mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
Merge branch 'master' into mdm-security-baseline-update
This commit is contained in:
Heidi Lohr
commit
0e98c5bd3f
@ -11,11 +11,6 @@
|
|||||||
"redirect_document_id": true
|
"redirect_document_id": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"source_path": "browsers/edge/emie-to-improve-compatibility.md",
|
|
||||||
"redirect_url": "https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp",
|
|
||||||
"redirect_document_id": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"source_path": "windows/deployment/update/windows-update-sources.md",
|
"source_path": "windows/deployment/update/windows-update-sources.md",
|
||||||
"redirect_url": "/windows/deployment/update/how-windows-update-works",
|
"redirect_url": "/windows/deployment/update/how-windows-update-works",
|
||||||
"redirect_document_id": true
|
"redirect_document_id": true
|
||||||
|
|||||||
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
## [System requirements and supported languages](about-microsoft-edge.md)
|
## [System requirements and supported languages](about-microsoft-edge.md)
|
||||||
|
|
||||||
|
## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
|
||||||
|
|
||||||
## [Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
|
## [Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
|
||||||
|
|
||||||
## [Group policies & configuration options](group-policies/index.yml)
|
## [Group policies & configuration options](group-policies/index.yml)
|
||||||
|
|||||||
@ -35,11 +35,14 @@ Some of the components might also need additional system resources. Check the co
|
|||||||
| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
|
| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
|
||||||
| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
|
| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
|
||||||
| Peripherals | Internet connection and a compatible pointing device |
|
| Peripherals | Internet connection and a compatible pointing device |
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
## Supported languages
|
## Supported languages
|
||||||
|
|
||||||
|
You can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) with Microsoft Edge to translate foreign language webpages and text selections for 60+ languages.
|
||||||
|
|
||||||
|
If the extension does not work after install, please restart Microsoft Edge. If the extension still is not working, please provide feedback through the Feedback Hub.
|
||||||
|
|
||||||
Microsoft Edge supports all of the same languages as Windows 10, including:
|
Microsoft Edge supports all of the same languages as Windows 10, including:
|
||||||
|
|
||||||
|
|||||||
60
browsers/edge/emie-to-improve-compatibility.md
Normal file
60
browsers/edge/emie-to-improve-compatibility.md
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
|
||||||
|
ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
|
||||||
|
author: shortpatti
|
||||||
|
ms.author: pashort
|
||||||
|
ms.manager: dougkim
|
||||||
|
ms.prod: browser-edge
|
||||||
|
ms.mktglfcycl: support
|
||||||
|
ms.sitesec: library
|
||||||
|
ms.pagetype: appcompat
|
||||||
|
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
|
||||||
|
ms.localizationpriority: high
|
||||||
|
ms.date: 10/09/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Use Enterprise Mode to improve compatibility
|
||||||
|
|
||||||
|
> Applies to: Windows 10
|
||||||
|
|
||||||
|
If you have specific web sites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy.
|
||||||
|
|
||||||
|
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
|
||||||
|
|
||||||
|
|
||||||
|
[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)]
|
||||||
|
|
||||||
|
## Enterprise guidance
|
||||||
|
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
|
||||||
|
|
||||||
|
We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
|
||||||
|
|
||||||
|
If you're having trouble deciding whether Microsoft Edge is good for your organization, you can take a look at this infographic about the potential impact of using Microsoft Edge in an organization.
|
||||||
|
|
||||||
|
<br>
|
||||||
|
[Click to enlarge](img-microsoft-edge-infographic-lg.md)<br>
|
||||||
|
[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
|
||||||
|
|
||||||
|
|
||||||
|
|Microsoft Edge |IE11 |
|
||||||
|
|---------|---------|
|
||||||
|
|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.<ul><li>**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.</li><li>**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.</li><li>**Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.</li><li>**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.</li></ul> |IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.<ul><li>**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.</li><li>**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.</li><li>**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.</li><li>**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.</li><li>**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.</li><li>**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.</li></ul> |
|
||||||
|
|
||||||
|
|
||||||
|
## Configure the Enterprise Mode Site List
|
||||||
|
[Available policy options](includes/configure-enterprise-mode-site-list-include.md)
|
||||||
|
|
||||||
|
|
||||||
|
## Related topics
|
||||||
|
* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
|
||||||
|
* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
|
||||||
|
* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
|
||||||
|
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
|
||||||
|
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
|
||||||
|
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager)
|
||||||
|
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
|
||||||
|
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
|
||||||
|
- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
|
||||||
|
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
|
||||||
|
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
|
||||||
|
- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
|
||||||
@ -202,7 +202,7 @@ sections:
|
|||||||
|
|
||||||
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/sync-browser-settings-gp
|
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/sync-browser-settings-gp
|
||||||
|
|
||||||
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the the Sync your Settings toggle.</p>
|
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle.</p>
|
||||||
|
|
||||||
image:
|
image:
|
||||||
|
|
||||||
@ -228,4 +228,4 @@ sections:
|
|||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_policy.svg
|
src: https://docs.microsoft.com/media/common/i_policy.svg
|
||||||
|
|
||||||
title: All group policies
|
title: All group policies
|
||||||
|
|||||||
BIN
browsers/edge/images/microsoft-edge-infographic-sm.png
Normal file
BIN
browsers/edge/images/microsoft-edge-infographic-sm.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
11
browsers/edge/img-microsoft-edge-infographic-lg.md
Normal file
11
browsers/edge/img-microsoft-edge-infographic-lg.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
description: A full-sized view of the Microsoft Edge infographic.
|
||||||
|
title: Full-sized view of the Microsoft Edge infographic
|
||||||
|
ms.date: 11/10/2016
|
||||||
|
---
|
||||||
|
|
||||||
|
Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)<br>
|
||||||
|
Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -7,7 +7,7 @@ ms.prod: edge
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
title: Deploy Microsoft Edge kiosk mode
|
title: Deploy Microsoft Edge kiosk mode
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 10/08/2018
|
ms.date: 10/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Deploy Microsoft Edge kiosk mode
|
# Deploy Microsoft Edge kiosk mode
|
||||||
@ -20,7 +20,7 @@ Microsoft Edge kiosk mode supports four configurations types. For example, you c
|
|||||||
|
|
||||||
In addition to digital/interactive signage, you can configure Microsoft Edge kiosk mode for public browsing either on a single or multi-app kiosk device. The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge.
|
In addition to digital/interactive signage, you can configure Microsoft Edge kiosk mode for public browsing either on a single or multi-app kiosk device. The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge.
|
||||||
|
|
||||||
In single-app public browsing, there is an “End session” button and reset after an idle timeout. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own.
|
In single-app public browsing, there is an “End session” button and reset after an idle timeout option. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own.
