deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'public' into patch-1

Browse Source
This commit is contained in:
Dan Brown
2025-03-06 15:34:04 -08:00
committed by GitHub
parent 6e9182ef83 29fc1e82cb
commit 0d58205996
41 changed files with 342 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/client-management/mdm/configuration-service-provider-ddf.md
View File

@ -13,7 +13,7 @@ This article lists the OMA DM device description framework (DDF) files for vario
As of December 2022, DDF XML schema was updated to include additional information such as OS build applicability. DDF v2 XML files for Windows 10 and Windows 11 are combined, and provided in a single download:
- [DDF v2 Files, September 2024](https://download.microsoft.com/download/a/a/a/aaadc008-67d4-4dcd-b864-70c479baf7d6/DDFv2September24.zip)
- [DDF v2 Files, February 2025](https://download.microsoft.com/download/a8922fbe-20a9-431d-b24f-9d5344dda25e/DDFv2Feb25.zip)
## DDF v2 schema
@ -574,6 +574,7 @@ DDF v2 XML schema definition is listed below along with the schema definition fo
## Older DDF files
You can download the older DDF files for various CSPs from the links below:
- [Download all the DDF files for Windows 10 and 11 September 2024](https://download.microsoft.com/download/a/a/a/aaadc008-67d4-4dcd-b864-70c479baf7d6/DDFv2September24.zip)
- [Download all the DDF files for Windows 10 and 11 May 2024](https://download.microsoft.com/download/f/6/1/f61445f7-1d38-45f7-bc8c-609b86e4aabc/DDFv2May24.zip)
- [Download all the DDF files for Windows 10 and 11 September 2023](https://download.microsoft.com/download/0/e/c/0ec027e5-8971-49a2-9230-ec9352bc3ead/DDFv2September2023.zip)
- [Download all the DDF files for Windows 10 and 11 December 2022](https://download.microsoft.com/download/7/4/c/74c6daca-983e-4f16-964a-eef65b553a37/DDFv2December2022.zip)

3
windows/client-management/mdm/defender-csp.md
View File

@ -2926,7 +2926,8 @@ This policy setting controls whether or not exclusions are visible to local admi
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> Applying this setting won't remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in Get-MpPreference.
> Applying this setting won't remove exclusions from the device registry. They will be applied and enforced, but they will not be visible via the Defender manageability tools like Get-MpPreference nor by the registry editor to the Defender owned registry hive.
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-End -->
<!-- Device-Configuration-HideExclusionsFromLocalAdmins-DFProperties-Begin -->

2
windows/client-management/mdm/policy-csp-admx-kerberos.md
View File

@ -174,7 +174,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf
<!-- HostToRealm-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
> [!NOTE]
> The list of DNS host names and DNS suffixes has a 2048 character limit. This policy would not apply if you exceed this limit.
> The list of DNS host names and DNS suffixes has a 2048 character limit. This policy would not apply if you exceed this limit. For more information, see [Kerberos realm to host mapping policy string-length limitations](https://support.microsoft.com/topic/e86856c2-1e02-43fe-9c58-d7c9d6386f01).
<!-- HostToRealm-Editable-End -->
<!-- HostToRealm-DFProperties-Begin -->

4
windows/configuration/assigned-access/configuration-file.md
View File

@ -90,7 +90,7 @@ A configuration file can contain one or more profiles. Each profile is identifie
A profile can be one of two types:
- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile don't access the desktop, but only the Universal Windows Platform (UWP) application or Microsoft Edge running in full-screen above the Lock screen
- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile execute a Universal Windows Platform (UWP) application or Microsoft Edge running in full-screen
- `AllAppList` is used to configure a restricted user experience. Users assigned this profile, access the desktop with the specific apps on the Start menu
> [!IMPORTANT]
@ -149,7 +149,7 @@ Example:
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App DesktopAppPath="C:\Windows\system32\cmd.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="C:\Windows\System32\notepad.exe" rs5:AutoLaunch="true" rs5:AutoLaunchArguments="%windir%\setuperr.log" />
</AllowedApps>
</AllAppsList>

4
windows/configuration/assigned-access/includes/example-restricted-experience.md
View File

@ -23,7 +23,7 @@ ms.topic: include
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>
@ -81,7 +81,7 @@ ms.topic: include
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>

4
windows/configuration/assigned-access/includes/quickstart-restricted-experience-intune.md
View File

