBitMap** A bitmap indicating which services were disabled.
+- **RemediationUHServiceNotExistBitMap** A bitmap indicating which services were deleted.
+- **RemediationUsersFolderSizeInMB** The size (in megabytes) of the Users folder on the device.
+- **RemediationWindows10UpgradeFolderExist** Indicates whether the Windows 10 Upgrade folder exists.
+- **RemediationWindows10UpgradeFolderSizeInMB** The size (in megabytes) of the Windows 10 Upgrade folder on the device.
+- **RemediationWindowsAppsFolderSizeInMB** The size (in megabytes) of the Windows Applications folder on the device.
+- **RemediationWindowsBtFolderSizeInMB** The size (in megabytes) of the Windows BT folder on the device.
+- **RemediationWindowsFolderSizeInMB** The size (in megabytes) of the Windows folder on the device.
+- **RemediationWindowsServiceProfilesFolderSizeInMB** The size (in megabytes) of the Windows service profile on the device.
+- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
+- **RunTask** TRUE if SIH task should be run by the plug-in.
+- **StorageSenseDiskCompresserEstimateInMB** The estimated amount of free space that can be cleaned up by running Storage Sense.
+- **StorageSenseHelloFaceRecognitionFodCleanupEstimateInByte** The estimated amount of space that can be cleaned up by running Storage Sense and removing Windows Hello facial recognition.
+- **StorageSenseRestorePointCleanupEstimateInMB** The estimated amount of free space (in megabytes) that can be cleaned up by running Storage Sense.
+- **StorageSenseUserDownloadFolderCleanupEstimateInByte** The estimated amount of space that can be cleaned up by running Storage Sense to clean up the User Download folder.
+- **TimeServiceNTPServer** The URL for the NTP time server used by device.
+- **TimeServiceStartType** The startup type for the NTP time service.
+- **TimeServiceSyncDomainJoined** True if device domain joined and hence uses DC for clock.
+- **TimeServiceSyncType** Type of sync behavior for Date & Time service on device.
+- **uninstallActiveValue** Indicates whether an uninstall is in progress.
+- **UpdateApplicabilityFixerTriggerBitMap** A bitmap containing the reason(s) why the Update Applicability Fixer Plugin was executed.
+- **UpdateRebootTime** The amount of time it took to reboot to install the updates.
+- **usoScanHoursSinceLastScan** The number of hours since the last scan by the Update Service Orchestrator (USO).
+- **usoScanPastThreshold** Indicates whether the Update Service Orchestrator (USO) scan is overdue.
+- **WindowsHiberFilSysSizeInMegabytes** The size of the Windows Hibernation file, in megabytes.
+- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, in megabytes.
+- **WindowsPageFileSysSizeInMegabytes** The size of the Windows Page file, in megabytes.
+- **WindowsSoftwareDistributionFolderSizeInMegabytes** The size of the Software Distribution folder, in megabytes.
+- **WindowsSwapFileSysSizeInMegabytes** The size of the Windows Swap file, in megabytes.
+- **WindowsSxsFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) folder, in megabytes.
+
+
+### Microsoft.Windows.Remediation.Completed
+
+This event is sent when Windows Update sediment remediations have completed on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
+
+The following fields are available:
+
+- **ActionName** Name of the action to be completed by the plug-in.
+- **AppraiserTaskMissing** TRUE if the Appraiser task is missing.
+- **branchReadinessLevel** Branch readiness level policy.
+- **cloudControlState** Value indicating whether the shell is enabled on the cloud control settings.
+- **CV** The Correlation Vector.
+- **DiskFreeSpaceAfterSedimentPackInMB** The amount of free disk space (in megabytes) after executing the Sediment Pack.
+- **DiskFreeSpaceBeforeSedimentPackInMB** The amount of free disk space (in megabytes) before executing the Sediment Pack.
+- **DiskMbFreeAfterCleanup** The amount of free hard disk space after cleanup, measured in Megabytes.
+- **DiskMbFreeBeforeCleanup** The amount of free hard disk space before cleanup, measured in Megabytes.
+- **DiskSpaceCleanedByComponentCleanup** The amount of disk space (in megabytes) in the component store that was cleaned up by the plug-in.
+- **DiskSpaceCleanedByNGenRemoval** The amount of diskspace (megabytes) in the Native Image Generator (NGEN) cache that was cleaned up by the plug-in.
+- **DiskSpaceCleanedByRestorePointRemoval** The amount of disk space (megabytes) in restore points that was cleaned up by the plug-in.
+- **ForcedAppraiserTaskTriggered** TRUE if Appraiser task ran from the plug-in.
+- **GlobalEventCounter** Client-side counter that indicates ordering of events sent by the active user.
+- **HandlerCleanupFreeDiskInMegabytes** The amount of hard disk space cleaned by the storage sense handlers, measured in megabytes.
+- **hasRolledBack** Indicates whether the client machine has rolled back.
+- **hasUninstalled** Indicates whether the client machine has uninstalled a later version of the OS.
+- **hResult** The result of the event execution.
+- **HResult** The result of the event execution.
+- **installDate** The value of installDate registry key. Indicates the install date.
+- **isNetworkMetered** Indicates whether the client machine has uninstalled a later version of the OS.
+- **LatestState** The final state of the plug-in component.
+- **MicrosoftCompatibilityAppraiser** The name of the component targeted by the Appraiser plug-in.
+- **PackageVersion** The package version for the current Remediation.
+- **PluginName** The name of the plug-in specified for each generic plug-in event.
+- **QualityUpdateSedimentExecutedPlugins** The number of plug-ins executed by the Windows Quality Update remediation.
+- **QualityUpdateSedimentFunnelState** The state of the Windows Quality Update remediation funnel for the device.
+- **QualityUpdateSedimentJsonSchemaVersion** The schema version of the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentLocalEndTime** The local time on the device when the Windows Quality Update remediation executed.
+- **QualityUpdateSedimentLocaltTime** The local time of the device running the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentMatchedTriggers** The list of triggers that were matched by the Windows Quality Update remediation.
+- **QualityUpdateSedimentModelExecutionSeconds** The number of seconds needed to execute the Windows Quality Update remediation.
+- **recoveredFromTargetOS** Indicates whether the device recovered from the target operating system (OS).
+- **RemediationBatteryPowerBatteryLevel** Indicates the battery level at which it is acceptable to continue operation.
+- **RemediationBatteryPowerExitDueToLowBattery** True when we exit due to low battery power.
+- **RemediationBatteryPowerOnBattery** True if we allow execution on battery.
+- **RemediationCbsTempDiskSpaceCleanedInMB** The amount of space (in megabytes) that the plug-in cleaned up in the CbsTemp folder.
+- **RemediationCbsTempEstimateInMB** The amount of space (megabytes) in the CbsTemp folder that is available for cleanup by the plug-in.
+- **RemediationComponentCleanupEstimateInMB** The amount of space (megabytes) in the WinSxS (Windows Side-by-Side) folder that is available for cleanup by the plug-in.
+- **RemediationConfigurationTroubleshooterIpconfigFix** TRUE if IPConfig Fix completed successfully.
+- **RemediationConfigurationTroubleshooterNetShFix** TRUE if network card cache reset ran successfully.
+- **RemediationCorruptionRepairCorruptionsDetected** Number of corruptions detected on the device.
+- **RemediationCorruptionRepairCorruptionsFixed** Number of detected corruptions that were fixed on the device.
+- **RemediationCorruptionRepairPerformActionSuccessful** Indicates whether corruption repair was successful on the device.
+- **RemediationDiskCleanupSearchFileSizeInMB** The size of the Cleanup Search index file, measured in megabytes.
+- **RemediationDiskSpaceSavedByCompressionInMB** The amount of disk space (megabytes) that was compressed by the plug-in.
+- **RemediationDiskSpaceSavedByUserProfileCompressionInMB** The amount of User disk space (in megabytes) that was compressed by the plug-in.
+- **remediationExecution** Remediation shell is in "applying remediation" state.
+- **RemediationHandlerCleanupEstimateInMB** The estimated amount of disk space (in megabytes) to be cleaned up by running Storage Sense.
+- **RemediationHibernationMigrated** TRUE if hibernation was migrated.
+- **RemediationHibernationMigrationSucceeded** TRUE if hibernation migration succeeded.
+- **RemediationNGenDiskSpaceRestored** The amount of disk space (in megabytes) that was restored after re-running the Native Image Generator (NGEN).
+- **RemediationNGenEstimateInMB** The amount of disk space (in megabytes) estimated to be in the Native Image Generator (NGEN) cache by the plug-in.
+- **RemediationNGenMigrationSucceeded** Indicates whether the Native Image Generator (NGEN) migration succeeded.
+- **RemediationRestorePointEstimateInMB** The amount of disk space (in megabytes) estimated to be used by storage points found by the plug-in.
+- **RemediationSearchFileSizeEstimateInMB** The amount of disk space (megabytes) estimated to be used by the Cleanup Search index file found by the plug-in.
+- **RemediationShellHasUpgraded** TRUE if the device upgraded.
+- **RemediationShellMinimumTimeBetweenShellRuns** Indicates the time between shell runs exceeded the minimum required to execute plugins.
+- **RemediationShellRunFromService** TRUE if the shell driver was run from the service.
+- **RemediationShellSessionIdentifier** Unique identifier tracking a shell session.
+- **RemediationShellSessionTimeInSeconds** Indicates the time the shell session took in seconds.
+- **RemediationShellTaskDeleted** Indicates that the shell task has been deleted so no additional sediment pack runs occur for this installation.
+- **RemediationSoftwareDistributionCleanedInMB** The amount of disk space (megabytes) in the Software Distribution folder that was cleaned up by the plug-in.
+- **RemediationSoftwareDistributionEstimateInMB** The amount of disk space (megabytes) in the Software Distribution folder that is available for clean up by the plug-in.
+- **RemediationTotalDiskSpaceCleanedInMB** The total disk space (in megabytes) that was cleaned up by the plug-in.
+- **RemediationUpdateServiceHealthRemediationResult** The result of the Update Service Health plug-in.
+- **RemediationUpdateTaskHealthRemediationResult** The result of the Update Task Health plug-in.
+- **RemediationUpdateTaskHealthTaskList** A list of tasks fixed by the Update Task Health plug-in.
+- **RemediationUserFolderCompressionEstimateInMB** The amount of disk space (in megabytes) estimated to be compressible in User folders by the plug-in.
+- **RemediationUserProfileCompressionEstimateInMB** The amount of disk space (megabytes) estimated to be compressible in User Profile folders by the plug-in.
+- **RemediationUSORebootRequred** Indicates whether a reboot is determined to be required by calling the Update Service Orchestrator (USO).
+- **RemediationWindowsCompactedEstimateInMB** The amount of disk space (megabytes) estimated to be available by compacting the operating system using the plug-in.
+- **RemediationWindowsLogSpaceEstimateInMB** The amount of disk space (in megabytes) available in Windows logs that can be cleaned by the plug-in.
+- **RemediationWindowsLogSpaceFreed** The amount of disk space freed by deleting the Windows log files, measured in Megabytes.
+- **RemediationWindowsOldSpaceEstimateInMB** The amount of disk space (megabytes) in the Windows.OLD folder that can be cleaned up by the plug-in.
+- **RemediationWindowsSpaceCompactedInMB** The amount of disk space (megabytes) that can be cleaned up by the plug-in.
+- **RemediationWindowsStoreSpaceCleanedInMB** The amount of disk space (megabytes) from the Windows Store cache that was cleaned up by the plug-in.
+- **RemediationWindowsStoreSpaceEstimateInMB** The amount of disk space (megabytes) in the Windows store cache that is estimated to be cleanable by the plug-in.
+- **Result** The HRESULT for Detection or Perform Action phases of the plug-in.
+- **RunCount** The number of times the plugin has executed.
+- **RunResult** The HRESULT for Detection or Perform Action phases of the plug-in.
+- **ServiceHardeningExitCode** The exit code returned by Windows Service Repair.
+- **ServiceHealthEnabledBitMap** List of services updated by the plugin.
+- **ServiceHealthInstalledBitMap** List of services installed by the plugin.
+- **StorageSenseDiskCompresserTotalInMB** The total number of megabytes that Storage Sense cleaned up in the User Download folder.
+- **StorageSenseHelloFaceRecognitionFodCleanupTotalInByte** The amount of space that Storage Sense was able to clean up in the User Download folder by removing Windows Hello facial recognition.
+- **StorageSenseRestorePointCleanupTotalInMB** The total number of megabytes that Storage Sense cleaned up in the User Download folder.
+- **StorageSenseUserDownloadFolderCleanupTotalInByte** The total number of bytes that Storage Sense cleaned up in the User Download folder.
+- **systemDriveFreeDiskSpace** Indicates the free disk space on system drive, in megabytes.
+- **systemUptimeInHours** Indicates the amount of time the system in hours has been on since the last boot.
+- **uninstallActive** TRUE if previous uninstall has occurred for current OS
+- **usoScanDaysSinceLastScan** The number of days since the last USO (Update Session Orchestrator) scan.
+- **usoScanInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsAllowAutoUpdateKeyPresent** TRUE if the AllowAutoUpdate registry key is set.
+- **usoScanIsAllowAutoUpdateProviderSetKeyPresent** TRUE if AllowAutoUpdateProviderSet registry key is set.
+- **usoScanIsAuOptionsPresent** TRUE if Auto Update Options registry key is set.
+- **usoScanIsFeatureUpdateInProgress** TRUE if a USO (Update Session Orchestrator) scan is in progress, to prevent multiple simultaneous scans.
+- **usoScanIsNetworkMetered** TRUE if the device is currently connected to a metered network.
+- **usoScanIsNoAutoUpdateKeyPresent** TRUE if no Auto Update registry key is set/present.
+- **usoScanIsUserLoggedOn** TRUE if the user is logged on.
+- **usoScanPastThreshold** TRUE if the most recent Update Session Orchestrator (USO) scan is past the threshold (late).
+- **usoScanType** The type of USO (Update Session Orchestrator) scan: "Interactive" or "Background".
+- **windows10UpgraderBlockWuUpdates** Event to report the value of Windows 10 Upgrader BlockWuUpdates Key.
+- **windowsEditionId** Event to report the value of Windows Edition ID.
+- **WindowsOldSpaceCleanedInMB** The amount of disk space freed by removing the Windows.OLD folder, measured in Megabytes.
+- **windowsUpgradeRecoveredFromRs4** Event to report the value of the Windows Upgrade Recovered key.
+
+
+### Microsoft.Windows.Remediation.Started
+
+This event is sent when Windows Update sediment remediations have started on the sediment device to keep Windows up to date. A sediment device is one that has been on a previous OS version for an extended period. The remediations address issues on the system that prevent the device from receiving OS updates.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** The version of the current remediation package.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **QualityUpdateSedimentFunnelState** Provides information about whether quality updates are missing on the device.
+- **QualityUpdateSedimentFunnelType** Indicates whether the Remediation is for Quality Updates or Feature Updates.
+- **QualityUpdateSedimentJsonSchemaVersion** The schema version of the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentLastRunSeconds** The number of seconds since Quality Updates were run.
+- **QualityUpdateSedimentLocaltTime** The local time of the device running the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentMatchedTriggers** The list of triggers that were matched by the Windows Quality Update Remediation.
+- **QualityUpdateSedimentSelectedPlugins** The number of plugins that were selected for execution in the Quality Update Sediment Remediation.
+- **QualityUpdateSedimentTargetedPlugins** The list of plug-ins targeted by the current Quality Update Sediment Remediation.
+- **QualityUpdateSedimentTargetedTriggers** The list of triggers targeted by the current Quality Update Sediment Remediation.
+- **RemediationProgramDataFolderSizeInMB** The size (in megabytes) of the Program Data folder on the device.
+- **RemediationProgramFilesFolderSizeInMB** The size (in megabytes) of the Program Files folder on the device.
+- **RemediationUsersFolderSizeInMB** The size (in megabytes) of the Users folder on the device.
+- **RemediationWindowsAppsFolderSizeInMB** The size (in megabytes) of the Windows Applications folder on the device.
+- **RemediationWindowsBtFolderSizeInMB** The size (in megabytes) of the Windows BT folder on the device.
+- **RemediationWindowsFolderSizeInMB** The size (in megabytes) of the Windows folder on the device.
+- **RemediationWindowsServiceProfilesFolderSizeInMB** The size (in megabytes) of the Windows Service Profiles folder on the device.
+- **RemediationWindowsTotalSystemDiskSize** The total storage capacity of the System disk drive, measured in megabytes.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+- **RunCount** The number of times the remediation event started (whether it completed successfully or not).
+- **WindowsHiberFilSysSizeInMegabytes** The size of the Windows Hibernation file, measured in megabytes.
+- **WindowsInstallerFolderSizeInMegabytes** The size of the Windows Installer folder, measured in megabytes.
+- **WindowsOldFolderSizeInMegabytes** The size of the Windows.OLD folder, measured in megabytes.
+- **WindowsPageFileSysSizeInMegabytes** The size of the Windows Page file, measured in megabytes.
+- **WindowsSoftwareDistributionFolderSizeInMegabytes** The size of the Software Distribution folder, measured in megabytes.
+- **WindowsSwapFileSysSizeInMegabytes** The size of the Windows Swap file, measured in megabytes.
+- **WindowsSxsFolderSizeInMegabytes** The size of the WinSxS (Windows Side-by-Side) folder, measured in megabytes.
+
+
## Sediment events
### Microsoft.Windows.Sediment.Info.DetailedState
@@ -4709,6 +5190,107 @@ The following fields are available:
- **Time** The system time at which the phase chance occurred.
+### Microsoft.Windows.SedimentLauncher.Applicable
+
+This event is sent when the Windows Update sediment remediations launcher finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DetectedCondition** Boolean true if detect condition is true and perform action will be run.
+- **FileVersion** The version of the data-link library (DLL) that will be applied by the self-update process.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **IsHashMismatch** Indicates whether the hash is a mismatch.
+- **IsSelfUpdateEnabledInOneSettings** True if self update enabled in Settings.
+- **IsSelfUpdateNeeded** True if self update needed by device.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentLauncher.Completed
+
+This event is sent when the Windows Update sediment remediations launcher finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **FailedReasons** Concatenated list of failure reasons.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+- **SedLauncherExecutionResult** HRESULT for one execution of the Sediment Launcher.
+
+
+### Microsoft.Windows.SedimentLauncher.Started
+
+This event is sent when the Windows Update sediment remediations launcher starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Applicable
+
+This event is sent when the Windows Update sediment remediations service finds that an applicable plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **DetectedCondition** Determine whether action needs to run based on device properties.
+- **FileVersion** The version of the dynamic-link library (DLL) that will be applied by the self-update process.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **IsHashMismatch** Indicates whether the hash is a mismatch.
+- **IsSelfUpdateEnabledInOneSettings** Indicates if self update is enabled in One Settings.
+- **IsSelfUpdateNeeded** Indicates if self update is needed.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+
+
+### Microsoft.Windows.SedimentService.Completed
+
+This event is sent when the Windows Update sediment remediations service finishes running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV** Correlation vector.
+- **FailedReasons** List of reasons when the plugin action failed.
+- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user.
+- **PackageVersion** Current package version of Remediation.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for detection or perform action phases of the plugin.
+- **SedimentServiceCheckTaskFunctional** True/False if scheduled task check succeeded.
+- **SedimentServiceCurrentBytes** Number of current private bytes of memory consumed by sedsvc.exe.
+- **SedimentServiceKillService** True/False if service is marked for kill (Shell.KillService).
+- **SedimentServiceMaximumBytes** Maximum bytes allowed for the service.
+- **SedimentServiceRanShell** Indicates whether the shell was run by the service.
+- **SedimentServiceRetrievedKillService** True/False if result of One Settings check for kill succeeded - we only send back one of these indicators (not for each call).
+- **SedimentServiceShellRunHResult** The HRESULT returned when the shell was run by the service.
+- **SedimentServiceStopping** True/False indicating whether the service is stopping.
+- **SedimentServiceTaskFunctional** True/False if scheduled task is functional. If task is not functional this indicates plugins will be run.
+- **SedimentServiceTotalIterations** Number of 5 second iterations service will wait before running again.
+
+
+### Microsoft.Windows.SedimentService.Started
+
+This event is sent when the Windows Update sediment remediations service starts running a plug-in to address issues that may be preventing the sediment device from receiving OS updates. A sediment device is one that has been on a previous OS version for an extended period.
+
+The following fields are available:
+
+- **CV** The Correlation Vector.
+- **GlobalEventCounter** The client-side counter that indicates ordering of events.
+- **PackageVersion** The version number of the current remediation package.
+- **PluginName** Name of the plugin specified for each generic plugin event.
+- **Result** This is the HRESULT for Detection or Perform Action phases of the plugin.
+
+
## Setup events
### SetupPlatformTel.SetupPlatformTelActivityEvent
@@ -4748,6 +5330,32 @@ The following fields are available:
- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
+## SIH events
+
+### SIHEngineTelemetry.EvalApplicability
+
+This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action.
+
+The following fields are available:
+
+- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it.
+- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it.
+- **CachedEngineVersion** The engine DLL version that is being used.
+- **EventInstanceID** A unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it.
+- **IsExecutingAction** If the action is presently being executed.
+- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.)
+- **SihclientVersion** The client version that is being used.
+- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it.
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **UpdateID** A unique identifier for the action being acted upon.
+- **WuapiVersion** The Windows Update API version that is currently installed.
+- **WuaucltVersion** The Windows Update client version that is currently installed.
+- **WuauengVersion** The Windows Update engine version that is currently installed.
+- **WUDeviceID** The unique identifier controlled by the software distribution client.
+
+
## Software update events
### SoftwareUpdateClientTelemetry.CheckForUpdates
@@ -4859,7 +5467,7 @@ The following fields are available:
- **FlightId** The specific id of the flight the device is getting
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Identifies the revision number of this specific piece of content
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **SystemBIOSMajorRelease** Major release version of the system bios
- **SystemBIOSMinorRelease** Minor release version of the system bios
- **UpdateId** Identifier associated with the specific piece of content
@@ -4901,7 +5509,7 @@ The following fields are available:
- **CurrentMobileOperator** The mobile operator the device is currently connected to.
- **DeviceModel** The model of the device.
- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority.
-- **DownloadProps** Information about the download operation.
+- **DownloadProps** Information about the download operation properties in the form of a bitmask.
- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads.
- **EventInstanceID** A globally unique identifier for event instance.
- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed.
@@ -4935,7 +5543,7 @@ The following fields are available:
- **RepeatFailCount** Indicates whether this specific content has previously failed.
- **RepeatFailFlag** Indicates whether this specific content previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **SizeCalcTime** Time (in seconds) taken to calculate the total download size of the payload.
@@ -5117,7 +5725,7 @@ The following fields are available:
- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -5177,7 +5785,7 @@ The following fields are available:
- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -5209,12 +5817,12 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether
The following fields are available:
- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
-- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments.
-- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed.
-- **ExtendedStatusCode** The secondary status code of the event.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed.
- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
-- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable.
- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
@@ -5225,8 +5833,8 @@ The following fields are available:
- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
- **SHA256OfTimestampToken** An encoded string of the timestamp token.
- **SignatureAlgorithm** The hash algorithm for the metadata signature.
-- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast
-- **StatusCode** The status code of the event.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult)
- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token.
- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
- **UpdateId** The update ID for a specific piece of content.
@@ -5319,10 +5927,12 @@ The following fields are available:
- **PackageCountTotalCanonical** Total number of canonical packages.
- **PackageCountTotalDiff** Total number of diff packages.
- **PackageCountTotalExpress** Total number of express packages.
+- **PackageCountTotalPSFX** The total number of PSFX packages.
- **PackageExpressType** Type of express package.
- **PackageSizeCanonical** Size of canonical packages in bytes.
- **PackageSizeDiff** Size of diff packages in bytes.
- **PackageSizeExpress** Size of express packages in bytes.
+- **PackageSizePSFX** The size of PSFX packages, in bytes.
- **RangeRequestState** Indicates the range request type used.
- **RelatedCV** Correlation vector value generated from the latest USO scan.
- **Result** Outcome of the download request phase of update.
@@ -5918,14 +6528,21 @@ Result of the WaaSMedic operation.
The following fields are available:
- **callerApplication** The name of the calling application.
+- **capsuleCount** The number of Sediment Pack capsules.
+- **capsuleFailureCount** The number of capsule failures.
- **detectionSummary** Result of each applicable detection that was run.
- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
+- **hrEngineBlockReason** Indicates the reason for stopping WaaSMedic.
- **hrEngineResult** Error code from the engine operation.
+- **hrLastSandboxError** The last error sent by the WaaSMedic sandbox.
+- **initSummary** Summary data of the initialization method.
- **insufficientSessions** Device not eligible for diagnostics.
- **isInteractiveMode** The user started a run of WaaSMedic.
- **isManaged** Device is managed for updates.
- **isWUConnected** Device is connected to Windows Update.
- **noMoreActions** No more applicable diagnostics.
+- **pluginFailureCount** The number of plugins that have failed.
+- **pluginsCount** The number of plugins.
- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
- **usingBackupFeatureAssessment** Relying on backup feature assessment.
@@ -5983,7 +6600,7 @@ The following fields are available:
- **PertProb** The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”.
-## Microsoft Store events
+## Windows Store events
### Microsoft.Windows.Store.StoreActivating
@@ -6422,6 +7039,7 @@ The following fields are available:
- **bytesFromCDN** The number of bytes received from a CDN source.
- **bytesFromGroupPeers** The number of bytes received from a peer in the same group.
- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
@@ -6473,6 +7091,7 @@ The following fields are available:
- **downloadModeReason** Reason for the download.
- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **expiresAt** The time when the content will expire from the Delivery Optimization Cache.
- **fileID** The ID of the file being downloaded.
- **fileSize** The size of the file being downloaded.
- **gCurMemoryStreamBytes** Current usage for memory streaming.
@@ -7462,6 +8081,21 @@ The following fields are available:
- **ReturnCode** The return code of the function.
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+The following fields are available:
+
+- **ClientId** The ID of the caller application.
+- **Flags** The enumerated flags used to initialize the manager.
+- **FlightId** The flight ID of the content the calling client is currently operating with.
+- **Offline** Indicates whether or the reserve manager is called during offline operations.
+- **PolicyPassed** Indicates whether the machine is able to use reserves.
+- **ReturnCode** Return code of the operation.
+- **Version** The version of the Update Reserve Manager.
+
+
### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.
@@ -7484,6 +8118,8 @@ This event is sent when the Update Reserve Manager needs to adjust the size of t
The following fields are available:
- **ChangeSize** The change in the hard reserve size based on the addition or removal of optional content.
+- **Disposition** The parameter for the hard reserve adjustment function.
+- **Flags** The flags passed to the hard reserve adjustment function.
- **PendingHardReserveAdjustment** The final change to the hard reserve size.
- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
new file mode 100644
index 0000000000..9f8a2900c9
--- /dev/null
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
@@ -0,0 +1,7937 @@
+---
+description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level.
+title: Windows 10, version 1903 basic diagnostic events and fields (Windows 10)
+keywords: privacy, telemetry
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: high
+author: brianlic-msft
+ms.author: brianlic
+manager: dansimp
+ms.collection: M365-security-compliance
+ms.topic: article
+audience: ITPro
+ms.date: 04/23/2019
+---
+
+
+# Windows 10, version 1903 basic level Windows diagnostic events and fields
+
+ **Applies to**
+
+- Windows 10, version 1903
+
+
+The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
+
+The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
+
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
+
+You can learn more about Windows functional and diagnostic data through these articles:
+
+
+- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
+- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
+- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
+- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
+- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
+
+
+## AppLocker events
+
+### Microsoft.Windows.Security.AppLockerCSP.AddParams
+
+Parameters passed to Add function of the AppLockerCSP Node.
+
+The following fields are available:
+
+- **child** The child URI of the node to add.
+- **uri** URI of the node relative to %SYSTEM32%/AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddStart
+
+Start of "Add" Operation for the AppLockerCSP Node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.AddStop
+
+End of "Add" Operation for AppLockerCSP Node.
+
+The following fields are available:
+
+- **hr** The HRESULT returned by Add function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Commit
+
+This event returns information about the “Commit” operation in AppLockerCSP.
+
+The following fields are available:
+
+- **oldId** The unique identifier for the most recent previous CSP transaction.
+- **txId** The unique identifier for the current CSP transaction.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback
+
+Result of the 'Rollback' operation in AppLockerCSP.
+
+The following fields are available:
+
+- **oldId** Previous id for the CSP transaction.
+- **txId** Current id for the CSP transaction.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearParams
+
+Parameters passed to the "Clear" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **uri** The URI relative to the %SYSTEM32%\AppLocker folder.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearStart
+
+Start of the "Clear" operation for the AppLockerCSP Node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ClearStop
+
+End of the "Clear" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr** HRESULT reported at the end of the 'Clear' function.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart
+
+Start of the "ConfigManagerNotification" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **NotifyState** State sent by ConfigManager to AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop
+
+End of the "ConfigManagerNotification" operation for AppLockerCSP.
+
+The following fields are available:
+
+- **hr** HRESULT returned by the ConfigManagerNotification function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams
+
+Parameters passed to the CreateNodeInstance function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **NodeId** NodeId passed to CreateNodeInstance.
+- **nodeOps** NodeOperations parameter passed to CreateNodeInstance.
+- **uri** URI passed to CreateNodeInstance, relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart
+
+Start of the "CreateNodeInstance" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop
+
+End of the "CreateNodeInstance" operation for the AppLockerCSP node
+
+The following fields are available:
+
+- **hr** HRESULT returned by the CreateNodeInstance function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams
+
+Parameters passed to the DeleteChild function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **child** The child URI of the node to delete.
+- **uri** URI relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart
+
+Start of the "DeleteChild" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop
+
+End of the "DeleteChild" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr** HRESULT returned by the DeleteChild function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies
+
+Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present.
+
+The following fields are available:
+
+- **uri** URI relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams
+
+Parameters passed to the GetChildNodeNames function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **uri** URI relative to %SYSTEM32%/AppLocker for MDM node.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart
+
+Start of the "GetChildNodeNames" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop
+
+End of the "GetChildNodeNames" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **child[0]** If function succeeded, the first child's name, else "NA".
+- **count** If function succeeded, the number of child node names returned by the function, else 0.
+- **hr** HRESULT returned by the GetChildNodeNames function of AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.GetLatestId
+
+The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID).
+
+The following fields are available:
+
+- **dirId** The latest directory identifier found by GetLatestId.
+- **id** The id returned by GetLatestId if id > 0 - otherwise the dirId parameter.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.HResultException
+
+HRESULT thrown by any arbitrary function in AppLockerCSP.
+
+The following fields are available:
+
+- **file** File in the OS code base in which the exception occurs.
+- **function** Function in the OS code base in which the exception occurs.
+- **hr** HRESULT that is reported.
+- **line** Line in the file in the OS code base in which the exception occurs.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStart
+
+Indicates the start of a call to the IsDependencySatisfied function in the Configuration Service Provider (CSP).
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStop
+
+Indicates the end of an IsDependencySatisfied function call in the Configuration Service Provider (CSP).
+
+The following fields are available:
+
+- **edpActive** Indicates whether enterprise data protection is active.
+- **hr** HRESULT that is reported.
+- **internalHr** Internal HRESULT that is reported.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueParams
+
+Parameters passed to the SetValue function of the AppLockerCSP node.
+
+The following fields are available:
+
+- **dataLength** Length of the value to set.
+- **uri** The node URI to that should contain the value, relative to %SYSTEM32%\AppLocker.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueStart
+
+Start of the "SetValue" operation for the AppLockerCSP node.
+
+
+
+### Microsoft.Windows.Security.AppLockerCSP.SetValueStop
+
+End of the "SetValue" operation for the AppLockerCSP node.
+
+The following fields are available:
+
+- **hr** HRESULT returned by the SetValue function in AppLockerCSP.
+
+
+### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies
+
+EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed.
+
+The following fields are available:
+
+- **uri** URI for node relative to %SYSTEM32%/AppLocker.
+
+
+## Appraiser events
+
+### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
+
+This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client.
+
+The following fields are available:
+
+- **DatasourceApplicationFile_19A** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_19ASetup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_RS5Setup** The count of the number of this particular object type present on this device.
+- **DatasourceApplicationFile_TH2** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19A** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19ASetup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS5** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_RS5Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDevicePnp_TH2** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19A** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19ASetup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS5** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_RS5Setup** The count of the number of this particular object type present on this device.
+- **DatasourceDriverPackage_TH2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19A** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19A** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19A** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device.
+- **DataSourceMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19A** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19ASetup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19H1** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS5** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_RS5Setup** The count of the number of this particular object type present on this device.
+- **DatasourceSystemBios_TH2** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19A** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19H1** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionApplicationFile_TH2** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19A** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS5** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionDevicePnp_TH2** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19A** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19H1** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS5** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionDriverPackage_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19A** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19A** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19A** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device.
+- **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19A** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19H1** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS4** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionMediaCenter_TH2** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19A** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19ASetup** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device.
+- **DecisionSystemBios_RS5** The total DecisionSystemBios objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS5Setup** The count of the number of this particular object type present on this device.
+- **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device.
+- **InventoryApplicationFile** The count of the number of this particular object type present on this device.
+- **InventoryLanguagePack** The count of the number of this particular object type present on this device.
+- **InventoryMediaCenter** The count of the number of this particular object type present on this device.
+- **InventorySystemBios** The count of the number of this particular object type present on this device.
+- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device.
+- **PCFP** The count of the number of this particular object type present on this device.
+- **SystemMemory** The count of the number of this particular object type present on this device.
+- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device.
+- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device.
+- **SystemProcessorNx** The total number of objects of this type present on this device.
+- **SystemProcessorPrefetchW** The total number of objects of this type present on this device.
+- **SystemProcessorSse2** The total number of objects of this type present on this device.
+- **SystemTouch** The count of the number of this particular object type present on this device.
+- **SystemWim** The total number of objects of this type present on this device.
+- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
+- **SystemWlan** The total number of objects of this type present on this device.
+- **Wmdrm_19A** The count of the number of this particular object type present on this device.
+- **Wmdrm_19ASetup** The count of the number of this particular object type present on this device.
+- **Wmdrm_19H1** The count of the number of this particular object type present on this device.
+- **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device.
+- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
+- **Wmdrm_RS5** The count of the number of this particular object type present on this device.
+- **Wmdrm_RS5Setup** The count of the number of this particular object type present on this device.
+- **Wmdrm_TH2** The count of the number of this particular object type present on this device.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
+
+Represents the basic metadata about specific application files installed on the system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **AvDisplayName** If the app is an anti-virus app, this is its display name.
+- **CompatModelIndex** The compatibility prediction for this file.
+- **HasCitData** Indicates whether the file is present in CIT data.
+- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file.
+- **IsAv** Is the file an anti-virus reporting EXE?
+- **ResolveAttempted** This will always be an empty string when sending telemetry.
+- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove
+
+This event indicates that the DatasourceApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileStartSync
+
+This event indicates that a new set of DatasourceApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd
+
+This event sends compatibility data for a Plug and Play device, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **ActiveNetworkConnection** Indicates whether the device is an active network device.
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system.
+- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available.
+- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string
+- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data.
+- **IsBootCritical** Indicates whether the device boot is critical.
+- **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device.
+- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update.
+- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver.
+- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove
+
+This event indicates that the DatasourceDevicePnp object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpStartSync
+
+This event indicates that a new set of DatasourceDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd
+
+This event sends compatibility database data about driver packages to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove
+
+This event indicates that the DatasourceDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageStartSync
+
+This event indicates that a new set of DatasourceDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd
+
+This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync
+
+This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd
+
+This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd
+
+This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd
+
+This event sends compatibility database information about the BIOS to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosStartSync
+
+This event indicates that a new set of DatasourceSystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd
+
+This event sends compatibility decision data about a file to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file that is generating the events.
+- **BlockAlreadyInbox** The uplevel runtime block on the file already existed on the current OS.
+- **BlockingApplication** Indicates whether there are any application issues that interfere with the upgrade due to the file in question.
+- **DisplayGenericMessage** Will be a generic message be shown for this file?
+- **DisplayGenericMessageGated** Indicates whether a generic message be shown for this file.
+- **HardBlock** This file is blocked in the SDB.
+- **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB?
+- **MigApplication** Does the file have a MigXML from the SDB associated with it that applies to the current upgrade mode?
+- **MigRemoval** Does the file have a MigXML from the SDB that will cause the app to be removed on upgrade?
+- **NeedsDismissAction** Will the file cause an action that can be dimissed?
+- **NeedsInstallPostUpgradeData** After upgrade, the file will have a post-upgrade notification to install a replacement for the app.
+- **NeedsNotifyPostUpgradeData** Does the file have a notification that should be shown after upgrade?
+- **NeedsReinstallPostUpgradeData** After upgrade, this file will have a post-upgrade notification to reinstall the app.
+- **NeedsUninstallAction** The file must be uninstalled to complete the upgrade.
+- **SdbBlockUpgrade** The file is tagged as blocking upgrade in the SDB,
+- **SdbBlockUpgradeCanReinstall** The file is tagged as blocking upgrade in the SDB. It can be reinstalled after upgrade.
+- **SdbBlockUpgradeUntilUpdate** The file is tagged as blocking upgrade in the SDB. If the app is updated, the upgrade can proceed.
+- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the SDB. It does not block upgrade.
+- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade.
+- **SoftBlock** The file is softblocked in the SDB and has a warning.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
+
+This event indicates Indicates that the DecisionApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionApplicationFileStartSync
+
+This event indicates that a new set of DecisionApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd
+
+This event sends compatibility decision data about a PNP device to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **AssociatedDriverIsBlocked** Is the driver associated with this PNP device blocked?
+- **AssociatedDriverWillNotMigrate** Will the driver associated with this plug-and-play device migrate?
+- **BlockAssociatedDriver** Should the driver associated with this PNP device be blocked?
+- **BlockingDevice** Is this PNP device blocking upgrade?
+- **BlockUpgradeIfDriverBlocked** Is the PNP device both boot critical and does not have a driver included with the OS?
+- **BlockUpgradeIfDriverBlockedAndOnlyActiveNetwork** Is this PNP device the only active network device?
+- **DisplayGenericMessage** Will a generic message be shown during Setup for this PNP device?
+- **DisplayGenericMessageGated** Indicates whether a generic message will be shown during Setup for this PNP device.
+- **DriverAvailableInbox** Is a driver included with the operating system for this PNP device?
+- **DriverAvailableOnline** Is there a driver for this PNP device on Windows Update?
+- **DriverAvailableUplevel** Is there a driver on Windows Update or included with the operating system for this PNP device?
+- **DriverBlockOverridden** Is there is a driver block on the device that has been overridden?
+- **NeedsDismissAction** Will the user would need to dismiss a warning during Setup for this device?
+- **NotRegressed** Does the device have a problem code on the source OS that is no better than the one it would have on the target OS?
+- **SdbDeviceBlockUpgrade** Is there an SDB block on the PNP device that blocks upgrade?
+- **SdbDriverBlockOverridden** Is there an SDB block on the PNP device that blocks upgrade, but that block was overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpRemove
+
+This event indicates that the DecisionDevicePnp object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync
+
+The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd
+
+This event sends decision data about driver package compatibility to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for this driver package.
+- **DriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+- **DriverIsDeviceBlocked** Was the driver package was blocked because of a device block?
+- **DriverIsDriverBlocked** Is the driver package blocked because of a driver block?
+- **DriverIsTroubleshooterBlocked** Indicates whether the driver package is blocked because of a troubleshooter block.
+- **DriverShouldNotMigrate** Should the driver package be migrated during upgrade?
+- **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageRemove
+
+This event indicates that the DecisionDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionDriverPackageStartSync
+
+This event indicates that a new set of DecisionDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd
+
+This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser file generating the events.
+- **BlockingApplication** Are there are any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessage** Will a generic message be shown for this block?
+- **NeedsUninstallAction** Does the user need to take an action in setup due to a matching info block?
+- **SdbBlockUpgrade** Is a matching info block blocking upgrade?
+- **SdbBlockUpgradeCanReinstall** Is a matching info block blocking upgrade, but has the can reinstall tag?
+- **SdbBlockUpgradeUntilUpdate** Is a matching info block blocking upgrade but has the until update tag?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync
+
+This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd
+
+This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Are there any application issues that interfere with upgrade due to matching info blocks?
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown due to matching info blocks.
+- **MigApplication** Is there a matching info block with a mig for the current mode of upgrade?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd
+
+This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **NeedsInstallPostUpgradeData** Will the file have a notification after upgrade to install a replacement for the app?
+- **NeedsNotifyPostUpgradeData** Should a notification be shown for this file after upgrade?
+- **NeedsReinstallPostUpgradeData** Will the file have a notification after upgrade to reinstall the app?
+- **SdbReinstallUpgrade** The file is tagged as needing to be reinstalled after upgrade in the compatibility database (but is not blocking upgrade).
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeStartSync
+
+This event indicates that a new set of DecisionMatchingInfoPostUpgradeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd
+
+This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **BlockingApplication** Is there any application issues that interfere with upgrade due to Windows Media Center?
+- **MediaCenterActivelyUsed** If Windows Media Center is supported on the edition, has it been run at least once and are the MediaCenterIndicators are true?
+- **MediaCenterIndicators** Do any indicators imply that Windows Media Center is in active use?
+- **MediaCenterInUse** Is Windows Media Center actively being used?
+- **MediaCenterPaidOrActivelyUsed** Is Windows Media Center actively being used or is it running on a supported edition?
+- **NeedsDismissAction** Are there any actions that can be dismissed coming from Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionMediaCenterStartSync
+
+This event indicates that a new set of DecisionMediaCenterAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd
+
+This event sends compatibility decision data about the BIOS to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the device blocked from upgrade due to a BIOS block?
+- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for the bios.
+- **HasBiosBlock** Does the device have a BIOS block?
+
+
+### Microsoft.Windows.Appraiser.General.DecisionSystemBiosStartSync
+
+This event indicates that a new set of DecisionSystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestRemove
+
+This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.DecisionTestStartSync
+
+This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.GatedRegChange
+
+This event sends data about the results of running a set of quick-blocking instructions, to help keep Windows up to date.
+
+The following fields are available:
+
+- **NewData** The data in the registry value after the scan completed.
+- **OldData** The previous data in the registry value before the scan ran.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **RegKey** The registry key name for which a result is being sent.
+- **RegValue** The registry value for which a result is being sent.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd
+
+This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **AvDisplayName** If the app is an antivirus app, this is its display name.
+- **AvProductState** Indicates whether the antivirus program is turned on and the signatures are up to date.
+- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64.
+- **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets.
+- **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets.
+- **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata.
+- **CompanyName** The company name of the vendor who developed this file.
+- **FileId** A hash that uniquely identifies a file.
+- **FileVersion** The File version field from the file metadata under Properties -> Details.
+- **HasUpgradeExe** Indicates whether the antivirus app has an upgrade.exe file.
+- **IsAv** Indicates whether the file an antivirus reporting EXE.
+- **LinkDate** The date and time that this file was linked on.
+- **LowerCaseLongPath** The full file path to the file that was inventoried on the device.
+- **Name** The name of the file that was inventoried.
+- **ProductName** The Product name field from the file metadata under Properties -> Details.
+- **ProductVersion** The Product version field from the file metadata under Properties -> Details.
+- **ProgramId** A hash of the Name, Version, Publisher, and Language of an application used to identify it.
+- **Size** The size of the file (in hexadecimal bytes).
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileRemove
+
+This event indicates that the InventoryApplicationFile object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
+
+This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd
+
+This event sends data about the number of language packs installed on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **HasLanguagePack** Indicates whether this device has 2 or more language packs.
+- **LanguagePackCount** The number of language packs are installed.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove
+
+This event indicates that the InventoryLanguagePack object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryLanguagePackStartSync
+
+This event indicates that a new set of InventoryLanguagePackAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterAdd
+
+This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **EverLaunched** Has Windows Media Center ever been launched?
+- **HasConfiguredTv** Has the user configured a TV tuner through Windows Media Center?
+- **HasExtendedUserAccounts** Are any Windows Media Center Extender user accounts configured?
+- **HasWatchedFolders** Are any folders configured for Windows Media Center to watch?
+- **IsDefaultLauncher** Is Windows Media Center the default app for opening music or video files?
+- **IsPaid** Is the user running a Windows Media Center edition that implies they paid for Windows Media Center?
+- **IsSupported** Does the running OS support Windows Media Center?
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterRemove
+
+This event indicates that the InventoryMediaCenter object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryMediaCenterStartSync
+
+This event indicates that a new set of InventoryMediaCenterAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosAdd
+
+This event sends basic metadata about the BIOS to determine whether it has a compatibility block.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BiosDate** The release date of the BIOS in UTC format.
+- **BiosName** The name field from Win32_BIOS.
+- **Manufacturer** The manufacturer field from Win32_ComputerSystem.
