deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-29 09:13:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2751 from MicrosoftDocs/master

Browse Source 
Publish 3:53 PM 05/12/2020
This commit is contained in:
Gary Moore
2020-05-12 16:15:12 -07:00
committed by GitHub
parent 7c85054bf3 cadddcc5c4
commit 10750d586b
17 changed files with 307 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
devices/hololens/holographic-store-apps.md
View File

@ -33,12 +33,18 @@ Open the Microsoft Store from the **Start** menu. Then browse for apps and games
## Install apps
To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
To download apps, you'll need to be signed in with a Microsoft account. Some apps are free and can be downloaded right away. Apps that require a purchase require you to be signed in to the Store with your Microsoft account and have a valid payment method.
> [!NOTE]
> The account you use on Microsoft Store does not have to be the same as the account you are signed in with. If you are using a Work or School account on your HoloLens then you'll need to sign in with your personal account in the Store App to make a purchase.
1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist.
2. Select the Store app and then tap to place this tile into your world.
3. Once the Store app opens, use the search bar to look for any desired application.
4. Select **Get** or **Install** on the application's page (a purchase may be required).
To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
1. To open the [**Start** menu](holographic-home.md), perform a [Start gesture](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) or [bloom](hololens1-basic-usage.md) gesture on HoloLens 1.
1. Select the Store app. Once the Store app opens:
1. Use the search bar to look for any desired applications.
1. Select essential apps or apps made specifically for HoloLens from one of the curated categories.
1. On the top right of the Store app, select the **...** button and then select **My Library** to view any previously purchased apps.
1. Select **Get** or **Install** on the application's page (a purchase may be required).
## Uninstall apps
@ -46,7 +52,7 @@ There are two ways to uninstall applications. You can uninstall applications th
### Uninstall from the Start menu
On the **Start** menu or in the **All apps** list, gaze at the app. Tap and hold until the menu appears, then select **Uninstall**.
On the **Start** menu or in the **All apps** list, browse to the app. Air tap and hold until the menu appears, then select **Uninstall**.
### Uninstall from the Microsoft Store

3
devices/hololens/hololens-connect-devices.md
View File

@ -63,6 +63,9 @@ HoloLens 2 supports the following classes of USB-C devices:
- Wired keyboard
- Combination PD hubs (USB A plus PD charging)
> [!NOTE]
> Some mobile devices with USB-C connections present themselves to the HoloLens as ethernet adaptors, and therefore could be used in a tethering configuration, starting with the 20H1 OS. USB LTE modems that require a separate driver, and/or application installed for configuration are not supported
## Connect to Miracast
To use Miracast, follow these steps:

75
devices/hololens/hololens-insider.md
View File

@ -63,80 +63,9 @@ You are welcome and encouraged to try developing your applications using Insider
## Windows Insider Release Notes
HoloLens 2 Windows Insider builds are full of new features and improvements. Sign up for Windows Insider Fast or Slow flights to test them out!
Here's a quick summary of what's new:
As of our [Windows Holographic May 2020 Update](hololens-release-notes.md) release all of our release preview feautres are now generally avalible! Make sure to [update your HoloLens](hololens-update-hololens.md) to get all the latest features.
- Support for FIDO2 Security Keys to enable secure and easy authentication for shared devices
- Seamlessly apply a provisioning package from a USB drive to your HoloLens
- Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system
- Use Windows Autopilot to set up and pre-configure new devices, quickly getting them ready for productive use. To participate in the program you'll need to meet a few requirements. While the program is in preview mode you'll need to be using Microsoft Intune. You'll need to use a tenant that is flighted for HoloLens. Lastly you'll need to have installed an insider preview buildon your HoloLens 2. To praticipate in the preview of this new program send a note to hlappreview@microsoft.com to join the preview.
- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
- Support for additional system voice commands
- An updated Cortana app with a focus on productivity
- Hand Tracking improvements to reduce the tendency to close the index finger when pointing. This should make button pressing and 2D slate usage feel more accurate
- Performance and stability improvements across the product
- More information in settings on HoloLens about the policy pushed to the device
Once you've had a chance to explore these new capabilities, use the Feedback Hub app to let us know what you think. Feedback you provide in the Feedback Hub goes directly to our engineers.
### FIDO 2 support
Many of you share a HoloLens with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long user names and passwords. FIDO lets anyone in your organization (AAD tenant) seamlessly sign in to HoloLens without entering a username or password.
Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started.
### Provisioning package updates
Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel.
1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC.
1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices**
1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device.
1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
### System voice commands
You can now access these commands with your voice:
- "Restart device"
- "Shutdown device"
- "Brightness up"
- "Brightness down"
- "Volume up"
- "Volume down"
- "What is my IP address?"
- "Take a picture"
- "Take a video" / "Stop recording"
If you're running your system with a different language, please try the appropriate commands in that language.
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
There's currently an issue we're investigating that requires you to launch the app once after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Dark mode
Many Windows apps support both dark and light modes, and now HoloLens customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to **Settings > System > Colors to find "Choose your default app mode."**
Here are some of the in-box apps that support Dark mode!
- Settings
- Microsoft Store
- Mail
- Calendar
- File Explorer
- Feedback Hub
- OneDrive
- Photos
- 3D Viewer
- Movies & TV
### Windows Autopilot for HoloLens 2
This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE).
When a user starts the Autopilot self-deploying process, the process completes the following steps:
1. Join the device to Azure Active Directory (Azure AD).
2. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
3. Download the device-targeted policies, certificates, and networking profiles.
4. Provision the device.
5. Present the sign-in screen to the user.
For full information about Autopilot, see [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md).
We'll be updating this page again with new features again as we release them to Windows Insider builds.
### FFU download and flash directions
To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu.