@ -11,7 +11,7 @@ ms.topic: include
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Restricted_User_Experience - Assigned Access - Windows 10", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<AssignedAccessConfiguration\n xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"\n xmlns=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:default=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:rs5=\"http://schemas.microsoft.com/AssignedAccess/201810/config\"\n xmlns:v3=\"http://schemas.microsoft.com/AssignedAccess/2020/config\">\n <Profiles>\n <Profile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\">\n <AllAppsList>\n <AllowedApps>\n <App AppUserModelId=\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.BingWeather_8wekyb3d8bbwe!App\" />\n <App DesktopAppPath=\"C:\\Windows\\system32\\cmd.exe\" />\n <App DesktopAppPath=\"%windir%\\System32\\WindowsPowerShell\\v1.0\\Powershell.exe\" />\n <App DesktopAppPath=\"%windir%\\explorer.exe\" />\n <App AppUserModelId=\"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\" />\n <App AppUserModelId=\"%ProgramFiles(x86)%\\Microsoft\\Edge\\Application\\msedge.exe\" />\n </AllowedApps>\n </AllAppsList>\n <rs5:FileExplorerNamespaceRestrictions>\n <rs5:AllowedNamespace Name=\"Downloads\"/>\n <v3:AllowRemovableDrives/>\n </rs5:FileExplorerNamespaceRestrictions>\n <StartLayout>\n <![CDATA[\n <LayoutModificationTemplate xmlns:defaultlayout=\"http://schemas.microsoft.com/Start/2014/FullDefaultLayout\" xmlns:start=\"http://schemas.microsoft.com/Start/2014/StartLayout\" Version=\"1\" xmlns=\"http://schemas.microsoft.com/Start/2014/LayoutModification\">\n <LayoutOptions StartTileGroupCellWidth=\"6\" />\n <DefaultLayoutOverride>\n <StartLayoutCollection>\n <defaultlayout:StartLayout GroupCellWidth=\"6\">\n <start:Group Name=\"\">\n <start:Tile Size=\"2x2\" Column=\"0\" Row=\"4\" AppUserModelID=\"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"2\" Row=\"4\" DesktopApplicationLinkPath=\"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk\" />\n <start:Tile Size=\"2x2\" Column=\"4\" Row=\"0\" AppUserModelID=\"Microsoft.BingWeather_8wekyb3d8bbwe!App\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"4\" Row=\"2\" DesktopApplicationLinkPath=\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"2\" Row=\"2\" DesktopApplicationLinkPath=\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk\" />\n <start:Tile Size=\"2x2\" Column=\"2\" Row=\"0\" AppUserModelID=\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\" />\n <start:Tile Size=\"2x2\" Column=\"0\" Row=\"0\" AppUserModelID=\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"0\" Row=\"2\" DesktopApplicationLinkPath=\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk\" />\n </start:Group>\n </defaultlayout:StartLayout>\n </StartLayoutCollection>\n </DefaultLayoutOverride>\n </LayoutModificationTemplate>\n ]]>\n </StartLayout>\n <Taskbar ShowTaskbar=\"true\"/>\n </Profile>\n </Profiles>\n <Configs>\n <Config>\n <AutoLogonAccount rs5:DisplayName=\"MS Learn Example\"/>\n <DefaultProfile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\"/>\n </Config>\n </Configs>\n</AssignedAccessConfiguration>" } ] }
{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Restricted_User_Experience - Assigned Access - Windows 10", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<AssignedAccessConfiguration\n xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"\n xmlns=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:default=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:rs5=\"http://schemas.microsoft.com/AssignedAccess/201810/config\"\n xmlns:v3=\"http://schemas.microsoft.com/AssignedAccess/2020/config\">\n <Profiles>\n <Profile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\">\n <AllAppsList>\n <AllowedApps>\n <App AppUserModelId=\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.BingWeather_8wekyb3d8bbwe!App\" />\n <App DesktopAppPath=\"C:\\Windows\\system32\\cmd.exe\" />\n <App DesktopAppPath=\"%windir%\\System32\\WindowsPowerShell\\v1.0\\Powershell.exe\" />\n <App DesktopAppPath=\"%windir%\\explorer.exe\" />\n <App AppUserModelId=\"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\" />\n <App DesktopAppPath=\"%ProgramFiles(x86)%\\Microsoft\\Edge\\Application\\msedge.exe\" />\n </AllowedApps>\n </AllAppsList>\n <rs5:FileExplorerNamespaceRestrictions>\n <rs5:AllowedNamespace Name=\"Downloads\"/>\n <v3:AllowRemovableDrives/>\n </rs5:FileExplorerNamespaceRestrictions>\n <StartLayout>\n <![CDATA[\n <LayoutModificationTemplate xmlns:defaultlayout=\"http://schemas.microsoft.com/Start/2014/FullDefaultLayout\" xmlns:start=\"http://schemas.microsoft.com/Start/2014/StartLayout\" Version=\"1\" xmlns=\"http://schemas.microsoft.com/Start/2014/LayoutModification\">\n <LayoutOptions StartTileGroupCellWidth=\"6\" />\n <DefaultLayoutOverride>\n <StartLayoutCollection>\n <defaultlayout:StartLayout GroupCellWidth=\"6\">\n <start:Group Name=\"\">\n <start:Tile Size=\"2x2\" Column=\"0\" Row=\"4\" AppUserModelID=\"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"2\" Row=\"4\" DesktopApplicationLinkPath=\"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk\" />\n <start:Tile Size=\"2x2\" Column=\"4\" Row=\"0\" AppUserModelID=\"Microsoft.BingWeather_8wekyb3d8bbwe!App\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"4\" Row=\"2\" DesktopApplicationLinkPath=\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\File Explorer.lnk\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"2\" Row=\"2\" DesktopApplicationLinkPath=\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk\" />\n <start:Tile Size=\"2x2\" Column=\"2\" Row=\"0\" AppUserModelID=\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\" />\n <start:Tile Size=\"2x2\" Column=\"0\" Row=\"0\" AppUserModelID=\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\" />\n <start:DesktopApplicationTile Size=\"2x2\" Column=\"0\" Row=\"2\" DesktopApplicationLinkPath=\"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk\" />\n </start:Group>\n </defaultlayout:StartLayout>\n </StartLayoutCollection>\n </DefaultLayoutOverride>\n </LayoutModificationTemplate>\n ]]>\n </StartLayout>\n <Taskbar ShowTaskbar=\"true\"/>\n </Profile>\n </Profiles>\n <Configs>\n <Config>\n <AutoLogonAccount rs5:DisplayName=\"MS Learn Example\"/>\n <DefaultProfile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\"/>\n </Config>\n </Configs>\n</AssignedAccessConfiguration>" } ] }
```
::: zone-end
@ -22,7 +22,7 @@ Content-Type: application/json
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Restricted_User_Experience - Assigned Access - Windows 11", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<AssignedAccessConfiguration\n xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"\n xmlns=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:default=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:rs5=\"http://schemas.microsoft.com/AssignedAccess/201810/config\"\n xmlns:v3=\"http://schemas.microsoft.com/AssignedAccess/2020/config\"\n xmlns:v5=\"http://schemas.microsoft.com/AssignedAccess/2022/config\">\n <Profiles>\n <Profile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\">\n <AllAppsList>\n <AllowedApps>\n <App AppUserModelId=\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.BingWeather_8wekyb3d8bbwe!App\" />\n <App DesktopAppPath=\"C:\\Windows\\system32\\cmd.exe\" />\n <App DesktopAppPath=\"%windir%\\System32\\WindowsPowerShell\\v1.0\\Powershell.exe\" />\n <App DesktopAppPath=\"%windir%\\explorer.exe\" />\n <App AppUserModelId=\"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\" />\n <App AppUserModelId=\"%ProgramFiles(x86)%\\Microsoft\\Edge\\Application\\msedge.exe\" />\n </AllowedApps>\n </AllAppsList>\n <rs5:FileExplorerNamespaceRestrictions>\n <rs5:AllowedNamespace Name=\"Downloads\"/>\n <v3:AllowRemovableDrives/>\n </rs5:FileExplorerNamespaceRestrictions>\n <v5:StartPins>\n <![CDATA[{\n \"pinnedList\":[\n {\"packagedAppId\":\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\"},\n {\"packagedAppId\":\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\"},\n {\"packagedAppId\":\"Microsoft.BingWeather_8wekyb3d8bbwe!App\"},\n {\"desktopAppLink\":\"%APPDATA%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\System Tools\\\\Command Prompt.lnk\"},\n {\"desktopAppLink\":\"%APPDATA%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Windows PowerShell\\\\Windows PowerShell.lnk\"},\n {\"desktopAppLink\":\"%APPDATA%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\File Explorer.lnk\"},\n {\"packagedAppId\": \"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\"},\n {\"desktopAppLink\": \"%ALLUSERSPROFILE%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Microsoft Edge.lnk\"}\n ]\n }]]>\n </v5:StartPins>\n <Taskbar ShowTaskbar=\"true\"/>\n </Profile>\n </Profiles>\n <Configs>\n <Config>\n <AutoLogonAccount rs5:DisplayName=\"MS Learn Example\"/>\n <DefaultProfile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\"/>\n </Config>\n </Configs>\n</AssignedAccessConfiguration>" } ] }
{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Restricted_User_Experience - Assigned Access - Windows 11", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<AssignedAccessConfiguration\n xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"\n xmlns=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:default=\"http://schemas.microsoft.com/AssignedAccess/2017/config\"\n xmlns:rs5=\"http://schemas.microsoft.com/AssignedAccess/201810/config\"\n xmlns:v3=\"http://schemas.microsoft.com/AssignedAccess/2020/config\"\n xmlns:v5=\"http://schemas.microsoft.com/AssignedAccess/2022/config\">\n <Profiles>\n <Profile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\">\n <AllAppsList>\n <AllowedApps>\n <App AppUserModelId=\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\" />\n <App AppUserModelId=\"Microsoft.BingWeather_8wekyb3d8bbwe!App\" />\n <App DesktopAppPath=\"C:\\Windows\\system32\\cmd.exe\" />\n <App DesktopAppPath=\"%windir%\\System32\\WindowsPowerShell\\v1.0\\Powershell.exe\" />\n <App DesktopAppPath=\"%windir%\\explorer.exe\" />\n <App AppUserModelId=\"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\" />\n <App DesktopAppPath=\"%ProgramFiles(x86)%\\Microsoft\\Edge\\Application\\msedge.exe\" />\n </AllowedApps>\n </AllAppsList>\n <rs5:FileExplorerNamespaceRestrictions>\n <rs5:AllowedNamespace Name=\"Downloads\"/>\n <v3:AllowRemovableDrives/>\n </rs5:FileExplorerNamespaceRestrictions>\n <v5:StartPins>\n <![CDATA[{\n \"pinnedList\":[\n {\"packagedAppId\":\"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App\"},\n {\"packagedAppId\":\"Microsoft.Windows.Photos_8wekyb3d8bbwe!App\"},\n {\"packagedAppId\":\"Microsoft.BingWeather_8wekyb3d8bbwe!App\"},\n {\"desktopAppLink\":\"%APPDATA%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\System Tools\\\\Command Prompt.lnk\"},\n {\"desktopAppLink\":\"%APPDATA%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Windows PowerShell\\\\Windows PowerShell.lnk\"},\n {\"desktopAppLink\":\"%APPDATA%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\File Explorer.lnk\"},\n {\"packagedAppId\": \"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel\"},\n {\"desktopAppLink\": \"%ALLUSERSPROFILE%\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Microsoft Edge.lnk\"}\n ]\n }]]>\n </v5:StartPins>\n <Taskbar ShowTaskbar=\"true\"/>\n </Profile>\n </Profiles>\n <Configs>\n <Config>\n <AutoLogonAccount rs5:DisplayName=\"MS Learn Example\"/>\n <DefaultProfile Id=\"{9A2A490F-10F6-4764-974A-43B19E722C23}\"/>\n </Config>\n </Configs>\n</AssignedAccessConfiguration>" } ] }
```
::: zone-end