+- **Model** The model field from Win32_ComputerSystem.
+
+
+### Microsoft.Windows.Appraiser.General.InventorySystemBiosStartSync
+
+This event indicates that a new set of InventorySystemBiosAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestRemove
+
+This event provides data that allows testing of “Remove” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryTestStartSync
+
+This event provides data that allows testing of “Start Sync” decisions to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the appraiser binary (executable) generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageAdd
+
+This event is only runs during setup. It provides a listing of the uplevel driver packages that were downloaded before the upgrade. Is critical to understanding if failures in setup can be traced to not having sufficient uplevel drivers before the upgrade.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BootCritical** Is the driver package marked as boot critical?
+- **Build** The build value from the driver package.
+- **CatalogFile** The name of the catalog file within the driver package.
+- **Class** The device class from the driver package.
+- **ClassGuid** The device class unique ID from the driver package.
+- **Date** The date from the driver package.
+- **Inbox** Is the driver package of a driver that is included with Windows?
+- **OriginalName** The original name of the INF file before it was renamed. Generally a path under $WINDOWS.~BT\Drivers\DU.
+- **Provider** The provider of the driver package.
+- **PublishedName** The name of the INF file after it was renamed.
+- **Revision** The revision of the driver package.
+- **SignatureStatus** Indicates if the driver package is signed. Unknown = 0, Unsigned = 1, Signed = 2.
+- **VersionMajor** The major version of the driver package.
+- **VersionMinor** The minor version of the driver package.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageRemove
+
+This event indicates that the InventoryUplevelDriverPackage object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.InventoryUplevelDriverPackageStartSync
+
+This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.RunContext
+
+This event indicates what should be expected in the data payload.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the currently running version of Appraiser was built.
+- **AppraiserProcess** The name of the process that launched Appraiser.
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **CensusId** A unique hardware identifier.
+- **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **Subcontext** Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan.
+- **Time** The client time of the event.
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryAdd
+
+This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the device from upgrade due to memory restrictions?
+- **MemoryRequirementViolated** Was a memory requirement violated?
+- **pageFile** The current committed memory limit for the system or the current process, whichever is smaller (in bytes).
+- **ram** The amount of memory on the device.
+- **ramKB** The amount of memory (in KB).
+- **virtual** The size of the user-mode portion of the virtual address space of the calling process (in bytes).
+- **virtualKB** The amount of virtual memory (in KB).
+
+
+### Microsoft.Windows.Appraiser.General.SystemMemoryStartSync
+
+This event indicates that a new set of SystemMemoryAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeAdd
+
+This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **CompareExchange128Support** Does the CPU support CompareExchange128?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeStartSync
+
+This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd
+
+This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **LahfSahfSupport** Does the CPU support LAHF/SAHF?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfStartSync
+
+This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd
+
+This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **NXDriverResult** The result of the driver used to do a non-deterministic check for NX support.
+- **NXProcessorSupport** Does the processor support NX?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorNxStartSync
+
+This event indicates that a new set of SystemProcessorNxAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd
+
+This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **PrefetchWSupport** Does the processor support PrefetchW?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWStartSync
+
+This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add
+
+This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked due to the processor?
+- **SSE2ProcessorSupport** Does the processor support SSE2?
+
+
+### Microsoft.Windows.Appraiser.General.SystemProcessorSse2StartSync
+
+This event indicates that a new set of SystemProcessorSse2Add events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchAdd
+
+This event sends data indicating whether the system supports touch, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **IntegratedTouchDigitizerPresent** Is there an integrated touch digitizer?
+- **MaximumTouches** The maximum number of touch points supported by the device hardware.
+
+
+### Microsoft.Windows.Appraiser.General.SystemTouchStartSync
+
+This event indicates that a new set of SystemTouchAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimAdd
+
+This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **IsWimBoot** Is the current operating system running from a compressed WIM file?
+- **RegistryWimBootValue** The raw value from the registry that is used to indicate if the device is running from a WIM.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWimStartSync
+
+This event indicates that a new set of SystemWimAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd
+
+This event sends data indicating whether the current operating system is activated, to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **WindowsIsLicensedApiValue** The result from the API that's used to indicate if operating system is activated.
+- **WindowsNotActivatedDecision** Is the current operating system activated?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync
+
+This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanAdd
+
+This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **Blocking** Is the upgrade blocked because of an emulated WLAN driver?
+- **HasWlanBlock** Does the emulated WLAN driver have an upgrade block?
+- **WlanEmulatedDriver** Does the device have an emulated WLAN driver?
+- **WlanExists** Does the device support WLAN at all?
+- **WlanModulePresent** Are any WLAN modules present?
+- **WlanNativeDriver** Does the device have a non-emulated WLAN driver?
+
+
+### Microsoft.Windows.Appraiser.General.SystemWlanStartSync
+
+This event indicates that a new set of SystemWlanAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+### Microsoft.Windows.Appraiser.General.TelemetryRunHealth
+
+This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserBranch** The source branch in which the version of Appraiser that is running was built.
+- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run.
+- **AppraiserProcess** The name of the process that launched Appraiser.
+- **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots.
+- **AuxFinal** Obsolete, always set to false.
+- **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app.
+- **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan.
+- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter.
+- **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent.
+- **InboxDataVersion** The original version of the data files before retrieving any newer version.
+- **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated.
+- **InventoryFullSync** Indicates if inventory is performing a full sync, which means that the full set of events representing the inventory of machine are sent.
+- **PCFP** An ID for the system calculated by hashing hardware identifiers.
+- **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal.
+- **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row.
+- **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device.
+- **RunDate** The date that the telemetry run was stated, expressed as a filetime.
+- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic.
+- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information.
+- **RunResult** The hresult of the Appraiser telemetry run.
+- **ScheduledUploadDay** The day scheduled for the upload.
+- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run.
+- **StoreHandleIsNotNull** Obsolete, always set to false
+- **TelementrySent** Indicates if telemetry was successfully sent.
+- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability.
+- **Time** The client time of the event.
+- **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging.
+- **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmAdd
+
+This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+- **BlockingApplication** Same as NeedsDismissAction.
+- **NeedsDismissAction** Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation.
+- **WmdrmApiResult** Raw value of the API used to gather DRM state.
+- **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs.
+- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased.
+- **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed.
+- **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses.
+- **WmdrmPurchased** Indicates if the system has any files with permanent licenses.
+
+
+### Microsoft.Windows.Appraiser.General.WmdrmStartSync
+
+This event indicates that a new set of WmdrmAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AppraiserVersion** The version of the Appraiser file that is generating the events.
+
+
+## Audio endpoint events
+
+### MicArrayGeometry
+
+This event provides information about the layout of the individual microphone elements in the microphone array.
+
+The following fields are available:
+
+- **MicCoords** The location and orientation of the microphone element.
+- **usFrequencyBandHi** The high end of the frequency range for the microphone.
+- **usFrequencyBandLo** The low end of the frequency range for the microphone.
+- **usMicArrayType** The type of the microphone array.
+- **usNumberOfMicrophones** The number of microphones in the array.
+- **usVersion** The version of the microphone array specification.
+- **wHorizontalAngleBegin** The horizontal angle of the start of the working volume (reported as radians times 10,000).
+- **wHorizontalAngleEnd** The horizontal angle of the end of the working volume (reported as radians times 10,000).
+- **wVerticalAngleBegin** The vertical angle of the start of the working volume (reported as radians times 10,000).
+- **wVerticalAngleEnd** The vertical angle of the end of the working volume (reported as radians times 10,000).
+
+
+### MicCoords
+
+This event provides information about the location and orientation of the microphone element.
+
+The following fields are available:
+
+- **usType** The type of microphone.
+- **wHorizontalAngle** The horizontal angle of the microphone (reported as radians times 10,000).
+- **wVerticalAngle** The vertical angle of the microphone (reported as radians times 10,000).
+- **wXCoord** The x-coordinate of the microphone.
+- **wYCoord** The y-coordinate of the microphone.
+- **wZCoord** The z-coordinate of the microphone.
+
+
+### Microsoft.Windows.Audio.EndpointBuilder.DeviceInfo
+
+This event logs the successful enumeration of an audio endpoint (such as a microphone or speaker) and provides information about the audio endpoint.
+
+The following fields are available:
+
+- **BusEnumeratorName** The name of the bus enumerator (for example, HDAUDIO or USB).
+- **ContainerId** An identifier that uniquely groups the functional devices associated with a single-function or multifunction device.
+- **DeviceInstanceId** The unique identifier for this instance of the device.
+- **EndpointDevnodeId** The IMMDevice identifier of the associated devnode.
+- **endpointEffectClsid** The COM Class Identifier (CLSID) for the endpoint effect audio processing object.
+- **endpointEffectModule** Module name for the endpoint effect audio processing object.
+- **EndpointFormFactor** The enumeration value for the form factor of the endpoint device (for example speaker, microphone, remote network device).
+- **endpointID** The unique identifier for the audio endpoint.
+- **endpointInstanceId** The unique identifier for the software audio endpoint. Used for joining to other audio event.
+- **Flow** Indicates whether the endpoint is capture (1) or render (0).
+- **globalEffectClsid** COM Class Identifier (CLSID) for the legacy global effect audio processing object.
+- **globalEffectModule** Module name for the legacy global effect audio processing object.
+- **HWID** The hardware identifier for the endpoint.
+- **IsBluetooth** Indicates whether the device is a Bluetooth device.
+- **isFarField** A flag indicating whether the microphone endpoint is capable of hearing far field audio.
+- **IsSideband** Indicates whether the device is a sideband device.
+- **IsUSB** Indicates whether the device is a USB device.
+- **JackSubType** A unique ID representing the KS node type of the endpoint.
+- **localEffectClsid** The COM Class Identifier (CLSID) for the legacy local effect audio processing object.
+- **localEffectModule** Module name for the legacy local effect audio processing object.
+- **MicArrayGeometry** Describes the microphone array, including the microphone position, coordinates, type, and frequency range. See [MicArrayGeometry](#micarraygeometry).
+- **modeEffectClsid** The COM Class Identifier (CLSID) for the mode effect audio processing object.
+- **modeEffectModule** Module name for the mode effect audio processing object.
+- **persistentId** A unique ID for this endpoint which is retained across migrations.
+- **streamEffectClsid** The COM Class Identifier (CLSID) for the stream effect audio processing object.
+- **streamEffectModule** Module name for the stream effect audio processing object.
+
+
+## Census events
+
+### Census.App
+
+This event sends version data about the Apps running on this device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserEnterpriseErrorCode** The error code of the last Appraiser enterprise run.
+- **AppraiserErrorCode** The error code of the last Appraiser run.
+- **AppraiserRunEndTimeStamp** The end time of the last Appraiser run.
+- **AppraiserRunIsInProgressOrCrashed** Flag that indicates if the Appraiser run is in progress or has crashed.
+- **AppraiserRunStartTimeStamp** The start time of the last Appraiser run.
+- **AppraiserTaskEnabled** Whether the Appraiser task is enabled.
+- **AppraiserTaskExitCode** The Appraiser task exist code.
+- **AppraiserTaskLastRun** The last runtime for the Appraiser task.
+- **CensusVersion** The version of Census that generated the current data for this device.
+- **IEVersion** The version of Internet Explorer that is running on the device.
+
+
+### Census.Azure
+
+This event returns data from Microsoft-internal Azure server machines (only from Microsoft-internal machines with Server SKUs). All other machines (those outside Microsoft and/or machines that are not part of the “Azure fleet”) return empty data sets.
+
+The following fields are available:
+
+- **CloudCoreBuildEx** The Azure CloudCore build number.
+- **CloudCoreSupportBuildEx** The Azure CloudCore support build number.
+- **NodeID** The node identifier on the device that indicates whether the device is part of the Azure fleet.
+
+
+### Census.Battery
+
+This event sends type and capacity data about the battery on the device, as well as the number of connected standby devices in use, type to help keep Windows up to date.
+
+The following fields are available:
+
+- **InternalBatteryCapablities** Represents information about what the battery is capable of doing.
+- **InternalBatteryCapacityCurrent** Represents the battery's current fully charged capacity in mWh (or relative). Compare this value to DesignedCapacity to estimate the battery's wear.
+- **InternalBatteryCapacityDesign** Represents the theoretical capacity of the battery when new, in mWh.
+- **InternalBatteryNumberOfCharges** Provides the number of battery charges. This is used when creating new products and validating that existing products meets targeted functionality performance.
+- **IsAlwaysOnAlwaysConnectedCapable** Represents whether the battery enables the device to be AlwaysOnAlwaysConnected . Boolean value.
+
+
+### Census.Camera
+
+This event sends data about the resolution of cameras on the device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FrontFacingCameraResolution** Represents the resolution of the front facing camera in megapixels. If a front facing camera does not exist, then the value is 0.
+- **RearFacingCameraResolution** Represents the resolution of the rear facing camera in megapixels. If a rear facing camera does not exist, then the value is 0.
+
+
+### Census.Enterprise
+
+This event sends data about Azure presence, type, and cloud domain use in order to provide an understanding of the use and integration of devices in an enterprise, cloud, and server environment.
+
+The following fields are available:
+
+- **AADDeviceId** Azure Active Directory device ID.
+- **AzureOSIDPresent** Represents the field used to identify an Azure machine.
+- **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs.
+- **CDJType** Represents the type of cloud domain joined for the machine.
+- **CommercialId** Represents the GUID for the commercial entity which the device is a member of. Will be used to reflect insights back to customers.
+- **ContainerType** The type of container, such as process or virtual machine hosted.
+- **EnrollmentType** Defines the type of MDM enrollment on the device.
+- **HashedDomain** The hashed representation of the user domain used for login.
+- **IsCloudDomainJoined** Is this device joined to an Azure Active Directory (AAD) tenant? true/false
+- **IsDERequirementMet** Represents if the device can do device encryption.
+- **IsDeviceProtected** Represents if Device protected by BitLocker/Device Encryption
+- **IsDomainJoined** Indicates whether a machine is joined to a domain.
+- **IsEDPEnabled** Represents if Enterprise data protected on the device.
+- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
+- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
+- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
+- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
+
+
+### Census.Firmware
+
+This event sends data about the BIOS and startup embedded in the device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FirmwareManufacturer** Represents the manufacturer of the device's firmware (BIOS).
+- **FirmwareReleaseDate** Represents the date the current firmware was released.
+- **FirmwareType** Represents the firmware type. The various types can be unknown, BIOS, UEFI.
+- **FirmwareVersion** Represents the version of the current firmware.
+
+
+### Census.Flighting
+
+This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DeviceSampleRate** The telemetry sample rate assigned to the device.
+- **DriverTargetRing** Indicates if the device is participating in receiving pre-release drivers and firmware contrent.
+- **EnablePreviewBuilds** Used to enable Windows Insider builds on a device.
+- **FlightIds** A list of the different Windows Insider builds on this device.
+- **FlightingBranchName** The name of the Windows Insider branch currently used by the device.
+- **IsFlightsDisabled** Represents if the device is participating in the Windows Insider program.
+- **MSA_Accounts** Represents a list of hashed IDs of the Microsoft Accounts that are flighting (pre-release builds) on this device.
+- **SSRK** Retrieves the mobile targeting settings.
+
+
+### Census.Hardware
+
+This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActiveMicCount** The number of active microphones attached to the device.
+- **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36.
+- **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields.
+- **D3DMaxFeatureLevel** Supported Direct3D version.
+- **DeviceForm** Indicates the form as per the device classification.
+- **DeviceName** The device name that is set by the user.
+- **DigitizerSupport** Is a digitizer supported?
+- **DUID** The device unique ID.
+- **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation).
+- **InventoryId** The device ID used for compatibility testing.
+- **Magnetometer** Indicates whether the device has a magnetometer (a mechanical component that works like a compass).
+- **NFCProximity** Indicates whether the device supports NFC (a set of communication protocols that helps establish communication when applicable devices are brought close together.)
+- **OEMDigitalMarkerFileName** The name of the file placed in the \Windows\system32\drivers directory that specifies the OEM and model name of the device.
+- **OEMManufacturerName** The device manufacturer name. The OEMName for an inactive device is not reprocessed even if the clean OEM name is changed at a later date.
+- **OEMModelBaseBoard** The baseboard model used by the OEM.
+- **OEMModelBaseBoardVersion** Differentiates between developer and retail devices.
+- **OEMModelName** The device model name.
+- **OEMModelNumber** The device model number.
+- **OEMModelSKU** The device edition that is defined by the manufacturer.
+- **OEMModelSystemFamily** The system family set on the device by an OEM.
+- **OEMModelSystemVersion** The system model version set on the device by the OEM.
+- **OEMOptionalIdentifier** A Microsoft assigned value that represents a specific OEM subsidiary.
+- **OEMSerialNumber** The serial number of the device that is set by the manufacturer.
+- **PhoneManufacturer** The friendly name of the phone manufacturer.
+- **PowerPlatformRole** The OEM preferred power management profile. It's used to help to identify the basic form factor of the device.
+- **SoCName** The firmware manufacturer of the device.
+- **StudyID** Used to identify retail and non-retail device.
+- **TelemetryLevel** The telemetry level the user has opted into, such as Basic or Enhanced.
+- **TelemetryLevelLimitEnhanced** The telemetry level for Windows Analytics-based solutions.
+- **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user.
+- **TPMManufacturerId** The ID of the TPM manufacturer.
+- **TPMManufacturerVersion** The version of the TPM manufacturer.
+- **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0.
+- **VoiceSupported** Does the device have a cellular radio capable of making voice calls?
+
+
+### Census.Memory
+
+This event sends data about the memory on the device, including ROM and RAM, to help keep Windows up to date.
+
+The following fields are available:
+
+- **TotalPhysicalRAM** Represents the physical memory (in MB).
+- **TotalVisibleMemory** Represents the memory that is not reserved by the system.
+
+
+### Census.Network
+
+This event sends data about the mobile and cellular network used by the device (mobile service provider, network, device ID, and service cost factors), to help keep Windows up to date.
+
+The following fields are available:
+
+- **IMEI0** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **IMEI1** Represents the International Mobile Station Equipment Identity. This number is usually unique and used by the mobile operator to distinguish different phone hardware. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user. The two fields represent phone with dual sim coverage.
+- **MCC0** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MCC1** Represents the Mobile Country Code (MCC). It used with the Mobile Network Code (MNC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MEID** Represents the Mobile Equipment Identity (MEID). MEID is a worldwide unique phone ID assigned to CDMA phones. MEID replaces electronic serial number (ESN), and is equivalent to IMEI for GSM and WCDMA phones. Microsoft does not have access to mobile operator billing data so collecting this data does not expose or identify the user.
+- **MNC0** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MNC1** Retrieves the Mobile Network Code (MNC). It used with the Mobile Country Code (MCC) to uniquely identify a mobile network operator. The two fields represent phone with dual sim coverage.
+- **MobileOperatorBilling** Represents the telephone company that provides services for mobile phone users.
+- **MobileOperatorCommercialized** Represents which reseller and geography the phone is commercialized for. This is the set of values on the phone for who and where it was intended to be used. For example, the commercialized mobile operator code AT&T in the US would be ATT-US.
+- **MobileOperatorNetwork0** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **MobileOperatorNetwork1** Represents the operator of the current mobile network that the device is used on. (AT&T, T-Mobile, Vodafone). The two fields represent phone with dual sim coverage.
+- **NetworkAdapterGUID** The GUID of the primary network adapter.
+- **NetworkCost** Represents the network cost associated with a connection.
+- **SPN0** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+- **SPN1** Retrieves the Service Provider Name (SPN). For example, these might be AT&T, Sprint, T-Mobile, or Verizon. The two fields represent phone with dual sim coverage.
+
+
+### Census.OS
+
+This event sends data about the operating system such as the version, locale, update service configuration, when and how it was originally installed, and whether it is a virtual device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ActivationChannel** Retrieves the retail license key or Volume license key for a machine.
+- **AssignedAccessStatus** Kiosk configuration mode.
+- **CompactOS** Indicates if the Compact OS feature from Win10 is enabled.
+- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy.
+- **DeviceTimeZone** The time zone that is set on the device. Example: Pacific Standard Time
+- **GenuineState** Retrieves the ID Value specifying the OS Genuine check.
+- **InstallationType** Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update).
+- **InstallLanguage** The first language installed on the user machine.
+- **IsDeviceRetailDemo** Retrieves if the device is running in demo mode.
+- **IsEduData** Returns Boolean if the education data policy is enabled.
+- **IsPortableOperatingSystem** Retrieves whether OS is running Windows-To-Go
+- **IsSecureBootEnabled** Retrieves whether Boot chain is signed under UEFI.
+- **LanguagePacks** The list of language packages installed on the device.
+- **LicenseStateReason** Retrieves why (or how) a system is licensed or unlicensed. The HRESULT may indicate an error code that indicates a key blocked error, or it may indicate that we are running an OS License granted by the MS store.
+- **OA3xOriginalProductKey** Retrieves the License key stamped by the OEM to the machine.
+- **OSEdition** Retrieves the version of the current OS.
+- **OSInstallType** Retrieves a numeric description of what install was used on the device i.e. clean, upgrade, refresh, reset, etc
+- **OSOOBEDateTime** Retrieves Out of Box Experience (OOBE) Date in Coordinated Universal Time (UTC).
+- **OSSKU** Retrieves the Friendly Name of OS Edition.
+- **OSSubscriptionStatus** Represents the existing status for enterprise subscription feature for PRO machines.
+- **OSSubscriptionTypeId** Returns boolean for enterprise subscription feature for selected PRO machines.
+- **OSTimeZoneBiasInMins** Retrieves the time zone set on machine.
+- **OSUILocale** Retrieves the locale of the UI that is currently used by the OS.
+- **ProductActivationResult** Returns Boolean if the OS Activation was successful.
+- **ProductActivationTime** Returns the OS Activation time for tracking piracy issues.
+- **ProductKeyID2** Retrieves the License key if the machine is updated with a new license key.
+- **RACw7Id** Retrieves the Microsoft Reliability Analysis Component (RAC) Win7 Identifier. RAC is used to monitor and analyze system usage and reliability.
+- **ServiceMachineIP** Retrieves the IP address of the KMS host used for anti-piracy.
+- **ServiceMachinePort** Retrieves the port of the KMS host used for anti-piracy.
+- **ServiceProductKeyID** Retrieves the License key of the KMS
+- **SharedPCMode** Returns Boolean for education devices used as shared cart
+- **Signature** Retrieves if it is a signature machine sold by Microsoft store.
+- **SLICStatus** Whether a SLIC table exists on the device.
+- **SLICVersion** Returns OS type/version from SLIC table.
+
+
+### Census.PrivacySettings
+
+This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **AppointmentsSystem** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **ChatSystem** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **ContactsSystem** Current state of the Contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **EmailSystem** Current state of the email setting.
+- **FindMyDevice** Current state of the "find my device" setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **LocationHistoryCloudSync** Current state of the location history cloud sync setting.
+- **LocationHistoryOnTimeline** Current state of the location history on timeline setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PhoneCallHistorySystem** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserDataTasksSystem** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
+### Census.Processor
+
+This event sends data about the processor to help keep Windows up to date.
+
+The following fields are available:
+
+- **KvaShadow** This is the micro code information of the processor.
+- **MMSettingOverride** Microcode setting of the processor.
+- **MMSettingOverrideMask** Microcode setting override of the processor.
+- **PreviousUpdateRevision** Previous microcode revision
+- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system.
+- **ProcessorClockSpeed** Clock speed of the processor in MHz.
+- **ProcessorCores** Number of logical cores in the processor.
+- **ProcessorIdentifier** Processor Identifier of a manufacturer.
+- **ProcessorManufacturer** Name of the processor manufacturer.
+- **ProcessorModel** Name of the processor model.
+- **ProcessorPhysicalCores** Number of physical cores in the processor.
+- **ProcessorUpdateRevision** The microcode revision.
+- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status
+- **SocketCount** Count of CPU sockets.
+- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability.
+
+
+### Census.Security
+
+This event provides information on about security settings used to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
+- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
+- **DGState** This field summarizes the Device Guard state.
+- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running.
+- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
+- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
+- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
+- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
+- **SModeState** The Windows S mode trail state.
+- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
+
+
+### Census.Speech
+
+This event is used to gather basic speech settings on the device.
+
+The following fields are available:
+
+- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked.
+- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities.
+- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
+- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices.
+- **KeyVer** Version information for the census speech event.
+- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
+- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities.
+- **RemotelyManaged** Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
+- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
+- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device.
+- **SpeechServicesValueSource** Indicates the deciding factor for the effective online speech recognition privacy policy settings: remote admin, local admin, or user preference.
+
+
+### Census.Storage
+
+This event sends data about the total capacity of the system volume and primary disk, to help keep Windows up to date.
+
+The following fields are available:
+
+- **PrimaryDiskTotalCapacity** Retrieves the amount of disk space on the primary disk of the device in MB.
+- **PrimaryDiskType** Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any).
+- **StorageReservePassedPolicy** Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device.
+- **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB.
+
+
+### Census.Userdefault
+
+This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CalendarType** The calendar identifiers that are used to specify different calendars.
+- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf.
+- **DefaultBrowserProgId** The ProgramId of the current user's default browser.
+- **LongDateFormat** The long date format the user has selected.
+- **ShortDateFormat** The short date format the user has selected.
+
+
+### Census.UserDisplay
+
+This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system, to help keep Windows up to date.
+
+The following fields are available:
+
+- **InternalPrimaryDisplayLogicalDPIX** Retrieves the logical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayLogicalDPIY** Retrieves the logical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIX** Retrieves the physical DPI in the x-direction of the internal display.
+- **InternalPrimaryDisplayPhysicalDPIY** Retrieves the physical DPI in the y-direction of the internal display.
+- **InternalPrimaryDisplayResolutionHorizontal** Retrieves the number of pixels in the horizontal direction of the internal display.
+- **InternalPrimaryDisplayResolutionVertical** Retrieves the number of pixels in the vertical direction of the internal display.
+- **InternalPrimaryDisplaySizePhysicalH** Retrieves the physical horizontal length of the display in mm. Used for calculating the diagonal length in inches .
+- **InternalPrimaryDisplaySizePhysicalY** Retrieves the physical vertical length of the display in mm. Used for calculating the diagonal length in inches
+- **NumberofExternalDisplays** Retrieves the number of external displays connected to the machine
+- **NumberofInternalDisplays** Retrieves the number of internal displays in a machine.
+- **VRAMDedicated** Retrieves the video RAM in MB.
+- **VRAMDedicatedSystem** Retrieves the amount of memory on the dedicated video card.
+- **VRAMSharedSystem** Retrieves the amount of RAM memory that the video card can use.
+
+
+### Census.UserNLS
+
+This event sends data about the default app language, input, and display language preferences set by the user, to help keep Windows up to date.
+
+The following fields are available:
+
+- **DefaultAppLanguage** The current user Default App Language.
+- **DisplayLanguage** The current user preferred Windows Display Language.
+- **HomeLocation** The current user location, which is populated using GetUserGeoId() function.
+- **KeyboardInputLanguages** The Keyboard input languages installed on the device.
+- **SpeechInputLanguages** The Speech Input languages installed on the device.
+
+
+### Census.UserPrivacySettings
+
+This event provides information about the current users privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represents the authority that set the value. The effective consent is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = user, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings.
+
+The following fields are available:
+
+- **Activity** Current state of the activity history setting.
+- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting.
+- **ActivityHistoryCollection** Current state of the activity history collection setting.
+- **AdvertisingId** Current state of the advertising ID setting.
+- **AppDiagnostics** Current state of the app diagnostics setting.
+- **Appointments** Current state of the calendar setting.
+- **AppointmentsSystem** Current state of the calendar setting.
+- **Bluetooth** Current state of the Bluetooth capability setting.
+- **BluetoothSync** Current state of the Bluetooth sync capability setting.
+- **BroadFileSystemAccess** Current state of the broad file system access setting.
+- **CellularData** Current state of the cellular data capability setting.
+- **Chat** Current state of the chat setting.
+- **ChatSystem** Current state of the chat setting.
+- **Contacts** Current state of the contacts setting.
+- **ContactsSystem** Current state of the Contacts setting.
+- **DocumentsLibrary** Current state of the documents library setting.
+- **Email** Current state of the email setting.
+- **EmailSystem** Current state of the email setting.
+- **GazeInput** Current state of the gaze input setting.
+- **HumanInterfaceDevice** Current state of the human interface device setting.
+- **InkTypeImprovement** Current state of the improve inking and typing setting.
+- **InkTypePersonalization** Current state of the inking and typing personalization setting.
+- **Location** Current state of the location setting.
+- **LocationHistory** Current state of the location history setting.
+- **LocationHistoryCloudSync** Current state of the location history cloud sync setting.
+- **LocationHistoryOnTimeline** Current state of the location history on timeline setting.
+- **Microphone** Current state of the microphone setting.
+- **PhoneCall** Current state of the phone call setting.
+- **PhoneCallHistory** Current state of the call history setting.
+- **PhoneCallHistorySystem** Current state of the call history setting.
+- **PicturesLibrary** Current state of the pictures library setting.
+- **Radios** Current state of the radios setting.
+- **SensorsCustom** Current state of the custom sensor setting.
+- **SerialCommunication** Current state of the serial communication setting.
+- **Sms** Current state of the text messaging setting.
+- **SpeechPersonalization** Current state of the speech services setting.
+- **USB** Current state of the USB setting.
+- **UserAccountInformation** Current state of the account information setting.
+- **UserDataTasks** Current state of the tasks setting.
+- **UserDataTasksSystem** Current state of the tasks setting.
+- **UserNotificationListener** Current state of the notifications setting.
+- **VideosLibrary** Current state of the videos library setting.
+- **Webcam** Current state of the camera setting.
+- **WiFiDirect** Current state of the Wi-Fi direct setting.
+
+
+### Census.VM
+
+This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date.
+
+The following fields are available:
+
+- **CloudService** Indicates which cloud service, if any, that this virtual machine is running within.
+- **HyperVisor** Retrieves whether the current OS is running on top of a Hypervisor.
+- **IOMMUPresent** Represents if an input/output memory management unit (IOMMU) is present.
+- **IsVDI** Is the device using Virtual Desktop Infrastructure?
+- **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors.
+- **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware.
+- **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware.
+
+
+### Census.WU
+
+This event sends data about the Windows update server and other App store policies, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AppraiserGatedStatus** Indicates whether a device has been gated for upgrading.
+- **AppStoreAutoUpdate** Retrieves the Appstore settings for auto upgrade. (Enable/Disabled).
+- **AppStoreAutoUpdateMDM** Retrieves the App Auto Update value for MDM: 0 - Disallowed. 1 - Allowed. 2 - Not configured. Default: [2] Not configured
+- **AppStoreAutoUpdatePolicy** Retrieves the Microsoft Store App Auto Update group policy setting
+- **DelayUpgrade** Retrieves the Windows upgrade flag for delaying upgrades.
+- **OSAssessmentFeatureOutOfDate** How many days has it been since a the last feature update was released but the device did not install it?
+- **OSAssessmentForFeatureUpdate** Is the device is on the latest feature update?
+- **OSAssessmentForQualityUpdate** Is the device on the latest quality update?
+- **OSAssessmentForSecurityUpdate** Is the device on the latest security update?
+- **OSAssessmentQualityOutOfDate** How many days has it been since a the last quality update was released but the device did not install it?
+- **OSAssessmentReleaseInfoTime** The freshness of release information used to perform an assessment.
+- **OSRollbackCount** The number of times feature updates have rolled back on the device.
+- **OSRolledBack** A flag that represents when a feature update has rolled back during setup.
+- **OSUninstalled** A flag that represents when a feature update is uninstalled on a device .
+- **OSWUAutoUpdateOptions** Retrieves the auto update settings on the device.
+- **OSWUAutoUpdateOptionsSource** The source of auto update setting that appears in the OSWUAutoUpdateOptions field. For example: Group Policy (GP), Mobile Device Management (MDM), and Default.
+- **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently.
+- **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS).
+- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates.
+- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades.
+- **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network.
+- **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier.
+- **WUPauseState** Retrieves WU setting to determine if updates are paused.
+- **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default).
+
+
+## Common data extensions
+
+### Common Data Extensions.app
+
+Describes the properties of the running application. This extension could be populated by a client app or a web app.
+
+The following fields are available:
+
+- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session.
+- **env** The environment from which the event was logged.
+- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
+- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application.
+- **locale** The locale of the app.
+- **name** The name of the app.
+- **userId** The userID as known by the application.
+- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app.
+
+
+### Common Data Extensions.container
+
+Describes the properties of the container for events logged within a container.
+
+The following fields are available:
+
+- **epoch** An ID that's incremented for each SDK initialization.
+- **localId** The device ID as known by the client.
+- **osVer** The operating system version.
+- **seq** An ID that's incremented for each event.
+- **type** The container type. Examples: Process or VMHost
+
+
+### Common Data Extensions.device
+
+Describes the device-related fields.
+
+The following fields are available:
+
+- **deviceClass** The device classification. For example, Desktop, Server, or Mobile.
+- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId
+- **make** Device manufacturer.
+- **model** Device model.
+
+
+### Common Data Extensions.Envelope
+
+Represents an envelope that contains all of the common data extensions.
+
+The following fields are available:
+
+- **data** Represents the optional unique diagnostic data for a particular event schema.
+- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp).
+- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer).
+- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice).
+- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv).
+- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos).
+- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk).
+- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser).
+- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc).
+- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl).
+- **iKey** Represents an ID for applications or other logical groupings of events.
+- **name** Represents the uniquely qualified name for the event.
+- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.mscv
+
+Describes the correlation vector-related fields.
+
+The following fields are available:
+
+- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries.
+
+
+### Common Data Extensions.os
+
+Describes some properties of the operating system.
+
+The following fields are available:
+
+- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot.
+- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema.
+- **locale** Represents the locale of the operating system.
+- **name** Represents the operating system name.
+- **ver** Represents the major and minor version of the extension.
+
+
+### Common Data Extensions.sdk
+
+Used by platform specific libraries to record fields that are required for a specific SDK.
+
+The following fields are available:
+
+- **epoch** An ID that is incremented for each SDK initialization.
+- **installId** An ID that's created during the initialization of the SDK for the first time.
+- **libVer** The SDK version.
+- **seq** An ID that is incremented for each event.
+- **ver** The version of the logging SDK.
+
+
+### Common Data Extensions.user
+
+Describes the fields related to a user.
+
+The following fields are available:
+
+- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token.
+- **locale** The language and region.
+- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID.
+
+
+### Common Data Extensions.utc
+
+Describes the properties that could be populated by a logging library on Windows.
+
+The following fields are available:
+
+- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW.
+- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number
+- **cat** Represents a bitmask of the ETW Keywords associated with the event.
+- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer.
+- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency.
+- **flags** Represents the bitmap that captures various Windows specific flags.
+- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event.
+- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence
+- **op** Represents the ETW Op Code.
+- **pgName** The short form of the provider group name associated with the event.
+- **popSample** Represents the effective sample rate for this event at the time it was generated by a client.
+- **providerGuid** The ETW provider ID associated with the provider name.
+- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW.
+- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server.
+- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
+- **wcmp** The Windows Shell Composer ID.
+- **wPId** The Windows Core OS product ID.
+- **wsId** The Windows Core OS session ID.
+
+
+### Common Data Extensions.xbl
+
+Describes the fields that are related to XBOX Live.
+
+The following fields are available:
+
+- **claims** Any additional claims whose short claim name hasn't been added to this structure.
+- **did** XBOX device ID
+- **dty** XBOX device type
+- **dvr** The version of the operating system on the device.
+- **eid** A unique ID that represents the developer entity.
+- **exp** Expiration time
+- **ip** The IP address of the client device.
+- **nbf** Not before time
+- **pid** A comma separated list of PUIDs listed as base10 numbers.
+- **sbx** XBOX sandbox identifier
+- **sid** The service instance ID.
+- **sty** The service type.
+- **tid** The XBOX Live title ID.
+- **tvr** The XBOX Live title version.
+- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
+- **xid** A list of base10-encoded XBOX User IDs.
+
+
+## Common data fields
+
+### Ms.Device.DeviceInventoryChange
+
+Describes the installation state for all hardware and software components available on a particular device.
+
+The following fields are available:
+
+- **action** The change that was invoked on a device inventory object.
+- **inventoryId** Device ID used for Compatibility testing
+- **objectInstanceId** Object identity which is unique within the device scope.
+- **objectType** Indicates the object type that the event applies to.
+- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
+
+
+## Component-based servicing events
+
+### CbsServicingProvider.CbsCapabilityEnumeration
+
+This event reports on the results of scanning for optional Windows content on Windows Update.
+
+The following fields are available:
+
+- **architecture** Indicates the scan was limited to the specified architecture.
+- **capabilityCount** The number of optional content packages found during the scan.
+- **clientId** The name of the application requesting the optional content.
+- **duration** The amount of time it took to complete the scan.
+- **hrStatus** The HReturn code of the scan.
+- **language** Indicates the scan was limited to the specified language.
+- **majorVersion** Indicates the scan was limited to the specified major version.
+- **minorVersion** Indicates the scan was limited to the specified minor version.
+- **namespace** Indicates the scan was limited to packages in the specified namespace.
+- **sourceFilter** A bitmask indicating the scan checked for locally available optional content.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionFinalize
+
+This event provides information about the results of installing or uninstalling optional Windows content from Windows Update.
+
+The following fields are available:
+
+- **capabilities** The names of the optional content packages that were installed.
+- **clientId** The name of the application requesting the optional content.
+- **currentID** The ID of the current install session.
+- **downloadSource** The source of the download.
+- **highestState** The highest final install state of the optional content.
+- **hrLCUReservicingStatus** Indicates whether the optional content was updated to the latest available version.
+- **hrStatus** The HReturn code of the install operation.
+- **rebootCount** The number of reboots required to complete the install.
+- **retryID** The session ID that will be used to retry a failed operation.
+- **retryStatus** Indicates whether the install will be retried in the event of failure.
+- **stackBuild** The build number of the servicing stack.
+- **stackMajorVersion** The major version number of the servicing stack.
+- **stackMinorVersion** The minor version number of the servicing stack.
+- **stackRevision** The revision number of the servicing stack.
+
+
+### CbsServicingProvider.CbsCapabilitySessionPended
+
+This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date.
+
+The following fields are available:
+
+- **clientId** The name of the application requesting the optional content.
+- **pendingDecision** Indicates the cause of reboot, if applicable.
+
+
+### CbsServicingProvider.CbsQualityUpdateInstall
+
+This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date.
+
+The following fields are available:
+
+- **buildVersion** The build version number of the update package.
+- **clientId** The name of the application requesting the optional content.
+- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device.
+- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure.
+- **currentStateEnd** The final state of the package after the operation has completed.
+- **doqTimeSeconds** The time in seconds spent updating drivers.
+- **executeTimeSeconds** The number of seconds required to execute the install.
+- **failureDetails** The driver or installer that caused the update to fail.
+- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred.
+- **hrStatusEnd** The return code of the install operation.
+- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file.
+- **majorVersion** The major version number of the update package.
+- **minorVersion** The minor version number of the update package.
+- **originalState** The starting state of the package.
+- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation.
+- **planTimeSeconds** The time in seconds required to plan the update operations.
+- **poqTimeSeconds** The time in seconds processing file and registry operations.
+- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update.
+- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot.
+- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed.
+- **rebootCount** The number of reboots required to install the update.
+- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update.
+- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update.
+- **revisionVersion** The revision version number of the update package.
+- **rptTimeSeconds** The time in seconds spent executing installer plugins.
+- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update.
+- **stackRevision** The revision number of the servicing stack.
+- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update.
+
+
+### CbsServicingProvider.CbsSelectableUpdateChangeV2
+
+This event reports the results of enabling or disabling optional Windows Content to keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateState** Indicates the highest applicable state of the optional content.
+- **buildVersion** The build version of the package being installed.
+- **clientId** The name of the application requesting the optional content change.
+- **downloadSource** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **downloadtimeInSeconds** Indicates if optional content was obtained from Windows Update or a locally accessible file.
+- **executionID** A unique ID used to identify events associated with a single servicing operation and not reused for future operations.
+- **executionSequence** A counter that tracks the number of servicing operations attempted on the device.
+- **firstMergedExecutionSequence** The value of a pervious executionSequence counter that is being merged with the current operation, if applicable.
+- **firstMergedID** A unique ID of a pervious servicing operation that is being merged with this operation, if applicable.
+- **hrDownloadResult** The return code of the download operation.
+- **hrStatusUpdate** The return code of the servicing operation.
+- **identityHash** A pseudonymized (hashed) identifier for the Windows Package that is being installed or uninstalled.
+- **initiatedOffline** Indicates whether the operation was performed against an offline Windows image file or a running instance of Windows.
+- **majorVersion** The major version of the package being installed.
+- **minorVersion** The minor version of the package being installed.
+- **packageArchitecture** The architecture of the package being installed.
+- **packageLanguage** The language of the package being installed.
+- **packageName** The name of the package being installed.
+- **rebootRequired** Indicates whether a reboot is required to complete the operation.
+- **revisionVersion** The revision number of the package being installed.
+- **stackBuild** The build number of the servicing stack binary performing the installation.
+- **stackMajorVersion** The major version number of the servicing stack binary performing the installation.
+- **stackMinorVersion** The minor version number of the servicing stack binary performing the installation.
+- **stackRevision** The revision number of the servicing stack binary performing the installation.
+- **updateName** The name of the optional Windows Operation System feature being enabled or disabled.
+- **updateStartState** A value indicating the state of the optional content before the operation started.
+- **updateTargetState** A value indicating the desired state of the optional content.
+
+
+## Diagnostic data events
+
+### TelClientSynthetic.AbnormalShutdown_0
+
+This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date.
+
+The following fields are available:
+
+- **AbnormalShutdownBootId** BootId of the abnormal shutdown being reported by this event.
+- **AbsCausedbyAutoChk** This flag is set when AutoCheck forces a device restart to indicate that the shutdown was not an abnormal shutdown.
+- **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in.
+- **BatteryLevelAtLastShutdown** The last recorded battery level.
+- **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown.
+- **CrashDumpEnabled** Are crash dumps enabled?
+- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset.
+- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported.
+- **Firmwaredata->ResetReasonEmbeddedController** The reset reason that was supplied by the firmware.
+- **Firmwaredata->ResetReasonEmbeddedControllerAdditional** Additional data related to reset reason provided by the firmware.
+- **Firmwaredata->ResetReasonPch** The reset reason that was supplied by the hardware.
+- **Firmwaredata->ResetReasonPchAdditional** Additional data related to the reset reason supplied by the hardware.
+- **Firmwaredata->ResetReasonSupplied** Indicates whether the firmware supplied any reset reason or not.
+- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType.
+- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset.
+- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not.
+- **InvalidBootStat** This is a sanity check flag that ensures the validity of the bootstat file.
+- **LastBugCheckBootId** bootId of the last captured crash.
+- **LastBugCheckCode** Code that indicates the type of error.
+- **LastBugCheckContextFlags** Additional crash dump settings.
+- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save.
+- **LastBugCheckOtherSettings** Other crash dump settings.
+- **LastBugCheckParameter1** The first parameter with additional info on the type of the error.
+- **LastBugCheckProgress** Progress towards writing out the last crash dump.
+- **LastBugCheckVersion** The version of the information struct written during the crash.
+- **LastSuccessfullyShutdownBootId** BootId of the last fully successful shutdown.
+- **LongPowerButtonPressDetected** Identifies if the user was pressing and holding power button.
+- **OOBEInProgress** Identifies if OOBE is running.
+- **OSSetupInProgress** Identifies if the operating system setup is running.
+- **PowerButtonCumulativePressCount** How many times has the power button been pressed?
+- **PowerButtonCumulativeReleaseCount** How many times has the power button been released?
+- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record power button metrics.
+- **PowerButtonLastPressBootId** BootId of the last time the power button was pressed.
+- **PowerButtonLastPressTime** Date and time of the last time the power button was pressed.
+- **PowerButtonLastReleaseBootId** BootId of the last time the power button was released.
+- **PowerButtonLastReleaseTime** Date and time of the last time the power button was released.
+- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed.
+- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed.
+- **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on.
+- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press.
+- **RegKeyLastShutdownBootId** The last recorded boot ID.
+- **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API.
+- **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition.
+- **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file.
+- **SleepCheckpointStatus** Indicates whether the checkpoint information is valid.
+- **StaleBootStatData** Identifies if the data from bootstat is stale.
+- **TransitionInfoBootId** BootId of the captured transition info.
+- **TransitionInfoCSCount** l number of times the system transitioned from Connected Standby mode.
+- **TransitionInfoCSEntryReason** Indicates the reason the device last entered Connected Standby mode.
+- **TransitionInfoCSExitReason** Indicates the reason the device last exited Connected Standby mode.
+- **TransitionInfoCSInProgress** At the time the last marker was saved, the system was in or entering Connected Standby mode.
+- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp,
+- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved.
+- **TransitionInfoLidState** Describes the state of the laptop lid.
+- **TransitionInfoPowerButtonTimestamp** The date and time of the last time the power button was pressed.
+- **TransitionInfoSleepInProgress** At the time the last marker was saved, the system was in or entering sleep mode.
+- **TransitionInfoSleepTranstionsToOn** Total number of times the device transitioned from sleep mode.
+- **TransitionInfoSystemRunning** At the time the last marker was saved, the device was running.
+- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed.
+- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed.
+- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition.
+- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint.
+- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational.
+- **VirtualMachineId** If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host.
+
+
+### TelClientSynthetic.AuthorizationInfo_RuntimeTransition
+
+This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect.
+
+The following fields are available:
+
+- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise.
+- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise.
+- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise.
+- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise.
+- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise.
+- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise.
+- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise.
+- **CanReportScenarios** True if we can report scenario completions, false otherwise.
+- **PreviousPermissions** Bitmask of previous telemetry state.
+- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise.
+
+
+### TelClientSynthetic.AuthorizationInfo_Startup
+
+Fired by UTC at startup to signal what data we are allowed to collect.
+
+The following fields are available:
+
+- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise.
+- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise.
+- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise.
+- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise.
+- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise.
+- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise.
+- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise.
+- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise.
+- **CanReportScenarios** True if we can report scenario completions, false otherwise.
+- **PreviousPermissions** Bitmask of previous telemetry state.
+- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise.
+
+
+### TelClientSynthetic.ConnectivityHeartBeat_0
+
+This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network.
+
+The following fields are available:
+
+- **CensusExitCode** Returns last execution codes from census client run.
+- **CensusStartTime** Returns timestamp corresponding to last successful census run.
+- **CensusTaskEnabled** Returns Boolean value for the census task (Enable/Disable) on client machine.
+- **LastConnectivityLossTime** Retrieves the last time the device lost free network.
+- **NetworkState** Retrieves the network state: 0 = No network. 1 = Restricted network. 2 = Free network.
+- **NoNetworkTime** Retrieves the time spent with no network (since the last time) in seconds.
+- **RestrictedNetworkTime** Retrieves the time spent on a metered (cost restricted) network in seconds.
+
+
+### TelClientSynthetic.EventMonitor_0
+
+This event provides statistics for specific diagnostic events.
+
+The following fields are available:
+
+- **ConsumerCount** The number of instances seen in the Event Tracing for Windows consumer.
+- **EventName** The name of the event being monitored.
+- **EventSnFirst** The expected first event serial number.
+- **EventSnLast** The expected last event serial number.
+- **EventStoreCount** The number of events reaching the event store.
+- **MonitorSn** The serial number of the monitor.
+- **TriggerCount** The number of events reaching the trigger buffer.
+- **UploadedCount** The number of events uploaded.
+
+
+### TelClientSynthetic.GetFileInfoAction_FilePathNotApproved_0
+
+This event occurs when the DiagTrack escalation fails due to the scenario requesting a path that is not approved for GetFileInfo actions.
+
+The following fields are available:
+
+- **FilePath** The unexpanded path in the scenario XML.
+- **FilePathExpanded** The file path, with environment variables expanded.
+- **FilePathExpandedScenario** The file path, with property identifiers and environment variables expanded.
+- **ScenarioId** The globally unique identifier (GUID) of the scenario.
+- **ScenarioInstanceId** The error code denoting which path failed (internal or external).
+
+
+### TelClientSynthetic.HeartBeat_5
+
+This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device.
+
+The following fields are available:
+
+- **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel.
+- **CensusExitCode** The last exit code of the Census task.
+- **CensusStartTime** Time of last Census run.
+- **CensusTaskEnabled** True if Census is enabled, false otherwise.
+- **CompressedBytesUploaded** Number of compressed bytes uploaded.
+- **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client.
+- **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer.
+- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling.
+- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB.
+- **DbCriticalDroppedCount** Total number of dropped critical events in event DB.
+- **DbDroppedCount** Number of events dropped due to DB fullness.
+- **DbDroppedFailureCount** Number of events dropped due to DB failures.
+- **DbDroppedFullCount** Number of events dropped due to DB fullness.
+- **DecodingDroppedCount** Number of events dropped due to decoding failures.
+- **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated.
+- **EtwDroppedBufferCount** Number of buffers dropped in the UTC ETW session.
+- **EtwDroppedCount** Number of events dropped at ETW layer of telemetry client.
+- **EventsPersistedCount** Number of events that reached the PersistEvent stage.
+- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC.
+- **EventStoreResetCounter** Number of times event DB was reset.
+- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance.
+- **EventsUploaded** Number of events uploaded.
+- **Flags** Flags indicating device state such as network state, battery state, and opt-in state.
+- **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full.
+- **HeartBeatSequenceNumber** The sequence number of this heartbeat.
+- **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex.
+- **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel.
+- **LastEventSizeOffender** Event name of last event which exceeded max event size.
+- **LastInvalidHttpCode** Last invalid HTTP code received from Vortex.
+- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe.
+- **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC.
+- **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events).
+- **PrivacyBlockedCount** The number of events blocked due to privacy settings or tags.
+- **RepeatedUploadFailureDropped** Number of events lost due to repeated upload failures for a single buffer.
+- **SettingsHttpAttempts** Number of attempts to contact OneSettings service.
+- **SettingsHttpFailures** The number of failures from contacting the OneSettings service.
+- **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers.
+- **TopUploaderErrors** List of top errors received from the upload endpoint.
+- **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client.
+- **UploaderErrorCount** Number of errors received from the upload endpoint.
+- **VortexFailuresTimeout** The number of timeout failures received from Vortex.
+- **VortexHttpAttempts** Number of attempts to contact Vortex.
+- **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex.
+- **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex.
+- **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400.
+- **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event.
+
+
+### TelClientSynthetic.HeartBeat_Agent_5
+
+This event sends data about the health and quality of the diagnostic data from the specified device (agent), to help keep Windows up to date.
+
+The following fields are available:
+
+- **ConsumerDroppedCount** The number of events dropped at the consumer layer of the diagnostic data collection client.
+- **ContainerBufferFullDropCount** The number of events dropped due to the container buffer being full.
+- **ContainerBufferFullSevilleDropCount** The number of “Seville” events dropped due to the container buffer being full.
+- **CriticalDataThrottleDroppedCount** The number of critical data sampled events dropped due to data throttling.
+- **DecodingDroppedCount** The number of events dropped due to decoding failures.
+- **EtwDroppedBufferCount** The number of buffers dropped in the ETW (Event Tracing for Windows) session.
+- **EtwDroppedCount** The number of events dropped at the ETW (Event Tracing for Windows) layer of the diagnostic data collection client on the user’s device.
+- **EventsForwardedToHost** The number of events forwarded from agent (device) to host (server).
+- **FullTriggerBufferDroppedCount** The number of events dropped due to the trigger buffer being full.
+- **HeartBeatSequenceNumber** The heartbeat sequence number associated with this event.
+- **HostConnectionErrorsCount** The number of non-timeout errors encountered in the host (server)/agent (device) socket transport channel.
+- **HostConnectionTimeoutsCount** The number of connection timeouts between the host (server) and agent (device).
+- **LastHostConnectionError** The last error from a connection between host (server) and agent (device).
+- **PreviousHeartBeatTime** The timestamp of the last heartbeat event.
+- **ThrottledDroppedCount** The number of events dropped due to throttling of “noisy” providers.
+
+
+### TelClientSynthetic.HeartBeat_DevHealthMon_5
+
+This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up-to-date with the latest security and safety features.
+
+The following fields are available:
+
+- **HeartBeatSequenceNumber** The heartbeat sequence number associated with this event.
+- **PreviousHeartBeatTime** The timestamp of the last heartbeat event.
+
+
+### TelClientSynthetic.LifetimeManager_ConsumerBaseTimestampChange_0
+
+This event sends data when the Windows Diagnostic data collection mechanism detects a timestamp adjustment for incoming diagnostic events. This data is critical for dealing with time changes during diagnostic data analysis, to help keep the device up to date.
+
+The following fields are available:
+
+- **NewBaseTime** The new QPC (Query Performance Counter) base time from ETW (Event Tracing for Windows).
+- **NewSystemTime** The new system time of the device.
+- **OldSystemTime** The previous system time of the device.
+
+
+### TelClientSynthetic.MatchEngine_ScenarioCompletionThrottled_0
+
+This event sends data when scenario completion is throttled (truncated or otherwise restricted) because the scenario is excessively large.
+
+The following fields are available:
+
+- **MaxHourlyCompletionsSetting** The maximum number of scenario completions per hour until throttling kicks in.
+- **ScenarioId** The globally unique identifier (GUID) of the scenario being throttled.
+- **ScenarioName** The name of the scenario being throttled.
+
+
+### TelClientSynthetic.OsEvents_BootStatReset_0
+
+This event sends data when the Windows diagnostic data collection mechanism resets the Boot ID. This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **BootId** The current Boot ID.
+- **ResetReason** The reason code for resetting the Boot ID.
+
+
+### TelClientSynthetic.ProducerThrottled_At_TriggerBuffer_0
+
+This event sends data when a producer is throttled due to the trigger buffer exceeding defined thresholds.
+
+The following fields are available:
+
+- **BufferSize** The size of the trigger buffer.
+- **DataType** The type of event that this producer generates (Event Tracing for Windows, Time, Synthetic).
+- **EstSeenCount** Estimated total number of inputs determining other “Est…” values.
+- **EstTopEvent1Count** The count for estimated “noisiest” event from this producer.
+- **EstTopEvent1Name** The name for estimated “noisiest” event from this producer.
+- **EstTopEvent2Count** The count for estimated second “noisiest” event from this producer.
+- **EstTopEvent2Name** The name for estimated second “noisiest” event from this producer.
+- **Hit** The number of events seen from this producer.
+- **IKey** The IKey identifier of the producer, if available.
+- **ProviderId** The provider ID of the producer being throttled.
+- **ProviderName** The provider name of the producer being throttled.
+- **Threshold** The threshold crossed, which caused the throttling.
+
+
+### TelClientSynthetic.ProducerThrottled_Event_Rate_0
+
+This event sends data when an event producer is throttled by the Windows Diagnostic data collection mechanism. This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **EstSeenCount** Estimated total number of inputs determining other “Est…” values.
+- **EstTopEvent1Count** The count for estimated “noisiest” event from this producer.
+- **EstTopEvent1Name** The name for estimated “noisiest” event from this producer.
+- **EstTopEvent2Count** The count for estimated second “noisiest” event from this producer.
+- **EstTopEvent2Name** The name for estimated second “noisiest” event from this producer.
+- **EventPerProviderThreshold** The trigger point for throttling (value for each provider). This value is only applied once EventRateThreshold has been met.
+- **EventRateThreshold** The total event rate trigger point for throttling.
+- **Hit** The number of events seen from this producer.
+- **IKey** The IKey identifier of the producer, if available.
+- **ProviderId** The provider ID of the producer being throttled.
+- **ProviderName** The provider name of the producer being throttled.
+
+
+### TelClientSynthetic.RunExeWithArgsAction_ExeTerminated_0
+
+This event sends data when an executable (EXE) file is terminated during escalation because it exceeded its maximum runtime (the maximum amount of time it was expected to run). This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **ExpandedExeName** The expanded name of the executable (EXE) file.
+- **MaximumRuntimeMs** The maximum runtime (in milliseconds) for this action.
+- **ScenarioId** The globally unique identifier (GUID) of the scenario that was terminated.
+- **ScenarioInstanceId** The globally unique identifier (GUID) of the scenario instance that was terminated.
+
+
+### TelClientSynthetic.RunExeWithArgsAction_ProcessReturnedNonZeroExitCode
+
+This event sends data when the RunExe process finishes during escalation, but returns a non-zero exit code. This data helps ensure Windows is up to date.
+
+The following fields are available:
+
+- **ExitCode** The exit code of the process
+- **ExpandedExeName** The expanded name of the executable (EXE) file.
+- **ScenarioId** The globally unique identifier (GUID) of the escalating scenario.
+- **ScenarioInstanceId** The globally unique identifier (GUID) of the scenario instance.
+
+
+### TelClientSynthetic.ServiceMain_DevHealthMonEvent
+
+This event is a low latency health alert that is part of the 4Nines device health monitoring feature currently available on Surface Hub devices. For a device that is opted in, this event is sent before shutdown to signal that the device is about to be powered down.
+
+
+
+## Driver installation events
+
+### Microsoft.Windows.DriverInstall.DeviceInstall
+
+This critical event sends information about the driver installation that took place.
+
+The following fields are available:
+
+- **ClassGuid** The unique ID for the device class.
+- **ClassLowerFilters** The list of lower filter class drivers.
+- **ClassUpperFilters** The list of upper filter class drivers.
+- **CoInstallers** The list of coinstallers.
+- **ConfigFlags** The device configuration flags.
+- **DeviceConfigured** Indicates whether this device was configured through the kernel configuration.
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **DeviceStack** The device stack of the driver being installed.
+- **DriverDate** The date of the driver.
+- **DriverDescription** A description of the driver function.
+- **DriverInfName** Name of the INF file (the setup information file) for the driver.
+- **DriverInfSectionName** Name of the DDInstall section within the driver INF file.
+- **DriverPackageId** The ID of the driver package that is staged to the driver store.
+- **DriverProvider** The driver manufacturer or provider.
+- **DriverUpdated** Indicates whether the driver is replacing an old driver.
+- **DriverVersion** The version of the driver file.
+- **EndTime** The time the installation completed.
+- **Error** Provides the WIN32 error code for the installation.
+- **ExtensionDrivers** List of extension drivers that complement this installation.
+- **FinishInstallAction** Indicates whether the co-installer invoked the finish-install action.
+- **FinishInstallUI** Indicates whether the installation process shows the user interface.
+- **FirmwareDate** The firmware date that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareRevision** The firmware revision that will be stored in the EFI System Resource Table (ESRT).
+- **FirmwareVersion** The firmware version that will be stored in the EFI System Resource Table (ESRT).
+- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description.
+- **FlightIds** A list of the different Windows Insider builds on the device.
+- **GenericDriver** Indicates whether the driver is a generic driver.
+- **Inbox** Indicates whether the driver package is included with Windows.
+- **InstallDate** The date the driver was installed.
+- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description.
+- **LegacyInstallReasonError** The error code for the legacy installation.
+- **LowerFilters** The list of lower filter drivers.
+- **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance.
+- **NeedReboot** Indicates whether the driver requires a reboot.
+- **OriginalDriverInfName** The original name of the INF file before it was renamed.
+- **ParentDeviceInstanceId** The device instance ID of the parent of the device.
+- **PendedUntilReboot** Indicates whether the installation is pending until the device is rebooted.
+- **Problem** Error code returned by the device after installation.
+- **ProblemStatus** The status of the device after the driver installation.
+- **SecondaryDevice** Indicates whether the device is a secondary device.
+- **ServiceName** The service name of the driver.
+- **SetupMode** Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed.
+- **StartTime** The time when the installation started.
+- **SubmissionId** The driver submission identifier assigned by the Windows Hardware Development Center.
+- **UpperFilters** The list of upper filter drivers.
+
+
+### Microsoft.Windows.DriverInstall.NewDevInstallDeviceEnd
+
+This event sends data about the driver installation once it is completed.
+
+The following fields are available:
+
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **DriverUpdated** Indicates whether the driver was updated.
+- **Error** The Win32 error code of the installation.
+- **FlightId** The ID of the Windows Insider build the device received.
+- **InstallDate** The date the driver was installed.
+- **InstallFlags** The driver installation flags.
+- **RebootRequired** Indicates whether a reboot is required after the installation.
+- **RollbackPossible** Indicates whether this driver can be rolled back.
+- **WuTargetedHardwareId** Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update.
+- **WuUntargetedHardwareId** Indicates that the driver was installed because Windows Update performed a generic driver update for all devices of that hardware class.
+
+
+### Microsoft.Windows.DriverInstall.NewDevInstallDeviceStart
+
+This event sends data about the driver that the new driver installation is replacing.
+
+The following fields are available:
+
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **FirstInstallDate** The first time a driver was installed on this device.
+- **LastDriverDate** Date of the driver that is being replaced.
+- **LastDriverInbox** Indicates whether the previous driver was included with Windows.
+- **LastDriverInfName** Name of the INF file (the setup information file) of the driver being replaced.
+- **LastDriverVersion** The version of the driver that is being replaced.
+- **LastFirmwareDate** The date of the last firmware reported from the EFI System Resource Table (ESRT).
+- **LastFirmwareRevision** The last firmware revision number reported from EFI System Resource Table (ESRT).
+- **LastFirmwareVersion** The last firmware version reported from the EFI System Resource Table (ESRT).
+- **LastInstallDate** The date a driver was last installed on this device.
+- **LastMatchingDeviceId** The hardware ID or compatible ID that Windows last used to install the device instance.
+- **LastProblem** The previous problem code that was set on the device.
+- **LastProblemStatus** The previous problem code that was set on the device.
+- **LastSubmissionId** The driver submission identifier of the driver that is being replaced.
+
+
+## DxgKernelTelemetry events
+
+### DxgKrnlTelemetry.GPUAdapterInventoryV2
+
+This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date.
+
+The following fields are available:
+
+- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter.
+- **aiSeqId** The event sequence ID.
+- **bootId** The system boot ID.
+- **BrightnessVersionViaDDI** The version of the Display Brightness Interface.
+- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload.
+- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes).
+- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes).
+- **DisplayAdapterLuid** The display adapter LUID.
+- **DriverDate** The date of the display driver.
+- **DriverRank** The rank of the display driver.
+- **DriverVersion** The display driver version.
+- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store.
+- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store.
+- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store.
+- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store.
+- **GPUDeviceID** The GPU device ID.
+- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload.
+- **GPURevisionID** The GPU revision ID.
+- **GPUVendorID** The GPU vendor ID.
+- **InterfaceId** The GPU interface ID.
+- **IsDisplayDevice** Does the GPU have displaying capabilities?
+- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling.
+- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device?
+- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device?
+- **IsLDA** Is the GPU comprised of Linked Display Adapters?
+- **IsMiracastSupported** Does the GPU support Miracast?
+- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor?
+- **IsMPOSupported** Does the GPU support Multi-Plane Overlays?
+- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution?
+- **IsPostAdapter** Is this GPU the POST GPU in the device?
+- **IsRemovable** TRUE if the adapter supports being disabled or removed.
+- **IsRenderDevice** Does the GPU have rendering capabilities?
+- **IsSoftwareDevice** Is this a software implementation of the GPU?
+- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store.
+- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES?
+- **NumVidPnSources** The number of supported display output sources.
+- **NumVidPnTargets** The number of supported display output targets.
+- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes).
+- **SubSystemID** The subsystem ID.
+- **SubVendorID** The GPU sub vendor ID.
+- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY?
+- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling)
+- **version** The event version.
+- **WDDMVersion** The Windows Display Driver Model version.
+
+
+## Failover Clustering events
+
+### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2
+
+This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations.
+
+The following fields are available:
+
+- **autoAssignSite** The cluster parameter: auto site.
+- **autoBalancerLevel** The cluster parameter: auto balancer level.
+- **autoBalancerMode** The cluster parameter: auto balancer mode.
+- **blockCacheSize** The configured size of the block cache.
+- **ClusterAdConfiguration** The ad configuration of the cluster.
+- **clusterAdType** The cluster parameter: mgmt_point_type.
+- **clusterDumpPolicy** The cluster configured dump policy.
+- **clusterFunctionalLevel** The current cluster functional level.
+- **clusterGuid** The unique identifier for the cluster.
+- **clusterWitnessType** The witness type the cluster is configured for.
+- **countNodesInSite** The number of nodes in the cluster.
+- **crossSiteDelay** The cluster parameter: CrossSiteDelay.
+- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold.
+- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay.
+- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold.
+- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters.
+- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters.
+- **csvResourceCount** The number of resources in the cluster.
+- **currentNodeSite** The name configured for the current site for the cluster.
+- **dasModeBusType** The direct storage bus type of the storage spaces.
+- **downLevelNodeCount** The number of nodes in the cluster that are running down-level.
+- **drainOnShutdown** Specifies whether a node should be drained when it is shut down.
+- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled.
+- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity.
+- **genAppNames** The win32 service name of a clustered service.
+- **genSvcNames** The command line of a clustered genapp.
+- **hangRecoveryAction** The cluster parameter: hang recovery action.
+- **hangTimeOut** Specifies the “hang time out” parameter for the cluster.
+- **isCalabria** Specifies whether storage spaces direct is enabled.
+- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes.
+- **isRunningDownLevel** Identifies if the current node is running down-level.
+- **logLevel** Specifies the granularity that is logged in the cluster log.
+- **logSize** Specifies the size of the cluster log.
+- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID.
+- **minNeverPreempt** The cluster parameter: minimum never preempt.
+- **minPreemptor** The cluster parameter: minimum preemptor priority.
+- **netftIpsecEnabled** The parameter: netftIpsecEnabled.
+- **NodeCount** The number of nodes in the cluster.
+- **nodeId** The current node number in the cluster.
+- **nodeResourceCounts** Specifies the number of node resources.
+- **nodeResourceOnlineCounts** Specifies the number of node resources that are online.
+- **numberOfSites** The number of different sites.
+- **numNodesInNoSite** The number of nodes not belonging to a site.
+- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes.
+- **preferredSite** The preferred site location.
+- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster.
+- **quarantineDuration** The quarantine duration.
+- **quarantineThreshold** The quarantine threshold.
+- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period.
+- **resiliencyLevel** Specifies the level of resiliency.
+- **resourceCounts** Specifies the number of resources.
+- **resourceTypeCounts** Specifies the number of resource types in the cluster.
+- **resourceTypes** Data representative of each resource type.
+- **resourceTypesPath** Data representative of the DLL path for each resource type.
+- **sameSubnetDelay** The cluster parameter: same subnet delay.
+- **sameSubnetThreshold** The cluster parameter: same subnet threshold.
+- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster).
+- **securityLevel** The cluster parameter: security level.
+- **securityLevelForStorage** The cluster parameter: security level for storage.
+- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes.
+- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down.
+- **upNodeCount** Specifies the number of nodes that are up (online).
+- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV.
+- **vmIsolationTime** The cluster parameter: VM isolation time.
+- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database.
+
+
+## Fault Reporting events
+
+### Microsoft.Windows.FaultReporting.AppCrashEvent
+
+This event sends data about crashes for both native and managed applications, to help keep Windows up to date. The data includes information about the crashing process and a summary of its exception record. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the crash to the Watson service, and the WER event will contain the same ReportID (see field 14 of crash event, field 19 of WER event) as the crash event for the crash being reported. AppCrash is emitted once for each crash handled by WER (e.g. from an unhandled exception or FailFast or ReportException). Note that Generic Watson event types (e.g. from PLM) that may be considered crashes\" by a user DO NOT emit this event.
+
+The following fields are available:
+
+- **AppName** The name of the app that has crashed.
+- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
+- **AppTimeStamp** The date/time stamp of the app.
+- **AppVersion** The version of the app that has crashed.
+- **ExceptionCode** The exception code returned by the process that has crashed.
+- **ExceptionOffset** The address where the exception had occurred.
+- **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting.
+- **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name.
+- **IsFatal** True/False to indicate whether the crash resulted in process termination.
+- **ModName** Exception module name (e.g. bar.dll).
+- **ModTimeStamp** The date/time stamp of the module.
+- **ModVersion** The version of the module that has crashed.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the crashing process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has crashed.
+- **ProcessId** The ID of the process that has crashed.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported
+- **TargetAsId** The sequence number for the hanging process.
+
+
+## Hang Reporting events
+
+### Microsoft.Windows.HangReporting.AppHangEvent
+
+This event sends data about hangs for both native and managed applications, to help keep Windows up to date. It does not contain any Watson bucketing information. The bucketing information is recorded in a Windows Error Reporting (WER) event that is generated when the WER client reports the hang to the Watson service, and the WER event will contain the same ReportID (see field 13 of hang event, field 19 of WER event) as the hang event for the hang being reported. AppHang is reported only on PC devices. It handles classic Win32 hangs and is emitted only once per report. Some behaviors that may be perceived by a user as a hang are reported by app managers (e.g. PLM/RM/EM) as Watson Generics and will not produce AppHang events.
+
+The following fields are available:
+
+- **AppName** The name of the app that has hung.
+- **AppSessionGuid** GUID made up of process id used as a correlation vector for process instances in the telemetry backend.
+- **AppVersion** The version of the app that has hung.
+- **IsFatal** True/False based on whether the hung application caused the creation of a Fatal Hang Report.
+- **PackageFullName** Store application identity.
+- **PackageRelativeAppId** Store application identity.
+- **ProcessArchitecture** Architecture of the hung process, as one of the PROCESSOR_ARCHITECTURE_* constants: 0: PROCESSOR_ARCHITECTURE_INTEL. 5: PROCESSOR_ARCHITECTURE_ARM. 9: PROCESSOR_ARCHITECTURE_AMD64. 12: PROCESSOR_ARCHITECTURE_ARM64.
+- **ProcessCreateTime** The time of creation of the process that has hung.
+- **ProcessId** The ID of the process that has hung.
+- **ReportId** A GUID used to identify the report. This can used to track the report across Watson.
+- **TargetAppId** The kernel reported AppId of the application being reported.
+- **TargetAppVer** The specific version of the application being reported.
+- **TargetAsId** The sequence number for the hanging process.
+- **TypeCode** Bitmap describing the hang type.
+- **WaitingOnAppName** If this is a cross process hang waiting for an application, this has the name of the application.
+- **WaitingOnAppVersion** If this is a cross process hang, this has the version of the application for which it is waiting.
+- **WaitingOnPackageFullName** If this is a cross process hang waiting for a package, this has the full name of the package for which it is waiting.
+- **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package.
+
+
+## Inventory events
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum
+
+This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object.
+
+The following fields are available:
+
+- **Device** A count of device objects in cache.
+- **DeviceCensus** A count of device census objects in cache.
+- **DriverPackageExtended** A count of driverpackageextended objects in cache.
+- **File** A count of file objects in cache.
+- **FileSigningInfo** A count of file signing objects in cache.
+- **Generic** A count of generic objects in cache.
+- **HwItem** A count of hwitem objects in cache.
+- **InventoryApplication** A count of application objects in cache.
+- **InventoryApplicationAppV** A count of application AppV objects in cache.
+- **InventoryApplicationDriver** A count of application driver objects in cache
+- **InventoryApplicationFile** A count of application file objects in cache.
+- **InventoryApplicationFramework** A count of application framework objects in cache
+- **InventoryApplicationShortcut** A count of application shortcut objects in cache
+- **InventoryDeviceContainer** A count of device container objects in cache.
+- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache.
+- **InventoryDeviceMediaClass** A count of device media objects in cache.
+- **InventoryDevicePnp** A count of device Plug and Play objects in cache.
+- **InventoryDeviceUsbHubClass** A count of device usb objects in cache
+- **InventoryDriverBinary** A count of driver binary objects in cache.
+- **InventoryDriverPackage** A count of device objects in cache.
+- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache
+- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache.
+- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache
+- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache
+- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache
+- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache
+- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache
+- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache
+- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache
+- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache
+- **Metadata** A count of metadata objects in cache.
+- **Orphan** A count of orphan file objects in cache.
+- **Programs** A count of program objects in cache.
+
+
+### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions
+
+This event sends inventory component versions for the Device Inventory data.
+
+The following fields are available:
+
+- **aeinv** The version of the App inventory component.
+- **devinv** The file version of the Device inventory component.
+
+
+### Microsoft.Windows.Inventory.Core.FileSigningInfoAdd
+
+This event enumerates the signatures of files, either driver packages or application executables. For driver packages, this data is collected on demand via Telecommand to limit it only to unrecognized driver packages, saving time for the client and space on the server. For applications, this data is collected for up to 10 random executables on a system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **CatalogSigners** Signers from catalog. Each signer starts with Chain.
+- **DigestAlgorithm** The pseudonymizing (hashing) algorithm used when the file or package was signed.
+- **DriverPackageStrongName** Optional. Available only if FileSigningInfo is collected on a driver package.
+- **EmbeddedSigners** Embedded signers. Each signer starts with Chain.
+- **FileName** The file name of the file whose signatures are listed.
+- **FileType** Either exe or sys, depending on if a driver package or application executable.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Thumbprint** Comma separated hash of the leaf node of each signer. Semicolon is used to separate CatalogSigners from EmbeddedSigners. There will always be a trailing comma.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationAdd
+
+This event sends basic metadata about an application on the system to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **HiddenArp** Indicates whether a program hides itself from showing up in ARP.
+- **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics).
+- **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00
+- **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array.
+- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Language** The language code of the program.
+- **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage.
+- **MsiProductCode** A GUID that describe the MSI Product.
+- **Name** The name of the application.
+- **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install.
+- **PackageFullName** The package full name for a Store application.
+- **ProgramInstanceId** A hash of the file IDs in an app.
+- **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field.
+- **RootDirPath** The path to the root directory where the program was installed.
+- **Source** How the program was installed (for example, ARP, MSI, Appx).
+- **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp.
+- **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen.
+- **Version** The version number of the program.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
+
+This event represents what drivers an application installs.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component
+- **ProgramIds** The unique program identifier the driver is associated with
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
+
+The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory component.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFileAdd
+
+This event provides file-level information about the applications that exist on the system. This event is used to understand the applications on a device to determine if those applications will experience compatibility issues when upgrading Windows.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BinaryType** The architecture of the binary (executable) file.
+- **BinFileVersion** Version information for the binary (executable) file.
+- **BinProductVersion** The product version provided by the binary (executable) file.
+- **BoeProgramId** The “bag of evidence” program identifier.
+- **CompanyName** The company name included in the binary (executable) file.
+- **FileId** A pseudonymized (hashed) unique identifier derived from the file itself.
+- **FileVersion** The version of the file.
+- **InventoryVersion** The version of the inventory component.
+- **Language** The language declared in the binary (executable) file.
+- **LinkDate** The compiler link date.
+- **LowerCaseLongPath** The file path in “long” format.
+- **Name** The file name.
+- **ProductName** The product name declared in the binary (executable) file.
+- **ProductVersion** The product version declared in the binary (executable) file.
+- **ProgramId** The program identifier associated with the binary (executable) file.
+- **Size** The size of the binary (executable) file.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd
+
+This event provides the basic metadata about the frameworks an application may depend on.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **FileId** A hash that uniquely identifies a file.
+- **Frameworks** The list of frameworks this file depends on.
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync
+
+This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryApplicationStartSync
+
+This event indicates that a new set of InventoryApplicationAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd
+
+This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Categories** A comma separated list of functional categories in which the container belongs.
+- **DiscoveryMethod** The discovery method for the device container.
+- **FriendlyName** The name of the device container.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **IsActive** Is the device connected, or has it been seen in the last 14 days?
+- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link.
+- **IsMachineContainer** Is the container the root device itself?
+- **IsNetworked** Is this a networked device?
+- **IsPaired** Does the device container require pairing?
+- **Manufacturer** The manufacturer name for the device container.
+- **ModelId** A unique model ID.
+- **ModelName** The model name.
+- **ModelNumber** The model number for the device container.
+- **PrimaryCategory** The primary category for the device container.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerRemove
+
+This event indicates that the InventoryDeviceContainer object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerStartSync
+
+This event indicates that a new set of InventoryDeviceContainerAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceAdd
+
+This event retrieves information about what sensor interfaces are available on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Accelerometer3D** Indicates if an Accelerator3D sensor is found.
+- **ActivityDetection** Indicates if an Activity Detection sensor is found.
+- **AmbientLight** Indicates if an Ambient Light sensor is found.
+- **Barometer** Indicates if a Barometer sensor is found.
+- **Custom** Indicates if a Custom sensor is found.
+- **EnergyMeter** Indicates if an Energy sensor is found.
+- **FloorElevation** Indicates if a Floor Elevation sensor is found.
+- **GeomagneticOrientation** Indicates if a Geo Magnetic Orientation sensor is found.
+- **GravityVector** Indicates if a Gravity Detector sensor is found.
+- **Gyrometer3D** Indicates if a Gyrometer3D sensor is found.
+- **Humidity** Indicates if a Humidity sensor is found.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **LinearAccelerometer** Indicates if a Linear Accelerometer sensor is found.
+- **Magnetometer3D** Indicates if a Magnetometer3D sensor is found.
+- **Orientation** Indicates if an Orientation sensor is found.
+- **Pedometer** Indicates if a Pedometer sensor is found.
+- **Proximity** Indicates if a Proximity sensor is found.
+- **RelativeOrientation** Indicates if a Relative Orientation sensor is found.
+- **SimpleDeviceOrientation** Indicates if a Simple Device Orientation sensor is found.
+- **Temperature** Indicates if a Temperature sensor is found.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceInterfaceStartSync
+
+This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd
+
+This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Audio.CaptureDriver** The capture driver endpoint for the audio device.
+- **Audio.RenderDriver** The render driver for the audio device.
+- **Audio_CaptureDriver** The Audio device capture driver endpoint.
+- **Audio_RenderDriver** The Audio device render driver endpoint.
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassRemove
+
+This event indicates that the InventoryDeviceMediaClassRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassStartSync
+
+This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd
+
+This event represents the basic metadata about a plug and play (PNP) device and its associated driver.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BusReportedDescription** The description of the device reported by the bux.
+- **Class** The device setup class of the driver loaded for the device.
+- **ClassGuid** The device class GUID from the driver package
+- **COMPID** The device setup class guid of the driver loaded for the device.
+- **ContainerId** The list of compat ids for the device.
+- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer.
+- **DeviceDriverFlightId** The test build (Flight) identifier of the device driver.
+- **DeviceExtDriversFlightIds** The test build (Flight) identifier for all extended device drivers.
+- **DeviceInterfaceClasses** The device interfaces that this device implements.
+- **DeviceState** The device description.
+- **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present
+- **DriverName** A unique identifier for the driver installed.
+- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage
+- **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework).
+- **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage.
+- **Enumerator** The date of the driver loaded for the device.
+- **ExtendedInfs** The extended INF file names.
+- **FirstInstallDate** The first time this device was installed on the machine.
+- **HWID** The version of the driver loaded for the device.
+- **Inf** The bus that enumerated the device.
+- **InstallDate** The date of the most recent installation of the device on the machine.
+- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx
+- **InventoryVersion** List of hardware ids for the device.
+- **LowerClassFilters** Lower filter class drivers IDs installed for the device
+- **LowerFilters** Lower filter drivers IDs installed for the device
+- **Manufacturer** INF file name (the name could be renamed by OS, such as oemXX.inf)
+- **MatchingID** Device installation state.
+- **Model** The version of the inventory binary generating the events.
+- **ParentId** Lower filter class drivers IDs installed for the device.
+- **ProblemCode** Lower filter drivers IDs installed for the device.
+- **Provider** The device manufacturer.
+- **Service** The device service name
+- **STACKID** Represents the hardware ID or compatible ID that Windows uses to install a device instance.
+- **UpperClassFilters** Upper filter drivers IDs installed for the device
+- **UpperFilters** The device model.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove
+
+This event indicates that the InventoryDevicePnpRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDevicePnpStartSync
+
+This event indicates that a new set of InventoryDevicePnpAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd
+
+This event sends basic metadata about the USB hubs on the device.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+- **TotalUserConnectablePorts** Total number of connectable USB ports.
+- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync
+
+This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd
+
+This event provides the basic metadata about driver binaries running on the system.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **DriverCheckSum** The checksum of the driver file.
+- **DriverCompany** The company name that developed the driver.
+- **DriverInBox** Is the driver included with the operating system?
+- **DriverIsKernelMode** Is it a kernel mode driver?
+- **DriverName** The file name of the driver.
+- **DriverPackageStrongName** The strong name of the driver package
+- **DriverSigned** The strong name of the driver package
+- **DriverTimeStamp** The low 32 bits of the time stamp of the driver file.
+- **DriverType** A bitfield of driver attributes: 1. define DRIVER_MAP_DRIVER_TYPE_PRINTER 0x0001. 2. define DRIVER_MAP_DRIVER_TYPE_KERNEL 0x0002. 3. define DRIVER_MAP_DRIVER_TYPE_USER 0x0004. 4. define DRIVER_MAP_DRIVER_IS_SIGNED 0x0008. 5. define DRIVER_MAP_DRIVER_IS_INBOX 0x0010. 6. define DRIVER_MAP_DRIVER_IS_WINQUAL 0x0040. 7. define DRIVER_MAP_DRIVER_IS_SELF_SIGNED 0x0020. 8. define DRIVER_MAP_DRIVER_IS_CI_SIGNED 0x0080. 9. define DRIVER_MAP_DRIVER_HAS_BOOT_SERVICE 0x0100. 10. define DRIVER_MAP_DRIVER_TYPE_I386 0x10000. 11. define DRIVER_MAP_DRIVER_TYPE_IA64 0x20000. 12. define DRIVER_MAP_DRIVER_TYPE_AMD64 0x40000. 13. define DRIVER_MAP_DRIVER_TYPE_ARM 0x100000. 14. define DRIVER_MAP_DRIVER_TYPE_THUMB 0x200000. 15. define DRIVER_MAP_DRIVER_TYPE_ARMNT 0x400000. 16. define DRIVER_MAP_DRIVER_IS_TIME_STAMPED 0x800000.
+- **DriverVersion** The version of the driver file.
+- **ImageSize** The size of the driver file.
+- **Inf** The name of the INF file.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Product** The product name that is included in the driver file.
+- **ProductVersion** The product version that is included in the driver file.
+- **Service** The name of the service that is installed for the device.
+- **WdfVersion** The Windows Driver Framework version.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryRemove
+
+This event indicates that the InventoryDriverBinary object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryStartSync
+
+This event indicates that a new set of InventoryDriverBinaryAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd
+
+This event sends basic metadata about drive packages installed on the system to help keep Windows up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Class** The class name for the device driver.
+- **ClassGuid** The class GUID for the device driver.
+- **Date** The driver package date.
+- **Directory** The path to the driver package.
+- **DriverInBox** Is the driver included with the operating system?
+- **Inf** The INF name of the driver package.
+- **InventoryVersion** The version of the inventory file generating the events.
+- **Provider** The provider for the driver package.
+- **SubmissionId** The HLK submission ID for the driver package.
+- **Version** The version of the driver package.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageRemove
+
+This event indicates that the InventoryDriverPackageRemove object is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.InventoryDriverPackageStartSync
+
+This event indicates that a new set of InventoryDriverPackageAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory file generating the events.
+
+
+### Microsoft.Windows.Inventory.Core.StartUtcJsonTrace
+
+This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin.
+
+
+
+### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace
+
+This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end.
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd
+
+Provides data on the installed Office Add-ins.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **AddinCLSID** The class identifier key for the Microsoft Office add-in.
+- **AddInId** The identifier for the Microsoft Office add-in.
+- **AddinType** The type of the Microsoft Office add-in.
+- **BinFileTimestamp** The timestamp of the Office add-in.
+- **BinFileVersion** The version of the Microsoft Office add-in.
+- **Description** Description of the Microsoft Office add-in.
+- **FileId** The file identifier of the Microsoft Office add-in.
+- **FileSize** The file size of the Microsoft Office add-in.
+- **FriendlyName** The friendly name for the Microsoft Office add-in.
+- **FullPath** The full path to the Microsoft Office add-in.
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **LoadBehavior** Integer that describes the load behavior.
+- **OfficeApplication** The Microsoft Office application associated with the add-in.
+- **OfficeArchitecture** The architecture of the add-in.
+- **OfficeVersion** The Microsoft Office version for this add-in.
+- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in.
+- **ProductCompany** The name of the company associated with the Office add-in.
+- **ProductName** The product name associated with the Microsoft Office add-in.
+- **ProductVersion** The version associated with the Office add-in.
+- **ProgramId** The unique program identifier of the Microsoft Office add-in.
+- **Provider** Name of the provider for this add-in.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd
+
+Provides data on the Office identifiers.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device
+- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device
+- **OMID** Identifier for the Office SQM Machine
+- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit
+- **OTenantId** Unique GUID representing the Microsoft O365 Tenant
+- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000
+- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows)
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd
+
+Provides data on Office-related Internet Explorer features.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature.
+- **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files.
+- **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
+- **OIeMimeSniffing** Flag indicating which Microsoft Office products have this setting enabled. Determines a file's type by examining its bit signature. Windows Internet Explorer uses this information to determine how to render the file. The FEATURE_MIME_SNIFFING feature, when enabled, allows to be set differently for each security zone by using the URLACTION_FEATURE_MIME_SNIFFING URL action flag
+- **OIeNoAxInstall** Flag indicating which Microsoft Office products have this setting enabled. When a webpage attempts to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request. When a webpage tries to load or install an ActiveX control that isn't already installed, the FEATURE_RESTRICT_ACTIVEXINSTALL feature blocks the request
+- **OIeNoDownload** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_RESTRICT_FILEDOWNLOAD feature blocks file download requests that navigate to a resource, that display a file download dialog box, or that are not initiated explicitly by a user action (for example, a mouse click or key press). Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2)
+- **OIeObjectCaching** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_OBJECT_CACHING feature prevents webpages from accessing or instantiating ActiveX controls cached from different domains or security contexts
+- **OIePasswordDisable** Flag indicating which Microsoft Office products have this setting enabled. After Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2), Internet Explorer no longer allows usernames and passwords to be specified in URLs that use the HTTP or HTTPS protocols. URLs using other protocols, such as FTP, still allow usernames and passwords
+- **OIeSafeBind** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SAFE_BINDTOOBJECT feature performs additional safety checks when calling MonikerBindToObject to create and initialize Microsoft ActiveX controls. Specifically, prevent the control from being created if COMPAT_EVIL_DONT_LOAD is in the registry for the control
+- **OIeSecurityBand** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_SECURITYBAND feature controls the display of the Internet Explorer Information bar. When enabled, the Information bar appears when file download or code installation is restricted
+- **OIeUncSaveCheck** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_UNC_SAVEDFILECHECK feature enables the Mark of the Web (MOTW) for local files loaded from network locations that have been shared by using the Universal Naming Convention (UNC)
+- **OIeValidateUrl** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_VALIDATE_NAVIGATE_URL feature control prevents Windows Internet Explorer from navigating to a badly formed URL
+- **OIeWebOcPopup** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior
+- **OIeWinRestrict** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows
+- **OIeZoneElevate** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd
+
+This event provides insight data on the installed Office products
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OfficeApplication** The name of the Office application.
+- **OfficeArchitecture** The bitness of the Office application.
+- **OfficeVersion** The version of the Office application.
+- **Value** The insights collected about this entity.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync
+
+This diagnostic event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd
+
+Describes Office Products installed.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **OC2rApps** A GUID the describes the Office Click-To-Run apps
+- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus
+- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word
+- **OProductCodes** A GUID that describes the Office MSI products
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd
+
+This event describes various Office settings
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **BrowserFlags** Browser flags for Office-related products
+- **ExchangeProviderFlags** Provider policies for Office Exchange
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **SharedComputerLicensing** Office shared computer licensing policies
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync
+
+Indicates a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd
+
+This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Design** Count of files with design issues found.
+- **Design_x64** Count of files with 64 bit design issues found.
+- **DuplicateVBA** Count of files with duplicate VBA code.
+- **HasVBA** Count of files with VBA code.
+- **Inaccessible** Count of files that were inaccessible for scanning.
+- **InventoryVersion** The version of the inventory binary generating the events.
+- **Issues** Count of files with issues detected.
+- **Issues_x64** Count of files with 64-bit issues detected.
+- **IssuesNone** Count of files with no issues detected.
+- **IssuesNone_x64** Count of files with no 64-bit issues detected.
+- **Locked** Count of files that were locked, preventing scanning.
+- **NoVBA** Count of files with no VBA inside.
+- **Protected** Count of files that were password protected, preventing scanning.
+- **RemLimited** Count of files that require limited remediation changes.
+- **RemLimited_x64** Count of files that require limited remediation changes for 64-bit issues.
+- **RemSignificant** Count of files that require significant remediation changes.
+- **RemSignificant_x64** Count of files that require significant remediation changes for 64-bit issues.
+- **Score** Overall compatibility score calculated for scanned content.
+- **Score_x64** Overall 64-bit compatibility score calculated for scanned content.
+- **Total** Total number of files scanned.
+- **Validation** Count of files that require additional manual validation.
+- **Validation_x64** Count of files that require additional manual validation for 64-bit issues.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsAdd
+
+This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Count** Count of total Microsoft Office VBA rule violations
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync
+
+This event indicates that a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **InventoryVersion** The version of the inventory binary generating the events.