242
devices/hololens/hololens-release-notes.md
View File

@ -1,5 +1,5 @@
---
title: HoloLens release notes
title: HoloLens 2 release notes
description: Learn about updates in each new HoloLens release.
author: scooley
ms.author: scooley
@ -8,25 +8,165 @@ ms.prod: hololens
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 12/02/2019
ms.date: 05/12/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
- HoloLens 2
---
# HoloLens release notes
# HoloLens 2 release notes
## HoloLens 2
## Windows Holographic, version 2004
Build - 19041.1103
| Feature | Description |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|
| Windows Autopilot | Pre-configure and seamlessly set up new devices for production, with Windows AutoPilot |
| FIDO 2 support | Support for FIDO2 Security Keys to enable fast and secure authentication for shared devices |
| Improved provisioning | Seamlessly apply a provisioning package from a USB drive to your HoloLens |
| Application install status | Check install status for apps have been pushed to HoloLens 2 via MDM, in the Settings app |
| Configuration Service Providers (CSPs) | Added new Configuration Service Providers (CSPs) enhancing admin control capabilities. |
| USB 5G/LTE support | Expanded USB Ethernet capability enables support for 5G/LTE dongles |
| Dark App Mode | Dark App Mode for apps that support both dark and light modes, improving the viewing experience |
| Voice Commands | Support for additional system voice commands to control HoloLens, hands-free |
| Hand Tracking improvements | Hand Tracking improvements make buttons and 2D slate interactions more accurate |
| Quality improvements and fixes | Various system performance and reliability improvements across the platform |
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
### April Update - build 18362.1059
### Support for Windows Autopilot
Windows Autopilot for HoloLens 2 lets the device sales channel pre-enroll HoloLens into your Intune tenant. When devices arrive, theyre ready to self-deploy as shared devices under your tenant. To take advantage of self-deployment, devices will need to connect to a network during the first screen in setup using either a USB-C to ethernet dongle or USB-C to LTE dongle.
When a user starts the Autopilot self-deploying process, the process completes the following steps:
1. Join the device to Azure Active Directory (Azure AD).
1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
1. Download the device-targeted policies, certificates, and networking profiles.
1. Provision the device.
1. Present the sign-in screen to the user.
Learn more from the [Windows Autopilot for HoloLens 2 evaluation guide](https://docs.microsoft.com/hololens/hololens2-autopilot).
**Contact your Account Manager to join the AutoPilot preview now. Autopilot-ready devices will begin shipping soon.**
### FIDO2 Security Key support
Many of you share a HoloLens device with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long usernames and passwords.
FIDO lets anyone in your organization (AAD tenant) seamlessly sign into HoloLens without entering a username or password.
FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign-in to their resources without a username or password using an external security key or a platform key built into a device.
Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started.
### Improved MDM enrollment via provisioning package
Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel. In addition, provisioning packages support a new field to enroll in device management so there is no manual set up post-provisioning.
1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC.
1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices**
1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device.
1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package.
### Line of Business application install status
MDM app deployment and management for Line of Business (LOB) apps is critical for our customers. Admins and users need to be able to view app install status, for auditing and diagnosis purposes. In this release we are adding more details in **Settings > Accounts > Access work or school > Click on your account > Info.**
### Additional CSPs and Policies
A [configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference?redirectedfrom=MSDN) is an interface to read, set, modify, or delete configuration settings on a device. In this release, we are adding support for more policies, increasing the control administrators have over deployed HoloLens devices. For the list of CSPs supported by HoloLens, visit this [link](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). New in this release:
**Policy CSP**
The Policy configuration service provider enables the enterprise to configure policies on Windows devices. In this release, we are adding new policies for HoloLens, listed below. You can learn more about supported policies [here](https://docs.microsoft.com/windows/client-management/mdm/policies-supported-by-hololens2).
- LetAppsAccessCamera_ForceAllowTheseApps
- LetAppsAccessCamera_ForceDenyTheseApps
- LetAppsAccessCamera_UserInControlOfTheseApps
- LetAppsAccessGazeInput
- LetAppsAccessGazeInput_ForceAllowTheseApps
- LetAppsAccessGazeInput_ForceDenyTheseApps
- LetAppsAccessGazeInput_UserInControlOfTheseApps
- LetAppsAccessMicrophone_ForceAllowTheseApps
- LetAppsAccessMicrophone_ForceDenyTheseApps
- LetAppsAccessMicrophone_UserInControlOfTheseApps
- AllowWiFi
**NetworkQoSPolicy CSP**
The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. You can learn more about this policy [here](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp).
### Expanded USB Ethernet support for 5G/LTE tethered devices
Support has been added to enable certain mobile broadband devices, such as 5G/LTE phones and WiFi hotpots when tethered to the HoloLens 2 via USB. These devices will be displayed in network settings as another ethernet connection. Mobile broadband devices that require an external driver are not supported. This enables high bandwidth connections in scenarios where WiFi is not available, and WiFi tethering isnt performant enough. You can learn more about supported USB devices [here](https://docs.microsoft.com/hololens/hololens-connect-devices).
### Hand Tracking Improvements
Hand tracking has received several improvements in this release.
- **Pointing pose stability:** The system will now resist bending the index finger when it becomes occluded by the palm. This improves accuracy when pushing buttons, typing, scrolling content, and more!
- **Reduced accidental AirTaps:** Weve improved detection of the AirTap gesture. Now there are fewer accidental activations in several common cases, such as dropping your hands to your side.