4
windows/configuration/assigned-access/includes/quickstart-restricted-experience-ps.md
View File

@ -22,7 +22,7 @@ $assignedAccessConfiguration = @"
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>
@ -88,7 +88,7 @@ $assignedAccessConfiguration = @"
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>

4
windows/configuration/assigned-access/includes/quickstart-restricted-experience-xml.md
View File

@ -21,7 +21,7 @@ ms.topic: include
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>
@ -79,7 +79,7 @@ ms.topic: include
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>

4
windows/configuration/assigned-access/index.md
View File

@ -29,8 +29,8 @@ This option runs a single application in full screen, and people using the devic
Windows offers two different features to configure a kiosk experience:
- **Assigned Access**: used to execute a single Universal Windows Platform (UWP) app or Microsoft Edge in full screen above the lock screen. When the kiosk account signs in, the kiosk app launches automatically. If the UWP app is closed, it automatically restarts
- **Shell Launcher**: used to configure a device to execute a Windows desktop application as the user interface. The application that you specify replaces the default Windows shell (`Explorer.exe`) that usually runs when a user signs in. This type of single-app kiosk doesn't run above the lock screen
- **Assigned Access**: used to execute a single Universal Windows Platform (UWP) app or Microsoft Edge in full screen. When the kiosk account signs in, the kiosk app launches automatically. If the UWP app is closed, it automatically restarts
- **Shell Launcher**: used to configure a device to execute a Windows desktop application as the user interface. The specified application replaces the default Windows shell (`Explorer.exe`) that usually runs when a user signs in
:::row:::
:::column span="1":::

4
windows/configuration/assigned-access/overview.md
View File

@ -9,7 +9,7 @@ ms.topic: overview
Assigned Access is a Windows feature that you can use to configure a device as a kiosk or with a restricted user experience.
When you configure a **kiosk experience**, a single Universal Windows Platform (UWP) application or Microsoft Edge is executed in full screen, above the lock screen. Users can only use that application. If the kiosk app is closed, it automatically restarts. Practical examples include:
When you configure a **kiosk experience**, a single Universal Windows Platform (UWP) application or Microsoft Edge is executed in full screen. Users can only use that application and once the kiosk app is closed, it automatically restarts. Practical examples include:
- Public browsing
- Interactive digital signage
@ -170,7 +170,7 @@ Here are the steps to configure a kiosk using the Settings app:
>[!NOTE]
>If there are any local standard user accounts already, the **Create an account** dialog offers the option to **Choose an existing account**
1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen are available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
1. Choose the application to run when the kiosk account signs in. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be open when the kiosk accounts signs in

2
windows/configuration/assigned-access/quickstart-kiosk.md
View File

@ -79,7 +79,7 @@ Here are the steps to configure a kiosk using the Settings app:
>[!NOTE]
>If there are any local standard user accounts already, the **Create an account** dialog offers the option to **Choose an existing account**
1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen are available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
1. Choose the application to run when the kiosk account signs in. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be open when the kiosk accounts signs in

2
windows/configuration/assigned-access/recommendations.md
View File

@ -116,7 +116,7 @@ The following guidelines help you choose an appropriate Windows app for a kiosk
- Windows apps must be provisioned or installed for the Assigned Access account before they can be selected as the Assigned Access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps)
- UWP app updates can sometimes change the Application User Model ID (AUMID) of the app. In such scenario, you must update the Assigned Access settings to execute the updated app, because Assigned Access uses the AUMID to determine the app to launch
- The app must be able to run above the lock screen. If the app can't run above the lock screen, it can't be used as a kiosk app
- The app must be able to run *above* the lock screen. If the app can't run above the lock screen, it can't be used as a kiosk app
- Some apps can launch other apps. Assigned Access in kiosk mode prevents Windows apps from launching other apps. Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality
- Microsoft Edge includes support for kiosk mode. To learn more, see [Microsoft Edge kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
- Don't select Windows apps that might expose information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access

BIN
windows/configuration/background/images/contoso-lockscreen-10.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

BIN
windows/configuration/background/images/contoso-lockscreen-11.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB