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd
+
+Provides data on Unified Update Platform (UUP) products and what version they are at.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **Identifier** UUP identifier
+- **LastActivatedVersion** Last activated version
+- **PreviousVersion** Previous version
+- **Source** UUP source
+- **Version** UUP version
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoRemove
+
+Indicates that this particular data object represented by the objectInstanceId is no longer present.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync
+
+Diagnostic event to indicate a new sync is being generated for this object type.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.Checksum
+
+This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events.
+
+The following fields are available:
+
+- **CensusId** A unique hardware identifier.
+- **ChecksumDictionary** A count of each operating system indicator.
+- **PCFP** Equivalent to the InventoryId field that is found in other core events.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd
+
+These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+The following fields are available:
+
+- **IndicatorValue** The indicator value.
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorEndSync
+
+This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events has been sent. This data helps ensure the device is up to date.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove
+
+This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync
+
+This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent.
+
+This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
+
+
+
+## IoT events
+
+### Microsoft.Windows.IoT.Client.CEPAL.MonitorStarted
+
+This event identifies Windows Internet of Things (IoT) devices which are running the CE PAL subsystem by sending data during CE PAL startup.
+
+
+
+## Kernel events
+
+### IO
+
+This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup.
+
+The following fields are available:
+
+- **BytesRead** The total number of bytes read from or read by the OS upon system startup.
+- **BytesWritten** The total number of bytes written to or written by the OS upon system startup.
+
+
+### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch
+
+OS information collected during Boot, used to evaluate the success of the upgrade process.
+
+The following fields are available:
+
+- **BootApplicationId** This field tells us what the OS Loader Application Identifier is.
+- **BootAttemptCount** The number of consecutive times the boot manager has attempted to boot into this operating system.
+- **BootSequence** The current Boot ID, used to correlate events related to a particular boot session.
+- **BootStatusPolicy** Identifies the applicable Boot Status Policy.
+- **BootType** Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume").
+- **EventTimestamp** Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made.
+- **FirmwareResetReasonEmbeddedController** Reason for system reset provided by firmware.
+- **FirmwareResetReasonEmbeddedControllerAdditional** Additional information on system reset reason provided by firmware if needed.
+- **FirmwareResetReasonPch** Reason for system reset provided by firmware.
+- **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed.
+- **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware.
+- **IO** Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io).
+- **LastBootSucceeded** Flag indicating whether the last boot was successful.
+- **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful.
+- **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb.
+- **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb.
+- **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement).
+- **MeasuredLaunchResume** This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation.
+- **MenuPolicy** Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.).
+- **RecoveryEnabled** Indicates whether recovery is enabled.
+- **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot.
+- **TcbLaunch** Indicates whether the Trusted Computing Base was used during the boot flow.
+- **UserInputTime** The amount of time the loader application spent waiting for user input.
+
+
+### Microsoft.Windows.Kernel.DeviceConfig.DeviceConfig
+
+This critical device configuration event provides information about drivers for a driver installation that took place within the kernel.
+
+The following fields are available:
+
+- **ClassGuid** The unique ID for the device class.
+- **DeviceInstanceId** The unique ID for the device on the system.
+- **DriverDate** The date of the driver.
+- **DriverFlightIds** The IDs for the driver flights.
+- **DriverInfName** Driver INF file name.
+- **DriverProvider** The driver manufacturer or provider.
+- **DriverSubmissionId** The driver submission ID assigned by the hardware developer center.
+- **DriverVersion** The driver version number.
+- **ExtensionDrivers** The list of extension driver INF files, extension IDs, and associated flight IDs.
+- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description.
+- **InboxDriver** Indicates whether the driver package is included with Windows.
+- **InstallDate** Date the driver was installed.
+- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description.
+- **Legacy** Indicates whether the driver is a legacy driver.
+- **NeedReboot** Indicates whether the driver requires a reboot.
+- **SetupMode** Indicates whether the device configuration occurred during the Out Of Box Experience (OOBE).
+- **StatusCode** The NTSTATUS of device configuration operation.
+
+
+### Microsoft.Windows.Kernel.PnP.AggregateClearDevNodeProblem
+
+This event is sent when a problem code is cleared from a device.
+
+The following fields are available:
+
+- **Count** The total number of events.
+- **DeviceInstanceId** The unique identifier of the device on the system.
+- **LastProblem** The previous problem that was cleared.
+- **LastProblemStatus** The previous NTSTATUS value that was cleared.
+- **ServiceName** The name of the driver or service attached to the device.
+
+
+### Microsoft.Windows.Kernel.PnP.AggregateSetDevNodeProblem
+
+This event is sent when a new problem code is assigned to a device.
+
+The following fields are available:
+
+- **Count** The total number of events.
+- **DeviceInstanceId** The unique identifier of the device in the system.
+- **LastProblem** The previous problem code that was set on the device.
+- **LastProblemStatus** The previous NTSTATUS value that was set on the device.
+- **Problem** The new problem code that was set on the device.
+- **ProblemStatus** The new NTSTATUS value that was set on the device.
+- **ServiceName** The driver or service name that is attached to the device.
+
+
+## Migration events
+
+### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]** Predefined folder path locations.
+- **migDiagSession->CString** The phase of the upgrade where migration occurs. (E.g.: Validate tracked content)
+- **objectCount** The count for the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFSys
+
+This event returns data about the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **knownFoldersSys[i]** The predefined folder path locations.
+- **migDiagSession->CString** Identifies the phase of the upgrade where migration happens.
+- **objectCount** The count of the number of objects that are being transferred.
+
+
+### Microsoft.Windows.MigrationCore.MigObjectCountKFUsr
+
+This event returns data to track the count of the migration objects across various phases during feature update.
+
+The following fields are available:
+
+- **currentSid** Indicates the user SID for which the migration is being performed.
+- **knownFoldersUsr[i]** Predefined folder path locations.
+- **migDiagSession->CString** The phase of the upgrade where the migration occurs. (For example, Validate tracked content.)
+- **objectCount** The number of objects that are being transferred.
+
+
+## Miracast events
+
+### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd
+
+This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session
+
+The following fields are available:
+
+- **AudioChannelCount** The number of audio channels.
+- **AudioSampleRate** The sample rate of audio in terms of samples per second.
+- **AudioSubtype** The unique subtype identifier of the audio codec (encoding method) used for audio encoding.
+- **AverageBitrate** The average video bitrate used during the Miracast session, in bits per second.
+- **AverageDataRate** The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second.
+- **AveragePacketSendTimeInMs** The average time required for the network to send a sample, in milliseconds.
+- **ConnectorType** The type of connector used during the Miracast session.
+- **EncodeAverageTimeMS** The average time to encode a frame of video, in milliseconds.
+- **EncodeCount** The count of total frames encoded in the session.
+- **EncodeMaxTimeMS** The maximum time to encode a frame, in milliseconds.
+- **EncodeMinTimeMS** The minimum time to encode a frame, in milliseconds.
+- **EncoderCreationTimeInMs** The time required to create the video encoder, in milliseconds.
+- **ErrorSource** Identifies the component that encountered an error that caused a disconnect, if applicable.
+- **FirstFrameTime** The time (tick count) when the first frame is sent.
+- **FirstLatencyMode** The first latency mode.
+- **FrameAverageTimeMS** Average time to process an entire frame, in milliseconds.
+- **FrameCount** The total number of frames processed.
+- **FrameMaxTimeMS** The maximum time required to process an entire frame, in milliseconds.
+- **FrameMinTimeMS** The minimum time required to process an entire frame, in milliseconds.
+- **Glitches** The number of frames that failed to be delivered on time.
+- **HardwareCursorEnabled** Indicates if hardware cursor was enabled when the connection ended.
+- **HDCPState** The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended.
+- **HighestBitrate** The highest video bitrate used during the Miracast session, in bits per second.
+- **HighestDataRate** The highest available bandwidth reported by the WiFi driver, in bits per second.
+- **LastLatencyMode** The last reported latency mode.
+- **LogTimeReference** The reference time, in tick counts.
+- **LowestBitrate** The lowest video bitrate used during the Miracast session, in bits per second.
+- **LowestDataRate** The lowest video bitrate used during the Miracast session, in bits per second.
+- **MediaErrorCode** The error code reported by the media session, if applicable.
+- **MiracastEntry** The time (tick count) when the Miracast driver was first loaded.
+- **MiracastM1** The time (tick count) when the M1 request was sent.
+- **MiracastM2** The time (tick count) when the M2 request was sent.
+- **MiracastM3** The time (tick count) when the M3 request was sent.
+- **MiracastM4** The time (tick count) when the M4 request was sent.
+- **MiracastM5** The time (tick count) when the M5 request was sent.
+- **MiracastM6** The time (tick count) when the M6 request was sent.
+- **MiracastM7** The time (tick count) when the M7 request was sent.
+- **MiracastSessionState** The state of the Miracast session when the connection ended.
+- **MiracastStreaming** The time (tick count) when the Miracast session first started processing frames.
+- **ProfileCount** The count of profiles generated from the receiver M4 response.
+- **ProfileCountAfterFiltering** The count of profiles after filtering based on available bandwidth and encoder capabilities.
+- **RefreshRate** The refresh rate set on the remote display.
+- **RotationSupported** Indicates if the Miracast receiver supports display rotation.
+- **RTSPSessionId** The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session.
+- **SessionGuid** The unique identifier of to correlate various Miracast events from a session.
+- **SinkHadEdid** Indicates if the Miracast receiver reported an EDID.
+- **SupportMicrosoftColorSpaceConversion** Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver.
+- **SupportsMicrosoftDiagnostics** Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension.
+- **SupportsMicrosoftFormatChange** Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension.
+- **SupportsMicrosoftLatencyManagement** Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension.
+- **SupportsMicrosoftRTCP** Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension.
+- **SupportsMicrosoftVideoFormats** Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution.
+- **SupportsWiDi** Indicates whether Miracast receiver supports Intel WiDi extensions.
+- **TeardownErrorCode** The error code reason for teardown provided by the receiver, if applicable.
+- **TeardownErrorReason** The text string reason for teardown provided by the receiver, if applicable.
+- **UIBCEndState** Indicates whether UIBC was enabled when the connection ended.
+- **UIBCEverEnabled** Indicates whether UIBC was ever enabled.
+- **UIBCStatus** The result code reported by the UIBC setup process.
+- **VideoBitrate** The starting bitrate for the video encoder.
+- **VideoCodecLevel** The encoding level used for encoding, specific to the video subtype.
+- **VideoHeight** The height of encoded video frames.
+- **VideoSubtype** The unique subtype identifier of the video codec (encoding method) used for video encoding.
+- **VideoWidth** The width of encoded video frames.
+- **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol.
+
+
+## Privacy consent logging events
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
+
+This event is used to determine whether the user successfully completed the privacy consent experience.
+
+The following fields are available:
+
+- **presentationVersion** Which display version of the privacy consent experience the user completed
+- **privacyConsentState** The current state of the privacy consent experience
+- **settingsVersion** Which setting version of the privacy consent experience the user completed
+- **userOobeExitReason** The exit reason of the privacy consent experience
+
+
+### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus
+
+Event tells us effectiveness of new privacy experience.
+
+The following fields are available:
+
+- **isAdmin** whether the person who is logging in is an admin
+- **isExistingUser** whether the account existed in a downlevel OS
+- **isLaunching** Whether or not the privacy consent experience will be launched
+- **isSilentElevation** whether the user has most restrictive UAC controls
+- **privacyConsentState** whether the user has completed privacy experience
+- **userRegionCode** The current user's region setting
+
+
+## Push Button Reset events
+
+### Microsoft.Windows.PBR.BitLockerWipeFinished
+
+This event sends error data after the BitLocker wipe finishes if there were any issues during the wipe.
+
+The following fields are available:
+
+- **error** The error code if there were any issues during the BitLocker wipe.
+- **sessionID** This is the session ID.
+- **succeeded** Indicates the BitLocker wipe successful completed.
+- **timestamp** Time the event occurred.
+
+
+### Microsoft.Windows.PBR.BootState
+
+This event sends data on the Windows Recovery Environment (WinRE) boot, which can be used to determine whether the boot was successful.
+
+The following fields are available:
+
+- **BsdSummaryInfo** Summary of the last boot.
+- **sessionID** The ID of the push-button reset session.
+- **timestamp** The timestamp of the boot state.
+
+
+### Microsoft.Windows.PBR.ClearTPMStarted
+
+This event sends basic data about the recovery operation on the device to allow investigation.
+
+The following fields are available:
+
+- **sessionID** The ID for this push-button restart session.
+- **timestamp** The time when the Trusted Platform Module will be erased.
+
+
+### Microsoft.Windows.PBR.ClientInfo
+
+This event indicates whether push-button reset (PBR) was initiated while the device was online or offline.
+
+The following fields are available:
+
+- **name** Name of the user interface entry point.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The time when this event occurred.
+
+
+### Microsoft.Windows.PBR.Completed
+
+This event sends data about the recovery operation on the device to allow for investigation.
+
+The following fields are available:
+
+- **sessionID** The ID of the push-button reset session.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.DataVolumeCount
+
+This event provides the number of additional data volumes that the push-button reset operation has detected.
+
+The following fields are available:
+
+- **count** The number of attached data drives.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** Time the event occurred.
+
+
+### Microsoft.Windows.PBR.DiskSpaceRequired
+
+This event sends the peak disk usage required for the push-button reset operation.
+
+The following fields are available:
+
+- **numBytes** The number of bytes required for the reset operation.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** Time the event occurred.
+
+
+### Microsoft.Windows.PBR.EnterAPI
+
+This event is sent at the beginning of each push-button reset (PRB) operation.
+
+The following fields are available:
+
+- **apiName** Name of the API command that is about to execute.
+- **sessionID** The session ID.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.EnteredOOBE
+
+This event is sent when the push-button reset (PRB) process enters the Out Of Box Experience (OOBE).
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.LeaveAPI
+
+This event is sent when the push-button reset operation is complete.
+
+The following fields are available:
+
+- **apiName** Name of the API command that completed.
+- **errorCode** Error code if an error occurred during the API call.
+- **sessionID** The ID of this push-button reset session.
+- **success** Indicates whether the API call was successful.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OEMExtensionFinished
+
+This event is sent when the OEM extensibility scripts have completed.
+
+The following fields are available:
+
+- **exitCode** The exit code from OEM extensibility scripts to push-button reset.
+- **param** Parameters used for the OEM extensibility script.
+- **phase** Name of the OEM extensibility script phase.
+- **script** The path to the OEM extensibility script.
+- **sessionID** The ID of this push-button reset session.
+- **succeeded** Indicates whether the OEM extensibility script executed successfully.
+- **timedOut** Indicates whether the OEM extensibility script timed out.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OEMExtensionStarted
+
+This event is sent when the OEM extensibility scripts start to execute.
+
+The following fields are available:
+
+- **param** The parameters used by the OEM extensibility script.
+- **phase** The name of the OEM extensibility script phase.
+- **script** The path to the OEM extensibility script.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OperationExecuteFinished
+
+This event is sent at the end of a push-button reset (PBR) operation.
+
+The following fields are available:
+
+- **error** Indicates the result code of the event.
+- **index** The operation index.
+- **operation** The name of the operation.
+- **phase** The name of the operation phase.
+- **sessionID** The ID of this push-button reset session.
+- **succeeded** Indicates whether the operation successfully completed.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OperationExecuteStarted
+
+This event is sent at the beginning of a push-button reset operation.
+
+The following fields are available:
+
+- **index** The index of this operation.
+- **operation** The name of this operation.
+- **phase** The phase of this operation.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** Timestamp of this push-button reset event.
+- **weight** The weight of the operation used to distribute the change in percentage.
+
+
+### Microsoft.Windows.PBR.OperationQueueConstructFinished
+
+This event is sent when construction of the operation queue for push-button reset is finished.
+
+The following fields are available:
+
+- **error** The result code for operation queue construction.
+- **sessionID** The ID of this push-button reset session.
+- **succeeded** Indicates whether the operation successfully completed.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.OperationQueueConstructStarted
+
+This event is sent when construction of the operation queue for push-button reset is started.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** Timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.PBRClearRollBackEntry
+
+This event is sent when the push-button reset operation clears the rollback entry. Push-button reset cannot rollback after this point.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRClearTPMFailed
+
+This event is sent when there was a failure while clearing the Trusted Platform Module (TPM).
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionFailed
+
+This event is sent when the push-button reset operation fails to construct a new copy of the operating system.
+
+The following fields are available:
+
+- **HRESULT** Indicates the result code of the event.
+- **PBRType** The type of push-button reset.
+- **SessionID** The ID of this push-button reset session.
+- **SPErrorCode** The error code for the Setup Platform operation.
+- **SPOperation** The last Setup Platform operation.
+- **SPPhase** The last phase of the Setup Platform operation.
+
+
+### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionSucceed
+
+This event is sent when the push-button reset operation succeeds in constructing a new copy of the operating system.
+
+The following fields are available:
+
+- **CBSPackageCount** The Component Based Servicing package count.
+- **CustomizationPackageCount** The Customization package count.
+- **PBRType** The type of push-button reset.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRDriverInjectionFailed
+
+This event is sent when the driver injection fails.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFailed
+
+This event is sent when the push-button reset operation fails and rolls back to the previous state.
+
+The following fields are available:
+
+- **ErrorType** The result code for the push-button reset error.
+- **PBRType** The type of push-button reset.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFinalizeNewSystemFailed
+
+This event is sent when the push-button reset operation fails to finalize the new system.
+
+The following fields are available:
+
+- **HRESULT** The result error code.
+- **SessionID** The ID of this push-button reset session.
+- **SPErrorCode** The error code for the Setup Platform operation.
+- **SPOperation** The Setup Platform operation.
+- **SPPhase** The phase of the Setup Platform operation.
+
+
+### Microsoft.Windows.PBR.PBRFinalizeNewSystemSucceed
+
+This event is sent when the push-button reset operation succeeds in finalizing the new system.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFinalUserSelection
+
+This event is sent when the user makes the final selection in the user interface.
+
+The following fields are available:
+
+- **PBREraseData** Indicates whether the option to erase data is selected.
+- **PBRRecoveryStrategy** The recovery strategy for the push-button reset operation.
+- **PBRRepartitionDisk** Indicates whether the user has selected the option to repartition the disk.
+- **PBRVariation** Indicates the push-button reset type.
+- **PBRWipeDataDrives** Indicates whether the option to wipe the data drives is selected.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFormatOSVolumeFailed
+
+This event is sent when the operation to format the operating system volume fails during push-button reset (PBR).
+
+The following fields are available:
+
+- **JustDeleteFiles** Indicates whether disk formatting was skipped.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRFormatOSVolumeSucceed
+
+This event is sent when the operation to format the operating system volume succeeds during push-button reset (PBR).
+
+The following fields are available:
+
+- **JustDeleteFiles** Indicates whether disk formatting was skipped.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRInstallWinREFailed
+
+This event sends basic data about the recovery operation failure on the device to allow investigation.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRIOCTLErasureSucceed
+
+This event is sent when the erasure operation succeeds during push-button reset (PBR).
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRLayoutImageFailed
+
+This event is sent when push-button reset fails to create a new image of Windows.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRLayoutImageSucceed
+
+This event is sent when push-button reset succeeds in creating a new image of Windows.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBROEM1Failed
+
+This event is sent when the first OEM extensibility operation is successfully completed.
+
+The following fields are available:
+
+- **HRESULT** The result error code from the OEM extensibility script.
+- **Parameters** The parameters that were passed to the OEM extensibility script.
+- **PBRType** The type of push-button reset.
+- **ScriptName** The path to the OEM extensibility script.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBROEM2Failed
+
+This event is sent when the second OEM extensibility operation is successfully completed.
+
+The following fields are available:
+
+- **HRESULT** The result error code from the OEM extensibility script.
+- **Parameters** The parameters that were passed to the OEM extensibility script.
+- **PBRType** The type of push-button reset.
+- **ScriptName** The path to the OEM extensibility script.
+- **SessionID** The ID of the push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPostApplyFailed
+
+This event returns data indicating the failure of the reset/recovery process after the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPostApplyFinished
+
+This event returns data indicating the completion of the reset/recovery process after the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPostApplyStarted
+
+This event returns data indicating the start of the reset/recovery process after the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPreApplyFailed
+
+This event returns data indicating the failure of the reset/recovery process before the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPreApplyFinished
+
+This event returns data indicating the completion of the reset/recovery process before the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRPreApplyStarted
+
+This event returns data indicating the start of the reset/recovery process before the operating system files are restored.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRReachedOOBE
+
+This event returns data when the PBR (Push Button Reset) process reaches the OOBE (Out of Box Experience).
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRReconstructionInitiated
+
+This event returns data when a PBR (Push Button Reset) reconstruction operation begins.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRequirementChecks
+
+This event returns data when PBR (Push Button Reset) requirement checks begin.
+
+The following fields are available:
+
+- **DeploymentType** The type of deployment.
+- **InstallType** The type of installation.
+- **PBRType** The type of push-button reset.
+- **SessionID** The ID for this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRequirementChecksFailed
+
+This event returns data when PBR (Push Button Reset) requirement checks fail.
+
+The following fields are available:
+
+- **DiskSpaceAvailable** The disk space available for the push-button reset.
+- **DiskSpaceRequired** The disk space required for the push-button reset.
+- **ErrorType** The type of error that occurred during the requirement checks phase of the push-button reset operation.
+- **PBRImageVersion** The image version of the push-button reset tool.
+- **PBRRecoveryStrategy** The recovery strategy for this phase of push-button reset.
+- **PBRStartedFrom** Identifies the push-button reset entry point.
+- **PBRType** The type of push-button reset specified by the user interface.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRequirementChecksPassed
+
+This event returns data when PBR (Push Button Reset) requirement checks are passed.
+
+The following fields are available:
+
+- **OSVersion** The OS version installed on the device.
+- **PBRImageType** The push-button reset image type.
+- **PBRImageVersion** The version of the push-button reset image.
+- **PBRRecoveryStrategy** The push-button reset recovery strategy.
+- **PBRStartedFrom** Identifies the push-button reset entry point.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRRestoreLicenseFailed
+
+This event sends basic data about recovery operation failure on the device. This data allows investigation to help keep Windows and PBR (Push Button Reset) up to date.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRSucceed
+
+This event returns data when PBR (Push Button Reset) succeeds.
+
+The following fields are available:
+
+- **OSVersion** The OS version installed on the device.
+- **PBRType** The type of push-button reset.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRUserCancelled
+
+This event returns data when the user cancels the PBR (Push Button Reset) from the UI (user interface).
+
+The following fields are available:
+
+- **CancelPage** The ID of the page where the user clicked Cancel.
+- **PBRVariation** The type of push-button reset.
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRVersionsMistmatch
+
+This event returns data when there is a version mismatch for WinRE (Windows Recovery) and the OS.
+
+The following fields are available:
+
+- **OSVersion** The OS version installed on the device.
+- **REVersion** The version of Windows Recovery Environment (WinRE).
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PBRWinREInstallationFailed
+
+This event returns data when the WinRE (Windows Recovery) installation fails.
+
+The following fields are available:
+
+- **SessionID** The ID of this push-button reset session.
+
+
+### Microsoft.Windows.PBR.PhaseFinished
+
+This event returns data when a phase of PBR (Push Button Reset) has completed.
+
+The following fields are available:
+
+- **error** The result code for this phase of push-button reset.
+- **phase** The name of this push-button reset phase.
+- **sessionID** The ID of this push-button reset session.
+- **succeeded** Indicates whether this phase of push-button reset executed successfully.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.PhaseStarted
+
+This event is sent when a phase of the push-button reset (PBR) operation starts.
+
+The following fields are available:
+
+- **phase** The name of this phase of push-button reset.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ReconstructionInfo
+
+This event returns data about the PBR (Push Button Reset) reconstruction.
+
+The following fields are available:
+
+- **numPackagesAbandoned** The number of packages that were abandoned during the reconstruction operation of push-button reset.
+- **numPackagesFailed** The number of packages that failed during the reconstruction operation of push-button reset.
+- **sessionID** The ID of this push-button reset session.
+- **slowMode** The mode of reconstruction.
+- **targetVersion** The target version of the OS for the reconstruction.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ResetOptions
+
+This event returns data about the PBR (Push Button Reset) reset options selected by the user.
+
+The following fields are available:
+
+- **overwriteSpace** Indicates whether the option was selected to erase data during push-button reset.
+- **preserveWorkplace** Indicates whether the option was selected to reserve the workplace during push-button reset.
+- **scenario** The selected scenario for the push-button on reset operation.
+- **sessionID** The ID of this push-button on reset session.
+- **timestamp** The timestamp of this push-button on reset event.
+- **wipeData** Indicates whether the option was selected to wipe additional drives during push-button reset.
+
+
+### Microsoft.Windows.PBR.RetryQueued
+
+This event returns data about the retry count when PBR (Push Button Reset) is restarted due to a reboot.
+
+The following fields are available:
+
+- **attempt** The number of retry attempts that were made
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ReturnedToOldOS
+
+This event returns data after PBR (Push Button Reset) has completed the rollback.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ReturnTaskSchedulingFailed
+
+This event returns data when there is a failure scheduling a boot into WinRE (Windows Recovery).
+
+The following fields are available:
+
+- **errorCode** The error that occurred while scheduling the task.
+- **sessionID** The ID of this push-button reset session.
+- **taskName** The name of the task.
+- **timestamp** The ID of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.RollbackFinished
+
+This event returns data when the PBR (Push Button Reset) rollback completes.
+
+The following fields are available:
+
+- **error** Any errors that occurred during rollback to the old operating system.
+- **sessionID** The ID of this push-button reset session.
+- **succeeded** Indicates whether the rollback succeeded.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.RollbackStarted
+
+This event returns data when the PBR (Push Button Reset) rollback begins.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.ScenarioNotSupported
+
+This event returns data when the PBR (Push Button Reset) scenario selected is not supported on the device.
+
+The following fields are available:
+
+- **errorCode** The error that occurred.
+- **reason** The reason why this push-button reset scenario is not supported.
+- **sessionID** The ID for this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SessionCreated
+
+This event returns data when the PRB (Push Button Reset) session is created at the beginning of the UI (user interface) process.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SessionResumed
+
+This event returns data when the PRB (Push Button Reset) session is resumed after reboots.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SessionSaved
+
+This event returns data when the PRB (Push Button Reset) session is suspended between reboots.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupExecuteFinished
+
+This event returns data when the PBR (Push Button Reset) setup finishes.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **systemState** Information about the system state of the Setup Platform operation.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupExecuteStarted
+
+This event returns data when the PBR (Push Button Reset) setup starts.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupFinalizeStarted
+
+This event returns data when the Finalize operation is completed by setup during PBR (Push Button Reset).
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SetupOperationFailed
+
+This event returns data when a PRB (Push Button Reset) setup operation fails.
+
+The following fields are available:
+
+- **errorCode** An error that occurred during the setup phase of push-button reset.
+- **sessionID** The ID of this push-button reset session.
+- **setupExecutionOperation** The name of the Setup Platform operation.
+- **setupExecutionPhase** The phase of the setup operation that failed.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SystemInfoField
+
+This event returns data about the device when the user initiates the PBR UI (Push Button Reset User Interface), to ensure the appropriate reset options are shown to the user.
+
+The following fields are available:
+
+- **name** Name of the system information field.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp of this push-button reset event.
+- **value** The system information field value.
+
+
+### Microsoft.Windows.PBR.SystemInfoListItem
+
+This event returns data about the device when the user initiates the PBR UI (Push Button Reset User Interface), to ensure the appropriate options can be shown to the user.
+
+The following fields are available:
+
+- **index** The index number associated with the system information item.
+- **name** The name of the list of system information items.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+- **value** The value of the system information item.
+
+
+### Microsoft.Windows.PBR.SystemInfoSenseFinished
+
+This event returns data when System Info Sense is finished.
+
+The following fields are available:
+
+- **error** The error code if an error occurred while querying for system information.
+- **sessionID** The ID of this push-button reset session.
+- **succeeded** Indicates whether the query for system information was successful.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.SystemInfoSenseStarted
+
+This event returns data when System Info Sense is started.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset event.
+- **timestamp** The timestamp of this push-button reset event.
+
+
+### Microsoft.Windows.PBR.UserAcknowledgeCleanupWarning
+
+This event returns data when the user acknowledges the cleanup warning pop-up after PRB (Push Button Reset) is complete.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.UserCancel
+
+This event returns data when the user confirms they wish to cancel PBR (Push Button Reset) from the user interface.
+
+The following fields are available:
+
+- **pageID** The page ID for the page the user canceled.
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.UserConfirmStart
+
+This event returns data when the user confirms they wish to reset their device and PBR (Push Button Reset) begins.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.WinREInstallFinished
+
+This event returns data when WinRE (Windows Recovery) installation is complete.
+
+The following fields are available:
+
+- **errorCode** Any error that occurred during the Windows Recovery Environment (WinRE) installation.
+- **sessionID** The ID of this push-button reset session.
+- **success** Indicates whether the Windows Recovery Environment (WinRE) installation successfully completed.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+### Microsoft.Windows.PBR.WinREInstallStarted
+
+This event returns data when WinRE (Windows Recovery) installation starts.
+
+The following fields are available:
+
+- **sessionID** The ID of this push-button reset session.
+- **timestamp** The timestamp for this push-button reset event.
+
+
+## Sediment events
+
+### Microsoft.Windows.Sediment.Info.DetailedState
+
+This event is sent when detailed state information is needed from an update trial run.
+
+The following fields are available:
+
+- **Data** Data relevant to the state, such as what percent of disk space the directory takes up.
+- **Id** Identifies the trial being run, such as a disk related trial.
+- **ReleaseVer** The version of the component.
+- **State** The state of the reporting data from the trial, such as the top-level directory analysis.
+- **Time** The time the event was fired.
+
+
+### Microsoft.Windows.Sediment.Info.PhaseChange
+
+The event indicates progress made by the updater. This information assists in keeping Windows up to date.
+
+The following fields are available:
+
+- **NewPhase** The phase of progress made.
+- **ReleaseVer** The version information for the component in which the change occurred.
+- **Time** The system time at which the phase chance occurred.
+
+
+## Setup events
+
+### SetupPlatformTel.SetupPlatformTelActivityEvent
+
+This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date.
+
+The following fields are available:
+
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStarted
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+The following fields are available:
+
+- **Name** The name of the dynamic update type. Example: GDR driver
+
+
+### SetupPlatformTel.SetupPlatformTelActivityStopped
+
+This event sends basic metadata about the update installation process generated by SetupPlatform to help keep Windows up to date.
+
+
+
+### SetupPlatformTel.SetupPlatformTelEvent
+
+This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios.
+
+The following fields are available:
+
+- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc.
+- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc.
+- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time.
+
+
+## Software update events
+
+### SoftwareUpdateClientTelemetry.CheckForUpdates
+
+Scan process event on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded).
+
+The following fields are available:
+
+- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion.
+- **AllowCachedResults** Indicates if the scan allowed using cached results.
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
+- **BranchReadinessLevel** The servicing branch configured on the device.
+- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated.
+- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No data is currently reported in this field. Expected value for this field is 0.
+- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown
+- **CurrentMobileOperator** The mobile operator the device is currently connected to.
+- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000).
+- **DeferredUpdates** Update IDs which are currently being deferred until a later time
+- **DeviceModel** What is the device model.
+- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered.
+- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled.
+- **DriverSyncPassPerformed** Were drivers scanned this time?
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **ExtendedMetadataCabUrl** Hostname that is used to download an update.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan.
+- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan.
+- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days).
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days).
+- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds).
+- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IPVersion** Indicates whether the download took place over IPv4 or IPv6
+- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
+- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device.
+- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MSIError** The last error that was encountered during a scan for updates.
+- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6
+- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete
+- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked
+- **NumberOfLoop** The number of round trips the scan required
+- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan
+- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan
+- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down.
+- **Online** Indicates if this was an online scan.
+- **PausedUpdates** A list of UpdateIds which that currently being paused.
+- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window.
+- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window.
+- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced.
+- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days).
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days).
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **ScanDurationInSeconds** The number of seconds a scan took
+- **ScanEnqueueTime** The number of seconds it took to initialize a scan
+- **ScanProps** This is a 32-bit integer containing Boolean properties for a given Windows Update scan. The following bits are used; all remaining bits are reserved and set to zero. Bit 0 (0x1): IsInteractive - is set to 1 if the scan is requested by a user, or 0 if the scan is requested by Automatic Updates. Bit 1 (0x2): IsSeeker - is set to 1 if the Windows Update client's Seeker functionality is enabled. Seeker functionality is enabled on certain interactive scans, and results in the scans returning certain updates that are in the initial stages of release (not yet released for full adoption via Automatic Updates).
+- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.).
+- **ServiceUrl** The environment URL a device is configured to scan with
+- **ShippingMobileOperator** The mobile operator that a device shipped on.
+- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult).
+- **SyncType** Describes the type of scan the event was
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null.
+- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down.
+- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Commit
+
+This event tracks the commit process post the update installation when software update client is trying to update the device.
+
+The following fields are available:
+
+- **BiosFamily** Device family as defined in the system BIOS
+- **BiosName** Name of the system BIOS
+- **BiosReleaseDate** Release date of the system BIOS
+- **BiosSKUNumber** Device SKU as defined in the system BIOS
+- **BIOSVendor** Vendor of the system BIOS
+- **BiosVersion** Version of the system BIOS
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle
+- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion** Version number of the software distribution client
+- **DeploymentProviderMode** The mode of operation of the update deployment provider.
+- **DeviceModel** Device model as defined in the system bios
+- **EventInstanceID** A globally unique identifier for event instance
+- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver".
+- **FlightId** The specific id of the flight the device is getting
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
+- **RevisionNumber** Identifies the revision number of this specific piece of content
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **SystemBIOSMajorRelease** Major release version of the system bios
+- **SystemBIOSMinorRelease** Minor release version of the system bios
+- **UpdateId** Identifier associated with the specific piece of content
+- **WUDeviceID** Unique device id controlled by the software distribution client
+
+
+### SoftwareUpdateClientTelemetry.Download
+
+Download process event for target update on Windows Update client. See the EventScenario field for specifics (started/failed/succeeded).
+
+The following fields are available:
+
+- **ActiveDownloadTime** Number of seconds the update was actively being downloaded.
+- **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download.
+- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded.
+- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client.
+- **AppXScope** Indicates the scope of the app download.
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
+- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle.
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
+- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle).
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download.
+- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology.
+- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location.
+- **CDNId** ID which defines which CDN the software distribution client downloaded the content from.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior.
+- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle.
+- **CurrentMobileOperator** The mobile operator the device is currently connected to.
+- **DeviceModel** What is the device model.
+- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority.
+- **DownloadProps** Information about the download operation properties in the form of a bitmask.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed.
+- **EventType** Possible values are Child, Bundle, or Driver.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds).
+- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight.
+- **FlightId** The specific ID of the flight (pre-release build) the device is getting.
+- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds).
+- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
+- **HostName** The hostname URL the content is downloading from.
+- **IPVersion** Indicates whether the download took place over IPv4 or IPv6.
+- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update
+- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device.
+- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content.
+- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.)
+- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered."
+- **PackageFullName** The package name of the content.
+- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced.
+- **PostDnldTime** Time taken (in seconds) to signal download completion after the last job has completed downloading payload.
+- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background.
+- **RegulationReason** The reason that the update is regulated
+- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific content has previously failed.
+- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
+- **RevisionNumber** The revision number of the specified piece of content.
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway.
+- **ShippingMobileOperator** The mobile operator that a device shipped on.
+- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload.
+- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet.
+- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded.
+- **TotalExpectedBytes** The total count of bytes that the download is expected to be.
+- **UpdateId** An identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedDO** Whether the download used the delivery optimization service.
+- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.DownloadCheckpoint
+
+This event provides a checkpoint between each of the Windows Update download phases for UUP content
+
+The following fields are available:
+
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion** The version number of the software distribution client
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed
+- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver"
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough
+- **FileId** A hash that uniquely identifies a file
+- **FileName** Name of the downloaded file
+- **FlightId** The unique identifier for each flight
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **RevisionNumber** Unique revision number of Update
+- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.)
+- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult)
+- **UpdateId** Unique Update ID
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+
+
+### SoftwareUpdateClientTelemetry.DownloadHeartbeat
+
+This event allows tracking of ongoing downloads and contains data to explain the current state of the download
+
+The following fields are available:
+
+- **BytesTotal** Total bytes to transfer for this content
+- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat
+- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client
+- **ClientVersion** The version number of the software distribution client
+- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat
+- **CurrentError** Last (transient) error encountered by the active download
+- **DownloadFlags** Flags indicating if power state is ignored
+- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing)
+- **EventType** Possible values are "Child", "Bundle", or "Driver"
+- **FlightId** The unique identifier for each flight
+- **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered"
+- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any
+- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any
+- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby)
+- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one
+- **ResumeCount** Number of times this active download has resumed from a suspended state
+- **RevisionNumber** Identifies the revision number of this specific piece of content
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
+- **SuspendCount** Number of times this active download has entered a suspended state
+- **SuspendReason** Last reason for why this active download entered a suspended state
+- **UpdateId** Identifier associated with the specific piece of content
+- **WUDeviceID** Unique device id controlled by the software distribution client
+
+
+### SoftwareUpdateClientTelemetry.Install
+
+This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date.
+
+The following fields are available:
+
+- **BiosFamily** The family of the BIOS (Basic Input Output System).
+- **BiosName** The name of the device BIOS.
+- **BiosReleaseDate** The release date of the device BIOS.
+- **BiosSKUNumber** The sku number of the device BIOS.
+- **BIOSVendor** The vendor of the BIOS.
+- **BiosVersion** The version of the BIOS.
+- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **ClientVersion** The version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0.
+- **CSIErrorType** The stage of CBS installation where it failed.
+- **CurrentMobileOperator** The mobile operator to which the device is currently connected.
+- **DeploymentProviderMode** The mode of operation of the update deployment provider.
+- **DeviceModel** The device model.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **EventType** Possible values are Child, Bundle, or Driver.
+- **ExtendedErrorCode** The extended error code.
+- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBranch** The branch that a device is on if participating in the Windows Insider Program.
+- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **FlightRing** The ring that a device is on if participating in the Windows Insider Program.
+- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update).
+- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
+- **InstallProps** A bitmask for future flags associated with the install operation. No value is currently reported in this field. Expected value for this field is 0.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether this update is a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
+- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
+- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
+- **MsiAction** The stage of MSI installation where it failed.
+- **MsiProductCode** The unique identifier of the MSI installer.
+- **PackageFullName** The package name of the content being installed.
+- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced.
+- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install.
+- **RevisionNumber** The revision number of this specific piece of content.
+- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
+- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
+- **ShippingMobileOperator** The mobile operator that a device shipped on.
+- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult).
+- **SystemBIOSMajorRelease** Major version of the BIOS.
+- **SystemBIOSMinorRelease** Minor version of the BIOS.
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **TransactionCode** The ID that represents a given MSI installation.
+- **UpdateId** Unique update ID.
+- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
+- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
+- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### SoftwareUpdateClientTelemetry.Revert
+
+Revert event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded).
+
+The following fields are available:
+
+- **BundleId** Identifier associated with the specific content bundle. Should not be all zeros if the BundleId was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **CSIErrorType** Stage of CBS installation that failed.
+- **DeploymentProviderMode** The mode of operation of the update deployment provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **EventType** Event type (Child, Bundle, Release, or Driver).
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of the flight.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** The identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver, and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device's main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.TaskRun
+
+Start event for Server Initiated Healing client. See EventScenario field for specifics (for example, started/completed).
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CmdLineArgs** Command line arguments passed in by the caller.
+- **EventInstanceID** A globally unique identifier for the event instance.
+- **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **Mode** Indicates the mode that has started.
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.Uninstall
+
+Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded).
+
+The following fields are available:
+
+- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found.
+- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed.
+- **BundleRevisionNumber** Identifies the revision number of the content bundle.
+- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request.
+- **ClientVersion** Version number of the software distribution client.
+- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0.
+- **DeploymentProviderMode** The mode of operation of the Update Deployment Provider.
+- **DriverPingBack** Contains information about the previous driver and system state.
+- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required.
+- **EventInstanceID** A globally unique identifier for event instance.
+- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.).
+- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver".
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough.
+- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device.
+- **FlightBuildNumber** Indicates the build number of the flight.
+- **FlightId** The specific ID of the flight the device is getting.
+- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
+- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device.
+- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
+- **IsFirmware** Indicates whether an update was a firmware update.
+- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot.
+- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device.
+- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device.
+- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install.
+- **ProcessName** Process name of the caller who initiated API calls into the software distribution client.
+- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
+- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
+- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
+- **RevisionNumber** Identifies the revision number of this specific piece of content.
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc).
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
+- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
+- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
+- **UpdateId** Identifier associated with the specific piece of content.
+- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended).
+- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used.
+- **WUDeviceID** Unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateDetected
+
+This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates.
+
+The following fields are available:
+
+- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable.
+- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
+- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
+- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete.
+- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one.
+- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Microsoft Store, etc.).
+- **WUDeviceID** The unique device ID controlled by the software distribution client.
+
+
+### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity
+
+Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack.
+
+The following fields are available:
+
+- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request.
+- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments.
+- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc.
+- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough.
+- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed.
+- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate.
+- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce
+- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID).
+- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable.
+- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable.
+- **RevisionId** The revision ID for a specific piece of content.
+- **RevisionNumber** The revision number for a specific piece of content.
+- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store
+- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate.
+- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate.
+- **SHA256OfTimestampToken** An encoded string of the timestamp token.
+- **SignatureAlgorithm** The hash algorithm for the metadata signature.
+- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast".
+- **StatusCode** Result code of the event (success, cancellation, failure code HResult)
+- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token.
+- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed.
+- **UpdateId** The update ID for a specific piece of content.
+- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp.
+
+
+## System reset events
+
+### Microsoft.Windows.SysReset.FlightUninstallCancel
+
+This event indicates the customer has cancelled uninstallation of Windows.
+
+
+
+### Microsoft.Windows.SysReset.FlightUninstallError
+
+This event sends an error code when the Windows uninstallation fails.
+
+The following fields are available:
+
+- **ErrorCode** Error code for uninstallation failure.
+
+
+### Microsoft.Windows.SysReset.FlightUninstallReboot
+
+This event is sent to signal an upcoming reboot during uninstallation of Windows.
+
+
+
+### Microsoft.Windows.SysReset.FlightUninstallStart
+
+This event indicates that the Windows uninstallation has started.
+
+
+
+### Microsoft.Windows.SysReset.FlightUninstallUnavailable
+
+This event sends diagnostic data when the Windows uninstallation is not available.
+
+The following fields are available:
+
+- **AddedProfiles** Indicates that new user profiles have been created since the flight was installed.
+- **MissingExternalStorage** Indicates that the external storage used to install the flight is not available.
+- **MissingInfra** Indicates that uninstall resources are missing.
+- **MovedProfiles** Indicates that the user profile has been moved since the flight was installed.
+
+
+### Microsoft.Windows.SysReset.HasPendingActions
+
+This event is sent when users have actions that will block the uninstall of the latest quality update.
+
+
+
+### Microsoft.Windows.SysReset.IndicateLCUWasUninstalled
+
+This event is sent when the registry indicates that the latest cumulative Windows update package has finished uninstalling.
+
+The following fields are available:
+
+- **errorCode** The error code if there was a failure during uninstallation of the latest cumulative Windows update package.
+
+
+### Microsoft.Windows.SysReset.LCUUninstall
+
+This event is sent when the latest cumulative Windows update was uninstalled on a device.
+
+The following fields are available:
+
+- **errorCode** An error that occurred while the Windows update package was being uninstalled.
+- **packageName** The name of the Windows update package that is being uninstalled.
+- **removalTime** The amount of time it took to uninstall the Windows update package.
+
+
+### Microsoft.Windows.SysReset.PBRBlockedByPolicy
+
+This event is sent when a push-button reset operation is blocked by the System Administrator.
+
+The following fields are available:
+
+- **PBRBlocked** Reason the push-button reset operation was blocked.
+- **PBRType** The type of push-button reset operation that was blocked.
+
+
+### Microsoft.Windows.SysReset.PBREngineInitFailed
+
+This event signals a failed handoff between two recovery binaries.
+
+The following fields are available:
+
+- **Operation** Legacy customer scenario.
+
+
+### Microsoft.Windows.SysReset.PBREngineInitSucceed
+
+This event signals successful handoff between two recovery binaries.
+
+The following fields are available:
+
+- **Operation** Legacy customer scenario.
+
+
+### Microsoft.Windows.SysReset.PBRFailedOffline
+
+This event reports the error code when recovery fails.
+
+The following fields are available:
+
+- **HRESULT** Error code for the failure.
+- **PBRType** The recovery scenario.
+- **SessionID** The unique ID for the recovery session.
+
+
+### Microsoft.Windows.SystemReset.EsimPresentCheck
+
+This event is sent when a device is checked to see whether it has an embedded SIM (eSIM).