|
||||||
|
|
||||||
In this topic, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to set up your Microsoft Edge kiosk mode experience. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
|
In this topic, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to set up your Microsoft Edge kiosk mode experience. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
|
||||||
|
|
||||||
@ -40,7 +40,7 @@ The single-app Microsoft Edge kiosk mode types are:
|
|||||||
|
|
||||||
- **Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet. Use interactive signage for things like a building business directory or restaurant order/pay station.
|
- **Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet. Use interactive signage for things like a building business directory or restaurant order/pay station.
|
||||||
|
|
||||||
2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.<p>The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads. Use the “Configure kiosk reset after idle timeout” policy to set the idle timer, which is set to 5 minutes by default.<p>A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
|
2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.<p>The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads.<p>A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -66,22 +66,21 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
|
|||||||
|
|
||||||
- **Windows Settings.** Use to set up a couple of single-app kiosk devices. If you hit the Windows key and type “kiosk” you can setup Microsoft Edge kiosk mode for a single-app (Digital / Interactive signage or Public browsing) expereince and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout.
|
- **Windows Settings.** Use to set up a couple of single-app kiosk devices. If you hit the Windows key and type “kiosk” you can setup Microsoft Edge kiosk mode for a single-app (Digital / Interactive signage or Public browsing) expereince and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout.
|
||||||
|
|
||||||
IMPORTANT: Do not use the Windows 10 Settings to configure multi-app kiosks.
|
>[!IMPORTANT]
|
||||||
|
>Do not use the Windows 10 Settings to configure multi-app kiosks.
|
||||||
|
|
||||||
- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode]().
|
- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>For other MDM service, check with your provider for instructions.
|
>For other MDM service, check with your provider for instructions.
|
||||||
|
|
||||||
- **Windows PowerShell.** Best for setting up multiple devices as a kiosk. With this method, you can set up single-app or multi-app assigned access using a PowerShell script. For details, see For details, see [Set up a kiosk or digital sign using Windows PowerShell](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-using-windows-powershell).
|
|
||||||
|
|
||||||
- **Windows Configuration Designer.** Best for setting up multiple kiosk devices. Download and install both the latest version of the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and [Windows Configuration Manager](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd#install-windows-configuration-designer-1).
|
|
||||||
|
|
||||||
### Prerequisites
|
### Prerequisites
|
||||||
|
|
||||||
- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
|
- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
|
||||||
|
|
||||||
- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:<p>Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
|
- Configuration and deployment service, such as Microsoft Intune or other MDM service. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:<p>Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
|
||||||
|
|
||||||
|
|
||||||
### Use Windows Settings
|
### Use Windows Settings
|
||||||
@ -124,7 +123,7 @@ When you set up a single-app kiosk device using Windows Settings, you must first
|
|||||||
|
|
||||||
11. Once you've configured the policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration.
|
11. Once you've configured the policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration.
|
||||||
|
|
||||||
*Congratulations!* You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode.
|
**_Congratulations!_** You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode.
|
||||||
|
|
||||||
**_Next steps._**
|
**_Next steps._**
|
||||||
|
|
||||||
@ -141,60 +140,25 @@ With this method, you can use Microsoft Intune or other MDM services to configur
|
|||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>If you are using a local account as a kiosk account in Microsoft Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
>If you are using a local account as a kiosk account in Microsoft Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
||||||
|
|
||||||
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
|
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
|
||||||
|
|
||||||
2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
|
2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
|
||||||
|
|
||||||
| | |
|
| | |
|
||||||
|---|---|
|
|---|---|
|
||||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||||
---
|
---
|
||||||
<br>
|
|
||||||
|
|
||||||
**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
|
**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
|
||||||
|
|
||||||
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
||||||
|
|
||||||
### Use a provisioning package
|
|
||||||
|
|
||||||
With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device.
|
|
||||||
|
|
||||||
>[!IMPORTANT]
|
|
||||||
>If you are using a local account as a kiosk account in Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
|
||||||
|
|
||||||
1. Open Windows Configuration Designer and select **Provision Kiosk devices**.
|
|
||||||
|
|
||||||
2. Name your project, and click **Next**.
|
|
||||||
|
|
||||||
3. [Set up a kiosk](https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#set-up-a-kiosk-using-the-kiosk-wizard-in-windows-configuration-designer).
|
|
||||||
|
|
||||||
4. Switch to the advanced editor and navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
|
|
||||||
|
|
||||||
| | |
|
|
||||||
|---|---|
|
|
||||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
|
||||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
|
||||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
|
||||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
|
||||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
|
||||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
|
||||||
---
|
|
||||||
|
|
||||||
5. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to [build the package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
|
|
||||||
|
|
||||||
6. Click **Finish**.<p>The wizard closes and takes you back to the Customizations page.
|
|
||||||
|
|
||||||
7. [Apply the provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package) to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime).
|
|
||||||
|
|
||||||
**_Congratulations!_** You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
|
|
||||||
|
|
||||||
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Microsoft Edge kiosk mode policies
|
## Microsoft Edge kiosk mode policies
|
||||||
@ -213,69 +177,69 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
|
|||||||
|
|
||||||
| **MDM Setting** | **Digital /<br>Interactive signage** | **Public browsing<br>single-app** | **Public browsing<br>multi-app** | **Normal<br>mode** |
|
| **MDM Setting** | **Digital /<br>Interactive signage** | **Public browsing<br>single-app** | **Public browsing<br>multi-app** | **Normal<br>mode** |
|
||||||
|------------------|:---------:|:---------:|:---------:|:---------:|
|
|------------------|:---------:|:---------:|:---------:|:---------:|
|
||||||
| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
|
| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
|
||||||
| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
|
| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
|
||||||
| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
|
| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
|
||||||
| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
|
| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
|
||||||
| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
|
| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
|
||||||
| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
|
| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
|
||||||
| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
|
| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
|
||||||
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
|
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
|
||||||
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
|
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
|
||||||
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | <sup>2</sup> |  |  |  |
|
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | <sup>2</sup> |  |  |  |
|
||||||
| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
|
| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
|
||||||
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
|
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
|
||||||
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | <sup>1</sup> |  |
|
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | <sup>1</sup> |  |
|
||||||
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
|
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
|
||||||
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
|
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
|
||||||
| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
|
| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
|
||||||
| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
|
| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
|
||||||
| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
|
| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
|
||||||
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||||
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||||
| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
|
| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
|
||||||
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
|
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
|
||||||
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
|
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
|
||||||
| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
|
| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
|
||||||
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
|
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
|
||||||
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
|