135
windows/configuration/background/index.md Normal file
View File

@ -0,0 +1,135 @@
---
title: Configure the Desktop and Lock Screen Backgrounds in Windows
description: Learn how to configure the desktop and lock screen background in Windows using policy settings, including Intune, CSP, and GPO.
ms.topic: how-to
ms.date: 03/03/2025
author: paolomatarazzo
ms.author: paoloma
appliesto:
zone_pivot_groups: windows-versions-11-10
---
# Configure the desktop and lock screen backgrounds
Configuring desktop and lock screen backgrounds in Windows offers a simple yet effective way to enhance productivity, enforce consistency, and strengthen organizational branding.
Predefined backgrounds can display company logos, mission statements, or school emblems, reinforcing identity across devices. Examples where predefined backgrounds are especially valuable include kiosks, where lock screens can provide clear instructions, or student devices, where consistent branding fosters a sense of belonging and professionalism.
::: zone pivot="windows-11"
:::image type="content" source="images/contoso-lockscreen-11.png" alt-text="Screenshot of the Windows 11 lock screen with Windows spotlight enabled over an organization wallpaper." border="false":::
::: zone-end
::: zone pivot="windows-10"
:::image type="content" source="images/contoso-lockscreen-10.png" alt-text="Screenshot of the Windows 10 lock screen with Windows spotlight enabled over an organization wallpaper." border="false":::
::: zone-end
This article explains how to configure the desktop and lock screen backgrounds in Windows using policy settings. It includes examples of how to implement these configurations using Microsoft Intune, Configuration Service Provider (CSP), and Group Policy Object (GPO).
## Image ratios and scaling
A key consideration when using custom images is how they appear on devices with varying screen sizes and resolutions. For example, a custom image created in a 16:9 aspect ratio (such as 1600x900) scales properly on devices with 16:9 resolutions, like 1280x720 or 1920x1080. On devices with other aspect ratios, such as 4:3 (1024x768) or 16:10 (1280x800), the image's height scales correctly, but the width is cropped to match the aspect ratio. The image remains centered on the screen.
Images created in nonstandard aspect ratios might scale and center unpredictably when displayed on devices with different resolutions. To ensure consistent results, especially for images containing text (for example, legal statements), design the image in a 16:9 resolution and keep critical text within the 4:3 region. This approach ensures that the text remains visible across all aspect ratios.
## Configure the desktop background
**Windows edition requirements**. The following table summarizes the Windows editions and licensing requirements for configuring the desktop background:
| Windows edition | Intune/CSP | GPO |
|:-|:-:|:-:|
|Pro / Pro Education|✅|✅|
|Enterprise / Education|✅|✅|
|IoT Enterprise|✅|✅|
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
| Category | Setting name | Value |
|--|--|--|
| **Personalization** | Desktop Image Url | An http or https URL to a jpg, jpeg, or png image file. |
[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy][INT-1] with the [Personalization CSP][CSP-1].
| Setting |
|--------|
| - **OMA-URI:** `./Vendor/MSFT/Personalization/DesktopImageUrl`<br>- **Data type:** string <br>- **Value:** An http or https URL to a jpg, jpeg, or png image file. |
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
| Group policy path | Group policy setting | Value |
| - | - | - |
| **User Configuration\Administrative Templates\Desktop\Desktop** |Desktop Wallpaper | Fully qualified path and name of the image file. You can use a local path or a UNC path. |
[!INCLUDE [gpo-settings-2](../../../includes/configure/gpo-settings-2.md)]
---
## Configure the lock screen background
**Windows edition requirements**. The following table summarizes the Windows editions and licensing requirements for configuring the lock screen background:
| Windows edition | Intune/CSP | GPO |
|:-|:-:|:-:|
|Pro / Pro Education|✅|❌|
|Enterprise / Education|✅|✅|
|IoT Enterprise|✅|✅|
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
| Category | Setting name | Value |
|--|--|--|
| **Personalization** | Lock Screen Image Url| An http or https URL to a jpg, jpeg, or png image file. |
[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy][INT-1] with the [Personalization CSP][CSP-1].
| Setting |
|--------|
| - **OMA-URI:** `./Vendor/MSFT/Personalization/LockScreenImageUrl`<br>- **Data type:** string <br>- **Value:** An http or https URL to a jpg, jpeg, or png image file.|
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
| Group policy path | Group policy setting | Value |
| - | - | - |
| **Computer Configuration\Administrative Templates\Control Panel\Personalization** | Force a specific default lock screen and logon image | Fully qualified path and name of the image file. You can use a local path or a UNC path.|
[!INCLUDE [gpo-settings-2](../../../includes/configure/gpo-settings-2.md)]
---
> [!TIP]
> You can also configure a custom lock screen image using [organizational messages in the Microsoft 365 admin center][M365-1].
## User experience
When the policy is applied, the lock screen and desktop background images are set to the specified URL or path. The images are downloaded and cached locally on the device. The images are displayed in the background when the user signs in, and on the lock screen when the user locks the device.
## Windows spotlight
Windows spotlight is a feature that can display a different image on the lock screen and desktop background every day. Windows spotlight can also provide personalized content, such as tips and tricks for using Windows. You can configure a custom background image or lock screen image and still use Windows spotlight. When you do so, users can still receive suggestions, fun facts, tips, or organizational messages, but the background image is replaced with the custom image.
To learn more, see [Configure Windows spotlight](../windows-spotlight/index.md).
<!--links-->
[CSP-1]: /windows/client-management/mdm/personalization-csp
[M365-1]: /microsoft-365/admin/misc/organizational-messages-microsoft-365?view=o365-worldwide
[INT-1]: /mem/intune/configuration/settings-catalog

BIN
windows/configuration/settings/images/settings-page-visibility.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

84
windows/configuration/settings/page-visibility.md Normal file
View File

@ -0,0 +1,84 @@
---
title: Configure the Settings Page Visibility in Windows
description: Learn how to configure the pages listed in the Windows Settings app.
ms.topic: how-to
ms.date: 03/03/2025
author: paolomatarazzo
ms.author: paoloma
---
# Configure the Settings page visibility
*Settings* is a Windows application that offers a unified interface to manage the system settings. In certain scenarios, you might want to restrict access to specific Settings pages to ensure a more controlled and secure environment. This is especially beneficial for devices used in specific environments, such as kiosks or student devices, where limiting access to certain options can prevent unauthorized changes and maintain a consistent user experience.
:::image type="content" source="images/settings-page-visibility.png" alt-text="Screenshot of the Settings app configured with a policy setting to limit the categories displayed." border="false":::
This article explains how to configure the Settings app and how to implement the configurations using Microsoft Intune, Configuration Service Provider (CSP), and Group Policy Object (GPO).
## Page visibility list policy setting
You can configure the visibility of Settings pages using the *page visibility list* policy setting. This policy allows you to block a given set of pages from the Settings app. Blocked pages aren't visible in the app and can't be accessed through direct navigation via Uniform Resource Identifier (URI), context menu in Explorer, or other means. Direct navigation to a blocked page results in the first page of Settings displayed instead.
The page visibility list policy has two modes:
- **Show Specific Pages**
- Start the policy string with `showonly:`
- Follow it with a list of Settings page identifiers, separated by semicolons
- **Hide Specific Pages**
- Start the policy string with `hide:`
- Follow it with a list of Settings page identifiers, separated by semicolons
> [!NOTE]
> The identifier for any Settings page is the published URI for that page, minus the `ms-settings:` protocol part. For the list of categories and page identifiers, see [ms-settings: URI scheme reference](https://go.microsoft.com/fwlink/?linkid=2102995#ms-settings-uri-scheme-reference).
## Examples
Show only the **About** and **Bluetooth** pages. Their respective URIs are `ms-settings:about` and `ms-settings:bluetooth`:
`showonly:about;bluetooth`
Hide only the Bluetooth page, which has the URI `ms-settings:bluetooth`:
`hide:bluetooth`
## Configuration
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
| Category | Setting name | Value |
|--|--|--|
| **Settings** | - Page Visibility List<br>- Page Visibility List (User)| List of URIs to show or hide, separated by semicolons.|
[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy][INT-1] with the [Policy CSP][CSP-1].
| Setting |
|--|
|- **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList`<br>- **Data type:** string<br>- **Value:** List of URIs to show or hide, separated by semicolons.<br><br>Or<br><br>- **OMA-URI:** `./User/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList`<br>- **Data type:** string<br>- **Value:** List of URIs to show or hide, separated by semicolons.|
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
| Group policy path | Group policy setting | Value |
| - | - | - |
| **Computer Configuration\Administrative Templates\Control Panel**<br><br>Or<br><br>**User Configuration\Administrative Templates\Control Panel** | Settings Page Visibility | List of URIs to show or hide, separated by semicolons.|
[!INCLUDE [gpo-settings-2](../../../includes/configure/gpo-settings-2.md)]
---
## User Experience
By controlling the visibility of Settings pages, you can create a customized user experience tailored to your organization's specific needs. Once the policy is applied, users have access only to the Settings pages you explicitly allow, ensuring a focused and streamlined interface.
<!--links-->
[CSP-1]: /windows/client-management/mdm/policy-csp-settings#pagevisibilitylist
[M365-1]: /microsoft-365/admin/misc/organizational-messages-microsoft-365?view=o365-worldwide
[INT-1]: /mem/intune/configuration/settings-catalog

4
windows/configuration/toc.yml
View File

@ -7,8 +7,12 @@ items:
href: start/toc.yml
- name: Taskbar
href: taskbar/toc.yml
- name: Desktop and lock screen backgrounds
href: background/index.md
- name: Windows spotlight
href: windows-spotlight/index.md
- name: Settings page visibility
href: settings/page-visibility.md
- name: Microsoft Store
href: store/toc.yml
- name: Cellular settings

BIN
windows/configuration/windows-spotlight/images/contoso-lockscreen-10.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 120 KiB