+
+The following fields are available:
+
+- **errorCode** Any error that occurred while checking for the presence of an embedded SIM.
+- **esimPresent** Indicates whether an embedded SIM is present on the device.
+- **sessionID** The ID of this session.
+
+
+### Microsoft.Windows.SystemReset.PBRCorruptionRepairOption
+
+This event sends corruption repair diagnostic data when the PBRCorruptionRepairOption encounters a corruption error.
+
+The following fields are available:
+
+- **cbsSessionOption** The corruption repair configuration.
+- **errorCode** The error code encountered.
+- **meteredConnection** Indicates whether the device is connected to a metered network (wired or WiFi).
+- **sessionID** The globally unique identifier (GUID) for the session.
+
+
+### Microsoft.Windows.SystemReset.RepairNeeded
+
+This event provides information about whether a system reset needs repair.
+
+The following fields are available:
+
+- **repairNeeded** Indicates whether there was corruption in the system reset which needs repair.
+- **sessionID** The ID of this push-button reset session.
+
+
+## UEFI events
+
+### Microsoft.Windows.UEFI.ESRT
+
+This event sends basic data during boot about the firmware loaded or recently installed on the machine. This helps to keep Windows up to date.
+
+The following fields are available:
+
+- **DriverFirmwareFilename** The firmware file name reported by the device hardware key.
+- **DriverFirmwarePolicy** The optional version update policy value.
+- **DriverFirmwareStatus** The firmware status reported by the device hardware key.
+- **DriverFirmwareVersion** The firmware version reported by the device hardware key.
+- **FirmwareId** The UEFI (Unified Extensible Firmware Interface) identifier.
+- **FirmwareLastAttemptStatus** The reported status of the most recent firmware installation attempt, as reported by the EFI System Resource Table (ESRT).
+- **FirmwareLastAttemptVersion** The version of the most recent attempted firmware installation, as reported by the EFI System Resource Table (ESRT).
+- **FirmwareType** The UEFI (Unified Extensible Firmware Interface) type.
+- **FirmwareVersion** The UEFI (Unified Extensible Firmware Interface) version as reported by the EFI System Resource Table (ESRT).
+- **InitiateUpdate** Indicates whether the system is ready to initiate an update.
+- **LastAttemptDate** The date of the most recent attempted firmware installation.
+- **LastAttemptStatus** The result of the most recent attempted firmware installation.
+- **LastAttemptVersion** The version of the most recent attempted firmware installation.
+- **LowestSupportedFirmwareVersion** The oldest (lowest) version of firmware supported.
+- **MaxRetryCount** The maximum number of retries, defined by the firmware class key.
+- **PartA_PrivTags** The privacy tags associated with the firmware.
+- **RetryCount** The number of attempted installations (retries), reported by the driver software key.
+- **Status** The status returned to the PnP (Plug-and-Play) manager.
+- **UpdateAttempted** Indicates if installation of the current update has been attempted before.
+
+
+## Update events
+
+### Update360Telemetry.Revert
+
+This event sends data relating to the Revert phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the Revert phase.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RebootRequired** Indicates reboot is required.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **RevertResult** The result code returned for the Revert operation.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentCommit
+
+This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentDownloadRequest
+
+This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile.
+
+The following fields are available:
+
+- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted.
+- **DownloadRequests** Number of times a download was retried.
+- **ErrorCode** The error code returned for the current download request phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique ID for each flight.
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **PackageCategoriesSkipped** Indicates package categories that were skipped, if applicable.
+- **PackageCountOptional** Number of optional packages requested.
+- **PackageCountRequired** Number of required packages requested.
+- **PackageCountTotal** Total number of packages needed.
+- **PackageCountTotalCanonical** Total number of canonical packages.
+- **PackageCountTotalDiff** Total number of diff packages.
+- **PackageCountTotalExpress** Total number of express packages.
+- **PackageCountTotalPSFX** The total number of PSFX packages.
+- **PackageExpressType** Type of express package.
+- **PackageSizeCanonical** Size of canonical packages in bytes.
+- **PackageSizeDiff** Size of diff packages in bytes.
+- **PackageSizeExpress** Size of express packages in bytes.
+- **PackageSizePSFX** The size of PSFX packages, in bytes.
+- **RangeRequestState** Indicates the range request type used.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the download request phase of update.
+- **SandboxTaggedForReserves** The sandbox for reserves.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases).
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentExpand
+
+This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **CanonicalRequestedOnError** Indicates if an error caused a reversion to a different type of compressed update (TRUE or FALSE).
+- **ElapsedTickCount** Time taken for expand phase.
+- **EndFreeSpace** Free space after expand phase.
+- **EndSandboxSize** Sandbox size after expand phase.
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **StartFreeSpace** Free space before expand phase.
+- **StartSandboxSize** Sandbox size after expand phase.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentFellBackToCanonical
+
+This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **ObjectId** Unique value for each Update Agent mode.
+- **PackageCount** Number of packages that feel back to canonical.
+- **PackageList** PackageIds which fell back to canonical.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInitialize
+
+This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **FlightId** Unique ID for each flight.
+- **FlightMetadata** Contains the FlightId and the build being flighted.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** Outcome of the install phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentInstall
+
+This event sends data for the install phase of updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current install phase.
+- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin.
+- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360).
+- **InternalFailureResult** Indicates a non-fatal error from a plugin.
+- **ObjectId** Correlation vector value generated from the latest USO scan.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** The result for the current install phase.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMerge
+
+The UpdateAgentMerge event sends data on the merge phase when updating Windows.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current merge phase.
+- **FlightId** Unique ID for each flight.
+- **MergeId** The unique ID to join two update sessions being merged.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Related correlation vector value.
+- **Result** Outcome of the merge phase of the update.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentMitigationResult
+
+This event sends data indicating the result of each update agent mitigation.
+
+The following fields are available:
+
+- **Applicable** Indicates whether the mitigation is applicable for the current update.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightId** Unique identifier for each flight.
+- **Index** The mitigation index of this particular mitigation.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly name of the mitigation.
+- **ObjectId** Unique value for each Update Agent mode.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **UpdateId** Unique ID for each Update.
+
+
+### Update360Telemetry.UpdateAgentMitigationSummary
+
+This event sends a summary of all the update agent mitigations available for an this update.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **Failed** The count of mitigations that failed.
+- **FlightId** Unique identifier for each flight.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** The HResult of this operation.
+- **ScenarioId** The update agent scenario ID.
+- **SessionId** Unique value for each update attempt.
+- **TimeDiff** The amount of time spent performing all mitigations (in 100-nanosecond increments).
+- **Total** Total number of mitigations that were available.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentModeStart
+
+This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile.
+
+The following fields are available:
+
+- **FlightId** Unique ID for each flight.
+- **Mode** Indicates the mode that has started.
+- **ObjectId** Unique value for each Update Agent mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **Version** Version of update
+
+
+### Update360Telemetry.UpdateAgentOneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **Count** The count of applicable OneSettings for the device.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+- **Values** The values sent back to the device, if applicable.
+
+
+### Update360Telemetry.UpdateAgentPostRebootResult
+
+This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current post reboot phase.
+- **FlightId** The specific ID of the Windows Insider build the device is getting.
+- **ObjectId** Unique value for each Update Agent mode.
+- **PostRebootResult** Indicates the Hresult.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+
+
+### Update360Telemetry.UpdateAgentReboot
+
+This event sends information indicating that a request has been sent to suspend an update.
+
+The following fields are available:
+
+- **ErrorCode** The error code returned for the current reboot.
+- **FlightId** Unique ID for the flight (test instance version).
+- **ObjectId** The unique value for each Update Agent mode.
+- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan.
+- **Result** The HResult of the event.
+- **ScenarioId** The ID of the update scenario.
+- **SessionId** The ID of the update attempt.
+- **UpdateId** The ID of the update.
+
+
+### Update360Telemetry.UpdateAgentSetupBoxLaunch
+
+The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs.
+
+The following fields are available:
+
+- **ContainsExpressPackage** Indicates whether the download package is express.
+- **FlightId** Unique ID for each flight.
+- **FreeSpace** Free space on OS partition.
+- **InstallCount** Number of install attempts using the same sandbox.
+- **ObjectId** Unique value for each Update Agent mode.
+- **Quiet** Indicates whether setup is running in quiet mode.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **SandboxSize** Size of the sandbox.
+- **ScenarioId** Indicates the update scenario.
+- **SessionId** Unique value for each update attempt.
+- **SetupMode** Mode of setup to be launched.
+- **UpdateId** Unique ID for each Update.
+- **UserSession** Indicates whether install was invoked by user actions.
+
+
+## Upgrade events
+
+### FacilitatorTelemetry.DCATDownload
+
+This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **DownloadSize** Download size of payload.
+- **ElapsedTime** Time taken to download payload.
+- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for the upgrade.
+- **ResultCode** Result returned by the Facilitator DCAT call.
+- **Scenario** Dynamic update scenario (Image DU, or Setup DU).
+- **Type** Type of package that was downloaded.
+- **UpdateId** The ID of the update that was downloaded.
+
+
+### FacilitatorTelemetry.InitializeDU
+
+This event determines whether devices received additional or critical supplemental content during an OS upgrade.
+
+The following fields are available:
+
+- **DownloadRequestAttributes** The attributes we send to DCAT.
+- **ResultCode** The result returned from the initiation of Facilitator with the URL/attributes.
+- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **Url** The Delivery Catalog (DCAT) URL we send the request to.
+- **Version** Version of Facilitator.
+
+
+### Setup360Telemetry.Downlevel
+
+This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the downlevel OS.
+- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** More detailed information about phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback).
+- **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors).
+- **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS).
+- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** An ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId.
+
+
+### Setup360Telemetry.Finalize
+
+This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** More detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.OsUninstall
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.PostRebootInstall
+
+This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId.
+
+
+### Setup360Telemetry.PreDownloadQuiet
+
+This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreDownloadUX
+
+This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **HostOSBuildNumber** The build number of the previous operating system.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system).
+- **InstanceId** Unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS).
+- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** ID that uniquely identifies a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.PreInstallQuiet
+
+This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
+- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT).
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+### Setup360Telemetry.PreInstallUX
+
+This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process.
+
+The following fields are available:
+
+- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe.
+- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** Windows Update client ID.
+
+
+### Setup360Telemetry.Setup360
+
+This event sends data about OS deployment scenarios, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **ClientId** Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FieldName** Retrieves the data point.
+- **FlightData** Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId** Retrieves a unique identifier for each instance of a setup session.
+- **ReportId** Retrieves the report ID.
+- **ScenarioId** Retrieves the deployment scenario.
+- **Value** Retrieves the value associated with the corresponding FieldName.
+
+
+### Setup360Telemetry.Setup360DynamicUpdate
+
+This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **FlightData** Specifies a unique identifier for each group of Windows Insider builds.
+- **InstanceId** Retrieves a unique identifier for each instance of a setup session.
+- **Operation** Facilitator's last known operation (scan, download, etc.).
+- **ReportId** ID for tying together events stream side.
+- **ResultCode** Result returned for the entire setup operation.
+- **Scenario** Dynamic Update scenario (Image DU, or Setup DU).
+- **ScenarioId** Identifies the update scenario.
+- **TargetBranch** Branch of the target OS.
+- **TargetBuild** Build of the target OS.
+
+
+### Setup360Telemetry.Setup360MitigationResult
+
+This event sends data indicating the result of each setup mitigation.
+
+The following fields are available:
+
+- **Applicable** TRUE if the mitigation is applicable for the current update.
+- **ClientId** In the Windows Update scenario, this is the client ID passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **CommandCount** The number of command operations in the mitigation entry.
+- **CustomCount** The number of custom operations in the mitigation entry.
+- **FileCount** The number of file operations in the mitigation entry.
+- **FlightData** The unique identifier for each flight (test release).
+- **Index** The mitigation index of this particular mitigation.
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **Name** The friendly (descriptive) name of the mitigation.
+- **OperationIndex** The mitigation operation index (in the event of a failure).
+- **OperationName** The friendly (descriptive) name of the mitigation operation (in the event of failure).
+- **RegistryCount** The number of registry operations in the mitigation entry.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+
+
+### Setup360Telemetry.Setup360MitigationSummary
+
+This event sends a summary of all the setup mitigations available for this update.
+
+The following fields are available:
+
+- **Applicable** The count of mitigations that were applicable to the system and scenario.
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Failed** The count of mitigations that failed.
+- **FlightData** The unique identifier for each flight (test release).
+- **InstanceId** The GUID (Globally Unique ID) that identifies each instance of SetupHost.EXE.
+- **MitigationScenario** The update scenario in which the mitigations were attempted.
+- **ReportId** In the Windows Update scenario, the Update ID that is passed to Setup. In media setup, this is the GUID for the INSTALL.WIM.
+- **Result** HResult of this operation.
+- **ScenarioId** Setup360 flow type.
+- **TimeDiff** The amount of time spent performing the mitigation (in 100-nanosecond increments).
+- **Total** The total number of mitigations that were available.
+
+
+### Setup360Telemetry.Setup360OneSettings
+
+This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop.
+
+The following fields are available:
+
+- **ClientId** The Windows Update client ID passed to Setup.
+- **Count** The count of applicable OneSettings for the device.
+- **FlightData** The ID for the flight (test instance version).
+- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe.
+- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings.
+- **ReportId** The Update ID passed to Setup.
+- **Result** The HResult of the event error.
+- **ScenarioId** The update scenario ID.
+- **Values** Values sent back to the device, if applicable.
+
+
+### Setup360Telemetry.UnexpectedEvent
+
+This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date.
+
+The following fields are available:
+
+- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **FlightData** Unique value that identifies the flight.
+- **HostOSBuildNumber** The build number of the previous OS.
+- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS).
+- **InstanceId** A unique GUID that identifies each instance of setuphost.exe
+- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
+- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
+- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
+- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
+- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
+- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
+- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
+- **TestId** A string to uniquely identify a group of events.
+- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId.
+
+
+## Windows as a Service diagnostic events
+
+### Microsoft.Windows.WaaSMedic.SummaryEvent
+
+Result of the WaaSMedic operation.
+
+The following fields are available:
+
+- **callerApplication** The name of the calling application.
+- **capsuleCount** The number of Sediment Pack capsules.
+- **capsuleFailureCount** The number of capsule failures.
+- **detectionSummary** Result of each applicable detection that was run.
+- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
+- **hrEngineBlockReason** Indicates the reason for stopping WaaSMedic.
+- **hrEngineResult** Error code from the engine operation.
+- **hrLastSandboxError** The last error sent by the WaaSMedic sandbox.
+- **initSummary** Summary data of the initialization method.
+- **isInteractiveMode** The user started a run of WaaSMedic.
+- **isManaged** Device is managed for updates.
+- **isWUConnected** Device is connected to Windows Update.
+- **noMoreActions** No more applicable diagnostics.
+- **pluginFailureCount** The number of plugins that have failed.
+- **pluginsCount** The number of plugins.
+- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
+- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
+- **usingBackupFeatureAssessment** Relying on backup feature assessment.
+- **usingBackupQualityAssessment** Relying on backup quality assessment.
+- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run.
+- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run.
+- **versionString** Version of the WaaSMedic engine.
+- **waasMedicRunMode** Indicates whether this was a background regular run of the medic or whether it was triggered by a user launching Windows Update Troubleshooter.
+
+
+## Windows Error Reporting events
+
+### Microsoft.Windows.WERVertical.OSCrash
+
+This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event.
+
+The following fields are available:
+
+- **BootId** Uint32 identifying the boot number for this device.
+- **BugCheckCode** Uint64 "bugcheck code" that identifies a proximate cause of the bug check.
+- **BugCheckParameter1** Uint64 parameter providing additional information.
+- **BugCheckParameter2** Uint64 parameter providing additional information.
+- **BugCheckParameter3** Uint64 parameter providing additional information.
+- **BugCheckParameter4** Uint64 parameter providing additional information.
+- **DumpFileAttributes** Codes that identify the type of data contained in the dump file
+- **DumpFileSize** Size of the dump file
+- **IsValidDumpFile** True if the dump file is valid for the debugger, false otherwise
+- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
+
+
+### Value
+
+This event returns data about Mean Time to Failure (MTTF) for Windows devices. It is the primary means of estimating reliability problems in Basic Diagnostic reporting with very strong privacy guarantees. Since Basic Diagnostic reporting does not include system up-time, and since that information is important to ensuring the safe and stable operation of Windows, the data provided by this event provides that data in a manner which does not threaten a user’s privacy.
+
+The following fields are available:
+
+- **Algorithm** The algorithm used to preserve privacy.
+- **DPRange** The upper bound of the range being measured.
+- **DPValue** The randomized response returned by the client.
+- **Epsilon** The level of privacy to be applied.
+- **HistType** The histogram type if the algorithm is a histogram algorithm.
+- **PertProb** The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”.
+
+
+## Windows Error Reporting MTT events
+
+### Microsoft.Windows.WER.MTT.Denominator
+
+This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date.
+
+The following fields are available:
+
+- **Value** Standard UTC emitted DP value structure See [Value](#value).
+
+
+## Windows Hardware Error Architecture events
+
+### WheaProvider.WheaErrorRecord
+
+This event collects data about common platform hardware error recorded by the Windows Hardware Error Architecture (WHEA) mechanism.
+
+The following fields are available:
+
+- **creatorId** The unique identifier for the entity that created the error record.
+- **CreatorId** The unique identifier for the entity that created the error record.
+- **errorFlags** Any flags set on the error record.
+- **ErrorFlags** Any flags set on the error record.
+- **notifyType** The unique identifier for the notification mechanism which reported the error to the operating system.
+- **NotifyType** The unique identifier for the notification mechanism which reported the error to the operating system.
+- **partitionId** The unique identifier for the partition on which the hardware error occurred.
+- **PartitionId** The unique identifier for the partition on which the hardware error occurred.
+- **platformId** The unique identifier for the platform on which the hardware error occurred.
+- **PlatformId** The unique identifier for the platform on which the hardware error occurred.
+- **record** A collection of binary data containing the full error record.
+- **Record** A collection of binary data containing the full error record.
+- **recordId** The identifier of the error record.
+- **RecordId** The identifier of the error record.
+- **sectionFlags** The flags for each section recorded in the error record.
+- **SectionFlags** The flags for each section recorded in the error record.
+- **SectionSeverity** The severity of each individual section.
+- **sectionTypes** The unique identifier that represents the type of sections contained in the error record.
+- **SectionTypes** The unique identifier that represents the type of sections contained in the error record.
+- **severityCount** The severity of each individual section.
+- **timeStamp** The error time stamp as recorded in the error record.
+- **TimeStamp** The error time stamp as recorded in the error record.
+
+
+## Windows Security Center events
+
+### Microsoft.Windows.Security.WSC.DatastoreMigratedVersion
+
+This event provides information about the datastore migration and whether it was successful.
+
+The following fields are available:
+
+- **datastoreisvtype** The product category of the datastore.
+- **datastoremigrated** The version of the datastore that was migrated.
+- **status** The result code of the migration.
+
+
+### Microsoft.Windows.Security.WSC.GetCallerViaWdsp
+
+This event returns data if the registering product EXE (executable file) does not allow COM (Component Object Model) impersonation.
+
+The following fields are available:
+
+- **callerExe** The registering product EXE that does not support COM impersonation.
+
+
+## Windows Store events
+
+### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation
+
+This event is sent when an installation or update is canceled by a user or the system and is used to help keep Windows Apps up to date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** Number of retry attempts before it was canceled.
+- **BundleId** The Item Bundle ID.
+- **CategoryId** The Item Category ID.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed before this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Was this requested by a user?
+- **IsMandatory** Was this a mandatory update?
+- **IsRemediation** Was this a remediation install?
+- **IsRestore** Is this automatically restoring a previously acquired product?
+- **IsUpdate** Flag indicating if this is an update.
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The product family name of the product being installed.
+- **ProductId** The identity of the package or packages being installed.
+- **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled.
+- **UserAttemptNumber** The total number of user attempts at installation before it was canceled.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds
+
+This event is sent when an inventory of the apps installed is started to determine whether updates for those apps are available. It's used to help keep Windows up-to-date and secure.
+
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.BeginUpdateMetadataPrepare
+
+This event is sent when the Store Agent cache is refreshed with any available package updates. It's used to help keep Windows up-to-date and secure.
+
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.CancelInstallation
+
+This event is sent when an app update or installation is canceled while in interactive mode. This can be canceled by the user or the system. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all package or packages to be downloaded and installed.
+- **AttemptNumber** Total number of installation attempts.
+- **BundleId** The identity of the Windows Insider build that is associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Was this requested by a user?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this an automatic restore of a previously acquired product?
+- **IsUpdate** Is this a product update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of all packages to be downloaded and installed.
+- **PreviousHResult** The previous HResult code.
+- **PreviousInstallState** Previous installation state before it was canceled.
+- **ProductId** The name of the package or packages requested for installation.
+- **RelatedCV** Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled.
+- **UserAttemptNumber** Total number of user attempts to install before it was canceled.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest
+
+This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The Store Product ID of the app being installed.
+- **HResult** HResult code of the action being performed.
+- **IsBundle** Is this a bundle?
+- **PackageFamilyName** The name of the package being installed.
+- **ProductId** The Store Product ID of the product being installed.
+- **SkuId** Specific edition of the item being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndAcquireLicense
+
+This event is sent after the license is acquired when a product is being installed. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set.
+- **AttemptNumber** The total number of attempts to acquire this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** HResult code to show the result of the operation (success/failure).
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Did the user initiate the installation?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this happening after a device restore?
+- **IsUpdate** Is this an update?
+- **PFN** Product Family Name of the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The number of attempts by the system to acquire this product.
+- **UserAttemptNumber** The number of attempts by the user to acquire this product
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndDownload
+
+This event is sent after an app is downloaded to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed.
+- **AttemptNumber** Number of retry attempts before it was canceled.
+- **BundleId** The identity of the Windows Insider build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **DownloadSize** The total size of the download.
+- **ExtendedHResult** Any extended HResult error codes.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this initiated by the user?
+- **IsMandatory** Is this a mandatory installation?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this a restore of a previously acquired product?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The parent bundle ID (if it's part of a bundle).
+- **PFN** The Product Family Name of the app being download.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The number of attempts by the system to download.
+- **UserAttemptNumber** The number of attempts by the user to download.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate
+
+This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult** The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndGetInstalledContentIds
+
+This event is sent after sending the inventory of the products installed to determine whether updates for those products are available. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult** The result code of the last action performed before this operation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndInstall
+
+This event is sent after a product has been installed to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **ExtendedHResult** The extended HResult error code.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this an interactive installation?
+- **IsMandatory** Is this a mandatory installation?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this automatically restoring a previously acquired product?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** Product Family Name of the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates
+
+This event is sent after a scan for product updates to determine if there are packages to install. It's used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsApplicability** Is this request to only check if there are any applicable packages to install?
+- **IsInteractive** Is this user requested?
+- **IsOnline** Is the request doing an online check?
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages
+
+This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData
+
+This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The name of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **ProductId** The Store Product ID for the product being installed.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of system attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare
+
+This event is sent after a scan for available app updates to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **HResult** The result code of the last action performed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete
+
+This event is sent at the end of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The name of the product catalog from which this app was chosen.
+- **FailedRetry** Indicates whether the installation or update retry was successful.
+- **HResult** The HResult code of the operation.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **ProductId** The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
+
+This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The name of the product catalog from which this app was chosen.
+- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in.
+- **ProductId** The product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest
+
+This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **BundleId** The identity of the build associated with this product.
+- **CatalogId** If this product is from a private catalog, the Store Product ID for the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SkuId** Specific edition ID being installed.
+- **VolumePath** The disk path of the installation.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation
+
+This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The total number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The Product Full Name.
+- **PreviousHResult** The result code of the last action performed before this operation.
+- **PreviousInstallState** Previous state before the installation or update was paused.
+- **ProductId** The Store Product ID for the product being installed.
+- **RelatedCV** Correlation Vector of a previous performed action on this product.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation
+
+This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **AggregatedPackageFullNames** The names of all packages to be downloaded and installed.
+- **AttemptNumber** The number of retry attempts before it was canceled.
+- **BundleId** The identity of the build associated with this product.
+- **CategoryId** The identity of the package or packages being installed.
+- **ClientAppId** The identity of the app that initiated this operation.
+- **HResult** The result code of the last action performed before this operation.
+- **IsBundle** Is this a bundle?
+- **IsInteractive** Is this user requested?
+- **IsMandatory** Is this a mandatory update?
+- **IsRemediation** Is this repairing a previous installation?
+- **IsRestore** Is this restoring previously acquired content?
+- **IsUpdate** Is this an update?
+- **IsUserRetry** Did the user initiate the retry?
+- **ParentBundleId** The product ID of the parent (if this product is part of a bundle).
+- **PFN** The name of the package or packages requested for install.
+- **PreviousHResult** The previous HResult error code.
+- **PreviousInstallState** Previous state before the installation was paused.
+- **ProductId** The Store Product ID for the product being installed.
+- **RelatedCV** Correlation Vector for the original install before it was resumed.
+- **ResumeClientId** The ID of the app that initiated the resume operation.
+- **SystemAttemptNumber** The total number of system attempts.
+- **UserAttemptNumber** The total number of user attempts.
+- **WUContentId** The Windows Update content ID.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest
+
+This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **ProductId** The Store Product ID for the product being installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest
+
+This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **CatalogId** The Store Catalog ID for the product being installed.
+- **ProductId** The Store Product ID for the product being installed.
+- **SkuId** Specfic edition of the app being updated.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.StateTransition
+
+Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure.
+
+The following fields are available:
+
+- **CatalogId** The ID for the product being installed if the product is from a private catalog, such as the Enterprise catalog.
+- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product.
+- **HResult** The resulting HResult error/success code of this operation.
+- **NewState** The current fulfillment state of this product.
+- **PFN** The Package Family Name of the app that is being installed or updated.
+- **PluginLastStage** The most recent product fulfillment step that the plug-in has reported (different than its state).
+- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in.
+- **Prevstate** The previous fulfillment state of this product.
+- **ProductId** Product ID of the app that is being updated or installed.
+
+
+### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest
+
+This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure.
+
+The following fields are available:
+
+- **PFamN** The name of the app that is requested for update.
+
+
+## Windows Update Delivery Optimization events
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled
+
+This event describes when a download was canceled with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background** Is the download being done in the background?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same group.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP Address of the source CDN (Content Delivery Network).
+- **cdnUrl** The URL of the source CDN (Content Delivery Network).
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **gCurMemoryStreamBytes** Current usage for memory streaming.
+- **gMaxMemoryStreamBytes** Maximum usage for memory streaming.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller.
+- **reasonCode** Reason the action or event occurred.
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the file download session.
+- **updateID** The ID of the update being downloaded.
+- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadCompleted
+
+This event describes when a download has completed with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **bytesFromCacheServer** Bytes received from a cache host.
+- **bytesFromCDN** The number of bytes received from a CDN source.
+- **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group.
+- **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group.
+- **bytesFromLinkLocalPeers** The number of bytes received from local peers.
+- **bytesFromLocalCache** Bytes copied over from local (on disk) cache.
+- **bytesFromPeers** The number of bytes received from a peer in the same LAN.
+- **bytesRequested** The total number of bytes requested for download.
+- **cacheServerConnectionCount** Number of connections made to cache hosts.
+- **cdnConnectionCount** The total number of connections made to the CDN.
+- **cdnErrorCodes** A list of CDN connection errors since the last FailureCDNCommunication event.
+- **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered.
+- **cdnIp** The IP address of the source CDN.
+- **cdnUrl** Url of the source Content Distribution Network (CDN).
+- **dataSourcesTotal** Bytes received per source type, accumulated for the whole session.
+- **doErrorCode** The Delivery Optimization error code that was returned.
+- **downlinkBps** The maximum measured available download bandwidth (in bytes per second).
+- **downlinkUsageBps** The download speed (in bytes per second).
+- **downloadMode** The download mode used for this file download session.
+- **downloadModeReason** Reason for the download.
+- **downloadModeSrc** Source of the DownloadMode setting.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **expiresAt** The time when the content will expire from the Delivery Optimization Cache.
+- **fileID** The ID of the file being downloaded.
+- **fileSize** The size of the file being downloaded.
+- **gCurMemoryStreamBytes** Current usage for memory streaming.
+- **gMaxMemoryStreamBytes** Maximum usage for memory streaming.
+- **groupConnectionCount** The total number of connections made to peers in the same group.
+- **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group.
+- **isEncrypted** TRUE if the file is encrypted and will be decrypted after download.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **lanConnectionCount** The total number of connections made to peers in the same LAN.
+- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network.
+- **numPeers** The total number of peers used for this download.
+- **numPeersLocal** The total number of local peers used for this download.
+- **predefinedCallerName** The name of the API Caller.
+- **restrictedUpload** Is the upload restricted?
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the download session.
+- **totalTimeMs** Duration of the download (in seconds).
+- **updateID** The ID of the update being downloaded.
+- **uplinkBps** The maximum measured available upload bandwidth (in bytes per second).
+- **uplinkUsageBps** The upload speed (in bytes per second).
+- **usedMemoryStream** TRUE if the download is using memory streaming for App downloads.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadPaused
+
+This event represents a temporary suspension of a download with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background** Is the download a background download?
+- **cdnUrl** The URL of the source CDN (Content Delivery Network).
+- **errorCode** The error code that was returned.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being paused.
+- **isVpn** Is the device connected to a Virtual Private Network?
+- **jobID** Identifier for the Windows Update job.
+- **predefinedCallerName** The name of the API Caller object.
+- **reasonCode** The reason for pausing the download.
+- **routeToCacheServer** The cache server setting, source, and value.
+- **sessionID** The ID of the download session.
+- **updateID** The ID of the update being paused.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.DownloadStarted
+
+This event sends data describing the start of a new download to enable Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **background** Indicates whether the download is happening in the background.
+- **bytesRequested** Number of bytes requested for the download.
+- **cdnUrl** The URL of the source Content Distribution Network (CDN).
+- **costFlags** A set of flags representing network cost.
+- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM).
+- **diceRoll** Random number used for determining if a client will use peering.
+- **doClientVersion** The version of the Delivery Optimization client.
+- **doErrorCode** The Delivery Optimization error code that was returned.
+- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).
+- **downloadModeReason** Reason for the download.
+- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9).
+- **errorCode** The error code that was returned.
+- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing.
+- **fileID** The ID of the file being downloaded.
+- **filePath** The path to where the downloaded file will be written.
+- **fileSize** Total file size of the file that was downloaded.
+- **fileSizeCaller** Value for total file size provided by our caller.
+- **groupID** ID for the group.
+- **isEncrypted** Indicates whether the download is encrypted.
+- **isVpn** Indicates whether the device is connected to a Virtual Private Network.
+- **jobID** The ID of the Windows Update job.
+- **peerID** The ID for this delivery optimization client.
+- **predefinedCallerName** Name of the API caller.
+- **routeToCacheServer** Cache server setting, source, and value.
+- **sessionID** The ID for the file download session.
+- **setConfigs** A JSON representation of the configurations that have been set, and their sources.
+- **updateID** The ID of the update being downloaded.
+- **usedMemoryStream** Indicates whether the download used memory streaming.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.FailureCdnCommunication
+
+This event represents a failure to download from a CDN with Delivery Optimization. It's used to understand and address problems regarding downloads.
+
+The following fields are available:
+
+- **cdnHeaders** The HTTP headers returned by the CDN.
+- **cdnIp** The IP address of the CDN.
+- **cdnUrl** The URL of the CDN.
+- **errorCode** The error code that was returned.
+- **errorCount** The total number of times this error code was seen since the last FailureCdnCommunication event was encountered.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **httpStatusCode** The HTTP status code returned by the CDN.
+- **isHeadRequest** The type of HTTP request that was sent to the CDN. Example: HEAD or GET
+- **peerType** The type of peer (LAN, Group, Internet, CDN, Cache Host, etc.).
+- **requestOffset** The byte offset within the file in the sent request.
+- **requestSize** The size of the range requested from the CDN.
+- **responseSize** The size of the range response received from the CDN.
+- **sessionID** The ID of the download session.
+
+
+### Microsoft.OSG.DU.DeliveryOptClient.JobError
+
+This event represents a Windows Update job error. It allows for investigation of top errors.
+
+The following fields are available:
+
+- **cdnIp** The IP Address of the source CDN (Content Delivery Network).
+- **doErrorCode** Error code returned for delivery optimization.
+- **errorCode** The error code returned.
+- **experimentId** When running a test, this is used to correlate with other events that are part of the same test.
+- **fileID** The ID of the file being downloaded.
+- **jobID** The Windows Update job ID.
+
+
+## Windows Update events
+
+### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed
+
+This event indicates that a notification dialog box is about to be displayed to user.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown.
+- **DaysSinceRebootRequired** Number of days since restart was required.
+- **DeviceLocalTime** The local time on the device sending the event.
+- **EngagedModeLimit** The number of days to switch between DTE dialog boxes.
+- **EnterAutoModeLimit** The maximum number of days for a device to enter Auto Reboot mode.
+- **ETag** OneSettings versioning value.
+- **IsForcedEnabled** Indicates whether Forced Reboot mode is enabled for this device.
+- **IsUltimateForcedEnabled** Indicates whether Ultimate Forced Reboot mode is enabled for this device.
+- **NotificationUxState** Indicates which dialog box is shown.
+- **NotificationUxStateString** Indicates which dialog box is shown.
+- **RebootUxState** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
+- **RebootUxStateString** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced).
+- **RebootVersion** Version of DTE.
+- **SkipToAutoModeLimit** The minimum length of time to pass in restart pending before a device can be put into auto mode.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UtcTime** The time the dialog box notification will be displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog
+
+This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** The local time on the device sending the event.
+- **EnterpriseAttributionValue** Indicates whether the Enterprise attribution is on in this dialog box.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the dialog box.
+- **RebootVersion** Version of DTE.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that user chose on this dialog box.
+- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog
+
+This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** The local time of the device sending the event.
+- **EnterpriseAttributionValue** Indicates whether the Enterprise attribution is on in this dialog box.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the dialog box.
+- **RebootVersion** Version of DTE.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that the user chose in this dialog box.
+- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog
+
+This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** Time the dialog box was shown on the local device.
+- **EnterpriseAttributionValue** Indicates whether the Enterprise attribution is on in this dialog box.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the dialog box.
+- **RebootVersion** Version of DTE.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that user chose in this dialog box.
+- **UtcTime** The time that dialog box was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog
+
+This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** The time at which the reboot reminder dialog was shown (based on the local device time settings).
+- **EnterpriseAttributionValue** Indicates whether Enterprise attribution is on for this dialog.
+- **ETag** The OneSettings versioning value.
+- **ExitCode** Indicates how users exited the reboot reminder dialog box.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+- **UserResponseString** The option chosen by the user on the reboot dialog box.
+- **UtcTime** The time at which the reboot reminder dialog was shown (in UTC).
+
+
+### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast
+
+This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed.
+
+The following fields are available:
+
+- **DeviceLocalTime** The local time on the device sending the event.
+- **ETag** OneSettings versioning value.
+- **ExitCode** Indicates how users exited the pop-up banner.
+- **RebootVersion** The version of the reboot logic.
+- **UpdateId** The ID of the update that is pending restart to finish installation.
+- **UpdateRevision** The revision of the update that is pending restart to finish installation.
+- **UserResponseString** The option that the user chose in pop-up banner.
+- **UtcTime** The time that the pop-up banner was displayed, in Coordinated Universal Time.
+
+
+### Microsoft.Windows.Update.NotificationUx.RebootScheduled
+
+Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update.
+
+The following fields are available:
+
+- **activeHoursApplicable** Indicates whether an Active Hours policy is present on the device.
+- **IsEnhancedEngagedReboot** Indicates whether this is an Enhanced Engaged reboot.
+- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action.
+- **rebootOutsideOfActiveHours** Indicates whether a restart is scheduled outside of active hours.
+- **rebootScheduledByUser** Indicates whether the restart was scheduled by user (if not, it was scheduled automatically).
+- **rebootState** The current state of the restart.
+- **rebootUsingSmartScheduler** Indicates whether the reboot is scheduled by smart scheduler.
+- **revisionNumber** Revision number of the update that is getting installed with this restart.
+- **scheduledRebootTime** Time of the scheduled restart.
+- **scheduledRebootTimeInUTC** Time of the scheduled restart in Coordinated Universal Time.
+- **updateId** ID of the update that is getting installed with this restart.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy
+
+This event indicates a policy is present that may restrict update activity to outside of active hours.
+
+The following fields are available:
+
+- **activeHoursEnd** The end of the active hours window.
+- **activeHoursStart** The start of the active hours window.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.DeferRestart
+
+This event indicates that a restart required for installing updates was postponed.
+
+The following fields are available:
+
+- **displayNeededReason** List of reasons for needing display.
+- **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.).
+- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).
+- **gameModeReason** Name of the executable that caused the game mode state check to start.
+- **ignoredReason** List of reasons that were intentionally ignored.
+- **IgnoreReasonsForRestart** List of reasons why restart was deferred.
+- **revisionNumber** Update ID revision number.
+- **systemNeededReason** List of reasons why system is needed.
+- **updateId** Update ID.
+- **updateScenarioType** Update session type.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Detection
+
+This event indicates that a scan for a Windows Update occurred.
+
+The following fields are available:
+
+- **deferReason** Reason why the device could not check for updates.
+- **detectionBlockingPolicy** State of update action.
+- **detectionBlockreason** The reason detection did not complete.
+- **detectionRetryMode** Indicates whether we will try to scan again.
+- **errorCode** The error code returned for the current process.
+- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **interactive** Indicates whether the session was user initiated.
+- **networkStatus** Error info
+- **revisionNumber** Update revision number.
+- **scanTriggerSource** Source of the triggered scan.
+- **updateId** Update ID.
+- **updateScenarioType** Identifies the type of update session being performed.
+- **wuDeviceid** The unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.DetectionActivity
+
+This event returns data about detected updates, as well as the types of update (optional or recommended). This data helps keep Windows up to date.
+
+The following fields are available:
+
+- **applicableUpdateIdList** The list of update identifiers.
+- **applicableUpdateList** The list of available updates.
+- **durationInSeconds** The amount of time (in seconds) it took for the event to run.
+- **expeditedMode** Indicates whether Expedited Mode is on.
+- **networkCostPolicy** The network cost.
+- **scanTriggerSource** Indicates whether the scan is Interactive or Background.
+- **scenario** The result code of the event.
+- **scenarioReason** The reason for the result code (scenario).
+- **seekerUpdateIdList** The list of “seeker” update identifiers.
+- **seekerUpdateList** The list of “seeker” updates.
+- **services** The list of services that were called during update.
+- **wilActivity** The activity results. See [wilActivity](#wilactivity).
+
+
+### Microsoft.Windows.Update.Orchestrator.DisplayNeeded
+
+This event indicates the reboot was postponed due to needing a display.
+
+The following fields are available:
+
+- **displayNeededReason** Reason the display is needed.
+- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed.
+- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber** Revision number of the update.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue
+
+
+### Microsoft.Windows.Update.Orchestrator.Download
+
+This event sends launch data for a Windows Update download to help keep Windows up to date.
+
+The following fields are available:
+
+- **deferReason** Reason for download not completing.
+- **errorCode** An error code represented as a hexadecimal value.
+- **eventScenario** End-to-end update session ID.
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **interactive** Indicates whether the session is user initiated.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels
+
+This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date.
+
+The following fields are available:
+
+- **configVersion** The escalation configuration version on the device.
+- **downloadElapsedTime** Indicates how long since the download is required on device.
+- **downloadRiskLevel** At-risk level of download phase.
+- **installElapsedTime** Indicates how long since the install is required on device.
+- **installRiskLevel** The at-risk level of install phase.
+- **isSediment** Assessment of whether is device is at risk.
+- **scanElapsedTime** Indicates how long since the scan is required on device.
+- **scanRiskLevel** At-risk level of the scan phase.
+- **wuDeviceid** Device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask
+
+This event indicated that USO failed to add a trigger time to a task.
+
+The following fields are available:
+
+- **errorCode** The Windows Update error code.
+- **wuDeviceid** The Windows Update device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.FlightInapplicable
+
+This event indicates that the update is no longer applicable to this device.
+
+The following fields are available:
+
+- **EventPublishedTime** Time when this event was generated.
+- **flightID** The specific ID of the Windows Insider build.
+- **inapplicableReason** The reason why the update is inapplicable.
+- **revisionNumber** Update revision number.
+- **updateId** Unique Windows Update ID.
+- **updateScenarioType** Update session type.
+- **UpdateStatus** Last status of update.
+- **UUPFallBackConfigured** Indicates whether UUP fallback is configured.
+- **wuDeviceid** Unique Device ID.
+
+
+### Microsoft.Windows.Update.Orchestrator.InitiatingReboot
+
+This event sends data about an Orchestrator requesting a reboot from power management to help keep Windows up to date.
+
+The following fields are available:
+
+- **EventPublishedTime** Time of the event.
+- **flightID** Unique update ID
+- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours.
+- **revisionNumber** Revision number of the update.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.Install
+
+This event sends launch data for a Windows Update install to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Current battery capacity in mWh or percentage left.
+- **deferReason** Reason for install not completing.
+- **errorCode** The error code reppresented by a hexadecimal value.
+- **eventScenario** End-to-end update session ID.
+- **flightID** The ID of the Windows Insider build the device is getting.
+- **flightUpdate** Indicates whether the update is a Windows Insider build.
+- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates.
+- **IgnoreReasonsForRestart** The reason(s) a Postpone Restart command was ignored.
+- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress.
+- **installRebootinitiatetime** The time it took for a reboot to be attempted.
+- **interactive** Identifies if session is user initiated.
+- **minutesToCommit** The time it took to install updates.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.LowUptimes
+
+This event is sent if a device is identified as not having sufficient uptime to reliably process updates in order to keep secure.
+
+The following fields are available:
+
+- **availableHistoryMinutes** The number of minutes available from the local machine activity history.
+- **isLowUptimeMachine** Is the machine considered low uptime or not.
+- **lowUptimeMinHours** Current setting for the minimum number of hours needed to not be considered low uptime.
+- **lowUptimeQueryDays** Current setting for the number of recent days to check for uptime.
+- **uptimeMinutes** Number of minutes of uptime measured.
+- **wuDeviceid** Unique device ID for Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.OneshotUpdateDetection
+
+This event returns data about scans initiated through settings UI, or background scans that are urgent; to help keep Windows up to date.
+
+The following fields are available:
+
+- **externalOneshotupdate** The last time a task-triggered scan was completed.
+- **interactiveOneshotupdate** The last time an interactive scan was completed.
+- **oldlastscanOneshotupdate** The last time a scan completed successfully.
+- **wuDeviceid** The Windows Update Device GUID (Globally-Unique ID).
+
+
+### Microsoft.Windows.Update.Orchestrator.PreShutdownStart
+
+This event is generated before the shutdown and commit operations.
+
+The following fields are available:
+
+- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue.
+
+
+### Microsoft.Windows.Update.Orchestrator.RebootFailed
+
+This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date.
+
+The following fields are available:
+
+- **batteryLevel** Current battery capacity in mWh or percentage left.
+- **deferReason** Reason for install not completing.
+- **EventPublishedTime** The time that the reboot failure occurred.
+- **flightID** Unique update ID.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot was scheduled outside of active hours.
+- **RebootResults** Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RefreshSettings
+
+This event sends basic data about the version of upgrade settings applied to the system to help keep Windows up to date.
+
+The following fields are available:
+
+- **errorCode** Hex code for the error message, to allow lookup of the specific error.
+- **settingsDownloadTime** Timestamp of the last attempt to acquire settings.
+- **settingsETag** Version identifier for the settings.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.RestoreRebootTask
+
+This event sends data indicating that a reboot task is missing unexpectedly on a device and the task is restored because a reboot is still required, to help keep Windows up to date.
+
+The following fields are available:
+
+- **RebootTaskMissedTimeUTC** The time when the reboot task was scheduled to run, but did not.
+- **RebootTaskNextTimeUTC** The time when the reboot task was rescheduled for.
+- **RebootTaskRestoredTime** Time at which this reboot task was restored.
+- **wuDeviceid** Device ID for the device on which the reboot is restored.
+
+
+### Microsoft.Windows.Update.Orchestrator.ScanTriggered
+
+This event indicates that Update Orchestrator has started a scan operation.
+
+The following fields are available:
+
+- **interactive** Indicates whether the scan is interactive.
+- **isDTUEnabled** Indicates whether DTU (internal abbreviation for Direct Feature Update) channel is enabled on the client system.
+- **isScanPastSla** Indicates whether the SLA has elapsed for scanning.
+- **isScanPastTriggerSla** Indicates whether the SLA has elapsed for triggering a scan.
+- **minutesOverScanSla** Indicates how many minutes the scan exceeded the scan SLA.
+- **minutesOverScanTriggerSla** Indicates how many minutes the scan exceeded the scan trigger SLA.