- **User switch reliability:** The system is now faster and more reliable at updating the hand size when sharing a device back and forth.
- **Reduced hand stealing:** Weve improved handling of cases where there are more than 2 hands in view of the sensors. If multiple people are working close together, there is now a much lower chance that the tracked hand will jump from the user to the hand of someone else in the scene.
- **System reliability:** Fixed an issue that would cause hand tracking to stop working for a period if the device is under high load.
### Dark mode
Many Windows apps now support both dark and light modes, and HoloLens 2 customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to Settings > System > Colors to find "Choose your default app mode." Here are some of the in-box apps that support Dark mode:
- Settings
- Microsoft Store
- Mail
- Calendar
- File Explorer
- Feedback Hub
- OneDrive
- Photos
- 3D Viewer
- Movies & TV
![Dark mode windows tiled](images/hololens-darkmode-tiled-picture.jpg)
### System voice commands
You can now quickly access and use commands with your voice while using any app on the device. If you're running your system with a different language, please try the appropriate commands in that language. For more details on the commands and how to use them, see our documentation [here](https://docs.microsoft.com/hololens/hololens-cortana).
### Cortana updates
The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands mentioned above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/).
> [!NOTE]
> There's currently an issue we're investigating that requires you to launch the app after booting the device in order to use the "Hey Cortana" keyword activation, and if you updated from a 18362 build, you may see an app tile for the previous version of the Cortana app in Start that no longer works.
### Quality improvements and fixes
Improvements and Fixes also in the update:
- The update introduces an active display calibration system. This improves the stability and alignment of holograms, which helps them stay in place when moving your head side-to-side.
- Fixed a bug where Wi-Fi streaming to HoloLens gets disrupted periodically. If an application indicates that it needs low latency streaming this fix is can be accomplished by calling [this function](https://docs.microsoft.com/windows/win32/api/socketapi/nf-socketapi-setsocketmediastreamingmode).
- Fixed an issue where the device could hang during streaming in research mode.
- Fixed bug where in some cases the right user would not be displayed on sign-in screen when resuming session.
- Fixed an issue where users could not export MDM logs through settings.
- Fixed an issue where the accuracy of eye tracking immediately following out-of-box-setup could be lower than specification.
- Fixed an issue where eye tracking subsystem would fail to initialize and/or perform calibration under certain conditions.
- Fixed an issue where eye calibration would be prompted for an already calibrated user.
- Fixed an issue where a driver would crash during eye calibration.
- Fixed an issue where repeated power button presses can cause a 60 second system time-out and shell crash.
- Improved stability for depth buffers.
- Added Share button in Feedback Hub so users can more easily share feedback.
- Fixed a bug where RoboRaid did not install correctly.
## Windows Holographic, version 1903 - May 2020 Update
- Build 18362.1061
This monthly quality update does not contain any changes of note because the team has been focused on providing you with the highest quality Feature Update now available in the Windows Holographic, version 2004 May Update detailed above. Please take this opportunity to move to the latest feature update to get a ton of exciting new changes.
## Windows Holographic, version 1903 - April 2020 Update
- Build 18362.1059
**Dark mode for supported apps**
@ -51,100 +191,50 @@ Here are some of the in-box apps that support dark mode:
- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod DepthReprojection algorithm is used.
- Fixed WinRT IStreamSocketListener API Class Not Registered error on 32-bit ARM app.
### March Update - build 18362.1056
## Windows Holographic, version 1903 - March 2020 Update
- Build 18362.1056
Improvements and fixes in the update:
- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod AutoPlanar algorithm is used.
- Ensures the coordinate system attached to a depth MF sample is consistent with public documentation.
- Developers productivity improvement by enabling customers to paste large amount of text through device portal.
### February Update - build 18362.1053
## Windows Holographic, version 1903 - February 2020 Update
- Build 18362.1053
Improvements and fixes in the update:
- Temporarily disabled the HolographicSpace.UserPresence API for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled.
- Fixed a random HUP crash cased by hand tracking, in which user will notice an UI freeze then back to shell after several seconds.
- We made an improvement in hand tracking so that while poking using index finger, the upper part of that finger will be less likely to curl unexpectedly.
- Improved reliability of head tracking, spatial mapping, and other runtimes.
### January Update - build 18362.1043
## Windows Holographic, version 1903 - January 2020 Update
- Build 18362.1043
Improvement in the update:
- Stability improvements for exclusive apps when working with the HoloLens 2 emulator.
### December Update - build 18362.1042
## Windows Holographic, version 1903 - December 2019 Update
- Build 18362.1042
Improvements and fixes in the update:
- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
- Fixes stability of exclusive apps and navigation between exclusive apps.
- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
- Improves hologram stability.
### November Update - build 18362.1039
## Windows Holographic, version 1903 - November 2019 Update
- Build 18362.1039
Improvements and fixes in the update:
- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions.
- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again.
- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator.
## HoloLens (1st gen)
### Windows 10 Holographic, version 1809
> **Applies to:** Hololens (1st gen)
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png) |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
#### For international customers
| Feature | Details |
| --- | --- |
| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
#### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) |IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
![Provisioning HoloLens devices](images/provision-hololens-devices.png)
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