BIN
windows/configuration/windows-spotlight/images/contoso-lockscreen-11.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 127 KiB

18
windows/configuration/windows-spotlight/index.md
View File

@ -94,22 +94,9 @@ Here's a sorted list of the policy settings to configure Windows spotlight:
## Custom lock screen and background images
You can replace the Windows spotlight lock screen and background images with a custom image. When you do so, users can still see suggestions, fun facts, tips, or organizational messages on the lock screen, but the background image is replaced with the custom image.
You can replace the Windows spotlight lock screen and background images with a custom image. When you do so, users can still receive suggestions, fun facts, tips, or organizational messages, but the background image is replaced with the custom image.
To configure the lock screen and background images, use the [Personalization CSP][CSP-2].
|Policy name| CSP | GPO |
|-|-|-|
|[DesktopImageUrl](/windows/client-management/mdm/personalization-csp#desktopimageurl)|✅|✅|
|[LockScreenImageUrl](/windows/client-management/mdm/personalization-csp#lockscreenimageurl)|✅|✅|
>[!NOTE]
> A concern with custom images is how they'll appear on different screen sizes and resolutions. A custom image created in `16:9` aspect ratio (for example, `1600x900`) scales properly on devices using a `16:9` resolution, such as `1280x720` or `1920x1080`. On devices using other aspect ratios, such as `4:3` (`1024x768`) or `16:10` (`1280x800`), height scales correctly and width is cropped to a size equal to the aspect ratio. The image remains centered on the screen.
>
> Lock screen images created at other aspect ratios might scale and center unpredictably on your device when changing aspect ratios. The recommendation for custom images that include text (such as a legal statement), is to create the lock screen image in `16:9` resolution with text contained in the `4:3` region, allowing the text to remain visible at any aspect ratio.
> [!TIP]
> You also have the option to configure a custom lock screen image using [organizational messages in the Microsoft 365 admin center][M365-1].
To learn more, see [Configure the desktop and lock screen background](../background/index.md).
## User experience
@ -137,6 +124,5 @@ To learn more about organizational messages, see:
<!--links-->
[CSP-1]: /windows/client-management/mdm/policy-csp-experience
[CSP-2]: /windows/client-management/mdm/personalization-csp
[INT-1]: /mem/intune/remote-actions/organizational-messages-overview
[M365-1]: /microsoft-365/admin/misc/organizational-messages-microsoft-365?view=o365-worldwide

2
windows/deployment/deploy-m365.md
View File

@ -7,7 +7,7 @@ ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: install-set-up-deploy
ms.date: 02/13/2024
ms.date: 02/27/2025
ms.subservice: itpro-deploy
appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>

9
windows/deployment/do/delivery-optimization-configure.md
View File

@ -16,7 +16,7 @@ appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-<a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
ms.date: 07/23/2024
ms.date: 02/27/2025
---
# Configure Delivery Optimization (DO) for Windows
@ -232,7 +232,12 @@ Delivery Optimization is integrated with both Microsoft Endpoint Manager and Con
## Monitor Delivery Optimization
Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you'll want to track the outcomes to see how they improve your efficiency. [Learn more](waas-delivery-optimization-monitor.md) about the monitoring options for Delivery Optimization.
Whether you opt for the default Delivery Optimization configurations or tailor them to suit your environment, you'll want to track the outcomes to see how they improve your efficiency. The following options are available to monitor Delivery Optimization:
- On clients, review the activity monitor, which displays a breakdown of downloads by source, average speed, and upload stats for the current month
- **Windows 11**: Settings > Windows Update > Advanced Options > Delivery Optimization > Activity Monitor
- **Windows 10**: Settings > Update & Security > Delivery Optimization > Activity Monitor
- Windows Update for Business reports offers a Delivery Optimization report. For more information, see [Monitor Delivery Optimization](waas-delivery-optimization-monitor.md).
## Troubleshoot Delivery Optimization

4
windows/deployment/do/mcc-ent-edu-overview.md
View File

@ -13,7 +13,7 @@ appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-<a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
ms.date: 10/30/2024
ms.date: 02/28/2025
---
# Microsoft Connected Cache for Enterprise and Education Overview
@ -57,7 +57,7 @@ Customers may have office spaces, data centers, or Azure deployments that meet s
- Have Azure VMs and/or Azure Virtual Desktop deployed
- Have limited internet bandwidth (T1 or T3 lines)
To support the large enterprise scenario, customers can deploy a Connected Cache node to a server running Windows Server 2022 or Ubuntu 22.04.
To support the large enterprise scenario, customers can deploy a Connected Cache node to a server running Windows Server 2022 (or later) or Ubuntu 24.04.
See [Connected Cache node host machine requirements](mcc-ent-prerequisites.md) for recommended host machine specifications in each configuration.

6
windows/deployment/do/mcc-ent-prerequisites.md
View File

@ -10,7 +10,7 @@ manager: naengler
appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
ms.date: 10/30/2024
ms.date: 02/28/2025
---
# Microsoft Connected Cache for Enterprise and Education Requirements
@ -43,7 +43,7 @@ This article details the requirements and recommended specifications for using M
### Additional requirements for Windows host machines
- The Windows host machine must be using Windows 11 or Windows Server 2022 with the latest cumulative update applied.
- The Windows host machine must be using Windows 11 or Windows Server 2022 (or later) with the latest cumulative update applied.
- Windows 11 must have [OS Build 22631.3296](https://support.microsoft.com/topic/march-12-2024-kb5035853-os-builds-22621-3296-and-22631-3296-a69ac07f-e893-4d16-bbe1-554b7d9dd39b) or later
- Windows Server 2022 must have [OS Build 20348.2227](https://support.microsoft.com/topic/january-9-2024-kb5034129-os-build-20348-2227-6958a36f-efaf-4ef5-a576-c5931072a89a) or later
- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](/azure/virtual-machines/trusted-launch-portal).
@ -52,7 +52,7 @@ This article details the requirements and recommended specifications for using M
### Additional requirements for Linux host machines
- The Linux host machine must be using one of the following operating systems:
- Ubuntu 22.04, 24.04
- Ubuntu 24.04
- Red Hat Enterprise Linux (RHEL) 8.* or 9.*
- If using RHEL, the default container engine (Podman) must be replaced with [Moby](https://github.com/moby/moby#readme)