+- **scanTriggerSource** Indicates what caused the scan.
+- **updateScenarioType** The update session type.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.StickUpdate
+
+This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update.
+
+The following fields are available:
+
+- **updateId** Identifier associated with the specific piece of content.
+- **wuDeviceid** Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Orchestrator.SystemNeeded
+
+This event sends data about why a device is unable to reboot, to help keep Windows up to date.
+
+The following fields are available:
+
+- **eventScenario** End-to-end update session ID.
+- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours.
+- **revisionNumber** Update revision number.
+- **systemNeededReason** List of apps or tasks that are preventing the system from restarting.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorInvalidSignature
+
+This event is sent when an updater has attempted to register a binary that is not signed by Microsoft.
+
+The following fields are available:
+
+- **updaterCmdLine** The callback executable for the updater.
+- **updaterId** The ID of the updater.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UnstickUpdate
+
+This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update.
+
+The following fields are available:
+
+- **updateId** Identifier associated with the specific piece of content.
+- **wuDeviceid** Unique device ID controlled by the software distribution client.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh
+
+This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date.
+
+The following fields are available:
+
+- **configuredPoliciescount** Number of policies on the device.
+- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight).
+- **policyCacherefreshtime** Time when policy cache was refreshed.
+- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdaterCallbackFailed
+
+This event is sent when an updater failed to execute the registered callback.
+
+The following fields are available:
+
+- **updaterArgument** The argument to pass to the updater callback.
+- **updaterCmdLine** The callback executable for the updater.
+- **updaterId** The ID of the updater.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdateRebootRequired
+
+This event sends data about whether an update required a reboot to help keep Windows up to date.
+
+The following fields are available:
+
+- **flightID** The specific ID of the Windows Insider build the device is getting.
+- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action.
+- **revisionNumber** Update revision number.
+- **updateId** Update ID.
+- **updateScenarioType** The update session type.
+- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.UpdaterMalformedData
+
+This event is sent when a registered updater has missing or corrupted information, to help keep Windows up to date.
+
+The following fields are available:
+
+- **malformedRegValue** The registry value that contains the malformed or missing entry.
+- **updaterId** The ID of the updater.
+- **wuDeviceid** Unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Orchestrator.updateSettingsFlushFailed
+
+This event sends information about an update that encountered problems and was not able to complete.
+
+The following fields are available:
+
+- **errorCode** The error code encountered.
+- **wuDeviceid** The ID of the device in which the error occurred.
+
+
+### Microsoft.Windows.Update.Orchestrator.UsoSession
+
+This event represents the state of the USO service at start and completion.
+
+The following fields are available:
+
+- **activeSessionid** A unique session GUID.
+- **eventScenario** The state of the update action.
+- **interactive** Is the USO session interactive?
+- **lastErrorcode** The last error that was encountered.
+- **lastErrorstate** The state of the update when the last error was encountered.
+- **sessionType** A GUID that refers to the update session type.
+- **updateScenarioType** A descriptive update session type.
+- **wuDeviceid** The Windows Update device GUID.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.EnhancedEngagedRebootUxState
+
+This event sends information about the configuration of Enhanced Direct-to-Engaged (eDTE), which includes values for the timing of how eDTE will progress through each phase of the reboot.
+
+The following fields are available:
+
+- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode.
+- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before a Reboot Failed dialog will be shown.
+- **DeviceLocalTime** The date and time (based on the device date/time settings) the reboot mode changed.
+- **EngagedModeLimit** The number of days to switch between DTE (Direct-to-Engaged) dialogs.
+- **EnterAutoModeLimit** The maximum number of days a device can enter Auto Reboot mode.
+- **ETag** The Entity Tag that represents the OneSettings version.
+- **IsForcedEnabled** Identifies whether Forced Reboot mode is enabled for the device.
+- **IsUltimateForcedEnabled** Identifies whether Ultimate Forced Reboot mode is enabled for the device.
+- **OldestUpdateLocalTime** The date and time (based on the device date/time settings) this update’s reboot began pending.
+- **RebootUxState** Identifies the reboot state: Engaged, Auto, Forced, UltimateForced.
+- **RebootVersion** The version of the DTE (Direct-to-Engaged).
+- **SkipToAutoModeLimit** The maximum number of days to switch to start while in Auto Reboot mode.
+- **UpdateId** The ID of the update that is waiting for reboot to finish installation.
+- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.RebootNoLongerNeeded
+
+This event is sent when a security update has successfully completed.
+
+The following fields are available:
+
+- **UtcTime** The Coordinated Universal Time that the restart was no longer needed.
+
+
+### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled
+
+This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date.
+
+The following fields are available:
+
+- **activeHoursApplicable** Indicates whether Active Hours applies on this device.
+- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled.
+- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action.
+- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise.
+- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically.
+- **rebootState** Current state of the reboot.
+- **rebootUsingSmartScheduler** Indicates that the reboot is scheduled by SmartScheduler.
+- **revisionNumber** Revision number of the OS.
+- **scheduledRebootTime** Time scheduled for the reboot.
+- **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC.
+- **updateId** Identifies which update is being scheduled.
+- **wuDeviceid** The unique device ID used by Windows Update.
+
+
+### Microsoft.Windows.Update.Ux.MusUpdateSettings.RebootScheduled
+
+This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows up-to-date
+
+The following fields are available:
+
+- **activeHoursApplicable** Is the restart respecting Active Hours?
+- **IsEnhancedEngagedReboot** TRUE if the reboot path is Enhanced Engaged. Otherwise, FALSE.
+- **rebootArgument** The arguments that are passed to the OS for the restarted.
+- **rebootOutsideOfActiveHours** Was the restart scheduled outside of Active Hours?
+- **rebootScheduledByUser** Was the restart scheduled by the user? If the value is false, the restart was scheduled by the device.
+- **rebootState** The state of the restart.
+- **rebootUsingSmartScheduler** TRUE if the reboot should be performed by the Smart Scheduler. Otherwise, FALSE.
+- **revisionNumber** The revision number of the OS being updated.
+- **scheduledRebootTime** Time of the scheduled reboot
+- **scheduledRebootTimeInUTC** Time of the scheduled restart, in Coordinated Universal Time.
+- **updateId** The Windows Update device GUID.
+- **wuDeviceid** The Windows Update device GUID.
+
+
+### wilActivity
+
+This event provides a Windows Internal Library context used for Product and Service diagnostics.
+
+The following fields are available:
+
+- **callContext** The function where the failure occurred.
+- **currentContextId** The ID of the current call context where the failure occurred.
+- **currentContextMessage** The message of the current call context where the failure occurred.
+- **currentContextName** The name of the current call context where the failure occurred.
+- **failureCount** The number of failures for this failure ID.
+- **failureId** The ID of the failure that occurred.
+- **failureType** The type of the failure that occurred.
+- **fileName** The file name where the failure occurred.
+- **function** The function where the failure occurred.
+- **hresult** The HResult of the overall activity.
+- **lineNumber** The line number where the failure occurred.
+- **message** The message of the failure that occurred.
+- **module** The module where the failure occurred.
+- **originatingContextId** The ID of the originating call context that resulted in the failure.
+- **originatingContextMessage** The message of the originating call context that resulted in the failure.
+- **originatingContextName** The name of the originating call context that resulted in the failure.
+- **threadId** The ID of the thread on which the activity is executing.
+
+
+## Windows Update mitigation events
+
+### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General
+
+This event provides information about application properties to indicate the successful execution.
+
+The following fields are available:
+
+- **AppMode** Indicates the mode the app is being currently run around privileges.
+- **ExitCode** Indicates the exit code of the app.
+- **Help** Indicates if the app needs to be launched in the help mode.
+- **ParseError** Indicates if there was a parse error during the execution.
+- **RightsAcquired** Indicates if the right privileges were acquired for successful execution.
+- **RightsWereEnabled** Indicates if the right privileges were enabled for successful execution.
+- **TestMode** Indicates whether the app is being run in test mode.
+
+
+### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount
+
+This event provides information about the properties of user accounts in the Administrator group.
+
+The following fields are available:
+
+- **Internal** Indicates the internal property associated with the count group.
+- **LastError** The error code (if applicable) for the cause of the failure to get the count of the user account.
+- **Result** The HResult error.
+
+
+### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages
+
+This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates.
+
+The following fields are available:
+
+- **ClientId** The client ID used by Windows Update.
+- **FlightId** The ID of each Windows Insider build the device received.
+- **InstanceId** A unique device ID that identifies each update instance.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **MountedImageCount** The number of mounted images.
+- **MountedImageMatches** The number of mounted image matches.
+- **MountedImagesFailed** The number of mounted images that could not be removed.
+- **MountedImagesRemoved** The number of mounted images that were successfully removed.
+- **MountedImagesSkipped** The number of mounted images that were not found.
+- **RelatedCV** The correlation vector value generated from the latest USO scan.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each Windows Update.
+- **WuId** Unique ID for the Windows Update client.
+
+
+### Mitigation360Telemetry.MitigationCustom.FixupEditionId
+
+This event sends data specific to the FixupEditionId mitigation used for OS updates.
+
+The following fields are available:
+
+- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
+- **EditionIdUpdated** Determine whether EditionId was changed.
+- **FlightId** Unique identifier for each flight.
+- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
+- **MitigationScenario** The update scenario in which the mitigation was executed.
+- **ProductEditionId** Expected EditionId value based on GetProductInfo.
+- **ProductType** Value returned by GetProductInfo.
+- **RegistryEditionId** EditionId value in the registry.
+- **RelatedCV** Correlation vector value generated from the latest USO scan.
+- **Result** HResult of this operation.
+- **ScenarioId** ID indicating the mitigation scenario.
+- **ScenarioSupported** Indicates whether the scenario was supported.
+- **SessionId** Unique value for each update attempt.
+- **UpdateId** Unique ID for each update.
+- **WuId** Unique ID for the Windows Update client.
+
+
+## Windows Update Reserve Manager events
+
+### Microsoft.Windows.UpdateReserveManager.BeginScenario
+
+This event is sent when the Update Reserve Manager is called to begin a scenario.
+
+The following fields are available:
+
+- **Flags** The flags that are passed to the begin scenario function.
+- **HardReserveSize** The size of the hard reserve.
+- **HardReserveUsedSpace** The used space in the hard reserve.
+- **OwningScenarioId** The scenario ID the client that called the begin scenario function.
+- **ReturnCode** The return code for the begin scenario operation.
+- **ScenarioId** The scenario ID that is internal to the reserve manager.
+- **SoftReserveSize** The size of the soft reserve.
+- **SoftReserveUsedSpace** The amount of soft reserve space that was used.
+
+
+### Microsoft.Windows.UpdateReserveManager.ClearReserve
+
+This event is sent when the Update Reserve Manager clears one of the reserves.
+
+The following fields are available:
+
+- **FinalReserveUsedSpace** The amount of used space for the reserve after it was cleared.
+- **InitialReserveUsedSpace** The amount of used space for the reserve before it was cleared.
+- **ReserveId** The ID of the reserve that needs to be cleared.
+
+
+### Microsoft.Windows.UpdateReserveManager.ClearSoftReserve
+
+This event is sent when the Update Reserve Manager clears the contents of the soft reserve.
+
+
+
+### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending.
+
+The following fields are available:
+
+- **FinalAdjustment** Final adjustment for the hard reserve following the addition or removal of optional content.
+- **InitialAdjustment** Initial intended adjustment for the hard reserve following the addition or removal of optional content.
+
+
+### Microsoft.Windows.UpdateReserveManager.EndScenario
+
+This event is sent when the Update Reserve Manager ends an active scenario.
+
+The following fields are available:
+
+- **ActiveScenario** The current active scenario.
+- **Flags** The flags passed to the end scenario call.
+- **HardReserveSize** The size of the hard reserve when the end scenario is called.
+- **HardReserveUsedSpace** The used space in the hard reserve when the end scenario is called.
+- **ReturnCode** The return code of this operation.
+- **ScenarioId** The ID of the internal reserve manager scenario.
+- **SoftReserveSize** The size of the soft reserve when end scenario is called.
+- **SoftReserveUsedSpace** The amount of the soft reserve used when end scenario is called.
+
+
+### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError
+
+This event is sent when the Update Reserve Manager returns an error from one of its internal functions.
+
+The following fields are available:
+
+- **FailedExpression** The failed expression that was returned.
+- **FailedFile** The binary file that contained the failed function.
+- **FailedFunction** The name of the function that originated the failure.
+- **FailedLine** The line number of the failure.
+- **ReturnCode** The return code of the function.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeReserves
+
+This event is sent when reserves are initialized on the device.
+
+The following fields are available:
+
+- **FallbackInitUsed** Indicates whether fallback initialization is used.
+- **FinalUserFreeSpace** The amount of user free space after initialization.
+- **Flags** The flags used in the initialization of Update Reserve Manager.
+- **HardReserveFinalSize** The final size of the hard reserve.
+- **HardReserveFinalUsedSpace** The used space in the hard reserve.
+- **HardReserveInitialSize** The size of the hard reserve after initialization.
+- **HardReserveInitialUsedSpace** The utilization of the hard reserve after initialization.
+- **HardReserveTargetSize** The target size that was set for the hard reserve.
+- **InitialUserFreeSpace** The user free space during initialization.
+- **PostUpgradeFreeSpace** The free space value passed into the Update Reserve Manager to determine reserve sizing post upgrade.
+- **SoftReserveFinalSize** The final size of the soft reserve.
+- **SoftReserveFinalUsedSpace** The used space in the soft reserve.
+- **SoftReserveInitialSize** The soft reserve size after initialization.
+- **SoftReserveInitialUsedSpace** The utilization of the soft reserve after initialization.
+- **SoftReserveTargetSize** The target size that was set for the soft reserve.
+- **TargetUserFreeSpace** The target user free space that was passed into the reserve manager to determine reserve sizing post upgrade.
+- **UpdateScratchFinalUsedSpace** The used space in the scratch reserve.
+- **UpdateScratchInitialUsedSpace** The utilization of the scratch reserve after initialization.
+- **UpdateScratchReserveFinalSize** The utilization of the scratch reserve after initialization.
+- **UpdateScratchReserveInitialSize** The size of the scratch reserve after initialization.
+
+
+### Microsoft.Windows.UpdateReserveManager.InitializeUpdateReserveManager
+
+This event returns data about the Update Reserve Manager, including whether it’s been initialized.
+
+The following fields are available:
+
+- **ClientId** The ID of the caller application.
+- **Flags** The enumerated flags used to initialize the manager.
+- **FlightId** The flight ID of the content the calling client is currently operating with.
+- **Offline** Indicates whether or the reserve manager is called during offline operations.
+- **PolicyPassed** Indicates whether the machine is able to use reserves.
+- **ReturnCode** Return code of the operation.
+- **Version** The version of the Update Reserve Manager.
+
+
+### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization
+
+This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot.
+
+The following fields are available:
+
+- **Flags** The flags that are passed to the function to prepare the Trusted Installer for reserve initialization.
+
+
+### Microsoft.Windows.UpdateReserveManager.ReevaluatePolicy
+
+This event is sent when the Update Reserve Manager reevaluates policy to determine reserve usage.
+
+The following fields are available:
+
+- **PolicyChanged** Indicates whether the policy has changed.
+- **PolicyFailedEnum** The reason why the policy failed.
+- **PolicyPassed** Indicates whether the policy passed.
+
+
+### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment.
+
+
+
+### Microsoft.Windows.UpdateReserveManager.TurnOffReserves
+
+This event is sent when the Update Reserve Manager turns off reserve functionality for certain operations.
+
+The following fields are available:
+
+- **Flags** Flags used in the turn off reserves function.
+- **HardReserveSize** The size of the hard reserve when Turn Off is called.
+- **HardReserveUsedSpace** The amount of space used by the hard reserve when Turn Off is called
+- **ScratchReserveSize** The size of the scratch reserve when Turn Off is called.
+- **ScratchReserveUsedSpace** The amount of space used by the scratch reserve when Turn Off is called.
+- **SoftReserveSize** The size of the soft reserve when Turn Off is called.
+- **SoftReserveUsedSpace** The amount of the soft reserve used when Turn Off is called.
+
+
+### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment
+
+This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed.
+
+The following fields are available:
+
+- **ChangeSize** The change in the hard reserve size based on the addition or removal of optional content.
+- **Disposition** The parameter for the hard reserve adjustment function.
+- **Flags** The flags passed to the hard reserve adjustment function.
+- **PendingHardReserveAdjustment** The final change to the hard reserve size.
+- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve.
+
+
+## Winlogon events
+
+### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon
+
+This event signals the completion of the setup process. It happens only once during the first logon.
+
+
+
+## XBOX events
+
+### Microsoft.Xbox.XamTelemetry.AppActivationError
+
+This event indicates whether the system detected an activation error in the app.
+
+The following fields are available:
+
+- **ActivationUri** Activation URI (Uniform Resource Identifier) used in the attempt to activate the app.
+- **AppId** The Xbox LIVE Title ID.
+- **AppUserModelId** The AUMID (Application User Model ID) of the app to activate.
+- **Result** The HResult error.
+- **UserId** The Xbox LIVE User ID (XUID).
+
+
+### Microsoft.Xbox.XamTelemetry.AppActivity
+
+This event is triggered whenever the current app state is changed by: launch, switch, terminate, snap, etc.
+
+The following fields are available:
+
+- **AppActionId** The ID of the application action.
+- **AppCurrentVisibilityState** The ID of the current application visibility state.
+- **AppId** The Xbox LIVE Title ID of the app.
+- **AppPackageFullName** The full name of the application package.
+- **AppPreviousVisibilityState** The ID of the previous application visibility state.
+- **AppSessionId** The application session ID.
+- **AppType** The type ID of the application (AppType_NotKnown, AppType_Era, AppType_Sra, AppType_Uwa).
+- **BCACode** The BCA (Burst Cutting Area) mark code of the optical disc used to launch the application.
+- **DurationMs** The amount of time (in milliseconds) since the last application state transition.
+- **IsTrialLicense** This boolean value is TRUE if the application is on a trial license.
+- **LicenseType** The type of licensed used to authorize the app (0 - Unknown, 1 - User, 2 - Subscription, 3 - Offline, 4 - Disc).
+- **LicenseXuid** If the license type is 1 (User), this field contains the XUID (Xbox User ID) of the registered owner of the license.
+- **ProductGuid** The Xbox product GUID (Globally-Unique ID) of the application.
+- **UserId** The XUID (Xbox User ID) of the current user.
+
+
+
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
new file mode 100644
index 0000000000..53034ea742
--- /dev/null
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
@@ -0,0 +1,135 @@
+---
+title: Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
+description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings.
+ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
+keywords: privacy, manage connections to Microsoft, Windows 10
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: medium
+author: medgarmedgar
+ms.author: v-medgar
+ms.date: 3/1/2019
+---
+
+# Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server
+
+**Applies to**
+
+- Windows 10 Enterprise 1903 version and newer
+
+You can use Microsoft InTune with MDM CSPs and custom [OMA URIs](https://docs.microsoft.com/en-us/intune/custom-settings-windows-10) to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
+
+To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy.
+
+You can configure diagnostic data at the Security/Basic level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+Note, there is some traffic which is required (i.e. "whitelisted") for the operation of Windows and the Microsoft InTune based management. This traffic includes CRL and OCSP network traffic which will show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign. Additional whitelisted traffic specifically for MDM managed devices includes Windows Notification Service related traffic as well as some specific Microsoft InTune and Windows Update related traffic.
+
+For more information on Microsoft InTune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/en-us/intune/).
+
+For detailed information about managing network connections to Microsoft services using Registries, Group Policies, or UI see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services).
+
+
+The endpoints for the MDM “whitelisted” traffic are in the [Whitelisted Traffic](#bkmk-mdm-whitelist).
+
+
+### Settings for Windows 10 Enterprise edition 1903 and newer
+
+The following table lists management options for each setting.
+
+For Windows 10, the following MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Setting | MDM Policy | Description |
+| --- | --- | --- |
+| 1. Automatic Root Certificates Update | There is intentionally no MDM available for Automatic Root Certificate Update. | This MDM does not exist since it would prevent the operation and management of MDM management of devices.
+| 2. Cortana and Search | [Experience/AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Choose whether to let Cortana install and run on the device. **Set to 0 (zero)**
+| | [Search/AllowSearchToUseLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) | Choose whether Cortana and Search can provide location-aware search results. **Set to 0 (zero)**
+| 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings. **Set to 0 (zero)**
+| 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet. **Set to Enabled**
+| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device. **Set to 0 (zero)**
+| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | Setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. **Set to 0 (zero)**
+| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. **Set to 0 (zero)**
+| 8. Internet Explorer | The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer) |
+| | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. **Set to Disabled**
+| | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to Enabled**
+| | [InternetExplorer/DisableFlipAheadFeature]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disableflipaheadfeature) | Determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. **Set to Enabled**
+| | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. **Set to Enabled**
+| | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to Enabled**
+| 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. **Set to Enabled**
+| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. **Set to 0 (zero)**
+| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)**
+| 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies).
+| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. **Set to 0 (zero)**
+| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. **Set to 0 (zero)**
+| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. **Set to 0 (zero)**
+| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)**
+| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. **Set to 0 (zero)**
+| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. **Set to 0 (zero)**
+| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | Note: After you apply this policy you must restart the device for the policy setting to take effect. **Set to 1 (one)**
+| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)**
+| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)**
+| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)**
+| 16. Preinstalled apps | N/A | N/A
+| 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
+| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)**
+| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Specifies whether to allow app access to the Location service. **Set to 0 (zero)**
+| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Disables or enables the camera. **Set to 0 (zero)**
+| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)**
+| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune**
+| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)**
+| | [Settings/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled**
+| 17.6 Speech, Inking, & Typing | [Privacy/AllowInputPersonalization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | This policy specifies whether users on the device have the option to enable online speech recognition. **Set to 0 (zero)**
+| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)**
+| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Specifies whether Windows apps can access account information. **Set to 2 (two)**
+| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Specifies whether Windows apps can access contacts. **Set to 2 (two)**
+| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | Specifies whether Windows apps can access the calendar. **Set to 2 (two)**
+| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Specifies whether Windows apps can access account information. **Set to 2 (two)**
+| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | Specifies whether Windows apps can access email. **Set to 2 (two)**
+| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)**
+| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) | Specifies whether Windows apps can make phone calls. **Set to 2 (two)**
+| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | Specifies whether Windows apps have access to control radios. **Set to 2 (two)**
+| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | Specifies whether Windows apps can sync with devices. **Set to 2 (two)**
+| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Specifies whether Windows apps can access trusted devices. **Set to 2 (two)**
+| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)**
+| | [Experience/DoNotShowFeedbackNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications)| Prevents devices from showing feedback questions from Microsoft. **Set to 1 (one)**
+| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Specifies whether Windows apps can run in the background. **Set to 2 (two)**
+| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | Specifies whether Windows apps can access motion data. **Set to 2 (two)**
+| 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)**
+| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)**
+| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)**
+| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. **Set to 0 (zero)**
+| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. **Set to 0 (zero)**
+| 21. Teredo | No MDM needed | Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM.
+| 22. Wi-Fi Sense | No MDM needed | Wi-Fi Sense is no longer available from Windows 10 version 1803 and newer.
+| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)**
+| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)**
+| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)**
+| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
+| 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)**
+| 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)**
+| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)**
+| 25.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)**
+| 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)**
+| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)**
+
+
+### Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations
+
+|**Allowed traffic endpoints** |
+| --- |
+|ctldl.windowsupdate.com|
+|cdn.onenote.net|
+|r.manage.microsoft.com|
+|tile-service.weather.microsoft.com|
+|settings-win.data.microsoft.com|
+|client.wns.windows.com|
+|dm3p.wns.windows.com|
+|crl.microsoft.com/pki/crl/*|
+|*microsoft.com/pkiops/crl/**|
+|activation-v2.sls.microsoft.com/*|
+|ocsp.digicert.com/*|
+
+
+
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 11f72817b6..20fbde70de 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -8,12 +8,12 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: medium
audience: ITPro
-author: danihalfin
-ms.author: daniha
-manager: dansimp
+author: medgarmedgar
+ms.author: v-medgar
+manager: sanashar
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 06/05/2018
+ms.date: 05/16/2019
---
# Manage connections from Windows operating system components to Microsoft services
@@ -39,64 +39,14 @@ However, some of the settings reduce the functionality and security configuratio
Make sure you've chosen the right settings configuration for your environment before applying.
You should not extract this package to the windows\\system32 folder because it will not apply correctly.
->[!IMPORTANT]
-> As part of the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887), MDM functionallity is disabled. If you manage devices through MDM, make sure [cloud notifications are enabled](#bkmk-priv-notifications).
-
Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article.
It is recommended that you restart a device after making configuration changes to it.
Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
+To use Microsoft InTune cloud based device managment for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm).
+
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
-## What's new in Windows 10, version 1809 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1809:
-
-- Added a policy to disable Windows Defender SmartScreen
-
-## What's new in Windows 10, version 1803 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1803:
-
-- Added a policy to turn off notifications network usage
-- Added a policy for Microsoft Edge to turn off configuration updates for the Books Library
-- Added a policy for Microsoft Edge to turn off Address Bar drop-down list suggestions
-
-## What's new in Windows 10, version 1709 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1709:
-
-- Added the Phone calls section
-- Added the Storage Health section
-- Added discussion of apps for websites in the Microsoft Store section
-
-## What's new in Windows 10, version 1703 Enterprise edition
-
-Here's a list of changes that were made to this article for Windows 10, version 1703:
-
-- Added an MDM policy for Font streaming
-- Added an MDM policy for Network Connection Status Indicator
-- Added an MDM policy for the Micosoft Account Sign-In Assistant
-- Added instructions for removing the Sticky Notes app
-- Added registry paths for some Group Policies
-- Added the Find My Device section
-- Added the Tasks section
-- Added the App Diagnostics section
-
-- Added the following Group Policies:
-
- - Prevent managing SmartScreen Filter
- - Turn off Compatibility View
- - Turn off Automatic Download and Install of updates
- - Do not connect to any Windows Update locations
- - Turn off access to all Windows Update features
- - Specify Intranet Microsoft update service location
- - Enable Windows NTP client
- - Turn off Automatic download of the ActiveX VersionList
- - Allow Automatic Update of Speech Data
- - Accounts: Block Microsoft Accounts
- - Do not use diagnostic data for tailored experiences
-
## Management options for each setting
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
@@ -105,172 +55,174 @@ The following sections list the components that make network connections to Micr
The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607.
->[!NOTE]
->For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details.
-| Setting | UI | Group Policy | MDM policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | |  | |
-| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  | |
-| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
-| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |  | |
-| [5. Find My Device](#find-my-device) |  |  | |  | |
-| [6. Font streaming](#font-streaming) | |  |  |  | |
-| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
-| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
-| [9. License Manager](#bkmk-licmgr) | | | |  | |
-| [10. Live Tiles](#live-tiles) | |  | |  | |
-| [11. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
-| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
-| [13. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
-| [15. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
-| [16. OneDrive](#bkmk-onedrive) | |  | |  | |
-| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | | |
-| [18.1 General](#bkmk-general) |  |  |  |  | |
-| [18.2 Location](#bkmk-priv-location) |  |  |  |  | |
-| [18.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
-| [18.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
-| [18.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
-| [18.6 Speech](#bkmk-priv-speech) |  |  |  |  | |
-| [18.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
-| [18.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
-| [18.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
-| [18.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
-| [18.11 Email](#bkmk-priv-email) |  |  |  |  | |
-| [18.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
-| [18.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
-| [18.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
-| [18.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
-| [18.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
-| [18.17 Background apps](#bkmk-priv-background) |  |  |  | | |
-| [18.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
-| [18.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
-| [18.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
-| [18.21 Inking & Typing](#bkmk-priv-ink) |  | |  |  | |
-| [19. Software Protection Platform](#bkmk-spp) | |  |  |  | |
-| [20. Storage Health](#bkmk-storage-health) | |  | | | |
-| [21. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
-| [22. Teredo](#bkmk-teredo) | |  | |  |  |
-| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
-| [24. Windows Defender](#bkmk-defender) | |  |  |  | |
-| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
-| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
-| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
-| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
-| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
-| [28. Windows Update](#bkmk-wu) |  |  |  | | |
+| Setting | UI | Group Policy | Registry |
+| - | :-: | :-: | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  |  |
+| [2. Cortana and Search](#bkmk-cortana) |  |  |  |
+| [3. Date & Time](#bkmk-datetime) |  |  |  |
+| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |
+| [5. Find My Device](#find-my-device) |  |  |  |
+| [6. Font streaming](#font-streaming) | |  |  |
+| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |
+| [8. Internet Explorer](#bkmk-ie) |  |  |  |
+| [9. License Manager](#bkmk-licmgr) | | |  |
+| [10. Live Tiles](#live-tiles) | |  |  |
+| [11. Mail synchronization](#bkmk-mailsync) |  | |  |
+| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
+| [13. Microsoft Edge](#bkmk-edge) |  |  |  |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
+| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
+| [16. OneDrive](#bkmk-onedrive) | |  |  |
+| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+| [18.1 General](#bkmk-general) |  |  |  |
+| [18.2 Location](#bkmk-priv-location) |  |  |  |
+| [18.3 Camera](#bkmk-priv-camera) |  |  |  |
+| [18.4 Microphone](#bkmk-priv-microphone) |  |  |  |
+| [18.5 Notifications](#bkmk-priv-notifications) |  |  | |
+| [18.6 Speech](#bkmk-priv-speech) |  |  |  |
+| [18.7 Account info](#bkmk-priv-accounts) |  |  |  |
+| [18.8 Contacts](#bkmk-priv-contacts) |  |  |  |
+| [18.9 Calendar](#bkmk-priv-calendar) |  |  |  |
+| [18.10 Call history](#bkmk-priv-callhistory) |  |  |  |
+| [18.11 Email](#bkmk-priv-email) |  |  |  |
+| [18.12 Messaging](#bkmk-priv-messaging) |  |  |  |
+| [18.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |
+| [18.14 Radios](#bkmk-priv-radios) |  |  |  |
+| [18.15 Other devices](#bkmk-priv-other-devices) |  |  |  |
+| [18.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |
+| [18.17 Background apps](#bkmk-priv-background) |  |  |  |
+| [18.18 Motion](#bkmk-priv-motion) |  |  |  |
+| [18.19 Tasks](#bkmk-priv-tasks) |  |  |  |
+| [18.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |
+| [18.21 Inking & Typing](#bkmk-priv-ink) |  | |  |
+| [18.22 Activity History](#bkmk-act-history) |  | |  |
+| [18.23 Voice Activation](#bkmk-voice-act) |  | |  |
+| [19. Software Protection Platform](#bkmk-spp) | |  |  |
+| [20. Storage Health](#bkmk-storage-health) | |  |  |
+| [21. Sync your settings](#bkmk-syncsettings) |  |  |  |
+| [22. Teredo](#bkmk-teredo) | |  |  |
+| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  |  |
+| [24. Windows Defender](#bkmk-defender) | |  |  |
+| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |
+| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |
+| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
+| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  |  |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
+| [28. Windows Update](#bkmk-wu) | |  |  |
### Settings for Windows Server 2016 with Desktop Experience
See the following table for a summary of the management settings for Windows Server 2016 with Desktop Experience.
-| Setting | UI | Group Policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  |  | |
-| [2. Cortana and Search](#bkmk-cortana) |  |  |  | |
-| [3. Date & Time](#bkmk-datetime) |  |  |  | |
-| [4. Device metadata retrieval](#bkmk-devinst) | |  |  | |
-| [6. Font streaming](#font-streaming) | |  |  | |
-| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  | |
-| [8. Internet Explorer](#bkmk-ie) |  |  |  | |
-| [10. Live Tiles](#live-tiles) | |  |  | |
-| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  | |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  | |
-| [16. OneDrive](#bkmk-onedrive) | |  | | |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | |
-| [18.1 General](#bkmk-general) |  |  |  | |
-| [19. Software Protection Platform](#bkmk-spp) | |  |  | |
-| [20. Teredo](#bkmk-teredo) | |  |  |  |
-| [24. Windows Defender](#bkmk-defender) | |  |  | |
-| [26. Microsoft Store](#bkmk-windowsstore) | |  |  | |
-| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
-| [28. Windows Update](#bkmk-wu) | |  |  | |
+| Setting | UI | Group Policy | Registry |
+| - | :-: | :-: | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  |  |
+| [2. Cortana and Search](#bkmk-cortana) |  |  |  |
+| [3. Date & Time](#bkmk-datetime) |  |  |  |
+| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |
+| [6. Font streaming](#font-streaming) | |  |  |
+| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |
+| [8. Internet Explorer](#bkmk-ie) |  |  |  |
+| [10. Live Tiles](#live-tiles) | |  |  |
+| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
+| [16. OneDrive](#bkmk-onedrive) | |  |  |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+| [18.1 General](#bkmk-general) |  |  |  |
+| [19. Software Protection Platform](#bkmk-spp) | |  |  |
+| [22. Teredo](#bkmk-teredo) | |  |  |
+| [24. Windows Defender](#bkmk-defender) | |  |  |
+| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
+| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  |  |
+| [28. Windows Update](#bkmk-wu) | |  |  |
### Settings for Windows Server 2016 Server Core
See the following table for a summary of the management settings for Windows Server 2016 Server Core.
-| Setting | Group Policy | Registry | Command line |
-| - | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |  | |
-| [3. Date & Time](#bkmk-datetime) |  |  | |
-| [6. Font streaming](#font-streaming) |  |  | |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
-| [19. Software Protection Platform](#bkmk-spp) |  | | |
-| [22. Teredo](#bkmk-teredo) |  | |  |
-| [24. Windows Defender](#bkmk-defender) |  |  | |
-| [28. Windows Update](#bkmk-wu) |  |  | |
+| Setting | Group Policy | Registry |
+| - | :-: | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |  |
+| [3. Date & Time](#bkmk-datetime) |  |  |
+| [6. Font streaming](#font-streaming) |  |  |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) |  |  |
+| [19. Software Protection Platform](#bkmk-spp) |  |  |
+| [22. Teredo](#bkmk-teredo) |  |  |
+| [24. Windows Defender](#bkmk-defender) |  |  |
+| [28. Windows Update](#bkmk-wu) |  |  |
### Settings for Windows Server 2016 Nano Server
See the following table for a summary of the management settings for Windows Server 2016 Nano Server.
-| Setting | Registry | Command line |
-| - | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  | |
-| [3. Date & Time](#bkmk-datetime) |  | |
-| [22. Teredo](#bkmk-teredo) | |  |
-| [28. Windows Update](#bkmk-wu) |  | |
+| Setting | Registry |
+| - | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |
+| [3. Date & Time](#bkmk-datetime) |  |
+| [22. Teredo](#bkmk-teredo) |  |
+| [28. Windows Update](#bkmk-wu) |  |
### Settings for Windows Server 2019
See the following table for a summary of the management settings for Windows Server 2019.
-| Setting | UI | Group Policy | MDM policy | Registry | Command line |
-| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | |  | |
-| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  | |
-| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
-| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |  | |
-| [5. Find My Device](#find-my-device) |  |  | |  | |
-| [6. Font streaming](#font-streaming) | |  |  |  | |
-| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
-| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
-| [10. Live Tiles](#live-tiles) | |  | |  | |
-| [11. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
-| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
-| [13. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
-| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
-| [15. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
-| [16. OneDrive](#bkmk-onedrive) | |  | |  | |
-| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
-| [18. Settings > Privacy](#bkmk-settingssection) | | | | | |
-| [18.1 General](#bkmk-general) |  |  |  |  | |
-| [18.2 Location](#bkmk-priv-location) |  |  |  |  | |
-| [18.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
-| [18.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
-| [18.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
-| [18.6 Speech](#bkmk-priv-speech) |  |  |  |  | |
-| [18.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
-| [18.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
-| [18.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
-| [18.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
-| [18.11 Email](#bkmk-priv-email) |  |  |  |  | |
-| [18.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
-| [18.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
-| [18.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
-| [18.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
-| [18.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
-| [18.17 Background apps](#bkmk-priv-background) |  |  |  | | |
-| [18.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
-| [18.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
-| [18.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
-| [18.21 Inking & Typing](#bkmk-priv-ink) | | |  |  | |
-| [19. Software Protection Platform](#bkmk-spp) | |  |  |  | |
-| [20. Storage Health](#bkmk-storage-health) | |  | | | |
-| [21. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
-| [22. Teredo](#bkmk-teredo) | |  | |  |  |
-| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
-| [24. Windows Defender](#bkmk-defender) | |  |  |  | |
-| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
-| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
-| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
-| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
-| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
-| [28. Windows Update](#bkmk-wu) |  |  |  | | |
+| Setting | UI | Group Policy | Registry |
+| - | :-: | :-: | :-: |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  |  |
+| [2. Cortana and Search](#bkmk-cortana) |  |  |  |
+| [3. Date & Time](#bkmk-datetime) |  |  |  |
+| [4. Device metadata retrieval](#bkmk-devinst) | |  |  |
+| [5. Find My Device](#find-my-device) |  |  |  |
+| [6. Font streaming](#font-streaming) | |  |  |
+| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |
+| [8. Internet Explorer](#bkmk-ie) |  |  |  |
+| [10. Live Tiles](#live-tiles) | |  |  |
+| [11. Mail synchronization](#bkmk-mailsync) |  | |  |
+| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |
+| [13. Microsoft Edge](#bkmk-edge) |  |  |  |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |
+| [15. Offline maps](#bkmk-offlinemaps) |  |  |  |
+| [16. OneDrive](#bkmk-onedrive) | |  |  |
+| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | |
+| [18.1 General](#bkmk-general) |  |  |  |
+| [18.2 Location](#bkmk-priv-location) |  |  |  |
+| [18.3 Camera](#bkmk-priv-camera) |  |  |  |
+| [18.4 Microphone](#bkmk-priv-microphone) |  |  |  |
+| [18.5 Notifications](#bkmk-priv-notifications) |  |  | |
+| [18.6 Speech](#bkmk-priv-speech) |  |  |  |
+| [18.7 Account info](#bkmk-priv-accounts) |  |  |  |
+| [18.8 Contacts](#bkmk-priv-contacts) |  |  |  |
+| [18.9 Calendar](#bkmk-priv-calendar) |  |  |  |
+| [18.10 Call history](#bkmk-priv-callhistory) |  |  |  |
+| [18.11 Email](#bkmk-priv-email) |  |  |  |
+| [18.12 Messaging](#bkmk-priv-messaging) |  |  |  |
+| [18.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |
+| [18.14 Radios](#bkmk-priv-radios) |  |  |  |
+| [18.15 Other devices](#bkmk-priv-other-devices) |  |  |  |
+| [18.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |
+| [18.17 Background apps](#bkmk-priv-background) |  |  |  |
+| [18.18 Motion](#bkmk-priv-motion) |  |  |  |
+| [18.19 Tasks](#bkmk-priv-tasks) |  |  |  |
+| [18.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |
+| [18.21 Inking & Typing](#bkmk-priv-ink) |  | |  |
+| [18.22 Activity History](#bkmk-act-history) |  | |  |
+| [18.23 Voice Activation](#bkmk-voice-act) |  | |  |
+| [19. Software Protection Platform](#bkmk-spp) | |  |  |
+| [20. Storage Health](#bkmk-storage-health) | |  |  |
+| [21. Sync your settings](#bkmk-syncsettings) |  |  |  |
+| [22. Teredo](#bkmk-teredo) | |  |  |
+| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  |  |
+| [24. Windows Defender](#bkmk-defender) | |  |  |
+| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |
+| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |
+| [26. Microsoft Store](#bkmk-windowsstore) | |  |  |
+| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | |
+| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |
+| [28. Windows Update](#bkmk-wu) | |  |  |
## How to configure each setting
@@ -317,7 +269,7 @@ On Windows Server 2016 Nano Server:
### 2. Cortana and Search
-Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
+Use Group Policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
### 2.1 Cortana and Search Group Policies
@@ -374,14 +326,6 @@ You can also apply the Group Policies using the following registry keys:
If your organization tests network traffic, do not use a network proxy as Windows Firewall does not block proxy traffic. Instead, use a network traffic analyzer. Based on your needs, there are many network traffic analyzers available at no cost.
-### 2.2 Cortana and Search MDM policies
-
-For Windows 10 only, the following Cortana MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy | Description |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Experience/AllowCortana | Choose whether to let Cortana install and run on the device. |
-| Search/AllowSearchToUseLocation | Choose whether Cortana and Search can provide location-aware search results.
Default: Allowed|
### 3. Date & Time
@@ -412,9 +356,6 @@ To prevent Windows from retrieving device metadata from the Internet:
- Create a new REG_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one).
- -or -
-
-- Apply the DeviceInstallation/PreventDeviceMetadataFromNetwork MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork).
### 5. Find My Device
@@ -442,13 +383,6 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later:
- Create a new REG_DWORD registry setting **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\EnableFontProviders** to **0 (zero)**.
- -or-
-
-- In Windows 10, version 1703, you can apply the System/AllowFontProviders MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
- - **False**. Font streaming is Disabled.
-
- - **True**. Font streaming is Enabled.
> [!NOTE]
> After you apply this policy, you must restart the device for it to take effect.
@@ -482,20 +416,11 @@ To turn off Insider Preview builds for Windows 10:
- Create a new REG_DWORD registry setting named **AllowBuildPreview** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a **value of 0 (zero)**
- -or-
-
-- Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
- - **0**. Users cannot make their devices available for downloading and installing preview software.
-
- - **1**. Users can make their devices available for downloading and installing preview software.
-
- - **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
### 8. Internet Explorer
> [!NOTE]
-> The following Group Policies and Registry Keys are for user interactive scenarios rather then the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
+> The following Group Policies and Registry Keys are for user interactive scenarios rather then the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
| Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -532,9 +457,11 @@ You can also use Registry keys to set these policies.
| Turn off background synchronization for feeds and Web Slices | HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
REG_DWORD: BackgroundSyncStatus
**Set Value to 0**|
| Allow Online Tips | HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
REG_DWORD: AllowOnlineTips
**Set Value to 0**|
-To turn off the home page, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
+To turn off the home page:
- -or -
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**
+
+ -or-
- Create a new REG_SZ registry setting named **Start Page** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
@@ -543,16 +470,20 @@ To turn off the home page, **Enable** the Group Policy: **User Configuration** >
- Create a new REG_DWORD registry setting named **HomePage** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
-To configure the First Run Wizard, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**.
+To configure the First Run Wizard:
- -or -
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**
+
+ -or-
- Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
-To configure the behavior for a new tab, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**.
+To configure the behavior for a new tab:
- -or -
+- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**
+
+ -or-
- Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
@@ -565,7 +496,7 @@ You can turn this off by:
- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList**
- -or -
+ -or-
- Changing the REG_DWORD registry setting **HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to **0 (zero)**.
@@ -611,9 +542,6 @@ To turn off mail synchronization for Microsoft Accounts that are configured on a
- Remove any Microsoft Accounts from the Mail app.
- -or-
-
-- Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device.
To turn off the Windows Mail app:
@@ -632,16 +560,12 @@ To prevent communication to the Microsoft Account cloud authentication service.
To disable the Microsoft Account Sign-In Assistant:
-- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
-
- -or-
-
- Change the **Start** REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
### 13. Microsoft Edge
-Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
+Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
### 13.1 Microsoft Edge Group Policies
@@ -678,21 +602,6 @@ Alternatively, you can configure the these Registry keys as described:
| Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation
REG_DWORD: MSCompatibilityMode
Value: **0**|
-### 13.2 Microsoft Edge MDM policies
-
-The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy | Description |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Browser/AllowAutoFill | Choose whether employees can use autofill on websites.
**Set to: Not Allowed** |
-| Browser/AllowDoNotTrack | Choose whether employees can send Do Not Track headers.
**Set to: Allowed** |
-| Browser/AllowMicrosoftCompatbilityList | Specify the Microsoft compatibility list in Microsoft Edge.
**Set to: Not Allowed** |
-| Browser/AllowPasswordManager | Choose whether employees can save passwords locally on their devices.
**Set to: Not Allowed** |
-| Browser/AllowSearchSuggestionsinAddressBar | Choose whether the Address Bar shows search suggestions..
**Set to: Not Allowed** |
-| Browser/AllowSmartScreen | Choose whether SmartScreen is turned on or off.
**Set to: Not Allowed** |
-| Browser/FirstRunURL | Choose the home page for Microsoft Edge on Windows Mobile 10.
**Set to:** blank |
-
-
For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies).
### 14. Network Connection Status Indicator
@@ -705,7 +614,6 @@ You can turn off NCSI by doing one of the following:
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Windows Network Connectivity Status Indicator active tests**
-- In Windows 10, version 1703 and later, apply the Connectivity/DisallowNetworkConnectivityActiveTests MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) with a value of 1.
> [!NOTE]
> After you apply this policy, you must restart the device for the policy setting to take effect.
@@ -724,10 +632,6 @@ You can turn off the ability to download and update offline maps.