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
|
||||||
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
|
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
|
||||||
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
|
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
|
||||||
| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
|
| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
|
||||||
| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
|
| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
|
||||||
| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
|
| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
|
||||||
| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
|
| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
|
||||||
| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
|
| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
|
||||||
| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
|
| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
|
||||||
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
|
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
|
||||||
| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||||
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
|
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
|
||||||
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | <sup>1</sup> |  |
|
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | <sup>1</sup> |  |
|
||||||
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
|
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
|
||||||
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
|
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
|
||||||
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
|
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
|
||||||
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
|
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
|
||||||
| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
|
| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
|
||||||
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
|
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
|
||||||
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
|
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
|
||||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
|
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
|
||||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
|
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
|
||||||
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||||
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
|
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
|
||||||
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
|
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
|
||||||
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | <sup>1</sup> |  |
|
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | <sup>1</sup> |  |
|
||||||
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
|
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
|
||||||
| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
|
| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
|
||||||
| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
|
| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
|
||||||
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | <sup>1</sup> |  |
|
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | <sup>1</sup> |  |
|
||||||
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | <sup>1</sup> |  |
|
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | <sup>1</sup> |  |
|
||||||
| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
|
| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
|
||||||
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
|
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
|
||||||
---
|
---
|
||||||
|
|
||||||
*\* New policy as of Windows 10, version 1809.*<p>
|
*\* New policy as of Windows 10, version 1809.*<p>
|
||||||
*1) For multi-app assigned access, you must configure Internet Explorer 11.*<br>
|
*1) For multi-app assigned access, you must configure Internet Explorer 11.*<br>
|
||||||
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
|
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
|
||||||
|
|
||||||
**Legend:**<p>
|
**Legend:**<p>
|
||||||
 = Not applicable or not supported <br>
|
 = Not applicable or not supported <br>
|
||||||
@ -301,7 +265,6 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
|
|||||||
|
|
||||||
- **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
|
- **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
|
||||||
|
|
||||||
- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -316,19 +279,20 @@ To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Micro
|
|||||||
## Feature comparison of kiosk mode and kiosk browser app
|
## Feature comparison of kiosk mode and kiosk browser app
|
||||||
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
|
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
|
||||||
|
|
||||||
| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
|
| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
|
||||||
|---------------|:----------------:|:---------------:|
|
|---------------|:----------------:|:---------------:|
|
||||||
| Print support |  |  |
|
| Print support |  |  |
|
||||||
| Multi-tab support |  |  |
|
| Multi-tab support |  |  |
|
||||||
| Allow URL support |  <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
| Allow URL support |  <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||||
| Block URL support | <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
| Block URL support | <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||||
| Configure Home Button |  |  |
|
| Configure Home Button |  |  |
|
||||||
| Set Start page(s) URL |  |  <p>*Same as Home button URL* |
|
| Set Start page(s) URL |  |  <p>*Same as Home button URL* |
|
||||||
| Set New Tab page URL |  |  |
|
| Set New Tab page URL |  |  |
|
||||||
| Favorites management |  |  |
|
| Favorites management |  |  |
|
||||||
| End session button |  | <p>*In Intune, must create custom URI to enable. Dedicated UI configuration targeted for 1808.* |
|
| End session button |  | <p>*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration targeted for 1808.* |
|
||||||
| Reset on inactivity |  |  |
|
| Reset on inactivity |  |  |
|
||||||
| Internet Explorer integration (Enterprise Mode site list) | <p>*Multi-app mode only* |  |
|
| Internet Explorer integration (Enterprise Mode site list) | <p>*Multi-app mode only* |  |
|
||||||
|
| Available in Microsoft Store |  |  |
|
||||||
---
|
---
|
||||||
|
|
||||||
**\*Windows Defender Firewall**<p>
|
**\*Windows Defender Firewall**<p>
|
||||||
|
|||||||
@ -145,7 +145,7 @@ This example shows a link to a website and a link to a .pdf file.
|
|||||||
TileID="2678823080"
|
TileID="2678823080"
|
||||||
DisplayName="Bing"
|
DisplayName="Bing"
|
||||||
Arguments="https://www.bing.com/"
|
Arguments="https://www.bing.com/"
|
||||||
Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png"
|
Square150x150LogoUri="ms-appx:///"
|
||||||
Wide310x150LogoUri="ms-appx:///"
|
Wide310x150LogoUri="ms-appx:///"
|
||||||
ShowNameOnSquare150x150Logo="true"
|
ShowNameOnSquare150x150Logo="true"
|
||||||
ShowNameOnWide310x150Logo="false"
|
ShowNameOnWide310x150Logo="false"
|
||||||
@ -164,7 +164,10 @@ This example shows a link to a website and a link to a .pdf file.
|
|||||||
TileID="6153963000"
|
TileID="6153963000"
|
||||||
DisplayName="cstrtqbiology.pdf"
|
DisplayName="cstrtqbiology.pdf"
|
||||||
Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
|
Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
|
||||||
Square150x150LogoUri="ms-appdata:///local/PinnedTiles/2678823080/lowres.png" Wide310x150LogoUri="ms-appx:///" ShowNameOnSquare150x150Logo="true" ShowNameOnWide310x150Logo="true"
|
Square150x150LogoUri="ms-appx:///"
|
||||||
|
Wide310x150LogoUri="ms-appx:///"
|
||||||
|
ShowNameOnSquare150x150Logo="true"
|
||||||
|
ShowNameOnWide310x150Logo="true"
|
||||||
BackgroundColor="#ff4e4248"
|
BackgroundColor="#ff4e4248"
|
||||||
Size="4x2"
|
Size="4x2"
|
||||||
Row="4"
|
Row="4"
|
||||||
@ -177,6 +180,11 @@ This example shows a link to a website and a link to a .pdf file.
|
|||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub.
|
||||||
|
>
|
||||||
|
>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark.
|
||||||
|
|
||||||
## More information
|
## More information
|
||||||
|
|
||||||
- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/)
|
- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/)
|
||||||
|
|||||||
@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.0 client configuration.
|
|||||||
|
|
||||||
`$config = Get-AppvClientConfiguration`
|
`$config = Get-AppvClientConfiguration`
|
||||||
|
|
||||||
`Set-AppcClientConfiguration $config`
|
`Set-AppvClientConfiguration $config`
|
||||||
|
|
||||||
`Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
|
`Set-AppvClientConfiguration –AutoLoad 2`
|
||||||
|
|
||||||
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
||||||
|
|
||||||
|
|||||||
@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.1 client configuration.
|
|||||||
|
|
||||||
`$config = Get-AppvClientConfiguration`
|
`$config = Get-AppvClientConfiguration`
|
||||||
|
|
||||||
`Set-AppcClientConfiguration $config`
|
`Set-AppvClientConfiguration $config`
|
||||||
|
|
||||||
`Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
|
`Set-AppvClientConfiguration –AutoLoad 2`
|
||||||
|
|
||||||
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
||||||
|
|
||||||
|
|||||||
@ -51,7 +51,7 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C
|
|||||||
|
|
||||||
To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**.
|
To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**.
|
||||||
|
|
||||||
5. Use the Configuration Manager console to confirm that that the following new configuration items are displayed:
|
5. Use the Configuration Manager console to confirm that the following new configuration items are displayed:
|
||||||
|
|
||||||
- BitLocker Fixed Data Drives Protection
|
- BitLocker Fixed Data Drives Protection
|
||||||
|
|
||||||
|
|||||||
@ -23,6 +23,9 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
>[!TIP]
|
||||||
|
>Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
|
||||||
|
|
||||||
## Set up
|
## Set up
|
||||||
|
|
||||||
- Both PCs (local and remote) must be running Windows 10, version 1607 (or later). Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported.
|
- Both PCs (local and remote) must be running Windows 10, version 1607 (or later). Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported.