47
windows/deployment/do/mcc-ent-release-notes.md
View File

@ -11,18 +11,49 @@ appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
- ✅ Supported Linux distributions
-<a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
ms.date: 10/30/2024
ms.date: 02/28/2025
---
# Release Notes for Microsoft Connected Cache for Enterprise and Education
This article contains details about the latest releases of Connected Cache. Since Connected Cache is a preview service, some releases may contain breaking changes.
## Install script v2.0.0.2
## February 2025 Release
Released on **3/03/2025**
This release contains improvements that can only be applied by redeploying your cache nodes using the updated installation script.
### New Connected Cache container version
- v1.2.1.2083_E
### New Linux-hosted installation script version
- v1.08
### New Windows-hosted installation script version
- v2.0.0.3
### Improvements to Windows-hosted cache nodes
- **Connected Cache WSL distribution now uses Ubuntu 24.04**: The Windows Subsystem for Linux (WSL) distribution used by Connected Cache has been updated to Ubuntu 24.04 (was 22.04). This change ensures that the WSL distribution is up-to-date with the latest security patches and features.
- **Connected Cache container now uses Ubuntu 24.04 Docker environment**: The Connected Cache container now runs using an Ubuntu 24.04 Docker environment (was 22.04). This change ensures that the container environment is up-to-date with the latest security patches and features.
- **TLS-inspecting proxies no longer cause IoT Edge error during Connected Cache installation**: Fixed a bug that was causing proxy certificate path string to be improperly handled, leading to IoT Edge errors during Connected Cache installation.
- **Security improvements**: Kept intentionally vague to protect previous versions of Connected Cache.
### Improvements to Linux-hosted cache nodes
- **Connected Cache container now uses Ubuntu 24.04 Docker environment**: The Connected Cache container now runs using an Ubuntu 24.04 Docker environment (was 22.04). This change ensures that the container environment is up-to-date with the latest security patches and features.
- **TLS-inspecting proxies no longer cause IoT Edge error during Connected Cache installation**: Fixed a bug that was causing proxy certificate path string to be improperly handled, leading to IoT Edge errors during Connected Cache installation.
- **Security improvements**: Kept intentionally vague to protect previous versions of Connected Cache.
## Windows-hosted install script v2.0.0.2
Released on **2/7/2025**
These changes only affect the installation scripts for Connected Cache. To take advantage of these changes, you'll need to redeploy your existing cache nodes using the updated installation script.
This release only contains changes to the Windows-hosted installation scripts for Connected Cache. To take advantage of these changes, you need to redeploy your existing cache nodes using the updated installation script.
### Improvements
@ -31,11 +62,15 @@ These changes only affect the installation scripts for Connected Cache. To take
- **Changes install error codes from decimal to hex code**: Install error codes for Windows-hosted cache nodes are now displayed in hex code format, improving error code readability.
- **Uses configured proxy to perform install**: If a proxy was configured for the Windows-hosted cache node in Azure portal, the cache node uses the specified proxy during installation.
## Release v1.2.1.2076_E (public preview launch)
## Public Preview Release
The public preview released on **10/30/2024**
Released on **10/30/2024**
For customers that installed earlier versions of Connected Cache, this release contains breaking changes that affect both Linux and Windows host machines. See the [early preview documentation page](mcc-ent-early-preview.md) for more details.
For customers that installed earlier versions of Connected Cache, this release contains breaking changes that affect both Linux-hosted and Windows-hosted cache nodes. See the [early preview documentation page](mcc-ent-early-preview.md) for more details.
### New Connected Cache container version
- v1.2.1.2076_E
### Feature updates

4
windows/deployment/do/mcc-ent-troubleshooting.md
View File

@ -11,7 +11,7 @@ appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
- ✅ Supported Linux distributions
-<a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>
ms.date: 01/15/2025
ms.date: 02/28/2025
---
@ -97,7 +97,7 @@ If the Connected Cache installation is failing due to WSL-related issues, try ru
Once the Connected Cache software has been successfully deployed to the Windows host machine, you can check if the cache node is running properly by doing the following on the Windows host machine:
1. Launch a PowerShell process as the account specified as the runtime account during the Connected Cache install
1. Run `wsl -d Ubuntu-22.04-Mcc-Base` to access the Linux distribution that hosts the Connected Cache container
1. Run `wsl -d Ubuntu-24.04-Mcc-Base` to access the Linux distribution that hosts the Connected Cache container
1. Run `sudo iotedge list` to show which containers are running within the IoT Edge runtime
If it shows the **edgeAgent** and **edgeHub** containers but doesn't show **MCC**, you can view the status of the IoT Edge security manager using `sudo iotedge system logs -- -f`.

11
windows/deployment/do/waas-delivery-optimization-faq.yml
View File

@ -17,7 +17,7 @@ metadata:
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019, and later</a>
- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-delivery-optimization target=_blank>Delivery Optimization</a>
ms.date: 10/15/2024
ms.date: 02/27/2025
title: Frequently Asked Questions about Delivery Optimization
summary: |
This article answers frequently asked questions about Delivery Optimization.
@ -50,7 +50,7 @@ summary: |
**Device resources questions**:
- [Delivery Optimization is using device resources and I can't tell why?](#delivery-optimization-is-using-device-resources-and-i-can-t-tell-why)
- [How do I clear the Delivery Optimization cache?](#how-do-i-clear-the-delivery-optimization-cache)
sections:
- name: General questions
questions:
@ -179,3 +179,10 @@ sections:
- question: Delivery Optimization is using device resources and I can't tell why?
answer: |
Delivery Optimization is used by most content providers from Microsoft. A complete list can be found [here](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization). Often customers may not realize the vast application of Delivery Optimization and how it's used across different apps. Content providers have the option to run downloads in the foreground or background. It's good to check any apps running in the background to see what is running. Also note that depending on the app, closing the app may not necessarily stop the download.
- question: How do I clear the Delivery Optimization cache?
answer: |
Delivery Optimization in Windows clears its cache automatically. Files are removed from the cache after a short time period or when its contents take up too much disk space. However, if you need more disk space on your PC, you can manually clear the cache.
1. In the search box on the taskbar, type **Disk Cleanup**, and then select it from the list of results.
1. On the **Disk Cleanup** tab, select the **Delivery Optimization Files** check box.
1. Select **OK**. On the dialog that appears, select **Delete Files**.

5
windows/deployment/do/waas-delivery-optimization.md
View File

@ -47,6 +47,9 @@ The following table lists the minimum Windows 10 version that supports Delivery
#### Windows Client
> [!NOTE]
> Starting March 4, 2025, Edge Browser updates will temporarily not utilize Delivery Optimization for downloads. We are actively working to resolve this issue.
| Windows Client | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache |
|------------------|---------------|----------------|----------|----------------|
| Windows Update ([feature updates quality updates, language packs, drivers](../update/get-started-updates-channels-tools.md#types-of-updates)) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
@ -55,7 +58,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
| Windows Defender definition updates | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Microsoft 365 Apps and updates | Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Edge Browser Updates | Windows 10 1809, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Edge Browser Updates | Windows 10 1809, Windows 11 | | | |
| Configuration Manager Express updates| Windows 10 1709 + Configuration Manager version 1711, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Dynamic updates| Windows 10 1903, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| MDM Agent | Windows 11 | :heavy_check_mark: | | |

2
windows/deployment/windows-adk-scenarios-for-it-pros.md
View File

@ -6,7 +6,7 @@ ms.author: frankroj
manager: aaroncz
ms.service: windows-client
ms.localizationpriority: medium
ms.date: 02/13/2024
ms.date: 02/27/2025
ms.topic: article
ms.subservice: itpro-deploy
appliesto:

2
windows/deployment/windows-autopatch/TOC.yml
View File

@ -116,8 +116,6 @@
href: monitor/windows-autopatch-windows-quality-update-status-report.md
- name: Quality update trending report
href: monitor/windows-autopatch-windows-quality-update-trending-report.md
- name: Reliability report
href: monitor/windows-autopatch-reliability-report.md
- name: Hotpatch quality update report
href: monitor/windows-autopatch-hotpatch-quality-update-report.md
- name: Windows feature and quality update device alerts

122
windows/deployment/windows-autopatch/monitor/windows-autopatch-reliability-report.md
View File

