From 7055f7757e9fc125bd207f9a74469e113c331f32 Mon Sep 17 00:00:00 2001 From: ItIsJustMee <89180284+ItIsJustMee@users.noreply.github.com> Date: Thu, 19 Aug 2021 15:36:33 +1000 Subject: [PATCH 1/6] Making a change to Cryptomining policy Would not like to make changes until the 30th of August. Can you hold off until then please, or should I resubmit then? --- windows/security/threat-protection/intelligence/criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 381dc66ce4..a9ef83b56c 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -174,7 +174,7 @@ Microsoft uses specific categories and the category definitions to classify soft * **Torrent software (Enterprise only):** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies. -* **Cryptomining software:** Software that uses your device resources to mine cryptocurrencies. +* **Cryptomining software (Enterprise only):** Software that uses your device resources to mine cryptocurrencies. * **Bundling software:** Software that offers to install other software that is not developed by the same entity or not required for the software to run. Also, software that offers to install other software that qualifies as PUA based on the criteria outlined in this document. From 3dc731d10c152c4895995f8cfc880ea64530831d Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Mon, 4 Oct 2021 11:56:46 +0200 Subject: [PATCH 2/6] Update enterprise-app-management.md Updated markdown for several old style Notes sections. --- .../mdm/enterprise-app-management.md | 52 ++++++++----------- 1 file changed, 22 insertions(+), 30 deletions(-) diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index c29e2047ad..c59cd91eb9 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -49,9 +49,9 @@ Inventory can be performed recursively at any level from the AppManagement node Inventory is specific to the package full name and lists bundled packs and resources packs as applicable under the package family name. -> **Note**  On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name. +> [!NOTE] +> On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name. - Here are the nodes for each package full name: - Name @@ -116,8 +116,8 @@ Here are the nodes for each license ID: For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). -> **Note**  The LicenseID in the CSP is the content ID for the license. - +> [!NOTE] +> The LicenseID in the CSP is the content ID for the license. Here is an example of a query for all app licenses on a device. @@ -308,9 +308,9 @@ Here are the requirements for this scenario: - The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled. - The user must be logged in, but association with AAD identity is not required. -> **Note**  You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user). +> [!NOTE] +> You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user). - The Add command for the package family name is required to ensure proper removal of the app at unenrollment. Here is an example of a line-of-business app installation. @@ -429,14 +429,13 @@ Here are the requirements for this scenario: To provision app for all users of a device from a hosted location, the management server performs an Add and Exec command on the AppInstallation node in the device context. The Add command for the package family name is required to ensure proper removal of the app at unenrollment. -> **Note**  When you remove the provisioned app, it will not remove it from the users that already installed the app. - - +> [!NOTE] +> When you remove the provisioned app, it will not remove it from the users that already installed the app. Here is an example of app installation. -> **Note**  This is only supported in Windows 10 for desktop editions. - +> [!NOTE] +> This is only supported in Windows 10 for desktop editions. ```xml @@ -472,8 +471,8 @@ The DeploymentOptions parameter is only available in the user context. Here is an example of app installation with dependencies. -> **Note**  This is only supported in Windows 10 for desktop editions. - +> [!NOTE] +> This is only supported in Windows 10 for desktop editions. ```xml @@ -579,7 +578,8 @@ For user-based installation, use the ./User path and for provisioning of apps, u The Data field value of 0 (zero) indicates sucess, otherwise it is an error code. If there is a failure, you can get more details from the AppInstallation node. -> **Note**  At this time, the alert for Store app installation is not yet available. +> [!NOTE] +> At this time, the alert for Store app installation is not yet available. ## Uninstall your apps @@ -624,7 +624,8 @@ Here is an example for uninstalling a specific version of the app for a user. You can remove provisioned apps from a device for a specific version or for all versions of a package family. When a provisioned app is removed, it is not available to future users for the device. Logged in users who has the app registered to them will continue to have access to the app. If you want to removed the app for those users, you must explicitly uninstall the app for those users. -> **Note**  You can only remove an app that has an inventory value IsProvisioned = 1. +> [!NOTE] +> You can only remove an app that has an inventory value IsProvisioned = 1. Removing provisioned app occurs in the device context. @@ -753,7 +754,6 @@ Here is an example of a status check. Updating an existing app follows the same process as an initial installation. For more information, see [Deploy apps to a user from a hosted location](#deploy-apps-to-a-user-from-a-hosted-location). - ### Update provisioned apps A provisioned app automatically updates when an app update is sent to the user. You can also update a provisioned app using the same process as an initial provisioning. For more information about initial provisioning, see [Provision apps for all users of a device](#provision-apps-for-all-users-of-a-device). @@ -790,8 +790,8 @@ The following subsections provide information about additional settings configur You can install app on non-system volumes, such as a secondary partition or removable media (USB or SD cards). Using the RestrictApptoSystemVolume policy, you can prevent apps from getting installed or moved to non-system volumes. For more information about this policy, see [Policy CSP](policy-configuration-service-provider.md). -> **Note**  This is only supported in mobile devices. - +> [!NOTE] +> This is only supported in mobile devices. Here is an example. @@ -825,8 +825,8 @@ Here is an example. In Windows 10 Mobile IT administrators can set a policy to restrict user application data for a Microsoft Store app to the system volume, regardless of where the package is installed or moved. -> **Note**  The feature is only for Windows 