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md)
|
### [Add an Azure AD tenant and Azure AD subscription](add-an-azure-ad-tenant-and-azure-ad-subscription.md)
|
||||||
### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md)
|
### [Register your free Azure Active Directory subscription](register-your-free-azure-active-directory-subscription.md)
|
||||||
## [Enterprise app management](enterprise-app-management.md)
|
## [Enterprise app management](enterprise-app-management.md)
|
||||||
## [Device update management](device-update-management.md)
|
## [Mobile device management (MDM) for device updates](device-update-management.md)
|
||||||
## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md)
|
## [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md)
|
||||||
## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md)
|
## [Management tool for the Microsoft Store for Business](management-tool-for-windows-store-for-business.md)
|
||||||
### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md)
|
### [REST API reference for Microsoft Store for Business](rest-api-reference-windows-store-for-business.md)
|
||||||
|
|||||||
@ -90,7 +90,7 @@ The following image shows the ClientCertificateInstall configuration service pro
|
|||||||
<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
|
<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
|
||||||
|
|
||||||
<a href="" id="clientcertificateinstall-pfxcertinstall-uniqueid-pfxcertpasswordencryptiontype"></a>**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
|
<a href="" id="clientcertificateinstall-pfxcertinstall-uniqueid-pfxcertpasswordencryptiontype"></a>**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
|
||||||
<p style="margin-left: 20px">Optional. Used to specify whtether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
|
<p style="margin-left: 20px">Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
|
||||||
|
|
||||||
<p style="margin-left: 20px">The data type is int. Valid values:
|
<p style="margin-left: 20px">The data type is int. Valid values:
|
||||||
|
|
||||||
|
|||||||
@ -2744,11 +2744,17 @@ The following list shows the configuration service providers supported in Window
|
|||||||
- [DMAcc CSP](dmacc-csp.md)
|
- [DMAcc CSP](dmacc-csp.md)
|
||||||
- [DMClient CSP](dmclient-csp.md)
|
- [DMClient CSP](dmclient-csp.md)
|
||||||
- [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
|
- [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
|
||||||
|
- [HealthAttestation CSP](healthattestation-csp.md)
|
||||||
|
- [NetworkProxy CSP](networkproxy-csp.md)
|
||||||
- [Policy CSP](policy-configuration-service-provider.md)
|
- [Policy CSP](policy-configuration-service-provider.md)
|
||||||
- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
|
- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
|
||||||
|
- [Reboot CSP](reboot-csp.md)
|
||||||
|
- [RemoteWipe CSP](remotewipe-csp.md) 1
|
||||||
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
|
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
|
||||||
|
- [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
|
||||||
- [Update CSP](update-csp.md)
|
- [Update CSP](update-csp.md)
|
||||||
- [VPNv2 CSP](vpnv2-csp.md)
|
- [VPNv2 CSP](vpnv2-csp.md)
|
||||||
- [WiFi CSP](wifi-csp.md)
|
- [WiFi CSP](wifi-csp.md)
|
||||||
|
|
||||||
|
Footnotes:
|
||||||
|
- 1 - Added in Windows 10, version 1809
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Device update management
|
title: Mobile device management MDM for device updates
|
||||||
description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology.
|
description: In the current device landscape of PC, tablets, phones, and IoT devices, the Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology.
|
||||||
ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
|
ms.assetid: C27BAEE7-2890-4FB7-9549-A6EACC790777
|
||||||
keywords: mdm,management,administrator
|
keywords: mdm,management,administrator
|
||||||
@ -12,7 +12,7 @@ ms.date: 11/15/2017
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
# Device update management
|
# Mobile device management (MDM) for device updates
|
||||||
|
|
||||||
>[!TIP]
|
>[!TIP]
|
||||||
>If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq).
|
>If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq).
|
||||||
|
|||||||
@ -332,11 +332,11 @@ Sample syncxml to provision the firewall settings to evaluate
|
|||||||
<p style="margin-left: 20px">Value type is bool. Supported operations are Add, Get, Replace, and Delete.</p>
|
<p style="margin-left: 20px">Value type is bool. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||||
|
|
||||||
<a href="" id="localuserauthorizedlist"></a>**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
|
<a href="" id="localuserauthorizedlist"></a>**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
|
||||||
<p style="margin-left: 20px">Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.</p>
|
<p style="margin-left: 20px">Specifies the list of authorized local users for this rule. This is a string in Security Descriptor Definition Language (SDDL) format.</p>
|
||||||
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
|
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||||
|
|
||||||
<a href="" id="status"></a>**FirewallRules/_FirewallRuleName_/Status**
|
<a href="" id="status"></a>**FirewallRules/_FirewallRuleName_/Status**
|
||||||
<p style="margin-left: 20px">Provides information about the specific verrsion of the rule in deployment for monitoring purposes.</p>
|
<p style="margin-left: 20px">Provides information about the specific version of the rule in deployment for monitoring purposes.</p>
|
||||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||||
|
|
||||||
<a href="" id="name"></a>**FirewallRules/_FirewallRuleName_/Name**
|
<a href="" id="name"></a>**FirewallRules/_FirewallRuleName_/Name**
|
||||||
|
|||||||
@ -64,7 +64,7 @@ When an organization wants to move to MDM to manage devices, they should prepare
|
|||||||
|
|
||||||
- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
|
- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
|
||||||
- [Enterprise app management](enterprise-app-management.md)
|
- [Enterprise app management](enterprise-app-management.md)
|
||||||
- [Device update management](device-update-management.md)
|
- [Mobile device management (MDM) for device updates](device-update-management.md)
|
||||||
- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
|
- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
|
||||||
- [OMA DM protocol support](oma-dm-protocol-support.md)
|
- [OMA DM protocol support](oma-dm-protocol-support.md)
|
||||||
- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
|
- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
|
||||||
|
|||||||
@ -1055,7 +1055,7 @@ If you choose to completely wipe a device when lost or when an employee leaves t
|
|||||||
|
|
||||||
A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system.
|
A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system.