- Create a REG_DWORD registry setting named **AutoDownloadAndUpdateMapData** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a **value of 0 (zero)**.
- -or-
-
-- In Windows 10, version 1607 and later, apply the Maps/EnableOfflineMapsAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate) with a **value of 0**.
-
-and-
- In Windows 10, version 1607 and later, **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
@@ -754,10 +658,6 @@ To turn off OneDrive in your organization:
- Create a REG_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OneDrive** with a **value of 1 (one)**
--or-
-
-- Set the System/DisableOneDriveFileSync MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync) to True (value 1) to disable OneDrive File Sync.
-
### 17. Preinstalled apps
@@ -927,6 +827,10 @@ Use Settings > Privacy to configure some settings that may be important to yo
- [18.21 Inking & Typing](#bkmk-priv-ink)
+- [18.22 Activity History](#bkmk-act-history)
+
+- [18.23 Voice Activation](#bkmk-voice-act)
+
### 18.1 General
**General** includes options that don't fall into other areas.
@@ -1004,14 +908,6 @@ To turn off **Send Microsoft info about how I write to help us improve typing an
- Turn off the feature in the UI.
- -or-
-
-- Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
- - **0**. Not allowed
-
- - **1**. Allowed (default)
-
To turn off **Let websites provide locally relevant content by accessing my language list**:
- Turn off the feature in the UI.
@@ -1052,18 +948,6 @@ To turn off **Location for this device**:
- Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
- -or-
-
-- Apply the System/AllowLocation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
- - **0**. Turned off and the employee can't turn it back on.
-
- - **1**. Turned on, but lets the employee choose whether to use it. (default)
-
- - **2**. Turned on and the employee can't turn it off.
-
- > [!NOTE]
- > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx).
To turn off **Location**:
@@ -1106,17 +990,6 @@ To turn off **Let apps use my camera**:
- Create a REG_DWORD registry setting named **LetAppsAccessCamera** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
- -or-
-
-- Apply the Camera/AllowCamera MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
- - **0**. Apps can't use the camera.
-
- - **1**. Apps can use the camera.
-
- > [!NOTE]
- > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx).
-
To turn off **Choose apps that can use your camera**:
@@ -1138,14 +1011,6 @@ To turn off **Let apps use my microphone**:
-or-
-- Apply the Privacy/LetAppsAccessMicrophone MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmicrophone), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
To turn off **Choose apps that can use your microphone**:
@@ -1154,26 +1019,14 @@ To turn off **Choose apps that can use your microphone**:
### 18.5 Notifications
->[!IMPORTANT]
->Disabling notifications will also disable the ability to manage the device through MDM. If you are using an MDM solution, make sure cloud notifications are enabled through one of the options below.
-
To turn off notifications network usage:
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage**
-
- - Set to **Enabled**.
+- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage**
-or-
- Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one)
- -or-
-
-
-- Apply the Notifications/DisallowCloudNotification MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification), where:
-
- - **0**. WNS notifications allowed
- - **1**. No WNS notifications allowed
In the **Notifications** area, you can also choose which apps have access to notifications.
@@ -1189,21 +1042,13 @@ To turn off **Let apps access my notifications**:
-or-
-- Apply the Privacy/LetAppsAccessNotifications MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessnotifications), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
### 18.6 Speech
In the **Speech** area, you can configure the functionality as such:
-To turn off streaming audio to Microsoft Speech services,
+To turn off dictation of your voice, speaking to Cortana and other apps, and to prevent sending your voice input to Microsoft Speech services:
- Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off**
@@ -1213,11 +1058,18 @@ To turn off streaming audio to Microsoft Speech services,
-or-
-- Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP to **0 - Not allowed**
+- Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)**
+
+
+If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models:
+
+ - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
-or-
-- Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)**
+ - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
+
+
### 18.7 Account info
@@ -1235,14 +1087,6 @@ To turn off **Let apps access my name, picture, and other account info**:
-or-
-- Apply the Privacy/LetAppsAccessAccountInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessaccountinfo), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
@@ -1267,14 +1111,6 @@ To turn off **Choose apps that can access contacts**:
-or-
-- Apply the Privacy/LetAppsAccessContacts MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscontacts), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessContacts** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
### 18.9 Calendar
@@ -1287,17 +1123,7 @@ To turn off **Let apps access my calendar**:
-or-
-- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access the calendar**
-
- - Set the **Select a setting** box to **Force Deny**.
-
- -or-
-
-- Apply the Privacy/LetAppsAccessCalendar MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscalendar), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
+- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access the calendar**. Set the **Select a setting** box to **Force Deny**.
-or-
@@ -1323,14 +1149,6 @@ To turn off **Let apps access my call history**:
-or-
- - Apply the Privacy/LetAppsAccessCallHistory MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscallhistory), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
### 18.11 Email
@@ -1349,14 +1167,6 @@ To turn off **Let apps access and send email**:
-or-
- - Apply the Privacy/LetAppsAccessEmail MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessemail), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessEmail** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
### 18.12 Messaging
@@ -1375,14 +1185,6 @@ To turn off **Let apps read or send messages (text or MMS)**:
-or-
-- Apply the Privacy/LetAppsAccessMessaging MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmessaging), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessMessaging** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
To turn off **Choose apps that can read or send messages**:
@@ -1415,14 +1217,6 @@ To turn off **Let apps make phone calls**:
-or-
-- Apply the Privacy/LetAppsAccessPhone MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessPhone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
@@ -1446,14 +1240,6 @@ To turn off **Let apps control radios**:
-or-
-- Apply the Privacy/LetAppsAccessRadios MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessradios), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsAccessRadios** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
@@ -1475,10 +1261,6 @@ To turn off **Let apps automatically share and sync info with wireless devices t
-or-
-- Set the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices) to **2**. Force deny
-
- -or-
-
- Create a REG_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
@@ -1493,14 +1275,6 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
- Create a REG_DWORD registry setting named **LetAppsAccessTrustedDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
- -or-
-
-- Apply the **Privacy/LetAppsAccessTrustedDevices** MDM policy from the [Policy CSP](/windows/client-management/mdm/policy-csp-privacy.md#privacy-letappsaccesstrusteddevices
-), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
### 18.16 Feedback & diagnostics
@@ -1555,19 +1329,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
> [!NOTE]
> If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition.
-
- -or-
-
-- Apply the System/AllowTelemetry MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
- - **0**. Maps to the **Security** level.
-
- - **1**. Maps to the **Basic** level.
-
- - **2**. Maps to the **Enhanced** level.
-
- - **3**. Maps to the **Full** level.
-
+
To turn off tailored experiences with relevant tips and recommendations by using your diagnostics data:
@@ -1610,9 +1372,6 @@ To turn off **Let apps run in the background**:
- Create a REG_DWORD registry setting named **LetAppsRunInBackground** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**
- -or-
-
-- Set the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground) to **2 Force Deny**.
> [!NOTE]
> Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**.
@@ -1633,14 +1392,6 @@ To turn off **Let Windows and your apps use your motion data and collect motion
- Create a REG_DWORD registry setting named **LetAppsAccessMotion** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
- -or-
-
-- Apply the Privacy/LetAppsAccessMotion MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmotion), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
-
### 18.19 Tasks
@@ -1658,13 +1409,6 @@ To turn this off:
- Create a REG_DWORD registry setting named **LetAppsAccessTasks** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
- -or-
-
-- Apply the Privacy/LetAppsAccessTasks MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesstasks), where:
-
- - **0**. User in control
- - **1**. Force allow
- - **2**. Force deny
### 18.20 App Diagnostics
@@ -1682,10 +1426,6 @@ To turn this off:
- Create a REG_DWORD registry setting named **LetAppsGetDiagnosticInfo** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
- -or-
-
-- Set the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo) to **2**. Force deny
-
### 18.21 Inking & Typing
@@ -1699,51 +1439,64 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
- -or-
- - Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP.
- [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) to **0** (not allowed). This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows.
+### 18.22 Activity History
+In the **Activity History** area, you can choose turn Off tracking of your Activity History.
+
+To turn this Off in the UI:
+
+- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes
+
+-OR-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed**
+
+ -and-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities**
+
+ -and-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** > named **Allow upload of User Activities**
+
+-OR-
+
+- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+
+ -and-
+
+- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+
+ -and-
+
+- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**
+
+### 18.23 Voice Activation
+
+In the **Vocie activation** area, you can choose turn Off apps ability to listen for a Voice keyword.
+
+To turn this Off in the UI:
+
+- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked**
+
+-OR-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice**
+
+ -and-
+
+- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice while the system is locked**
-If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models:
+-OR-
+
+- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**
- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
+ -and-
- -or-
-
- - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
-
- -or-
-
- - Set the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Speech_AllowSpeechModelUpdate) to **0**
+- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**
-> [!NOTE]
-> Releases 1803 and earlier support **Speech, Inking, & Typing** as a combined settings area. For customizing those setting please follow the below instructions. For 1809 and above **Speech** and **Inking & Typing** are separate settings pages, please see the specific section (18.6 Speech or 18.21 Inking and Typing) above for those areas.
-
-In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
-
- For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
-
- To turn off the functionality:
-
- - Click the **Stop getting to know me** button, and then click **Turn off**.
-
- -or-
-
- - Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Regional and Language Options** > **Handwriting personalization** > **Turn off automatic learning**
-
- -or-
-
- - Create a REG_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one).
-
- -or-
-
- - Create a REG_DWORD registry setting named **AcceptedPrivacyPolicy** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Personalization\\Settings** with a value of 0 (zero).
-
- -and-
-
- - Create a REG_DWORD registry setting named **HarvestContacts** in **HKEY_CURRENT_USER\\Software\\Microsoft\\InputPersonalization\\TrainedDataStore** with a value of **0 (zero)**.
### 19. Software Protection Platform
@@ -1755,10 +1508,6 @@ In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better
-or-
- - Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 1 (Enabled)**.
-
- -or-
-
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
**For Windows Server 2019 or later:**
@@ -1786,7 +1535,7 @@ For Windows 10:
-or-
-- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a value of 0.
+- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a **value of 0**.
### 21. Sync your settings
@@ -1802,11 +1551,6 @@ You can control if your settings are synchronized:
- Create a REG_DWORD registry setting named **DisableSettingSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one).
- -or-
-
-- Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 0 (not allowed)**.
-
-
To turn off Messaging cloud sync:
- Note: There is no Group Policy corresponding to this registry key.
@@ -1853,7 +1597,9 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
### 24. Windows Defender
-You can disconnect from the Microsoft Antimalware Protection Service.
+You can disconnect from the Microsoft Antimalware Protection Service.
+
+On Windows 10 1903 Client operating systems and newer search on "Tamper Protection" from the Windows search button next to the Start button on the desktop commmand bar. Scroll down to the Tamper Protection toggle and turn it **Off**. This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, go to Windows Security Settings -> Virus & threat protection, click on Manage settings and then scroll down to the Tamper Protection toggle and set it to **Off**.
- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop down box named **Join Microsoft MAPS**
@@ -1861,9 +1607,9 @@ You can disconnect from the Microsoft Antimalware Protection Service.
- Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to **0 (zero)**.
--OR-
+ -and-
-- For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+- Delete the registry setting **named** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Updates**.
You can stop sending file samples back to Microsoft.
@@ -1872,10 +1618,6 @@ You can stop sending file samples back to Microsoft.
-or-
-- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) to **2 (two) for Never Send**.
-
- -or-
-
- Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to **2 (two) for Never Send**.
@@ -1920,7 +1662,9 @@ You can turn off **Enhanced Notifications** as follows:
To disable Windows Defender Smartscreen:
-- In Group Policy, configure - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled**
+In Group Policy, configure:
+
+- **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled**
-and-
@@ -1942,14 +1686,10 @@ To disable Windows Defender Smartscreen:
- Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**.
--OR-
-
-- Set the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to **0 (turned Off)**.
-
### 25. Windows Spotlight
-Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy.
+Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy.
If you're running Windows 10, version 1607 or later, you need to:
@@ -1960,10 +1700,6 @@ If you're running Windows 10, version 1607 or later, you need to:
-or-
-- For Windows 10 only, apply the Experience/AllowWindowsSpotlight MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience), with a value of 0 (zero).
-
- -or-
-
- Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one).
@@ -2075,7 +1811,7 @@ Windows Update Delivery Optimization lets you get Windows updates and Microsoft
By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
-Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
+Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization.
In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (100), as described below.
@@ -2105,18 +1841,6 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
- Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **100 (one hundred)**.
-### 27.4 Delivery Optimization MDM policies
-
-The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| MDM Policy | Description |
-|---------------------------|-----------------------------------------------------------------------------------------------------|
-| DeliveryOptimization/DODownloadMode | Lets you choose where Delivery Optimization gets or sends updates and apps, including 0. Turns off Delivery Optimization. 1. Gets or sends updates and apps to PCs on the same NAT only. 2. Gets or sends updates and apps to PCs on the same local network domain. 3. Gets or sends updates and apps to PCs on the Internet. 99. Simple download mode with no peering. 100. Use BITS instead of Windows Update Delivery Optimization.
|
-| DeliveryOptimization/DOGroupID | Lets you provide a Group ID that limits which PCs can share apps and updates.
**Note** This ID must be a GUID.|
-| DeliveryOptimization/DOMaxCacheAge | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache.
The default value is 259200 seconds (3 days).|
-| DeliveryOptimization/DOMaxCacheSize | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20, which represents 20% of the disk.|
-| DeliveryOptimization/DOMaxUploadBandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.|
-
For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
@@ -2163,25 +1887,10 @@ You can turn off Windows Update by setting the following registry entries:
- Set the Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Remove access to use all Windows Update features** to **Enabled** and then set **Computer Configurations** to **0 (zero)**.
-You can turn off automatic updates by doing one of the following. This is not recommended.
+You can turn off automatic updates by doing the following. This is not recommended.
- Add a REG_DWORD value named **AutoDownload** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
- -or-
-
-- For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), where:
-
- - **0**. Notify the user before downloading the update.
-
- - **1**. Auto install the update and then notify the user to schedule a device restart.
-
- - **2** (default). Auto install and restart.
-
- - **3**. Auto install and restart at a specified time.
-
- - **4**. Auto install and restart without end-user control.
-
- - **5**. Turn off automatic updates.
For China releases of Windows 10 there is one additional Regkey to be set to prevent traffic:
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
new file mode 100644
index 0000000000..1279552d91
--- /dev/null
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -0,0 +1,172 @@
+---
+title: Connection endpoints for Windows 10 Enterprise, version 1903
+description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: danihalfin
+ms.author: v-medgar
+manager: sanashar
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 5/3/2019
+---
+# Manage connection endpoints for Windows 10 Enterprise, version 1903
+
+**Applies to**
+
+- Windows 10 Enterprise, version 1903
+
+Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include:
+
+- Connecting to Microsoft Office and Windows sites to download the latest app and security updates.
+- Connecting to email servers to send and receive email.
+- Connecting to the web for every day web browsing.
+- Connecting to the cloud to store and access backups.
+- Using your location to show a weather forecast.
+
+This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later.
+Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
+Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic.
+
+The following methodology was used to derive these network endpoints:
+
+1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 1903 Enterprise connection endpoints
+
+|Area|Description|Protocol|Destination|
+|----------------|----------|----------|------------|
+|Apps|The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|blob.weather.microsoft.com|
+|||HTTP|tile-service.weather.microsoft.com
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US
+||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
+||The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|candycrushsoda.king.com|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|wallet.microsoft.com|
+||The following endpoint is used by the Groove Music app for update HTTP handler status. If you turn off traffic for this endpoint, apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app.|HTTPS|mediaredirect.microsoft.com|
+||The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint disable the Microsoft Store.|HTTPS|int.whiteboard.microsoft.com|
+|||HTTPS|wbd.ms|
+|||HTTPS|whiteboard.microsoft.com|
+|||HTTP / HTTPS|whiteboard.ms|
+|Azure |The following endpoints are related to Azure. |HTTPS|wd-prod-*fe*.cloudapp.azure.com|
+|||HTTPS|ris-prod-atm.trafficmanager.net|
+|||HTTPS|validation-v2.sls.trafficmanager.net|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.|HTTP|ctldl.windowsupdate.com|
+|Cortana and Search|The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions. |HTTPS|store-images.*microsoft.com|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com/client|
+|||HTTPS|www.bing.com|
+|||HTTPS|www.bing.com/proactive|
+|||HTTPS|www.bing.com/threshold/xls.aspx|
+|||HTTP|exo-ring.msedge.net|
+|||HTTP|fp.msedge.net|
+|||HTTP|fp-vp.azureedge.net|
+|||HTTP|odinvzc.azureedge.net|
+|||HTTP|spo-ring.msedge.net|
+|Device authentication|
+||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
+||The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|HTTP|v10.events.data.microsoft.com|
+|||HTTPS|v10.vortex-win.data.microsoft.com/collect/v1|
+|||HTTP|www.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|HTTPS|co4.telecommand.telemetry.microsoft.com|
+|||HTTP|cs11.wpc.v0cdn.net|
+|||HTTPS|cs1137.wpc.gammacdn.net|
+|||TLS v1.2|modern.watson.data.microsoft.com*|
+|||HTTPS|watson.telemetry.microsoft.com|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.|HTTPS|*licensing.mp.microsoft.com*|
+|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data.|HTTPS|inference.location.live.net|
+|||HTTP|location-inference-westus.cloudapp.net|
+|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTPS|*g.akamaiedge.net|
+|||HTTP|*maps.windows.com*|
+|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
+|||HTTP|us.configsvc1.live.com.akadns.net|
+|Microsoft Edge|This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
+|Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
+|Microsoft Store|The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
+||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com*|HTTPS|store-images.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLS v1.2|*.md.mp.microsoft.com*|
+|||HTTPS|*displaycatalog.mp.microsoft.com|
+|||HTTP \ HTTPS|pti.store.microsoft.com|
+|||HTTP|storeedgefd.dsx.mp.microsoft.com|
+|||HTTP|markets.books.microsoft.com|
+|||HTTP |share.microsoft.com|
+|Network Connection Status Indicator (NCSI)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
+Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office Online. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTP|*.c-msedge.net|
+|||HTTPS|*.e-msedge.net|
+|||HTTPS|*.s-msedge.net|
+|||HTTPS|nexusrules.officeapps.live.com|
+|||HTTPS|ocos-office365-s2s.msedge.net|
+|||HTTPS|officeclient.microsoft.com|
+|||HTTPS|outlook.office365.com|
+|||HTTPS|client-office365-tas.msedge.net|
+|||HTTPS|www.office.com|
+|||HTTPS|onecollector.cloudapp.aria|
+|||HTTP|v10.events.data.microsoft.com/onecollector/1.0/|
+|||HTTPS|self.events.data.microsoft.com|
+||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.|HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
+|||HTTP|msagfx.live.com|
+|||HTTPS|oneclient.sfx.ms|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.|HTTPS|cy2.settings.data.microsoft.com.akadns.net|
+|||HTTPS|settings.data.microsoft.com|
+|||HTTPS|settings-win.data.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|browser.pipe.aria.microsoft.com|
+|||HTTP|config.edge.skype.com|
+|||HTTP|s2s.config.skype.com|
+|||HTTPS|skypeecs-prod-usw-0-b.cloudapp.net|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.|HTTPS|wdcp.microsoft.com|
+|||HTTPS|definitionupdates.microsoft.com|
+|||HTTPS|go.microsoft.com|
+||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications will not appear.|HTTPS|*smartscreen.microsoft.com|
+|||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
+|||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.|TLS v1.2|*.search.msn.com|
+|||HTTPS|arc.msn.com|
+|||HTTPS|g.msn.com*|
+|||HTTPS|query.prod.cms.rt.microsoft.com|
+|||HTTPS|ris.api.iris.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.|HTTPS|*.prod.do.dsp.mp.microsoft.com|
+|||HTTP|cs9.wac.phicdn.net|
+|||HTTP|emdl.ws.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
+|||HTTP|*.windowsupdate.com*|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.|HTTPS|*.delivery.mp.microsoft.com|
+|||HTTPS|*.update.microsoft.com|
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly.|HTTPS|tsfe.trafficshaping.dsp.mp.microsoft.com|
+
+
+## Other Windows 10 editions
+
+To view endpoints for other versions of Windows 10 Enterprise, see:
+- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md)
+- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md)
+
+To view endpoints for non-Enterprise Windows 10 editions, see:
+- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md)
+- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md)
+
+
+## Related links
+
+- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+
+
diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md
index dcf4d2be83..5939c12ef0 100644
--- a/windows/privacy/windows-diagnostic-data.md
+++ b/windows/privacy/windows-diagnostic-data.md
@@ -12,17 +12,18 @@ ms.author: daniha
manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 03/13/2018
+ms.date: 04/15/2019
---
# Windows 10, version 1709 and newer diagnostic data for the Full level
Applies to:
+- Windows 10, version 1903
- Windows 10, version 1809
- Windows 10, version 1803
- Windows 10, version 1709
-Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1809 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
+Microsoft uses Windows diagnostic data to keep Windows secure and up-to-date, troubleshoot problems, and make product improvements. For users who have turned on "Tailored experiences", it can also be used to offer you personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. This article describes all types of diagnostic data collected by Windows at the Full level (inclusive of data collected at Basic), with comprehensive examples of data we collect per each type. For additional, detailed technical descriptions of Basic data items, see [Windows 10, version 1903 Basic level diagnostic events and fields](https://docs.microsoft.com/windows/configuration/basic-level-windows-diagnostic-events-and-fields).
In addition, this article provides references to equivalent definitions for the data types and examples from [ISO/IEC 19944:2017 Information technology -- Cloud computing -- Cloud services and devices: Data flow, data categories and data use](https://www.iso.org/standard/66674.html). Each data type also has a Data Use statement, for diagnostics and for Tailored experiences on the device, using the terms as defined by the standard. These Data Use statements define the purposes for which Microsoft processes each type of Windows diagnostic data, using a uniform set of definitions referenced at the end of this document and based on the ISO standard. Reference to the ISO standard provides additional clarity about the information collected, and allows easy comparison with other services or guidance that also references the standard.
diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
new file mode 100644
index 0000000000..a4b71349d5
--- /dev/null
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -0,0 +1,274 @@
+---
+title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
+description: Explains what Windows 10 endpoints are used in non-Enterprise editions.
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.localizationpriority: high
+audience: ITPro
+author: mikeedgar
+ms.author: v-medgar
+manager: sanashar
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.date: 5/9/2019
+---
+# Windows 10, version 1903, connection endpoints for non-Enterprise editions
+
+ **Applies to**
+
+- Windows 10 Home, version 1903
+- Windows 10 Professional, version 1903
+- Windows 10 Education, version 1903
+
+In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1903.
+
+The following methodology was used to derive the network endpoints:
+
+1. Set up the latest version of Windows 10 on a test virtual machine using the default settings.
+2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
+4. Compile reports on traffic going to public IP addresses.
+5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here.
+7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
+8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
+
+
+> [!NOTE]
+> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
+
+## Windows 10 Family
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+|\*.aria.microsoft.com*|HTTPS|Microsoft Office Telemetry
+|\*.b.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+|\*.c-msedge.net|HTTP|Microsoft Office
+|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
+|\*.download.windowsupdate.com*|HTTP|Used to download operating system patches and updates
+|\*.g.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+|\*.login.msa.*.net|HTTPS|Microsoft Account related
+|\*.msn.com*|TLSv1.2/HTTPS|Windows Spotlight
+|\*.skype.com|HTTP/HTTPS|Skype
+|\*.smartscreen.microsoft.com*|HTTPS|Windows Defender Smartscreen
+|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+|*cdn.onenote.net*|HTTP|OneNote
+|*displaycatalog.*mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+|*emdl.ws.microsoft.com*|HTTP|Windows Update
+|*geo-prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update
+|*hwcdn.net*|HTTP|Highwinds Content Delivery Network / Windows updates
+|*img-prod-cms-rt-microsoft-com*|HTTPS|Microsoft Store or Inbox MSN Apps image download
+|*licensing.*mp.microsoft.com*|HTTPS|Licensing
+|*maps.windows.com*|HTTPS|Related to Maps application
+|*msedge.net*|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps
+|*nexusrules.officeapps.live.com*|HTTPS|Microsoft Office Telemetry
+|*photos.microsoft.com*|HTTPS|Photos App
+|*prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for Windows Update downloads of apps and OS updates
+|*purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|*settings.data.microsoft.com.akadns.net|HTTPS|Used for Windows apps to dynamically update their configuration
+|*wac.phicdn.net*|HTTP|Windows Update
+|*windowsupdate.com*|HTTP|Windows Update
+|*wns.*windows.com*|TLSv1.2/HTTPS|Used for the Windows Push Notification Services (WNS)
+|*wpc.v0cdn.net*|HTTP|Windows Telemetry
+|arc.msn.com|HTTPS|Spotlight
+|auth.gfx.ms*|HTTPS|MSA related
+|cdn.onenote.net|HTTPS|OneNote Live Tile
+|dmd.metaservices.microsoft.com*|HTTP|Device Authentication
+|e-0009.e-msedge.net|HTTPS|Microsoft Office
+|e10198.b.akamaiedge.net|HTTPS|Maps application
+|evoke-windowsservices-tas.msedge*|HTTPS|Photos app
+|fe2.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store
+|fe3.*.mp.microsoft.com.*|TLSv1.2/HTTPS|Windows Update, Microsoft Update, and Microsoft Store services
+|g.live.com*|HTTPS|OneDrive
+|go.microsoft.com|HTTP|Windows Defender
+|iriscoremetadataprod.blob.core.windows.net|HTTPS|Windows Telemetry
+|login.live.com|HTTPS|Device Authentication
+|msagfx.live.com|HTTP|OneDrive
+|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|officeclient.microsoft.com|HTTPS|Microsoft Office
+|oneclient.sfx.ms*|HTTPS|Used by OneDrive for Business to download and verify app updates
+|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office
+|ow1.res.office365.com|HTTP|Microsoft Office
+|pti.store.microsoft.com|HTTPS|Microsoft Store
+|purchase.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+|query.prod.cms.rt.microsoft.com*|HTTPS|Used to retrieve Windows Spotlight metadata
+|ris.api.iris.microsoft.com*|TLSv1.2/HTTPS|Used to retrieve Windows Spotlight metadata
+|ris-prod-atm.trafficmanager.net|HTTPS|Azure traffic manager
+|s-0001.s-msedge.net|HTTPS|Microsoft Office
+|self.events.data.microsoft.com|HTTPS|Microsoft Office
+|settings.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
+|settings-win.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration
+|share.microsoft.com|HTTPS|Microsoft Store
+|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Store
+|sls.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update
+|slscr.update.microsoft.com*|HTTPS|Enables connections to Windows Update
+|store*.dsx.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store
+|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store
+|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
+|store-images.*microsoft.com*|HTTP|Used to get images that are used for Microsoft Store suggestions
+|storesdk.dsx.mp.microsoft.com|HTTP|Microsoft Store
+|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
+|time.windows.com|HTTP|Microsoft Windows Time related
+|tsfe.trafficshaping.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for content regulation
+|v10.events.data.microsoft.com|HTTPS|Diagnostic Data
+|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data
+|wdcp.microsoft.*|TLSv1.2, HTTPS|Used for Windows Defender when Cloud-based Protection is enabled
+|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com|HTTPS|Windows Defender
+|wusofficehome.msocdn.com|HTTPS|Microsoft Office
+|www.bing.com*|HTTP|Used for updates for Cortana, apps, and Live Tiles
+|www.msftconnecttest.com|HTTP|Network Connection (NCSI)
+|www.office.com|HTTPS|Microsoft Office
+
+
+## Windows 10 Pro
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+|\*.cloudapp.azure.com|HTTPS|Azure
+|\*.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, and Microsoft Store services
+|\*.displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update
+|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.g.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use
+|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.windowsupdate.com*|HTTP|Enables connections to Windows Update
+|\*.wns.notify.windows.com.akadns.net|HTTPS|Used for the Windows Push Notification Services (WNS)
+|\*dsp.mp.microsoft.com.nsatc.net|HTTPS|Enables connections to Windows Update
+|\*c-msedge.net|HTTP|Office
+|a1158.g.akamai.net|HTTP|Maps application
+|arc.msn.com*|HTTP / HTTPS|Used to retrieve Windows Spotlight metadata
+|blob.mwh01prdstr06a.store.core.windows.net|HTTPS|Microsoft Store
+|browser.pipe.aria.microsoft.com|HTTPS|Microsoft Office
+|bubblewitch3mobile.king.com|HTTPS|Bubble Witch application
+|candycrush.king.com|HTTPS|Candy Crush application
+|cdn.onenote.net|HTTP|Microsoft OneNote
+|cds.p9u4n2q3.hwcdn.net|HTTP|Highwinds Content Delivery Network traffic for Windows updates
+|client.wns.windows.com|HTTPS|Winddows Notification System
+|co4.telecommand.telemetry.microsoft.com.akadns.net|HTTPS|Windows Error Reporting
+|config.edge.skype.com|HTTPS|Microsoft Skype
+|cs11.wpc.v0cdn.net|HTTP|Windows Telemetry
+|cs9.wac.phicdn.net|HTTP|Windows Update
+|cy2.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|cy2.purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|cy2.settings.data.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store
+|dmd.metaservices.microsoft.com.akadns.net|HTTP|Device Authentication
+|e-0009.e-msedge.net|HTTPS|Microsoft Office
+|e10198.b.akamaiedge.net|HTTPS|Maps application
+|fe3.update.microsoft.com|HTTPS|Windows Update
+|g.live.com|HTTPS|Microsoft OneDrive
+|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata
+|geo-prod.do.dsp.mp.microsoft.com|HTTPS|Windows Update
+|go.microsoft.com|HTTP|Windows Defender
+|iecvlist.microsoft.com|HTTPS|Microsoft Edge
+|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP / HTTPS|Microsoft Store
+|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in
+|licensing.mp.microsoft.com|HTTP|Licensing
+|location-inference-westus.cloudapp.net|HTTPS|Used for location data
+|login.live.com|HTTP|Device Authentication
+|maps.windows.com|HTTP|Maps application
+|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
+|msagfx.live.com|HTTP|OneDrive
+|nav.smartscreen.microsoft.com|HTTPS|Windows Defender
+|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|oneclient.sfx.ms|HTTP|OneDrive
+|pti.store.microsoft.com|HTTPS|Microsoft Store
+|ris.api.iris.microsoft.com.akadns.net|HTTPS|Used to retrieve Windows Spotlight metadata
+|ris-prod-atm.trafficmanager.net|HTTPS|Azure
+|s2s.config.skype.com|HTTP|Microsoft Skype
+|settings-win.data.microsoft.com|HTTPS|Application settings
+|share.microsoft.com|HTTPS|Microsoft Store
+|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Skype
+|slscr.update.microsoft.com|HTTPS|Windows Update
+|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store
+|store-images.microsoft.com|HTTPS|Microsoft Store
+|tile-service.weather.microsoft.com/*|HTTP|Used to download updates to the Weather app Live Tile
+|time.windows.com|HTTP|Windows time
+|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation
+|v10.events.data.microsoft.com*|HTTPS|Microsoft Office
+|vip5.afdorigin-prod-am02.afdogw.com|HTTPS|Used to serve office 365 experimentation traffic
+|watson.telemetry.microsoft.com|HTTPS|Telemetry
+|wdcp.microsoft.com|HTTPS|Windows Defender
+|wusofficehome.msocdn.com|HTTPS|Microsoft Office
+|www.bing.com|HTTPS|Cortana and Search
+|www.microsoft.com|HTTP|Diagnostic
+|www.msftconnecttest.com|HTTP|Network connection
+|www.office.com|HTTPS|Microsoft Office
+
+
+
+## Windows 10 Education
+
+| **Destination** | **Protocol** | **Description** |
+| --- | --- | --- |
+|\*.b.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use
+|\*.c-msedge.net|HTTP|Used by OfficeHub to get the metadata of Office apps
+|\*.dl.delivery.mp.microsoft.com*|HTTP|Windows Update
+|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.g.akamaiedge.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use
+|\*.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*.settings.data.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*.skype.com*|HTTPS|Used to retrieve Skype configuration values
+|\*.smartscreen*.microsoft.com|HTTPS|Windows Defender
+|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps
+|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+|\*.wac.phicdn.net|HTTP|Windows Update
+|\*.windowsupdate.com*|HTTP|Windows Update
+|\*.wns.windows.com|HTTPS|Windows Notifications Service
+|\*.wpc.*.net|HTTP|Diagnostic Data
+|\*displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store
+|\*dsp.mp.microsoft.com|HTTPS|Windows Update
+|a1158.g.akamai.net|HTTP|Maps
+|a122.dscg3.akamai.net|HTTP|Maps
+|a767.dscg3.akamai.net|HTTP|Maps
+|au.download.windowsupdate.com*|HTTP|Windows Update
+|bing.com/*|HTTPS|Used for updates for Cortana, apps, and Live Tiles
+|blob.dz5prdstr01a.store.core.windows.net|HTTPS|Microsoft Store
+|browser.pipe.aria.microsoft.com|HTTP|Used by OfficeHub to get the metadata of Office apps
+|cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile
+|cds.p9u4n2q3.hwcdn.net|HTTP|Used by the Highwinds Content Delivery Network to perform Windows updates
+|client-office365-tas.msedge.net/*|HTTPS|Office 365 porta and Office Online
+|ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent
+|displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store
+|dmd.metaservices.microsoft.com*|HTTP|Device Authentication
+|download.windowsupdate.com*|HTTPS|Windows Update
+|emdl.ws.microsoft.com/*|HTTP|Used to download apps from the Microsoft Store
+|evoke-windowsservices-tas.msedge.net|HTTPS|Photo app
+|fe2.update.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services
+|fe3.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, Microsoft Store services
+|fe3.delivery.mp.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services
+|g.live.com*|HTTPS|Used by OneDrive for Business to download and verify app updates
+|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata
+|go.microsoft.com|HTTP|Windows Defender
+|iecvlist.microsoft.com|HTTPS|Microsoft Edge browser
+|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in
+|licensing.mp.microsoft.com*|HTTPS|Used for online activation and some app licensing
+|login.live.com|HTTPS|Device Authentication
+|maps.windows.com/windows-app-web-link|HTTPS|Maps application
+|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
+|msagfx.live.com|HTTPS|OneDrive
+|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Office 365 portal's shared infrastructure
+|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|oneclient.sfx.ms/*|HTTPS|Used by OneDrive for Business to download and verify app updates
+|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office
+|pti.store.microsoft.com|HTTPS|Microsoft Store
+|settings-win.data.microsoft.com/settings/*|HTTPS|Used as a way for apps to dynamically update their configuration
+|share.microsoft.com|HTTPS|Microsoft Store
+|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Skype
+|sls.update.microsoft.com*|HTTPS|Windows Update
+|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store
+|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile
+|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Windows Update
+|v10.events.data.microsoft.com*|HTTPS|Diagnostic Data
+|vip5.afdorigin-prod-ch02.afdogw.com|HTTPS|Used to serve Office 365 experimentation traffic
+|watson.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting
+|wdcp.microsoft.com|HTTPS|Windows Defender
+|wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com|HTTPS|Azure
+|wusofficehome.msocdn.com|HTTPS|Microsoft Office
+|www.bing.com|HTTPS|Cortana and Search
+|www.microsoft.com|HTTP|Diagnostic Data
+|www.microsoft.com/pkiops/certs/*|HTTP|CRL and OCSP checks to the issuing certificate authorities
+|www.msftconnecttest.com|HTTP|Network Connection
+|www.office.com|HTTPS|Microsoft Office
+
diff --git a/windows/release-information/TOC.md b/windows/release-information/TOC.md
index 188c87f7a3..735c4e5527 100644
--- a/windows/release-information/TOC.md
+++ b/windows/release-information/TOC.md
@@ -1,23 +1,36 @@
# [Windows 10 release information](index.md)
## [Message center](windows-message-center.yml)
-## [Version 1809 and Windows Server 2019](status-windows-10-1809-and-windows-server-2019.yml)
+## Version 1903
+### [Known issues and notifications](status-windows-10-1903.yml)
+### [Resolved issues](resolved-issues-windows-10-1903.yml)
+## Version 1809 and Windows Server 2019
+### [Known issues and notifications](status-windows-10-1809-and-windows-server-2019.yml)
### [Resolved issues](resolved-issues-windows-10-1809-and-windows-server-2019.yml)
-## [Version 1803](status-windows-10-1803.yml)
+## Version 1803
+### [Known issues and notifications](status-windows-10-1803.yml)
### [Resolved issues](resolved-issues-windows-10-1803.yml)
-## [Version 1709](status-windows-10-1709.yml)
+## Version 1709
+### [Known issues and notifications](status-windows-10-1709.yml)
### [Resolved issues](resolved-issues-windows-10-1709.yml)
-## [Version 1703](status-windows-10-1703.yml)
+## Version 1703
+### [Known issues and notifications](status-windows-10-1703.yml)
### [Resolved issues](resolved-issues-windows-10-1703.yml)
-## [Version 1607 and Windows Server 2016](status-windows-10-1607-and-windows-server-2016.yml)
+## Version 1607 and Windows Server 2016
+### [Known issues and notifications](status-windows-10-1607-and-windows-server-2016.yml)
### [Resolved issues](resolved-issues-windows-10-1607.yml)
-## [Version 1507](status-windows-10-1507.yml)
+## Version 1507
+### [Known issues and notifications](status-windows-10-1507.yml)
### [Resolved issues](resolved-issues-windows-10-1507.yml)
## Previous versions
-### [Windows 8.1 and Windows Server 2012 R2](status-windows-8.1-and-windows-server-2012-r2.yml)
+### Windows 8.1 and Windows Server 2012 R2
+#### [Known issues and notifications](status-windows-8.1-and-windows-server-2012-r2.yml)
####[Resolved issues](resolved-issues-windows-8.1-and-windows-server-2012-r2.yml)
-### [Windows Server 2012](status-windows-server-2012.yml)
+### Windows Server 2012
+#### [Known issues and notifications](status-windows-server-2012.yml)
####[Resolved issues](resolved-issues-windows-server-2012.yml)
-### [Windows 7 and Windows Server 2008 R2](status-windows-7-and-windows-server-2008-r2-sp1.yml)
+### Windows 7 and Windows Server 2008 R2
+#### [Known issues and notifications](status-windows-7-and-windows-server-2008-r2-sp1.yml)
####[Resolved issues](resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml)
-### [Windows Server 2008 SP2](status-windows-server-2008-sp2.yml)
+### Windows Server 2008 SP2
+#### [Known issues and notifications](status-windows-server-2008-sp2.yml)
####[Resolved issues](resolved-issues-windows-server-2008-sp2.yml)
\ No newline at end of file
diff --git a/windows/release-information/index.md b/windows/release-information/index.md
index 2aa38be1de..c80e214ec1 100644
--- a/windows/release-information/index.md
+++ b/windows/release-information/index.md
@@ -13,12 +13,14 @@ ms.localizationpriority: high
---
# Windows 10 release information
-Feature updates for Windows 10 are released twice a year, targeting March and September, via the Semi-Annual Channel (SAC) and will be serviced with monthly quality updates for 18 months from the date of the release. We recommend that you begin deployment of each SAC release immediately to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
+Feature updates for Windows 10 are released twice a year, around March and September, via the Semi-Annual Channel and will be serviced with monthly quality updates for 18 months from the date of the release.
-Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
+We recommend that you begin deployment of each Semi-Annual Channel release immediately as a targeted deployment to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
+
+Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions are serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
>[!NOTE]
->If you are not using Windows Update for Business today, the "Semi-Annual Channel (Targeted)" servicing option has no impact on when your devices will be updated. It merely reflects a milestone for the semi-annual release, the period of time during which Microsoft recommends that your IT team make the release available to specific, "targeted" devices for the purpose of validating and generating data in order to get to a broad deployment decision. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
+>Beginning with Windows 10, version 1903, this page will no longer list Semi-Annual Channel (Targeted) information for version 1903 and future feature updates. Instead, you will find a single entry for each Semi-Annual Channel release. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
index 955bf10881..49d4e3e4e0 100644
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
| Summary | Originating update | Status | Date resolved |
+ Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.
See details > | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
| May 21, 2019
07:42 AM PT |
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible
See details > | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
KB4505056 | May 19, 2019
02:00 PM PT |
Windows 10, version 1809 update history may show an update installed twice
Some customers are reporting that KB4494441 installed twice on their device
See details > | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
| May 16, 2019
02:37 PM PT |
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
See details > | OS Build 17763.475
May 03, 2019
KB4495667 | Resolved
KB4494441 | May 14, 2019
10:00 AM PT |
@@ -136,6 +137,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ | Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers. Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.
Resolution: Microsoft has removed the safeguard hold.
Back to top | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
| Resolved:
May 21, 2019
07:42 AM PT
Opened:
November 13, 2018
10:00 AM PT |
| Shared albums may not sync with iCloud for Windows Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Window 10, version 1809 until this issue has been resolved.
We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.
Back to top | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
KB4482887 | Resolved:
March 01, 2019
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PT |
| Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance. Resolution: This issue was resolved in KB4482887 and the upgrade block removed.
Back to top | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
KB4482887 | Resolved:
March 01, 2019
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PT |
| F5 VPN clients losing network connectivity Upgrade block: After updating to Window 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4482887 and the upgrade block removed.
Back to top | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
KB4482887 | Resolved:
March 01, 2019
10:00 AM PT
Opened:
November 13, 2018
10:00 AM PT |
diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml
new file mode 100644
index 0000000000..8e4da506f4
--- /dev/null
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@@ -0,0 +1,36 @@
+### YamlMime:YamlDocument
+
+documentType: LandingData
+title: Resolved issues in Windows 10, version 1903 and Windows Server, vesion 1903
+metadata:
+ document_id:
+ title: Resolved issues in Windows 10, version 1903 and Windows Server, vesion 1903
+ description: Resolved issues in Windows 10, version 1903 and Windows Server 1903
+ keywords: ["Resolved issues in Windows 10", "Windows 10", "Windows 10, version 1903"]
+ ms.localizationpriority: high
+ author: greg-lindsay
+ ms.author: greglin
+ manager: dougkim
+ ms.topic: article
+ ms.devlang: na
+
+sections:
+- items:
+ - type: markdown
+ text: "
+ See a list of known issues that have been resolved for Windows 10, version 1903 and Windows Server, version 1903 over the last six months. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s) to search the page.
+
+ "
+- items:
+ - type: markdown
+ text: "
+
+ "
+
+- title: Resolved issues
+- items:
+ - type: markdown
+ text: "
+ There are no recently resolved issues at this time.
+
+ "
diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml
index 06ca4f79fc..dd98581223 100644
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
index 7726b7eaa2..b482491798 100644
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
@@ -60,6 +60,7 @@ sections:
- type: markdown
text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
+ Machines running Windows Server 2016 with Hyper-V seeing Bitlocker error 0xC0210000
Some machines running Windows Server with Hyper-V enabled may boot into Bitlocker recovery
See details > | N/A
| Investigating
| May 21, 2019
09:21 AM PT |
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| April 25, 2019
02:00 PM PT |
Issue using PXE to start a device from WDS
There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.
See details > | OS Build 14393.2848
March 12, 2019
KB4489882 | Mitigated
| April 25, 2019
02:00 PM PT |
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.
See details > | OS Build 14393.2639
November 27, 2018
KB4467684 | Mitigated
| April 25, 2019
02:00 PM PT |
@@ -84,6 +85,7 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
+ | Machines running Windows Server 2016 with Hyper-V seeing Bitlocker error 0xC0210000 We are investigating reports that some machines running Windows Server 2016 with Hyper-V enabled may enter Bitlocker recovery mode with an error 0xC0210000 after installing KB4494440 and rebooting.
Affected platforms: - Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2016
Workaround: You can reboot machines successfully after suspending Bitlocker from Windows Recovery Environment. Below steps can be followed to suspend Bitlocker - Retrieve the 48 digit Bitlocker recovery password for the OS volume (From organization portal/key storage).
- From the recovery screen, press the enter key to get to the recovery password entry screen and enter the recovery password.
- If machine boots to windows recovery environment and asks for recovery key again, press “skip the drive” to enter Windows Recovery Environment
- Click on “Advanced options”->”Troubleshoot”->”Advanced options”->”Command Prompt”
- Unlock OS drive using the following command
- Mange-bde -unlock c: -rp <48 digit numerical recovery password separated by “-“ in 6 digit group>
- Suspend Bitlocker using the following command
- Manage-bde -protectors -disable c:
- Exit the command Window using the following command
- exit
- Click on “Continue” from recovery environment
- This should boot system to Windows
- Once booted, launch an Administrator command prompt and resume the Bitlocker to ensure the system remains protected.
- Mange-bde -protectors -enable c:
The workaround needs to be followed on every system boot. To prevent hitting the issue, execute following command to temporarily suspend Bitlocker just before rebooting the system: - Manage-bde -protectors -disable c: -rc 1
- This command will suspend Bitlocker until 1 reboot of the machine (-rc 1 option only works inside OS and does not work from recovery environment).