10 Mobile. - +> [!NOTE] +> The feature is only for Windows 10 Mobile. The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-service-provider.md) enables you to restrict all user application data to stay on the system volume. When the policy is not configured or if it is disabled, and you move a package or when it is installed to a difference volume, then the user application data will moved to the same volume. You can set this policy to 0 (off, default) or 1. @@ -862,8 +862,8 @@ Here is an example. The Universal Windows app has the ability to share application data between the users of the device. The ability to share data can be set at a package family level or per device. -> **Note**  This is only applicable to multi-user devices. - +> [!NOTE] +> This is only applicable to multi-user devices. The AllowSharedUserAppData policy in [Policy CSP](policy-configuration-service-provider.md) enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API. @@ -898,11 +898,3 @@ Here is an example. ``` - - - - - - - - From 7893af6f67750a05d9d688ae8b03f1416d935e12 Mon Sep 17 00:00:00 2001 From: Peter Lewis Date: Mon, 4 Oct 2021 16:09:24 +0100 Subject: [PATCH 3/6] Correct spelling 'explicitly' --- windows/whats-new/windows-11-prepare.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index e74e8d2e46..401e92c65f 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -54,7 +54,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil - If you use Microsoft Intune and have a Microsoft 365 E3 license, you will be able to use [feature update deployments](/mem/intune/protect/windows-10-feature-updates) to easily update devices from one release of Windows 10 to another, or to upgrade Windows 10 devices to Windows 11. You can also continue using the same update experience controls to manage Windows 10 and Windows 11. If you aren’t ready to move to Windows 11, keep the feature update version set at the version you are currently on. When you are ready to start upgrading devices, change the feature update deployment setting to specify Windows 11. > [!NOTE] - > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicllty configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy. + > Endpoints managed by Windows Update for Business will not automatically upgrade to Windows 11 unless an administrator explicitly configures a **Target Version** using the [TargetReleaseVersion](/windows/client-management/mdm/policy-csp-update#update-targetreleaseversion) setting using a Windows CSP, a [feature update profile](/mem/intune/protect/windows-10-feature-updates) in Intune, or the [Select target Feature Update version setting](/windows/deployment/update/waas-wufb-group-policy#i-want-to-stay-on-a-specific-version) in a group policy. ## Cloud-based management From 170be0e7db0b1ccb27f8ca79d6c19a9865372de0 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 4 Oct 2021 09:32:05 -0700 Subject: [PATCH 4/6] Update enterprise-app-management.md --- windows/client-management/mdm/enterprise-app-management.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index c59cd91eb9..2a83c09221 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -8,8 +8,8 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 09/22/2017 +author: dansimp +ms.date: 10/04/2021 --- # Enterprise app management From 9e285dac8ed850254c1c200f98ec9446d2113c36 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 4 Oct 2021 11:25:21 -0700 Subject: [PATCH 5/6] Update criteria.md --- windows/security/threat-protection/intelligence/criteria.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index a9ef83b56c..17980ae531 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -13,6 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 10/04/2021 search.appverid: met150 ms.technology: mde --- From 2612e3ca0edb6de41ca4fa0cffdb5377fc521e22 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 4 Oct 2021 12:33:03 -0600 Subject: [PATCH 6/6] Update enterprise-app-management.md --- .../client-management/mdm/enterprise-app-management.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md index 2a83c09221..8c5e138861 100644 --- a/windows/client-management/mdm/enterprise-app-management.md +++ b/windows/client-management/mdm/enterprise-app-management.md @@ -512,9 +512,9 @@ When an app installation is completed, a Windows notification is sent. You can a - Status - indicates the status of app installation. - NOT\_INSTALLED (0) - The node was added, but the execution was not completed. - - INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of suceess this value is updated. + - INSTALLING (1) - Execution has started, but the deployment has not completed. If the deployment completes regardless of success this value is updated. - FAILED (2) - Installation failed. The details of the error can be found under LastError and LastErrorDescription. - - INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up actio has not completed, this state may briefly appear. + - INSTALLED (3) - Once an install is successful this node is cleaned up, however in the event the clean up action has not completed, this state may briefly appear. - LastError - This is the last error reported by the app deployment server. - LastErrorDescription - Describes the last error reported by the app deployment server. - Status - This is an integer that indicates the progress of the app installation. In cases of an https location, this shows the estimated download progress. @@ -576,7 +576,7 @@ Here is an example of an alert. For user-based installation, use the ./User path and for provisioning of apps, use the ./Device path. -The Data field value of 0 (zero) indicates sucess, otherwise it is an error code. If there is a failure, you can get more details from the AppInstallation node. +The Data field value of 0 (zero) indicates success, otherwise it is an error code. If there is a failure, you can get more details from the AppInstallation node. > [!NOTE] > At this time, the alert for Store app installation is not yet available. @@ -590,7 +590,7 @@ You can uninstall apps from users from Windows 10 devices. To uninstall an app, - nonStore - These apps that were not acquired from the Microsoft Store. - System - These apps are part of the OS. You cannot uninstall these apps. -To uninstall an app, you delete it under the origin node, package family name, and package full name. To uninstall a XAP, use the product ID in place of the package family nane and package full name. +To uninstall an app, you delete it under the origin node, package family name, and package full name. To uninstall a XAP, use the product ID in place of the package family name and package full name. Here is an example for uninstalling all versions of an app for a user.