|
||||||
|
|
||||||
**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
|
**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
|
||||||
|
|
||||||
**Settings for personal or corporate device retirement**
|
**Settings for personal or corporate device retirement**
|
||||||
- **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
|
- **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
|
||||||
|
|||||||
@ -17,6 +17,12 @@ ms.date: 10/02/2018
|
|||||||
|
|
||||||
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
|
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
|
||||||
|
|
||||||
|
## October 2018
|
||||||
|
|
||||||
|
New or changed topic | Description
|
||||||
|
--- | ---
|
||||||
|
[Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md) and [Set up a single-app kiosk](kiosk-single-app.md) | Added event log path for auto-logon issues.
|
||||||
|
|
||||||
## RELEASE: Windows 10, version 1809
|
## RELEASE: Windows 10, version 1809
|
||||||
|
|
||||||
The topics in this library have been updated for Windows 10, version 1809. The following new topic has been added:
|
The topics in this library have been updated for Windows 10, version 1809. The following new topic has been added:
|
||||||
|
|||||||
@ -6,7 +6,7 @@ keywords: ["group policy", "start menu", "start screen"]
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
author: coreyp
|
author: coreyp-at-msft
|
||||||
ms.author: coreyp
|
ms.author: coreyp
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
|
|||||||
@ -38,6 +38,12 @@ Disable the camera. | Go to **Settings** > **Privacy** > **Camera**, a
|
|||||||
Turn off app notifications on the lock screen. | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
|
Turn off app notifications on the lock screen. | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
|
||||||
Disable removable media. | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
|
Disable removable media. | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.</br></br>**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
|
||||||
|
|
||||||
|
## Enable logging
|
||||||
|
|
||||||
|
Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Automatic logon
|
## Automatic logon
|
||||||
|
|
||||||
In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
|
In addition to the settings in the table, you may want to set up **automatic logon** for your kiosk device. When your kiosk device restarts, whether from an update or power outage, you can sign in the assigned access account manually or you can configure the device to sign in to the assigned access account automatically. Make sure that Group Policy settings applied to the device do not prevent automatic sign in.
|
||||||
|
|||||||
@ -8,7 +8,7 @@ ms.mktglfcycl: manage
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
author: jdeckerms
|
author: jdeckerms
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 10/02/2018
|
ms.date: 10/09/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Set up a single-app kiosk
|
# Set up a single-app kiosk
|
||||||
@ -185,7 +185,7 @@ Clear-AssignedAccess
|
|||||||
|
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows}(https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
|
>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows).
|
||||||
|
|
||||||
When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.
|
When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.
|
||||||
|
|
||||||
@ -200,7 +200,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
|
|||||||
<tr><td style="width:45%" valign="top"> </br></br>Enable account management if you want to configure settings on this page. </br></br>**If enabled:**</br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.</br></br>**Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br>**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. </td><td></td></tr>
|
<tr><td style="width:45%" valign="top"> </br></br>Enable account management if you want to configure settings on this page. </br></br>**If enabled:**</br></br>You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device</br></br>To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.</br></br>**Warning:** You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards.</br></br>To create a local administrator account, select that option and enter a user name and password. </br></br>**Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. </td><td></td></tr>
|
||||||
<tr><td style="width:45%" valign="top"> </br></br>You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)</br></br>**Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application. </td><td></td></tr>
|
<tr><td style="width:45%" valign="top"> </br></br>You can provision the kiosk app in the **Add applications** step. You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md)</br></br>**Warning:** If you click the plus button to add an application, you must specify an application for the provisioning package to validate. If you click the plus button in error, select any executable file in **Installer Path**, and then a **Cancel** button becomes available, allowing you to complete the provisioning package without an application. </td><td></td></tr>
|
||||||
<tr><td style="width:45%" valign="top"> </br></br>To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td></td></tr>
|
<tr><td style="width:45%" valign="top"> </br></br>To provision the device with a certificate for the kiosk app, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td></td></tr>
|
||||||
<tr><td style="width:45%" valign="top"> </br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts.</br></br>In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td></td></tr>
|
<tr><td style="width:45%" valign="top"> </br></br>You can create a local standard user account that will be used to run the kiosk app. If you toggle **No**, make sure that you have an existing user account to run the kiosk app.</br></br>If you want to create an account, enter the user name and password, and then toggle **Yes** or **No** to automatically sign in the account when the device starts. (If you encounter issues with auto sign-in after you apply the provisioning package, check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.)</br></br>In **Configure the kiosk mode app**, enter the name of the user account that will run the kiosk mode app. Select the type of app to run in kiosk mode, and then enter the path or filename (for a Windows desktop application) or the AUMID (for a Universal Windows app). For a Windows desktop application, you can use the filename if the path to the file is in the PATH environment variable, otherwise the full path is required.</td><td></td></tr>
|
||||||
<tr><td style="width:45%" valign="top"> </br></br>On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.</td><td></td></tr>
|
<tr><td style="width:45%" valign="top"> </br></br>On this step, select your options for tablet mode, the user experience on the Welcome and shutdown screens, and the timeout settings.</td><td></td></tr>
|
||||||
<tr><td style="width:45%" valign="top"> </br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td></td></tr>
|
<tr><td style="width:45%" valign="top"> </br></br>You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.</td><td></td></tr>
|
||||||
</table>
|
</table>
|
||||||
|
|||||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: edu, security
|
ms.pagetype: edu, security
|
||||||
author: jdeckerms
|
author: jdeckerms
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 07/30/2018
|
ms.date: 10/09/2018
|
||||||
ms.author: jdecker
|
ms.author: jdecker
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
@ -39,6 +39,10 @@ For example:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Automatic logon issues
|
||||||
|
|
||||||
|
Check the Event Viewer logs for auto logon issues under **Applications and Services Logs\Microsoft\Windows\Authentication User Interface\Operational**.
|
||||||
|
|
||||||
## Apps configured in AllowedList are blocked
|
## Apps configured in AllowedList are blocked
|
||||||
|
|
||||||
1. Ensure the account is mapped to the correct profile and that the apps are specific for that profile.
|
1. Ensure the account is mapped to the correct profile and that the apps are specific for that profile.
|
||||||
|
|||||||
@ -25,6 +25,9 @@ ms.date: 4/16/2018
|
|||||||
|
|
||||||
IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
|
IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
|
||||||
|
|
||||||
|
> [!Important]
|
||||||
|
> All executable code including Microsoft Store applications should have an update and maintenance plan. Organizations that use Microsoft Store applications should ensure that the applications can be updated through the Microsoft Store over the internet, through the [Private Store](/microsoft-store/distribute-apps-from-your-private-store), or [distributed offline](/microsoft-store/distribute-offline-apps) to keep the applications up to date.
|
||||||
|
|
||||||
## Options to configure access to Microsoft Store
|
## Options to configure access to Microsoft Store
|
||||||
|
|
||||||
|
|
||||||
@ -80,8 +83,7 @@ You can also use Group Policy to manage access to Microsoft Store.