Next steps: Microsoft is presently investigating this issue and will provide an update when available.
Back to top | N/A
| Investigating
| Last updated:
May 21, 2019
09:21 AM PT
Opened:
May 21, 2019
08:50 AM PT |
| Unable to access some gov.uk websites After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.
Affected platforms: - Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Resolution: We have released an \"optional, out-of-band\" update for Windows 10 ( KB4505052) to resolve this issue. If you are affected, we recommend you apply this update by installing KB4505052 from Windows Update and then restarting your device.
This update will not be applied automatically. To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates. To get the standalone package for KB4505052, search for it in the Microsoft Update Catalog.
Back to top | OS Build 14393.2969
May 14, 2019
KB4494440 | Resolved
KB4505052 | Resolved:
May 19, 2019
02:00 PM PT
Opened:
May 16, 2019
01:57 PM PT |
| Layout and cell size of Excel sheets may change when using MS UI Gothic When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel. For example, the layout and cell size of Microsoft Excel sheets may change when using MS UI Gothic.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
- Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue has been resolved.
Back to top | OS Build 14393.2941
April 25, 2019
KB4493473 | Resolved
KB4494440 | Resolved:
May 14, 2019
10:00 AM PT
Opened:
May 10, 2019
10:35 AM PT |
diff --git a/windows/release-information/status-windows-10-1703.yml b/windows/release-information/status-windows-10-1703.yml
index 3a76ae2259..7190ce8dc6 100644
--- a/windows/release-information/status-windows-10-1703.yml
+++ b/windows/release-information/status-windows-10-1703.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml
index e8f8b70184..165d1cbd86 100644
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml
index f6d721d1ba..102e57aef1 100644
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
index 636f29d49a..0a80e53db1 100644
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@@ -34,21 +34,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
@@ -69,7 +69,7 @@ sections:
Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007
Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| May 02, 2019
04:47 PM PT |
Issue using PXE to start a device from WDS
Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.
See details > | OS Build 17763.379
March 12, 2019
KB4489899 | Mitigated
| April 09, 2019
10:00 AM PT |
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".
See details > | OS Build 17763.253
January 08, 2019
KB4480116 | Mitigated
| April 09, 2019
10:00 AM PT |
- Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.
See details > | OS Build 17763.134
November 13, 2018
KB4467708 | Mitigated
| March 15, 2019
12:00 PM PT |
+ Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.
See details > | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
| May 21, 2019
07:42 AM PT |
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible
See details > | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
KB4505056 | May 19, 2019
02:00 PM PT |
Windows 10, version 1809 update history may show an update installed twice
Some customers are reporting that KB4494441 installed twice on their device
See details > | OS Build 17763.503
May 14, 2019
KB4494441 | Resolved
| May 16, 2019
02:37 PM PT |
Layout and cell size of Excel sheets may change when using MS UI Gothic
When using the MS UI Gothic or MS PGothic fonts, the text, layout, or cell size may become narrower or wider than expected in Microsoft Excel.
See details > | OS Build 17763.475
May 03, 2019
KB4495667 | Resolved
KB4494441 | May 14, 2019
10:00 AM PT |
@@ -136,6 +136,6 @@ sections:
- type: markdown
text: "
| Details | Originating update | Status | History |
- | Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update.
Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.
Back to top | OS Build 17763.134
November 13, 2018
KB4467708 | Mitigated
| Last updated:
March 15, 2019
12:00 PM PT
Opened:
November 13, 2018
10:00 AM PT |
+ | Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers. Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.
Affected platforms: - Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
- Server: Windows Server, version 1809; Windows Server 2019
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.
Resolution: Microsoft has removed the safeguard hold.
Back to top | OS Build 17763.134
November 13, 2018
KB4467708 | Resolved
| Resolved:
May 21, 2019
07:42 AM PT
Opened:
November 13, 2018
10:00 AM PT |
"
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml
new file mode 100644
index 0000000000..6f5714b4dd
--- /dev/null
+++ b/windows/release-information/status-windows-10-1903.yml
@@ -0,0 +1,108 @@
+### YamlMime:YamlDocument
+
+documentType: LandingData
+title: Windows 10, version 1903 and Windows Server, version 1903
+metadata:
+ document_id:
+ title: Windows 10, version 1903 and Windows Server, version 1903
+ description: View annoucements and review known issues and fixes for Windows 10 version 1903 and Windows Server 1903
+ keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
+ ms.localizationpriority: high
+ author: greg-lindsay
+ ms.author: greglin
+ manager: dougkim
+ ms.topic: article
+ ms.devlang: na
+
+sections:
+- items:
+ - type: markdown
+ text: "
+ Find information on known issues for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s).
+
+
+Current status:
+ Windows 10, version 1903 is available by manually selecting “Check for updates” via Windows Update. (Note We are slowly throttling up this availability while we carefully monitor data and feedback.) The recommended servicing status is Semi-Annual Channel.
+ |
+
+ "
+
+- items:
+ - type: list
+ style: cards
+ className: cardsM
+ columns: 3
+ items:
+
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
+ image:
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
+ image:
+ src: https://docs.microsoft.com/media/common/i_whats-new.svg
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
+ image:
+ src: https://docs.microsoft.com/media/common/i_investigate.svg
+ title: What’s new for businesses and IT pros in Windows 10
+- items:
+ - type: markdown
+ text: "
+
+ "
+- items:
+ - type: markdown
+ text: "
+
+ "
+
+- title: Known issues
+- items:
+ - type: markdown
+ text: "This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
+ | Summary | Originating update | Status | Last updated |
+ Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| May 21, 2019
04:47 PM PT |
+ Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| May 21, 2019
07:17 AM PT |
+ Duplicate folders and documents showing in user profile directory
If known folders (e.g. Desktop, Documents, or Pictures folders) are redirected, an empty folder with that same name may be created.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| May 21, 2019
07:16 AM PT |
+ Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:49 PM PT |
+ Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some versions of Realtek and Qualcomm Bluetooth radio drivers.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:48 PM PT |
+ Night light settings do not apply in some cases
Microsoft has identified some scenarios where night light settings may stop working.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:48 PM PT |
+ Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in battery drain.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:47 PM PT |
+ Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:47 PM PT |
+ Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:46 PM PT |
+ AMD RAID driver incompatibility
Installation process may stop when trying to install Windows 10, version 1903 update on computers that run certain versions of AMD RAID drivers.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:45 PM PT |
+ D3D applications and games may fail to enter full-screen mode on rotated displays
Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
04:45 PM PT |
+ Older versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software.
See details > | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| May 21, 2019
07:34 AM PT |
+
+ "
+
+- title: Issue details
+- items:
+ - type: markdown
+ text: "
+
+
+ "
+- title: May 2019
+- items:
+ - type: markdown
+ text: "
+ | Details | Originating update | Status | History |
+ | Display brightness may not respond to adjustments Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Window 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.
To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Workaround: Restart your device to apply changes to brightness.
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Next steps: We are working on a resolution that will be made available in upcoming release.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:56 AM PT |
+ | Audio not working with Dolby Atmos headphones and home theater After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error. This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions. To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.
Affected platforms: - Client: Windows 10, version 1903
Next steps: We are working on a resolution for Microsoft Store and estimate a solution will be available in mid-June. Note We recommend you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| Last updated:
May 21, 2019
07:17 AM PT
Opened:
May 21, 2019
07:16 AM PT |
+ | Duplicate folders and documents showing in user profile directory If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. This issue does not cause any user files to be deleted and a solution is in progress.
To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Next steps: Microsoft is working on a resolution and estimates a solution will be available in late May. Note We recommend that you do not attempt to manually update to Windows 10, version 1903 using the Update now button or the Media Creation Tool until this issue has been resolved.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Investigating
| Last updated:
May 21, 2019
07:16 AM PT
Opened:
May 21, 2019
07:16 AM PT |
+ | Error attempting to update with external USB device or memory card attached If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.
Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).
Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.
To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Workaround: To work around this issue, remove all external media, such as USB devices and SD cards, from your computer and restart installation of the Windows 10, version 1903 feature update. The update should then proceed normally. Note If you need to keep your external device, SD memory card, or other devices attached to your computer while updating, we recommend that you do not attempt to manually update to Windows 10, version 1903 using the Update now button or the Media Creation Tool until this issue has been resolved.
Next steps: Microsoft is working on a resolution and estimate a solution will be available in late May.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:49 PM PT
Opened:
May 21, 2019
07:38 AM PT |
+ | Unable to discover or connect to Bluetooth devices Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.
Affected platforms: - Client: Windows 10, version 1903
- Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.
- For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
- For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool.
Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:48 PM PT
Opened:
May 21, 2019
07:29 AM PT |
+ | Night light settings do not apply in some cases Microsoft has identified some scenarios where night light settings may stop working, for example: - Connecting to (or disconnecting from) an external monitor, dock, or projector
- Rotating the screen
- Updating display drivers or making other display mode changes
Affected platforms: - Client: Windows 10, version 1903
Workaround: If you find that your night light settings have stopped working, try turning the night light on and off, or restart your computer.
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:48 PM PT
Opened:
May 21, 2019
07:28 AM PT |
+ | Intel Audio displays an intcdaud.sys notification Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8). To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.
Affected platforms: - Client: Windows 10, version 1903; Windows 10, version 1809
Workaround: On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.
Note We recommend you do not attempt to update your devices until newer device drivers are installed.
Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:22 AM PT |
+ | Cannot launch Camera app Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating: \"Close other apps, error code: 0XA00F4243.”
To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Workaround: To temporarily resolve this issue, perform one of the following:
- Unplug your camera and plug it back in.
or - Disable and re-enable the driver in Device Manager. In the Search box, type \"Device Manager\" and press Enter. In the Device Manager dialog box, expand Cameras, then right-click on any RealSense driver listed and select Disable device. Right click on the driver again and select Enable device.
or - Restart the RealSense service. In the Search box, type \"Task Manager\" and hit Enter. In the Task Manager dialog box, click on the Services tab, right-click on RealSense, and select Restart.
Note This workaround will only resolve the issue until your next system restart.
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:47 PM PT
Opened:
May 21, 2019
07:20 AM PT |
+ | Intermittent loss of Wi-Fi connectivity Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).
To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.
Affected platforms: - Client: Windows 10, version 1903
Workaround: Download and install an updated Wi-Fi driver from your device manufacturer (OEM). Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:46 PM PT
Opened:
May 21, 2019
07:13 AM PT |
+ | AMD RAID driver incompatibility Microsoft and AMD have identified an incompatibility with AMD RAID driver versions lower than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following: AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode. “A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.” To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.
Affected platforms: - Client: Windows 10, version 1903
Workaround: To resolve this issue, download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update. Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:45 PM PT
Opened:
May 21, 2019
07:12 AM PT |
+ | D3D applications and games may fail to enter full-screen mode on rotated displays Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).
Affected platforms: - Client: Windows 10, version 1903
- Server: Windows Server, version 1903
Workaround: To work around this issue, do one of the following: - Run applications in windowed mode or, if available, on a secondary non-rotated display.
- Change compatibility settings for the applications to “Disable Full Screen Optimizations.”
Next steps: Microsoft is working on a resolution and estimates a solution will be available in late May.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
04:45 PM PT
Opened:
May 21, 2019
07:05 AM PT |
+ | Older versions of BattlEye anti-cheat software incompatible Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.
To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device.
Affected platforms: - Client: Windows 10, version 1903
Mitigated: BattlEye has provided an updated patch to known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/.
Workaround: Before updating your machine, we recommend you do one or more of the following:
- Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
- Restart your system and open the game again.
- Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
- Uninstall and reinstall your game.
Next steps: We are working with BattlEye and gaming partners to ensure games are automatically updated with the latest BattlEye software. We have confirmed the latest version of impacted games do not exhibit this issue. To minimize the chance of hitting this upgrade compatibility hold, please make sure you are running the latest version of your games before attempting to update the operating system. Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until you have installed an updated version of BattlEye software that resolves this issue.
Back to top | OS Build 18362.116
May 20, 2019
KB4505057 | Mitigated
| Last updated:
May 21, 2019
07:34 AM PT
Opened:
May 21, 2019
07:34 AM PT |
+
+ "
diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
index 8a01a72fd3..0a772954f6 100644
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
index e0c2471c87..95074ee9dd 100644
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-server-2008-sp2.yml b/windows/release-information/status-windows-server-2008-sp2.yml
index d56b006f6f..09c429ca4b 100644
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml
index 1a713e77cf..3e8ed1b555 100644
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@@ -29,21 +29,21 @@ sections:
columns: 3
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- items:
- type: markdown
text: "
diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml
index 65b9ab4d01..9619ecc9de 100644
--- a/windows/release-information/windows-message-center.yml
+++ b/windows/release-information/windows-message-center.yml
@@ -23,21 +23,21 @@ sections:
columns: 2
items:
- - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540
- html: Read the announcement >
+ - href: https://blogs.windows.com/windowsexperience/
+ html: Get the update >
image:
- src: https://docs.microsoft.com//media/common/i_deploy.svg
- title: Windows 10, version 1809 designated for broad deployment
- - href: https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency
- html: Find out more >
+ src: https://docs.microsoft.com/media/common/i_deploy.svg
+ title: Windows 10, version 1903 rollout begins
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Read about the latest enhancements >
image:
src: https://docs.microsoft.com/media/common/i_whats-new.svg
- title: Improvements to the Windows 10 update experience are coming
- - href: https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience
- html: Learn about our approach >
+ title: What’s new in Windows Update for Business
+ - href: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/bg-p/Windows10Blog
+ html: Get an overview >
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
- title: How do we measure and improve the quality of Windows?
+ title: What’s new for businesses and IT pros in Windows 10
- href: https://docs.microsoft.com/windows/windows-10/release-information
html: Visit the Windows 10 release information page >
image:
@@ -50,6 +50,9 @@ sections:
text: "
| Message | Date |
+ Windows 10, version 1903 rollout begins
The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback. | May 21, 2019
10:00 AM PT |
+ What’s new in Windows Update for Business
We are enhancing and expanding the capabilities of Windows Update for Business to make the move to the cloud even easier. From simplified branch readiness options to better control over deadlines and reboots, read about the enhancements to Windows Update for Business as a part of Windows 10, version 1903. | May 21, 2019
10:00 AM PT |
+ What’s new for businesses and IT pros in Windows 10
Explore the newest capabilities for businesses and IT in the latest feature update in the areas of intelligent security, simplified updates, flexible management, and enhanced productivity. | May 21, 2019
10:00 AM PT |
Reminder: Install the latest SSU for a smoother update experience
We strongly recommend that you install the latest servicing stack update (SSU) before installing any Windows update; especially as an SSU may be a prerequisite for some updates. If you have difficulty installing Windows updates, verify that you have installed the latest SSU package for your version of Windows and then try installing the update again. Links to the latest SSU are always provided in the “How to get this update” section of each update KB article (e.g., KB4494441). For more information about SSUs, see our Servicing stack updates guidance. | May 14, 2019
10:00 AM PT |
Take action: Update Remote Desktop Services on older versions of Windows
Today, we released fixes for a critical wormable, remote code execution vulnerability ( CVE-2019-0708) in Remote Desktop Services—formerly known as Terminal Services. This vulnerability affects Windows 7, Windows Server 2008 R2, and earlier versions of Windows nearing end of support. It does not affect Windows 8, Windows Server 2012, or newer operating systems. While we have not observed attacks exploiting this vulnerability, affected systems should be patched with priority. Here is what you need to know:
Call to action:
diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md
index 86165f1bf1..16e282f16f 100644
--- a/windows/security/identity-protection/access-control/special-identities.md
+++ b/windows/security/identity-protection/access-control/special-identities.md
@@ -149,7 +149,7 @@ Any user who accesses the system through a sign-in process has the Authenticated
|
Default Location in Active Directory |
-cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
+cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Default User Rights |
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index 388993c2d8..387b2f434b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -43,7 +43,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.
-User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
+User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
index aaab0a442a..8989f06877 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md
@@ -20,7 +20,7 @@ ms.topic: article
# Investigate entities on machines using live response
**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
index 79720ee3a3..19ef61c49c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 09/03/2018
---
# View and organize the Microsoft Defender ATP Machines list
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
index 217418bd99..2ff51aee05 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md
@@ -37,7 +37,12 @@ You can control the following attributes about the folder that you'd like to be
**Folders**
-You can specify a folder and its subfolders to be skipped. You can use wild cards so that all files under the directory is skipped by the automated investigation.
+You can specify a folder and its subfolders to be skipped.
+
+
+>[!NOTE]
+>At this time, use of wild cards as a way to exclude files under a directory is not yet supported.
+
**Extensions**
You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
index 6a2ea321b9..12b2670489 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md
@@ -4,6 +4,7 @@ description: Use the exposed data and actions using a set of progammatic APIs th
keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
+search.appverid: met150
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
index aa642d1c55..619b30d34a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
@@ -1,7 +1,7 @@
---
title: What's new in Microsoft Defender ATP
description: Lists the new features and functionality in Microsoft Defender ATP
-keywords: what's new in windows defender atp
+keywords: what's new in microsoft defender atp, ga, generally available, capabilities, available, new
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
index 29534e1b63..cc1bc787e1 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
@@ -5,6 +5,7 @@ keywords: updates, security baselines, schedule updates
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
+search.appverid: met150
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
index 49020bb614..5bdebb3c04 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md
@@ -3,32 +3,31 @@ title: Installing Microsoft Defender ATP for Mac with different MDM product
description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution.
keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
-search.appverid: #met150
+search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: mavel
author: maximvelichko
-ms.localizationpriority: #medium
+ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
-ms.topic: #conceptual
+ms.topic: conceptual
---
# Deployment with a different MDM system
**Applies to:**
-
-[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!IMPORTANT]
>This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program. Microsoft makes no warranties, express or implied, with respect to the information provided here.
## Prerequisites and system requirements
-Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
+Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
## Approach
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md
index 8b71416a15..ac99737410 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.md
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md
@@ -13,10 +13,13 @@
### [Types of devices](types-of-devices.md)
###Use WDAC with custom policies
#### [Create an initial default policy](create-initial-default-policy.md)
+#### [Create path-based rules](create-path-based-rules.md)
#### [Microsoft recommended block rules](microsoft-recommended-block-rules.md)
### [Audit WDAC policies](audit-windows-defender-application-control-policies.md)
### [Merge WDAC policies](merge-windows-defender-application-control-policies.md)
+### [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md)
### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md)
+### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md)
### [Deploy WDAC with a managed installer](use-windows-defender-application-control-with-managed-installer.md)
### [Deploy WDAC with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md)
### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
new file mode 100644
index 0000000000..c33eca6f6f
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -0,0 +1,78 @@
+---
+title: Allow COM object registration in a Windows Defender Application Control policy (Windows 10)
+description: You can allow COM object registration in a Windows Defender Application Control policy.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: mdsakibMSFT
+ms.date: 05/21/2019
+---
+
+# Allow COM object registration in a Windows Defender Application Control policy
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2016
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The [Microsoft Component Object Model (COM)](https://docs.microsoft.com/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
+
+### COM object configurability in WDAC policy
+
+Prior to the Windows 10 1903 update, Windows Defender Application Control (WDAC) enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
+
+### Get COM object GUID
+
+Get GUID of application to allow in one of the following ways:
+- Finding block event in Event Viewer (Application and Service Logs > Microsoft > Windows > AppLocker > MSI and Script) and extracting GUID
+- Creating audit policy (using New-CIPolicy –Audit), potentially with specific provider, and use info from block events to get GUID
+
+### Author policy setting to allow or deny COM object GUID
+
+Three elements:
+- Provider: platform on which code is running (values are Powershell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”)
+- Key: GUID for the program you with to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
+- ValueName: needs to be set to "EnterpriseDefinedClsId"
+
+One attribute:
+- Value: needs to be “true” for allow and “false” for deny
+ - Note that deny only works in base policies, not supplemental
+- The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
+
+### Examples
+
+Example 1: Allows registration of all COM object GUIDs in any provider
+
+```xml
+
+
+ true
+
+
+```
+
+Example 2: Blocks a specific COM object from being registered via Internet Explorer (IE)
+
+```xml
+
+
+ false
+
+
+```
+
+Example 3: Allows a specific COM object to register in PowerShell
+
+```xml
+
+
+ true
+
+
+```
+
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md
new file mode 100644
index 0000000000..105f6a46bb
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md
@@ -0,0 +1,65 @@
+---
+title: Windows Defender Application Control path-based rules (Windows 10)
+description: Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: mdsakibMSFT
+ms.date: 05/17/2019
+---
+
+# Create Windows Defender Application Control path-based rules
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2016
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
+
+- New-CIPolicy parameters
+ - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level)
+
+ ```powershell
+ New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u
+ ```
+
+ Optionally, add -UserWriteablePaths to ignore user writeability
+
+ - FilePathRule: create a rule where filepath string is directly set to value of \
+
+ ```powershell
+ New-CIPolicyRule -FilePathRule
+ ```
+
+ Useful for wildcards like C:\foo\\*
+
+- Usage follows the same flow as per-app rules:
+
+ ```powershell
+ $rules = New-CIPolicyRule …
+ $rules += New-CIPolicyRule …
+ …
+ New-CIPolicyRule -f .\mypolicy.xml -u
+ ```
+
+- Wildcards supported
+ - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
+ - One or the other, not both at the same time
+ - Does not support wildcard in the middle (ex. C:\\*\foo.exe)
+ - Examples:
+ - %WINDIR%\\...
+ - %SYSTEM32%\\...
+ - %OSDRIVE%\\...
+
+- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
+
+ ```powershell
+ Set-RuleOption -o 18 .\policy.xml
+ ```
+
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
new file mode 100644
index 0000000000..6df51f6694
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -0,0 +1,79 @@
+---
+title: Deploy multiple Windows Defender Application Control Policies (Windows 10)
+description: Windows Defender Application Control supports multiple code integrity policies for one device.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+author: mdsakibMSFT
+ms.date: 05/17/2019
+---
+
+# Deploy multiple Windows Defender Application Control Policies
+
+**Applies to:**
+
+- Windows 10
+- Windows Server 2016
+
+>[!IMPORTANT]
+>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The restriction of only having a single code integrity policy active on a system at any given time has felt limiting for customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios:
+
+1. Enforce and Audit Side-by-Side
+ - To validate policy changes before deploying in enforcement mode, users can now deploy an audit-mode base policy side-by-side with an existing enforcement-mode base policy
+2. Multiple Base Policies
+ - Users can enforce two or more base policies simultaneously in order to allow simpler policy targeting for policies with different scope/intent
+ - If two base policies exist on a device, an application has to be allowed by both to run
+3. Supplemental Policies
+ - Users can deploy one or more supplemental policies to expand a base policy
+ - A supplemental policy expands a single base policy, and multiple supplemental policies can expand the same base policy
+ - For supplemental policies, applications that are allowed by either the base policy or its supplemental policy/policies are allowed to run
+
+## How do Base and Supplemental Policies Interact?
+
+- Multiple base policies: intersection
+ - Only applications allowed by both policies run without generating block events
+- Base + supplemental policy: union
+ - Files that are allowed by the base policy or the supplemental policy are not blocked
+
+Note that multiple policies will not work on pre-1903 systems.
+
+### Allow Multiple Policies
+
+In order to allow multiple policies to exist and take effect on a single system, policies must be created using the new Multiple Policy Format. The "MultiplePolicyFormat" switch in New-CIPolicy results in 1) random GUIDs being generated for the policy ID and 2) the policy type being specified as base.
+
+```powershell
+New-CIPolicy -MultiplePolicyFormat -foo –bar
+```
+
+Optionally, you can choose to make the new base policy supplementable (allow supplemental policies).
+
+```powershell
+Set-RuleOption -FilePath Enabled:Allow Supplemental Policies
+```
+
+For signed base policies that are being made supplementable, you need to ensure that supplemental signers are defined. Use the "Supplemental" switch in Add-SignerRule to provide supplemental signers.
+
+```powershell
+Add-SignerRule -FilePath -CertificatePath [-Kernel] [-User] [-Update] [-Supplemental] [-Deny] []
+```
+
+### Supplemental Policy Creation
+
+In order to create a supplemental policy, begin by creating a new policy in the Multiple Policy Format. From there, use Set-CIPolicyIdInfo to convert it to a supplemental policy and specify which base policy it expands.
+- "SupplementsBasePolicyID": guid of new supplemental policy
+- "BasePolicyToSupplementPath": base policy that the supplemental policy applies to
+
+```powershell
+Set-CIPolicyIdInfo [-FilePath] [-PolicyName ] [-SupplementsBasePolicyID ] [-BasePolicyToSupplementPath ] [-ResetPolicyID] [-PolicyId ] []
+```
+
+Note that "ResetPolicyId" reverts a supplemental policy to a base policy, and resets the policy guids back to a random guid.
+
+### Merging policies
+
+When merging, the policy type and ID of the leftmost/first policy specified is used. If the leftmost is a base policy with ID , then regardless of what the GUIDS and types are for any subsequent policies, the merged policy will be a base policy with ID .
+
diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
index 718fc4a51c..d1d521cfb4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
@@ -8,26 +8,26 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: jsuther1974
-ms.date: 05/03/2018
+ms.date: 05/14/2019
---
-# Manage packaged apps with Windows Defender Application Control
+# Manage Packaged Apps with Windows Defender Application Control
**Applies to:**
- Windows 10
- Windows Server 2016
-This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy.
+This topic for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy.
-## Understanding Packaged apps and Packaged app installers
+## Understanding Packaged Apps and Packaged App Installers
Packaged apps, also known as Universal Windows apps, are based on a model that ensures all the files within an app package share the same identity. With classic Windows apps, each file within the app could have a unique identity.
With packaged apps, it is possible to control the entire app by using a single WDAC rule.
Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, these components don't always share common attributes such as the software’s publisher name, product name, and product version. Therefore, WDAC controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule.
-### Comparing classic Windows apps and packaged apps
+### Comparing classic Windows Apps and Packaged Apps
WDAC policies for packaged apps can only be applied to apps installed on computers running at least Windows Server 2012 or Windows 8, but classic Windows apps can be controlled on devices running at least Windows Server
2008 R2 or Windows 7. The rules for classic Windows apps and packaged apps can be enforced in tandem. The differences between packaged apps and classic Windows apps that you should consider include:
@@ -38,13 +38,101 @@ WDAC policies for packaged apps can only be applied to apps installed on compute
WDAC uses different rule collections to control packaged apps and classic Windows apps. You have the choice to control one type, the other type, or both.
-## Using WDAC to manage packaged apps
+## Using WDAC to Manage Packaged Apps
Just as there are differences in managing each rule collection, you need to manage the packaged apps with the following strategy:
-1. Gather information about which Packaged apps are running in your environment.
+1. Gather information about which packaged apps are running in your environment.
2. Create WDAC rules for specific packaged apps based on your policy strategies. For more information, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md).
3. Continue to update the WDAC policies as new package apps are introduced into your environment. To do this, see [Merge WDAC policies](merge-windows-defender-application-control-policies.md).
+## Blocking Packaged Apps
+
+You can now use `New-CIPolicyRule -Package $Package -Deny` to block packaged apps.
+
+### Blocking Packaged Apps Which Are Installed on the System
+
+Below are the list of steps you can follow to block one or more packaged apps in the case that the apps are on the system you are using the WDAC PowerShell cmdlets on:
+
+1. Get the app identifier for an installed package
+
+ ```powershell
+ $package = Get-AppxPackage -name
+ ```
+2. Make a rule by using the New-CIPolicyRule cmdlet
+
+ ```powershell
+ $Rule = New-CIPolicyRule -Package $package -deny
+ ```
+3. Repeat for other packages you want to block using $rule +=…
+
+4. Make a policy for just the blocks you created for packages
+
+ ```powershell
+ New-CIpolicy -rules $rule -f .\policy.xml -u
+ ```
+
+5. Merge with an existing policy that authorizes the other applications and system components required for your scenario. Here we use the sample Allow Windows policy
+
+ ```powershell
+ Merge-CIPolicy -PolicyPaths .\policy.xml,C:\windows\Schemas\codeintegrity\examplepolicies\DefaultWindows_Audit.xml -o allowWindowsDenyPackages.xml
+ ```
+
+6. Disable audit mode if needed
+
+ ```powershell
+ Set-RuleOption -o 3 -Delete .\allowWindowsDenyPackages.xml
+ ```
+
+7. Enable invalidate EAs on reboot
+
+ ```powershell
+ Set-RuleOption -o 15 .\allowWindowsDenyPackages.xml
+ ```
+
+8. Compile the policy
+
+ ```powershell
+ ConvertFrom-CIPolicy .\AllowWindowsDenyPackages.xml C:\compiledpolicy.bin
+ ```
+
+9. Install the policy without restarting
+
+ ```powershell
+ Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = "C:\compiledpolicy.bin"}
+ ```
+### Blocking Packaged Apps Which Are Not Installed on the System
+
+If the app you intend to block is not installed on the system you are using the WDAC PowerShell cmdlets on, then follow the steps below:
+
+1. Create a dummy rule using Steps 1-5 in the Blocking Packaged Apps Which Are Installed on the System section above
+
+2. Navigate to the app you want to block on the Store website
+
+3. Copy the GUID in the URL for the app
+ - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558
+ - https://www.microsoft.com/en-us/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab
+4. Use the GUID in the following REST query URL to retrieve the identifiers for the app
+ - Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata
+ - The URL will return:
+
+ ```
+ { "packageFamilyName": "Microsoft.Todos_8wekyb3d8bbwe",
+ "packageIdentityName": "Microsoft.Todos",
+ "windowsPhoneLegacyId": "6088f001-776c-462e-984d-25b6399c6607",
+ "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+ }
+ ```
+
+5. Use the value returned by the query URL for the packageFamilyName to replace the package name generated earlier in the dummy rule from Step 1.
+
+## Allowing Packaged Apps
+The method for allowing specific packaged apps is similar to the method outlined above for blocking packaged apps, with the only difference being the parameter to the New-CIPolicyRule cmdlet.
+
+```powershell
+$Rule = New-CIPolicyRule -Package $package -allow
+```
+
+Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules.
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 1a987c35e7..342163da92 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -23,8 +23,6 @@ Windows Defender Application Control (WDAC) provides control over a computer run
A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone additional company assets. WDAC policies follow a similar methodology, that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of additional WDAC policies based on what should be allowed to be installed and run and for whom. For more details on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md).
-> **Note** Each computer can have only **one** WDAC policy at a time. Whichever way you deploy this policy, it is renamed to SIPolicy.p7b and copied to **C:\\Windows\\System32\\CodeIntegrity** and, for UEFI computers, **<EFI System Partition>\\Microsoft\\Boot**. Keep this in mind when you create your WDAC policies.
-
Optionally, WDAC can align with your software catalog as well as any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged or serviced, and managed.
If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
@@ -103,4 +101,50 @@ To create the WDAC policy, they build a reference server on their standard hardw
As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their WDAC policy. If they come to a time when the internally-written, unsigned application must be updated, they must also update the WDAC policy so that the hash in the policy matches the hash of the updated internal application.
-They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required).
\ No newline at end of file
+They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required).
+
+## Create path-based rules
+
+Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
+
+- New-CIPolicy parameters
+ - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level)
+
+ ```powershell
+ New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u
+ ```
+
+ Optionally, add -UserWriteablePaths to ignore user writeability
+
+ - FilePathRule: create a rule where filepath string is directly set to value of \
+
+ ```powershell
+ New-CIPolicyRule -FilePathRule
+ ```
+
+ Useful for wildcards like C:\foo\\*
+
+- Usage follows the same flow as per-app rules:
+
+ ```powershell
+ $rules = New-CIPolicyRule …
+ $rules += New-CIPolicyRule …
+ …
+ New-CIPolicyRule -f .\mypolicy.xml -u
+ ```
+
+- Wildcards supported
+ - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
+ - One or the other, not both at the same time
+ - Does not support wildcard in the middle (ex. C:\\*\foo.exe)
+ - Examples:
+ - %WINDIR%\\...
+ - %SYSTEM32%\\...
+ - %OSDRIVE%\\...
+
+- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
+
+ ```powershell
+ Set-RuleOption -o 18 .\policy.xml
+ ```
+
diff --git a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index 3c498923b2..610a396882 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: justinha
+author: qrscharmed
ms.author: justinha
ms.date: 03/28/2019
@@ -59,6 +59,12 @@ Answering frequently asked questions about Windows Defender Application Guard (A
|**A:** |WDAG requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as “192.168.1.4:81” can be annotated as “itproxy:81” or using a record such as “P19216810010” for a proxy with an IP address of 192.168.100.10. This applies to Windows 10 Enterprise edition, 1709 or higher.|
+| | |
+|---|----------------------------|
+|**Q:** |Which Input Method Editors (IME) in 19H1 are not supported?|
+|**A:** |The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in WDAG.
Vietnam Telex keyboard
Vietnam number key-based keyboard
Hindi phonetic keyboard
Bangla phonetic keyboard
Marathi phonetic keyboard
Telugu phonetic keyboard
Tamil phonetic keyboard
Kannada phonetic keyboard
Malayalam phonetic keyboard
Gujarati phonetic keyboard
Odia phonetic keyboard
Punjabi phonetic keyboard|
+
+
| | |
|---|----------------------------|
|**Q:** |I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering?|
diff --git a/windows/whats-new/TOC.md b/windows/whats-new/TOC.md
index 1655e466e9..2991f9ac65 100644
--- a/windows/whats-new/TOC.md
+++ b/windows/whats-new/TOC.md
@@ -1,4 +1,5 @@
# [What's new in Windows 10](index.md)
+## [What's new in Windows 10, version 1903](whats-new-windows-10-version-1903.md)
## [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
## [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
## [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index 345e687f89..6c9a323ecd 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -15,6 +15,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec
## In this section
+- [What's new in Windows 10, version 1903](whats-new-windows-10-version-1903.md)
- [What's new in Windows 10, version 1809](whats-new-windows-10-version-1809.md)
- [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
- [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index a4846edc0d..58fe6b55e8 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -145,7 +145,7 @@ The OS uninstall period is a length of time that users are given when they can o
### Windows Hello for Business
-[Windows Hello](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#kiosk-configuration) section.
+[Windows Hello](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features) now supports FIDO 2.0 authentication for Azure AD Joined Windows 10 devices and has enhanced support for shared devices, as described in the [Kiosk configuration](#windows-10-kiosk-and-kiosk-browser) section.
- Windows Hello is now [password-less on S-mode](https://www.windowslatest.com/2018/02/12/microsoft-make-windows-10-password-less-platform/).
- Support for S/MIME with Windows Hello for Business and APIs for non-Microsoft identity lifecycle management solutions.
diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md
new file mode 100644
index 0000000000..c77493d952
--- /dev/null
+++ b/windows/whats-new/whats-new-windows-10-version-1903.md
@@ -0,0 +1,144 @@
+---
+title: What's new in Windows 10, version 1903
+description: New and updated IT Pro content about new features in Windows 10, version 1903 (also known as the Windows 10 May 2019 Update).
+keywords: ["What's new in Windows 10", "Windows 10", "May 2019 Update"]
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: greg-lindsay
+ms.localizationpriority: high
+ms.topic: article
+---
+
+# What's new in Windows 10, version 1903 IT Pro content
+
+**Applies to**
+- Windows 10, version 1903
+
+This article lists new and updated features and content that are of interest to IT Pros for Windows 10 version 1903, also known as the Windows 10 May 2019 Update. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1809.
+
+>[!NOTE]
+>New disk space requirement for Windows 10, version 1903 applies only to OEMs for the manufacture of new PCs. This new requirement does not apply to existing devices. PCs that don’t meet new device disk space requirements will continue to receive updates and the 1903 update will require about the same amount of free disk space as previous updates. For more information, see [Reserved storage](#reserved-storage).
+
+## Deployment
+
+### Windows Autopilot
+
+[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. The following Windows Autopilot features are available in Windows 10, version 1903 and later:
+
+- [Windows Autopilot for white glove deployment](https://docs.microsoft.com/windows/deployment/windows-autopilot/white-glove) is new in this version of Windows. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
+- The Intune [enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
+- [Cortana voiceover](https://docs.microsoft.com/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
+- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
+- Windows Autopilot will set the [diagnostics data](https://docs.microsoft.com/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
+
+### Windows 10 Subscription Activation
+
+Windows 10 Education support has been added to Windows 10 Subscription Activation.
+
+With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions – Windows 10 Education. For more information, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-subscription-activation).
+
+### SetupDiag
+
+[SetupDiag](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag) version 1.4.1 is available.
+
+SetupDiag is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues. In the current version of SetupDiag there are 53 rules contained in the rules.xml file, which is extracted when SetupDiag is run. The rules.xml file will be updated as new versions of SetupDiag are made available.
+
+### Reserved storage
+
+[**Reserved storage**](https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Windows-10-and-reserved-storage/ba-p/428327): Reserved storage sets aside disk space to be used by updates, apps, temporary files, and system caches. It improves the day-to-day function of your PC by ensuring critical OS functions always have access to disk space. Reserved storage will be enabled automatically on new PCs with Windows 10, version 1903 pre-installed, and for clean installs. It will not be enabled when updating from a previous version of Windows 10.
+
+## Servicing
+
+- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with System Center Configuration Manager content coming soon!
+- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
+- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
+- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
+- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again.
+- **Improved update notifications**: When there’s an update requiring you to restart your device, you’ll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
+- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
+- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
+
+## Security
+
+### Windows Information Protection
+
+With this release, Windows Defender ATP extends discovery and protection of sensitive information with [Auto Labeling](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels#how-wip-protects-automatically-classified-files).
+
+### Security configuration framework
+
+With this release of Windows 10, Microsoft is introducing a [new taxonomy for security configurations](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework), called the **SECCON framework**, comprised of 5 device security configurations.
+
+### Security baseline for Windows 10 and Windows Server
+
+The draft release of the [security configuration baseline settings](https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/) for Windows 10, version 1903 and for Windows Server version 1903 is available.
+
+### Intune security baselines
+
+[Intune Security Baselines](https://docs.microsoft.com/intune/security-baselines) (Preview): Now includes many settings supported by Intune that you can use to help secure and protect your users and devices. You can automatically set these settings to values recommended by security teams.
+
+### Microsoft Defender Advanced Threat Protection (ATP):
+
+- [Attack surface area reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) – IT admins can configure devices with advanced web protection that enables them to define allow and deny lists for specific URL’s and IP addresses.
+- [Next generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) – Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
+ - Integrity enforcement capabilities – Enable remote runtime attestation of Windows 10 platform.
+ - Tamper-proofing capabilities – Uses virtualization-based security to isolate critical ATP security capabilities away from the OS and attackers.
+- [Platform support](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114) – In addition to Windows 10, Windows Defender ATP’s functionality has been extended to support Windows 7 and Windows 8.1 clients, as well as macOS, Linux, and Windows Server with both its Endpoint Detection (EDR) and Endpoint Protection Platform (EPP) capabilities.
+
+### Microsoft Defender ATP next-gen protection technologies:
+
+- **Advanced machine learning**: Improved with advanced machine learning and AI models that enable it to protect against apex attackers using innovative vulnerability exploit techniques, tools and malware.
+- **Emergency outbreak protection**: Provides emergency outbreak protection which will automatically update devices with new intelligence when a new outbreak has been detected.
+- **Certified ISO 27001 compliance**: Ensures that the cloud service has analyzed for threats, vulnerabilities and impacts, and that risk management and security controls are in place.
+- **Geolocation support**: Support geolocation and sovereignty of sample data as well as configurable retention policies.
+
+### Threat Protection
+
+- [Windows Sandbox](https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849): Isolated desktop environment where you can run untrusted software without the fear of lasting impact to your device.
+- [Microphone privacy settings](https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy): A microphone icon appears in the notification area letting you see which apps are using your microphone.
+
+- [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) enhancements:
+ - Standalone users can install and configure their Windows Defender Application Guard settings without needing to change Registry key settings. Enterprise users can check their settings to see what their administrators have configured for their machines to better understand the behavior.
+ - WDAG is now an extension in Google Chrome and Mozilla Firefox. Many users are in a hybrid browser environment, and would like to extend WDAG’s browser isolation technology beyond Microsoft Edge. In the latest release, users can install the WDAG extension in their Chrome or Firefox browsers. This extension will redirect untrusted navigations to the WDAG Edge browser. There is also a companion app to enable this feature in the Microsoft Store. Users can quickly launch WDAG from their desktop using this app. This feature is also available in Windows 10, version 1803 or later with the latest updates.
+
+ To try this extension:
+ 1. Configure WDAG policies on your device.
+ 2. Go to the Chrome Web Store or Firefox Add-ons and search for Application Guard. Install the extension.
+ 3. Follow any additional configuration steps on the extension setup page.
+ 4. Reboot the device.
+ 5. Navigate to an untrusted site in Chrome and Firefox.
+
+ - WDAG allows dynamic navigation: Application Guard now allows users to navigate back to their default host browser from the WDAG Microsoft Edge. Previously, users browsing in WDAG Edge would see an error page when they try to go to a trusted site within the container browser. With this new feature, users will automatically be redirected to their host default browser when they enter or click on a trusted site in WDAG Edge. This feature is also available in Windows 10, version 1803 or later with the latest updates.
+
+- [Windows Defender Application Control (WDAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control): In Windows 10, version 1903 WDAC has a number of new features that light up key scenarios and provide feature parity with AppLocker.
+ - [Multiple Policies](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies): WDAC now supports multiple simultaneous code integrity policies for one device in order to enable the following scenarios: 1) enforce and audit side-by-side, 2) simpler targeting for policies with different scope/intent, 3) expanding a policy using a new ‘supplemental’ policy.
+ - [Path-Based Rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules): The path condition identifies an app by its location in the file system of the computer or on the network instead of a signer or hash identifier. Additionally, WDAC has an option that allows admins to enforce at runtime that only code from paths that are not user-writeable is executed. When code tries to execute at runtime, the directory is scanned and files will be checked for write permissions for non-known admins. If a file is found to be user writeable, the executable is blocked from running unless it is authorized by something other than a path rule like a signer or hash rule.
+ This brings WDAC to functionality parity with AppLocker in terms of support for file path rules. WDAC improves upon the security of policies based on file path rules with the availability of the user-writability permission checks at runtime time, which is a capability that is not available with AppLocker.
+ - [Allow COM Object Registration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy): Previously, WDAC enforced a built-in allow list for COM object registration. While this mechanism works for most common application usage scenarios, customers have provided feedback that there are cases where additional COM objects need to be allowed. The 1903 update to Windows 10 introduces the ability to specify allowed COM objects via their GUID in the WDAC policy.
+
+### Identity Protection
+
+- [Windows Hello FIDO2 certification](https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/): Windows Hello is now a FIDO2 Certified authenticator and enables password-less login for websites supporting FIDO2 authentication, such as Microsoft account and Azure AD.
+- [Streamlined Windows Hello PIN reset experience](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-videos#windows-hello-for-business-forgotten-pin-user-experience): Microsoft account users have a revamped Windows Hello PIN reset experience with the same look and feel as signing in on the web.
+- Sign-in with [Password-less](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/passwordless-strategy) Microsoft accounts: Sign in to Windows 10 with a phone number account. Then use Windows Hello for an even easier sign-in experience! i
+- [Remote Desktop with Biometrics](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-features#remote-desktop-with-biometrics): Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session.
+
+### Security management
+
+- [Windows Defender Firewall now supports Windows Subsystem for Linux (WSL)](https://blogs.windows.com/windowsexperience/2018/04/19/announcing-windows-10-insider-preview-build-17650-for-skip-ahead/#II14f7VlSBcZ0Gs4.97): Lets you add rules for WSL process, just like for Windows processes.
+- [Windows Security app](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center) improvements now include Protection history, including detailed and easier to understand information about threats and available actions, Controlled Folder Access blocks are now in the Protection history, Windows Defender Offline Scanning tool actions, and any pending recommendations.
+- [Tamper Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection) lets you prevent others from tampering with important security features.
+
+## Microsoft Edge
+
+Windows 10, version 1903 offers new Group Policies and [MDM policies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser) for managing Microsoft Edge. You can silently enable BitLocker for standard Azure Active Directory-joined users. You can also more easily manage the entire Microsoft 365 experience for users with the Microsoft 365 Admin Center.
+
+Several new features are coming in the next version of Edge. See the [news from Build 2019](https://blogs.windows.com/msedgedev/2019/05/06/edge-chromium-build-2019-pwa-ie-mode-devtools/#2QJF4u970WjQ2Sv7.97) for more information.
+
+## See Also
+
+[What's New in Windows Server, version 1903](https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-1903): New and updated features in Windows Server.
+[Windows 10 Features](https://www.microsoft.com/windows/features): Review general information about Windows 10 features.
+[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See what’s new in other versions of Windows 10.
+[What's new in Windows 10](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See what’s new in Windows 10 hardware.
+[What's new in Windows 10 for developers](https://blogs.windows.com/buildingapps/2019/04/18/start-developing-on-windows-10-may-2019-update-today/#2Lp8FUFQ3Jm8KVcq.97): New and updated features in Windows 10 that are of interest to developers.
|
6