@ -1,122 +0,0 @@
---
title: Reliability report
description: This article describes the reliability score for each Windows quality update cycle based on stop error codes detected on managed devices.
ms.date: 04/09/2024
ms.service: windows-client
ms.subservice: autopatch
ms.topic: how-to
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
manager: aaroncz
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Reliability report (public preview)
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
> [!IMPORTANT]
> This feature is in **public preview**. It's being actively developed, and might not be complete.
The Reliability report provides a reliability score for each Windows quality update cycle based on [stop error codes](/troubleshoot/windows-client/performance/stop-error-or-blue-screen-error-troubleshooting) detected on managed devices. Scores are determined at both the service and tenant level. Details on modules associated with stop error codes at the tenant level are provided to better understand how devices are affected.
> [!NOTE]
> **The Reliability report applies to quality updates only**. The Reliability report doesn't currently support Windows feature updates.<p>Scores used in this report are calculated based on devices running both Windows 10 and Windows 11 versions.</p>
With this feature, IT admins can access the following information:
| Information type | Description |
| ----- | ----- |
| Your score | **Your score** is a calculated tenant reliability score based on stop error codes detected on managed devices that updated successfully during the current update cycle. **Your score** is the latest single-day score in the current Windows quality update cycle. The monthly score values can be viewed under the **Trending** tab. |
| Baseline | Use the **Baseline** to compare your score with past quality update cycles. You can choose the desired historical record from the **Comparison baseline** dropdown menu at the top of the page. **Baseline** is a single-day score calculated the same number of days from the start of patching as your score. |
| Service-level | Use the **Service-level** to compare **your score** with a score computed across tenants in the Azure Data Scale Unit covering your geographic region. **Service-level** is a single-day score calculated the same number of days from the start of patching as **your score**. |
| Score details | **Score details** provides information about specific modules associated with stop error code occurrence, occurrence rate, and affected devices. View single-day or multi-day results by selecting from the **Duration** menu. Data can be exported for offline reference. |
| Trending | **Trending** provides a graphical visualization of reliability scores at both tenant and service level on a customizable timeline of 1 - 12 months. Monthly scores represent the aggregated value for a complete update cycle (second Tuesday of the month). |
| Insights | **Insights** identifies noteworthy trends that might be useful in implementing reliability improvement opportunities. |
| Affected devices | **Affected devices** are the number of unique devices associated with stop error code events. |
## Report availability
The Reliability report relies on device policies being configured properly. It's important to confirm that the minimum requirements are met to access the full Reliability report.
| Data collection policies set | Devices registered in Autopatch | Devices updated | Report availability |
| ----- | ------ | ----- | ----- |
| No | - | - | No report available.<p>In this state, a ribbon appears on the landing page alerting the user that the diagnostic data needed to generate a report appears to be turned off. The report is available 24 and 48 hours after the following conditions are met:<ul><li>[Diagnostic data device configuration policies enabled](../references/windows-autopatch-changes-to-tenant.md#device-configuration-policies)</li><li>At least 100 devices registered in Autopatch</li><li>At least 100 of these registered devices completed a quality update in the current update cycle (second Tuesday of the month)</li></ul></p> |
| Yes | 0 | - | The report includes only the historical comparison baseline and service-level score. The tenant and module impact scores are unavailable until 100 devices are updated. |
| Yes | 0 < n < 100 | 0 < n < 100 | The report includes module failure details, historical comparison baseline, and service-level score.The tenant score is unavailable until 100 devices are updated. |
| Yes | n >= 100 | 0 < n < 100 | The report includes module failure details, historical comparison baseline score, and service-level score. The tenant and module impact scores are unavailable until 100 devices are updated. |
| Yes | n >= 100 | n >= 100 | Full reporting available |
## View the Reliability report
**To view the Reliability report:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Navigate to **Reports** > **Windows Autopatch** > **Windows quality updates**.
3. Select the **Reports** tab.
4. Select **Reliability report**.
> [!NOTE]
> To use the Reliability report capability, ensure that at least 100 devices are registered in the Windows Autopatch service and capable of successfully completing a quality update. The report relies on device stop error code data being available to Microsoft (transmission of this data may take up to 24 hours).<p>A score is generated when:<ul><li>100 or more devices have completed updating to the latest quality update</li><li>Windows Autopatch receives the stop error code data related to that update cycle</li></ul><p>Windows Autopatch data collection must be enabled according to the [configuration policies](../references/windows-autopatch-changes-to-tenant.md#device-configuration-policies) set during tenant onboarding. For more information about data collection, see [Privacy](../overview/windows-autopatch-privacy.md)</p></p>
## Report information
The following information is available as default columns in the Reliability report:
> [!NOTE]
> The report is refreshed no more than once every 24 hours with data received from your Windows Autopatch managed devices. Manual data refresh is not supported. The last refreshed date and time can be found at the top of the page. For more information about how often Windows Autopatch receives data from your managed devices, see [Data latency](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#about-data-latency).
### Score details
| Column | Description |
| ----- | ----- |
| Module name | Name of module associated with stop error code detection. |
| Version | Version of module associated with stop error code detection. |
| Unique devices | Number of unique devices seeing a stop error code occurrence associated with a specific module name and version. This information is hyperlinked to the **Devices affected** flyout. |
| Total events | Total number of stop error codes detected associated with a specific module name and version. |
| Module score impact | **Your score** associated with specific module name and version. |
| Timeline | This information is hyperlinked to **Module details** flyout. |
### Export file
| Column | Description |
| ----- | ----- |
| DeviceName | Device name |
| MicrosoftEntraDeviceId | Microsoft Entra device ID |
| Model | Device model |
| Manufacturer | Device manufacturer |
| AutopatchGroup | Autopatch group assignment for the affected device |
| LatestOccurrence | Time of the most recent reported failure |
| WindowsVersion | Windows version (Windows 10 or Windows 11) |
| OSVersion | OS version |
| ModuleName | Name of the module associated with stop error code detection |
| Version | Version of the module associated with stop error code detection |
| BugCheckCode | Bug check code associated with stop error code |
| TenantId | Your Microsoft Entra tenant ID |
### Devices affected
| Column | Description |
| ----- | ----- |
| Device name | Device name |
| Microsoft Entra device ID | Microsoft Entra device ID |
| Model | Device model |
| Manufacturer | Device manufacturer |
| Autopatch group | Autopatch group assignment for the affected device |
| Latest occurrence | Time of the most recent reported failure |
### Module details
| Display selection | Description |
| ----- | ----- |
| Unique devices | Number of unique devices affected by module failure and the associated version |
| Total events | Number of occurrences by module failure and the associated version |
| Module impact | Score impact by module and version representing the relative importance of module failure. Higher positive values describe module failures that have a greater impact on the tenant and should be addressed with higher priority. Negative values describe module failures that have a lower-than-average impact on the tenant and thus can be treated with lower priority. Values around `0` describe module failures with average impact on the tenant. |
## Known limitations
The Reliability report supports tenant and service-level score data going back to September 2023. Data before that date isn't supported. A full 12 months of score data are available to select from the menu dropdowns in September 2024.

14
windows/deployment/windows-autopatch/monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md
View File

@ -1,7 +1,7 @@
---
title: Windows quality and feature update reports overview
description: This article details the types of reports available and info about update device eligibility, device update health, device update trends in Windows Autopatch.
ms.date: 11/20/2024
ms.date: 03/03/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: overview
@ -19,6 +19,15 @@ ms.collection:
[!INCLUDE [windows-autopatch-enterprise-e3-f3-licenses](../includes/windows-autopatch-enterprise-e3-f3-licenses.md)]
## Prerequisites
Windows Autopatch requires, and uses Windows diagnostic data to display device update statuses in Autopatch reports.
- Service state and substate data are included for all devices configured for Windows quality and feature updates. No data collection configuration is required.
- Client and substate data are collected from devices only if Windows data collection data is properly configured.
This data collection configuration method using Windows diagnostic data in Intune is shared across Autopatch reports. To support Autopatch reporting, you must configure the [Enable Windows diagnostic data collection settings](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-settings) from devices at the **Required** or higher level.
## Windows quality update reports
The Windows quality reports provide you with information about:
@ -35,7 +44,6 @@ The Windows quality report types are organized into the following focus areas:
| ----- | ----- |
| Organizational | The [Summary dashboard](../operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md) provide the current update status summary for all devices.<p>The [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) provides the current update status of all devices at the device level. |
| Device trends | The [Quality update trending report](../operate/windows-autopatch-groups-windows-quality-update-trending-report.md) provides the update status trend of all devices over the last 90 days. |
| [Reliability report](../operate/windows-autopatch-reliability-report.md) | The Reliability report provides a reliability score for each Windows quality update cycle based on stop error codes detected on managed devices. |
## Windows feature update reports
@ -87,7 +95,7 @@ Up to date devices are devices that meet all of the following prerequisites:
- Applied the current monthly cumulative updates
> [!NOTE]
> Device that are [Up to Date](#up-to-date-devices) will remain with the**In Progress**status until either the current monthly cumulative update is applied, or an [alert](../operate/windows-autopatch-device-alerts.md) is received. If the device receives an alert, the device's status will change to [Not up to Date](#not-up-to-date-devices).
> Devices that are [Up to Date](#up-to-date-devices) remain with the**In Progress**status until either the current monthly cumulative update is applied, or an [alert](../operate/windows-autopatch-device-alerts.md) is received. If the device receives an alert, the device's status changes to [Not up to Date](#not-up-to-date-devices).
#### Up to Date sub statuses