|
|||||||
4. On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**.
|
4. On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**.
|
||||||
|
|
||||||
> [!Important]
|
> [!Important]
|
||||||
> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
|
> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
|
||||||
|
|
||||||
|
|
||||||
## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool
|
## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool
|
||||||
|
|
||||||
|
|||||||
@ -30,7 +30,7 @@ Enter the account and the application you want to use for Assigned access, using
|
|||||||
**Example**:
|
**Example**:
|
||||||
|
|
||||||
```
|
```
|
||||||
"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"
|
{"Account":"domain\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}
|
||||||
```
|
```
|
||||||
|
|
||||||
## MultiAppAssignedAccessSettings
|
## MultiAppAssignedAccessSettings
|
||||||
|
|||||||
@ -57,7 +57,7 @@ Clicking the header of the Frequently Crashing Devices blade opens a reliability
|
|||||||
Notice the filters in the left pane; they allow you to filter the crash rate shown to a particular operating system version, device model, or other parameter.
|
Notice the filters in the left pane; they allow you to filter the crash rate shown to a particular operating system version, device model, or other parameter.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that that version has a low crash rate.
|
>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that the version has a low crash rate.
|
||||||
|
|
||||||
>[!TIP]
|
>[!TIP]
|
||||||
>Once you've applied a filter (for example setting OSVERSION=1607) you will see the query in the text box change to append the filter (for example, with “(OSVERSION=1607)”). To undo the filter, remove that part of the query in the text box and click the search button to the right of the text box to run the adjusted query.”
|
>Once you've applied a filter (for example setting OSVERSION=1607) you will see the query in the text box change to append the filter (for example, with “(OSVERSION=1607)”). To undo the filter, remove that part of the query in the text box and click the search button to the right of the text box to run the adjusted query.”
|
||||||
|
|||||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: jaimeo
|
author: jaimeo
|
||||||
ms.author: jaimeo
|
ms.author: jaimeo
|
||||||
ms.date: 10/01/2018
|
ms.date: 10/08/2018
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -53,7 +53,7 @@ To enable data sharing, configure your proxy server to whitelist the following e
|
|||||||
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
|
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
|
||||||
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
|
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
|
||||||
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
|
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis; required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |
|
||||||
| `https://login.live.com` | This end-point is required by Device Health to ensure data integrity and provides a more reliable device identity for all Windows Analtyics solutions on Windows 10. Those who wish to disable end-user MSA access should do so by applying [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) rather than blocking this end-point. |
|
| `https://login.live.com` | This endpoint is required by Device Health to ensure data integrity and provides a more reliable device identity for all of the Windows Analytics solutions on Windows 10. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
|
||||||
| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
|
| `https://www.msftncsi.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
|
||||||
| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
|
| `https://www.msftconnecttest.com` | Windows Error Reporting (WER); required for Device Health to check connectivity. |
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: jaimeo
|
author: jaimeo
|
||||||
ms.author: jaimeo
|
ms.author: jaimeo
|
||||||
ms.date: 09/26/2018
|
ms.date: 10/10/2018
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ Upgrade Readiness is offered as a *solution* which you link to a new or existing
|
|||||||
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
> Upgrade Readiness is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
|
> Upgrade Readiness is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
|
||||||
|
|
||||||
2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution.
|
2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution.
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/18
|
ms.date: 06/01/18
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/18
|
ms.date: 06/01/18
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: greg-lindsay
|
ms.author: greg-lindsay
|
||||||
ms.date: 07/13/18
|
ms.date: 07/13/18
|
||||||
---
|
---
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype:
|
ms.pagetype:
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -1,19 +1,19 @@
|
|||||||
---
|
---
|
||||||
title: Rip and Replace
|
title: Autopilot for existing devices
|
||||||
description: Listing of Autopilot scenarios
|
description: Listing of Autopilot scenarios
|
||||||
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
|
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.localizationpriority: low
|
ms.localizationpriority: low
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 10/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Rip and replace
|
# Autopilot for existing devices
|
||||||
|
|
||||||
**Applies to: Windows 10**
|
**Applies to: Windows 10**
|
||||||
|
|
||||||
DO NOT PUBLISH. Just a placeholder for now, coming with 1809.
|
Placeholder. Content coming.
|
||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/18
|
ms.date: 06/01/18
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype:
|
ms.pagetype:
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,13 +7,13 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: low
|
ms.localizationpriority: low
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 10/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Autopilot user-driven mode for Azure Active Directory
|
# Windows Autopilot user-driven mode for Azure Active Directory
|
||||||
|
|
||||||
**Applies to: Windows 10**
|
**Applies to: Windows 10**
|
||||||
|
|
||||||
DO NOT PUBLISH. This eventually will contain the AAD-specific instuctions currently in user-driven.md.
|
Placeholder. Content coming.
|
||||||
|
|||||||
@ -7,9 +7,9 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: low
|
ms.localizationpriority: low
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 10/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
@ -17,4 +17,4 @@ ms.date: 06/01/2018
|
|||||||
|
|
||||||
**Applies to: Windows 10**
|
**Applies to: Windows 10**
|
||||||
|
|
||||||
DO NOT PUBLISH. This eventually will contain the AD-specific (hybrid) instuctions. This will be in preview at a later point in time.
|
Placeholder. Content coming.
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 08/22/2018
|
ms.date: 08/22/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype:
|
ms.pagetype:
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype:
|
ms.pagetype:
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype:
|
ms.pagetype:
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: coreyp-at-msft
|
author: greg-lindsay
|
||||||
ms.author: coreyp
|
ms.author: greglin
|
||||||
ms.date: 06/01/2018
|
ms.date: 06/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -71,10 +71,12 @@ The Windows 10 operating system introduces a new way to build, deploy, and servi
|
|||||||
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
|
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
|
||||||
|
|
||||||
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
|
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
|
||||||
|
- [Read how much space does Windows 10 take](https://www.microsoft.com/en-us/windows/windows-10-specifications)
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
|
[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -334,7 +334,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||||
|
|
||||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -670,7 +670,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||||
|
|
||||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -4388,7 +4388,7 @@ The following fields are available:
|
|||||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||||
|
|||||||
@ -359,7 +359,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||||
|
|
||||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -706,7 +706,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||||
|
|
||||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -4366,7 +4366,7 @@ The following fields are available:
|
|||||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||||
|
|||||||
@ -369,7 +369,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||||
|
|
||||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -701,7 +701,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||||
|
|
||||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -4538,7 +4538,7 @@ The following fields are available:
|
|||||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||||
|
|||||||
@ -666,7 +666,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||||
|
|
||||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
@ -1013,7 +1013,7 @@ The following fields are available:
|
|||||||
|
|
||||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||||
|
|
||||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||||
|
|
||||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||||
|
|
||||||
|
|||||||
@ -123,7 +123,7 @@ This setting determines whether a device shows notifications about Windows diagn
|
|||||||
|
|
||||||
### Configure telemetry opt-in setting user interface
|
### Configure telemetry opt-in setting user interface
|
||||||
|
|
||||||
This setting determines whether people can change their own Windows diagnostic data level in in *Start > Settings > Privacy > Diagnostics & feedback*.