16
windows/deployment/windows-autopatch/references/windows-autopatch-changes-made-at-feature-activation.md
View File

@ -1,7 +1,7 @@
---
title: Changes made at feature activation
description: This reference article details the changes made to your tenant when you activate Windows Autopatch
ms.date: 09/16/2024
ms.date: 03/03/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: concept-article
@ -49,14 +49,6 @@ The following groups target Windows Autopatch configurations to devices and mana
| Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
| Modern Workplace Devices-WindowsAutopatch-Broad | Final deployment ring for broad rollout into the organization |
## Device configuration policies
- Windows Autopatch - Data Collection
| Policy name | Policy description | Properties | Value |
| ----- | ----- | ----- | ----- |
| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
## Windows feature update policies
- Windows Autopatch - Global DSS Policy
@ -68,7 +60,7 @@ The following groups target Windows Autopatch configurations to devices and mana
## Microsoft Office update policies
> [!IMPORTANT]
> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates).</p>
> By default, these policies aren't deployed. You can opt in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Office, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle must be set to [**Allow**](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates).</p>
- Windows Autopatch - Office Configuration
- Windows Autopatch - Office Update Configuration [Test]
@ -87,7 +79,7 @@ The following groups target Windows Autopatch configurations to devices and mana
## Microsoft Edge update policies
> [!IMPORTANT]
> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Edge, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-edge.md#allow-or-block-microsoft-edge-updates).</p>
> By default, these policies aren't deployed. You can opt in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update Microsoft Edge, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle must be set to [**Allow**](../manage/windows-autopatch-edge.md#allow-or-block-microsoft-edge-updates).</p>
- Windows Autopatch - Edge Update Channel Stable
- Windows Autopatch - Edge Update Channel Beta
@ -100,7 +92,7 @@ The following groups target Windows Autopatch configurations to devices and mana
## Driver updates for Windows 10 and later
> [!IMPORTANT]
> By default, these policies are not deployed. You can opt-in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update drivers and firmware, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle the must be set to [**Allow**](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group).</p>
> By default, these policies aren't deployed. You can opt in to deploy these policies when you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md).<p>To update drivers and firmware, you must [create at least one Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md) and the toggle must be set to [**Allow**](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group).</p>
- Windows Autopatch - Driver Update Policy [Test]
- Windows Autopatch - Driver Update Policy [First]

1
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -70,7 +70,6 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| ----- | ----- |
| [MC678305](https://admin.microsoft.com/adminportal/home#/MessageCenter) | September 2023 Windows Autopatch baseline configuration update |
| [MC678303](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch availability within Microsoft Intune Admin Center |
| [MC674422](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Public Preview: Windows Autopatch Reliability Report |
| [MC672750](https://admin.microsoft.com/adminportal/home#/MessageCenter) | August 2023 Windows Autopatch baseline configuration update |
## August 2023

10
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2024.md
View File

@ -1,7 +1,7 @@
---
title: What's new 2024
description: This article lists the 2024 feature releases and any corresponding Message center post numbers.
ms.date: 11/19/2024
ms.date: 02/27/2025
ms.service: windows-client
ms.subservice: autopatch
ms.topic: whats-new
@ -37,14 +37,6 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| ----- | ----- |
| All articles | Windows Update for Business deployment service unified under Windows Autopatch. Unification is going through a gradual rollout over the next several weeks. If your experience looks different from the documentation, you didn't receive the unified experience yet. Review [Prerequisites](../prepare/windows-autopatch-prerequisites.md) and [Features and capabilities](../overview/windows-autopatch-overview.md#features-and-capabilities) to understand licensing and feature entitlement.|
## March 2024
### March feature releases or updates
| Article | Description |
| ----- | ----- |
| [Reliability report](../operate/windows-autopatch-reliability-report.md) | Added the [Reliability report](../operate/windows-autopatch-reliability-report.md) feature |
## February 2024
## February service releases

2
windows/deployment/windows-deployment-scenarios.md
View File

@ -7,7 +7,7 @@ author: frankroj
ms.service: windows-client
ms.localizationpriority: medium
ms.topic: install-set-up-deploy
ms.date: 02/13/2024
ms.date: 02/27/2025
ms.subservice: itpro-deploy
appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>

2
windows/deployment/windows-missing-fonts.md
View File

@ -7,7 +7,7 @@ author: frankroj
ms.author: frankroj
manager: aaroncz
ms.topic: how-to
ms.date: 03/28/2024
ms.date: 02/27/2025
ms.subservice: itpro-deploy
zone_pivot_groups: windows-versions-11-10
appliesto:

2
windows/security/application-security/application-control/app-control-for-business/operations/known-issues.md
View File

@ -62,7 +62,7 @@ Although App Control audit mode is designed to avoid impact to apps, some featur
### .NET native images may generate false positive block events
In some cases, the code integrity logs where App Control for Business errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window.
In some cases, the code integrity logs where App Control for Business errors and warnings are written include error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image falls back to its corresponding assembly and .NET regenerates the native image at its next scheduled maintenance window. To prevent that, consider compiling your .NET application ahead of time using the [Native AOT](/dotnet/core/deploying/native-aot) feature.
### Signatures using elliptical curve cryptography (ECC) aren't supported

3
windows/whats-new/removed-features.md
View File

@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: reference
ms.subservice: itpro-fundamentals
ms.date: 12/09/2024
ms.date: 02/25/2025
ms.collection:
- highpri
- tier1
@ -38,6 +38,7 @@ The following features and functionalities have been removed from the installed
|Feature | Details and mitigation | Support removed |
| ----------- | --------------------- | ------ |
| Data Encryption Standard (DES) <!--9720338--> | DES, the symmetric-key block encryption cipher, is considered nonsecure against modern cryptographic attacks, and replaced by more robust encryption algorithms. DES was disabled by default starting with Windows 7 and Windows Server 2008 R2. It's removed from Windows 11, version 24H2 and later, and [Windows Server 2025](/windows-server/get-started/removed-deprecated-features-windows-server-2025) and later.| September 2025 |
| NTLMv1 <!--9544861--> | NTLMv1 is removed starting in Windows 11, version 24H2 and Windows Server 2025. | 24H2 |
| Windows Information Protection | Windows Information Protection is removed starting in Windows 11, version 24H2. <!--9561151--> | 24H2 |
| Microsoft Defender Application Guard for Edge | [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is deprecated for Microsoft Edge for Business and is no longer available starting with Windows 11, version 24H2. | 24H2 |