|
This setting determines whether people can change their own Windows diagnostic data level in *Start > Settings > Privacy > Diagnostics & feedback*.
|
||||||
|
|
||||||
#### Group Policy
|
#### Group Policy
|
||||||
|
|
||||||
|
|||||||
@ -131,7 +131,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
|
|||||||
## Review
|
## Review
|
||||||
|
|
||||||
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
|
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
|
||||||
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
||||||
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
||||||
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
||||||
|
|||||||
@ -104,7 +104,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
|
|||||||
## Review
|
## Review
|
||||||
|
|
||||||
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
|
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
|
||||||
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
||||||
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
||||||
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
||||||
|
|||||||
@ -48,7 +48,7 @@
|
|||||||
### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md)
|
### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md)
|
||||||
### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md)
|
### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md)
|
||||||
#### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md)
|
#### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md)
|
||||||
#### [Unenlightened and enlightened app behavior while using WI)](windows-information-protection\app-behavior-with-wip.md)
|
#### [Unenlightened and enlightened app behavior while using WIP](windows-information-protection\app-behavior-with-wip.md)
|
||||||
#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md)
|
#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md)
|
||||||
#### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md)
|
#### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md)
|
||||||
### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md)
|
### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md)
|
||||||
|
|||||||
@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
author: brianlic-msft
|
author: brianlic-msft
|
||||||
ms.date: 09/17/2018
|
ms.date: 10/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Information protection
|
# Information protection
|
||||||
@ -16,7 +16,7 @@ Learn more about how to secure documents and other data across your organization
|
|||||||
| Section | Description |
|
| Section | Description |
|
||||||
|-|-|
|
|-|-|
|
||||||
| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
|
| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
|
||||||
| [Encrypted Hard Drive](bitlocker/bitlocker-overview.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
|
| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
|
||||||
| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
|
| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
|
||||||
| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
|
| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
|
||||||
| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
|
| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
|
||||||
|
|||||||
@ -75,7 +75,7 @@ The adoption of new authentication technology requires that identity providers a
|
|||||||
|
|
||||||
Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
|
Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
|
||||||
|
|
||||||
• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that that manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
|
• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
|
||||||
|
|
||||||
• **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
|
• **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
|
||||||
|
|
||||||
|
|||||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
author: justinha
|
author: justinha
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 10/05/2018
|
ms.date: 10/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
|
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
|
||||||
@ -32,7 +32,7 @@ Apps can be enlightened or unenlightened:
|
|||||||
|
|
||||||
- Windows **Save As** experiences only allow you to save your files as enterprise.
|
- Windows **Save As** experiences only allow you to save your files as enterprise.
|
||||||
|
|
||||||
- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions.
|
- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode.
|
||||||
|
|
||||||
## List of enlightened Microsoft apps
|
## List of enlightened Microsoft apps
|
||||||
Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
|
Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
|
||||||
|
|||||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
author: justinha
|
author: justinha
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 10/04/2018
|
ms.date: 10/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# How Windows Information Protection protects files with a sensitivity label
|
# How Windows Information Protection protects files with a sensitivity label
|
||||||
@ -29,7 +29,7 @@ Microsoft information protection technologies include:
|
|||||||
|
|
||||||
- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
|
- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
|
||||||
|
|
||||||
- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps.
|
- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps.
|
||||||
|
|
||||||
- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
|
- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
|
||||||
|
|
||||||
@ -50,7 +50,7 @@ For more information about labels, see [Overview of labels](https://docs.microso
|
|||||||
|
|
||||||
## Use cases
|
## Use cases
|
||||||
|
|
||||||
This sections covers how WIP works with sensitivity labels in specific use cases.
|
This section covers how WIP works with sensitivity labels in specific use cases.
|
||||||
|
|
||||||
### User downloads from or creates a document on a work site
|
### User downloads from or creates a document on a work site
|
||||||
|
|
||||||
@ -60,7 +60,7 @@ If the document also has a sensitivity label, which can be Office or PDF files,
|
|||||||
|
|
||||||
### User downloads a confidential Office or PDF document from a personal site
|
### User downloads a confidential Office or PDF document from a personal site
|
||||||
|
|
||||||
Windows Defender ATP scans for any file that gets modified or created, including files that were created on a personal site.
|
Windows Defender Advanced Threat Protection (Windows Defender ATP) scans for any file that gets modified or created, including files that were created on a personal site.
|
||||||
If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site.
|
If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site.
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
@ -74,7 +74,7 @@ The PDF file doesn't need any work context beyond the sensitivity label.
|
|||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
- Windows 10, version 1809
|
- Windows 10, version 1809
|
||||||
- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
|
- [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
|
||||||
- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
|
- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
|
||||||
- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
|
- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,8 @@ ms.prod: w10
|
|||||||
ms.mktglfcycl:
|
ms.mktglfcycl:
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
author: coreyp-at-msft
|
author: justinha
|
||||||
|
ms.author: justinha
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 08/08/2018
|
ms.date: 08/08/2018
|
||||||
---
|
---
|
||||||
|
|||||||
@ -404,10 +404,10 @@
|
|||||||
#### [Software developer FAQ](intelligence/developer-faq.md)
|
#### [Software developer FAQ](intelligence/developer-faq.md)
|
||||||
#### [Software developer resources](intelligence/developer-resources.md)
|
#### [Software developer resources](intelligence/developer-resources.md)
|
||||||
|
|
||||||
## Certifications
|
## Windows Certifications
|
||||||
|
|
||||||
### [FIPS 140 Validation](fips-140-validation.md)
|
### [FIPS 140 Validations](fips-140-validation.md)
|
||||||
### [Windows Platform Common Criteria Certification](windows-platform-common-criteria.md)
|
### [Common Criteria Certifications](windows-platform-common-criteria.md)
|
||||||
|
|
||||||
|
|
||||||
## More Windows 10 security
|
## More Windows 10 security
|
||||||
|
|||||||
@ -21,6 +21,8 @@ Safety Scanner only scans when manually triggered and is available for use 10 da
|
|||||||
|
|
||||||
> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/en-us/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection).
|
> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/en-us/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection).
|
||||||
|
|
||||||
|
> **NOTE:** Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
|
||||||
|
|
||||||
## System requirements
|
## System requirements
|
||||||
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/en-us/lifecycle).
|
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/en-us/lifecycle).
|
||||||
|
|
||||||
|
|||||||
@ -40,7 +40,7 @@ It is also important to keep the following in mind:
|
|||||||
|
|
||||||
* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
|
* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
|
||||||
|
|
||||||
* Enable Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
|
* Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
|
||||||
|
|
||||||
## What to do if information has been given to a tech support person
|
## What to do if information has been given to a tech support person
|
||||||
|
|
||||||
@ -60,4 +60,4 @@ Help Microsoft stop scammers, whether they claim to be from Microsoft or from an
|
|||||||
|
|
||||||
**www.microsoft.com/reportascam**
|
**www.microsoft.com/reportascam**
|
||||||
|
|
||||||
You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
|
You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
|
||||||
|
|||||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: brianlic-msft
|
author: brianlic-msft
|
||||||
ms.date: 04/19/2017
|
ms.date: 10/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Account Lockout Policy
|
# Account Lockout Policy
|
||||||
@ -22,6 +22,9 @@ Someone who attempts to use more than a few unsuccessful passwords while trying
|
|||||||
|
|
||||||
The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures.
|
The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>Account lockout settings for remote access clients can be configured separately by editing the Registry on the server that manages the remote access. For more information, see [How to configure remote access client account lockout](https://support.microsoft.com/help/816118/how-to-configure-remote-access-client-account-lockout-in-windows-serve).
|
||||||
|
|
||||||
## In this section
|
## In this section
|
||||||
|
|
||||||
| Topic | Description |
|
| Topic | Description |
|
||||||
|
|||||||
@ -84,11 +84,11 @@ A user who is assigned this user right could increase the scheduling priority of
|
|||||||
|
|
||||||
### Countermeasure
|
### Countermeasure
|
||||||
|
|
||||||
Verify that only Administrators and and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
|
Verify that only Administrators and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
|
||||||
|
|
||||||
### Potential impact
|
### Potential impact
|
||||||
|
|
||||||
None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and and Window Manager/Window Manager Group is the default configuration.
|
None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and Window Manager/Window Manager Group is the default configuration.
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,7 @@ ms.date: 09/03/2018
|
|||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
|
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
[!include[Prerelease information](prerelease.md)]
|
||||||
|
|
||||||
You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.
|
You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.
|
||||||
|
|
||||||
@ -58,7 +58,7 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs.
|
|||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
> These set of steps are directed towards the MSSP customer. <br>
|
> These set of steps are directed towards the MSSP customer. <br>
|
||||||
> Access to the portal can can only be done by the MSSP customer.
|
> Access to the portal can only be done by the MSSP customer.
|
||||||
|
|
||||||
As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center.
|
As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center.
|
||||||
|
|
||||||
@ -269,7 +269,7 @@ You'll need to have **Manage portal system settings** permission to whitelist th
|
|||||||
|
|
||||||
You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md).
|
You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
- In the ArcSight configuration file / Splunk Authentication Properties file – you will have to write your application key manually by settings the secret value.
|
- In the ArcSight configuration file / Splunk Authentication Properties file you will have to write your application key manually by settings the secret value.
|
||||||
- Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
|
- Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
|
||||||
|
|
||||||
## Fetch alerts from MSSP customer's tenant using APIs
|
## Fetch alerts from MSSP customer's tenant using APIs
|
||||||
|
|||||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
author: mjcaparas
|
author: mjcaparas
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 09/06/2018
|
ms.date: 10/09/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Onboard servers to the Windows Defender ATP service
|
# Onboard servers to the Windows Defender ATP service
|
||||||
|
|||||||
@ -19,7 +19,7 @@ ms.date: 10/07/2018
|
|||||||
|
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
Retrieves a map of of CVE's to KB's and CVE details.
|
Retrieves a map of CVE's to KB's and CVE details.
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
User needs read permissions.
|
User needs read permissions.
|
||||||
|
|||||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
|||||||
ms.author: macapara
|
ms.author: macapara
|
||||||
author: mjcaparas
|
author: mjcaparas
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 06/18/2018
|
ms.date: 10/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Onboard previous versions of Windows
|
# Onboard previous versions of Windows
|
||||||
@ -50,7 +50,7 @@ The following steps are required to enable this integration:
|
|||||||
|
|
||||||
### Before you begin
|
### Before you begin
|
||||||
Review the following details to verify minimum system requirements:
|
Review the following details to verify minimum system requirements:
|
||||||
- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
|
- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) or a later monthly update rollup.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||||
@ -60,6 +60,14 @@ Review the following details to verify minimum system requirements:
|
|||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||||
|
|
||||||
|
- Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
|
||||||
|
|
||||||
|
>[NOTE]
|
||||||
|
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||||
|
>Don't install .NET framework 4.0.x, since it will negate the above installation.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
|
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
|
||||||
|
|
||||||
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
|
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
|
||||||
|
|||||||
@ -19,7 +19,7 @@ ms.date: 09/03/2018
|
|||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
|
|
||||||
The Widows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
|
The Windows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
|
||||||
|
|
||||||
|
|
||||||
When a threat is detected, alerts are be created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
|
When a threat is detected, alerts are be created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
|
||||||
|
|||||||
@ -1,14 +1,14 @@
|
|||||||
---
|
---
|
||||||
title: Windows Platform Common Criteria Certification
|
title: Common Criteria Certifications
|
||||||
description: This topic details how Microsoft supports the Common Criteria certification program.
|
description: This topic details how Microsoft supports the Common Criteria certification program.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.author: daniha
|
ms.author: daniha
|
||||||
author: danihalfin
|
author: danihalfin
|
||||||
ms.date: 04/03/2018
|
ms.date: 10/8/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Platform Common Criteria Certification
|
# Common Criteria Certifications
|
||||||
|
|
||||||
Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, continues to ensure that products incorporate the features and functions required by relevant Common Criteria protection profiles, and completes Common Criteria certifications of Microsoft Windows products.
|
Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, continues to ensure that products incorporate the features and functions required by relevant Common Criteria protection profiles, and completes Common Criteria certifications of Microsoft Windows products.
|
||||||
|
|
||||||
@ -18,7 +18,8 @@ Microsoft is committed to optimizing the security of its products and services.
|
|||||||
|
|
||||||
The Security Target describes security functionality and assurance measures used to evaluate Windows.
|
The Security Target describes security functionality and assurance measures used to evaluate Windows.
|
||||||
|
|
||||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
|
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
|
||||||
|
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
|
||||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
|
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
|
||||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx)
|
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx)
|
||||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx)
|
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx)
|
||||||
@ -52,7 +53,9 @@ These documents describe how to configure Windows to replicate the configuration
|
|||||||
|
|
||||||
**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
|
**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
|
||||||
|
|
||||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
|
|
||||||
|
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf)
|
||||||
|
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
|
||||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
|
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
|
||||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx)
|
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx)
|
||||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx)
|
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx)
|
||||||
@ -127,7 +130,8 @@ These documents describe how to configure Windows to replicate the configuration
|
|||||||
|
|
||||||
An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
|
An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
|
||||||
|
|
||||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
|
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf)
|
||||||
|
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
|
||||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
|
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
|
||||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
|
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
|
||||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf)
|
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user