84
devices/hololens/hololens1-release-notes.md Normal file
View File

@ -0,0 +1,84 @@
---
title: HoloLens 1st (Gen) release notes
description: Learn about updates in each new HoloLens release.
author: evmill
ms.author: v-evmill
manager: yannisle
ms.prod: hololens
ms.sitesec: library
ms.topic: article
ms.localizationpriority: medium
ms.date: 05/12/2020
ms.custom:
- CI 111456
- CSSTroubleshooting
audience: ITPro
appliesto:
- HoloLens 1
---
# HoloLens 1st (Gen) release notes
### Windows 10 Holographic, version 1809
> **Applies to:** Hololens (1st gen)
| Feature | Details |
|---|---|
| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. <br> See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br> |
| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) |
| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). |
| **HoloLens overlays**<br>(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. |
| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. |
| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
#### For international customers
| Feature | Details |
| --- | --- |
| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.<br>[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
#### For administrators
| Feature | Details |
|---|----|
| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with yourpassword. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when promptedduring web sign-in. |
| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
| Set HoloLens device name through MDM (rename) |IT administrators can see and rename HoloLens devices in their MDM console. Refer toyour MDM documentationfor feature availability and instructions. |
### Windows 10, version 1803 for Microsoft HoloLens
> **Applies to:** Hololens (1st gen)
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard).
- When you create a local account in a provisioning package, the password no longer expires every 42 days.
- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.

BIN
devices/hololens/images/hololens-darkmode-tiled-picture.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

2
devices/surface/surface-enterprise-management-mode.md
View File

@ -96,7 +96,7 @@ The following list shows all the available devices you can manage in SEMM:
|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the Boot page is displayed. |
| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |

2
windows/deployment/update/media-dynamic-update.md
View File

@ -42,7 +42,7 @@ You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https
![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles](images/update-catalog.png)
The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the s. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in <em>bold</em> the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in <em>bold</em> the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
|To find this Dynamic Update packages, search for or check the results here--> |Title |Product |Description (select the **Title** link to see **Details**) |

8
windows/security/identity-protection/access-control/active-directory-security-groups.md
View File

@ -1345,7 +1345,7 @@ This security group has not changed since Windows Server 2008.
Members of the DnsUpdateProxy group are DNS clients. They are permitted to perform dynamic updates on behalf of other clients (such as DHCP servers). A DNS server can develop stale resource records when a DHCP server is configured to dynamically register host (A) and pointer (PTR) resource records on behalf of DHCP clients by using dynamic update. Adding clients to this security group mitigates this scenario.
However, to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates by using the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account.
However, to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates by using the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account. This group exists only if the DNS server role is or was once installed on a domain controller in the domain.
For information, see [DNS Record Ownership and the DnsUpdateProxy Group](https://technet.microsoft.com/library/dd334715.aspx).
@ -1365,7 +1365,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-1103</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-&lt;variable RID&gt;</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -1406,7 +1406,7 @@ This security group has not changed since Windows Server 2008.
### <a href="" id="bkmk-dnsadmins"></a>DnsAdmins
Members of DNSAdmins group have access to network DNS information. The default permissions are as follows: Allow: Read, Write, Create All Child objects, Delete Child objects, Special Permissions.
Members of DNSAdmins group have access to network DNS information. The default permissions are as follows: Allow: Read, Write, Create All Child objects, Delete Child objects, Special Permissions. This group exists only if the DNS server role is or was once installed on a domain controller in the domain.
For more information about security and DNS, see [DNSSEC in Windows Server 2012](https://technet.microsoft.com/library/dn593694(v=ws.11).aspx).
@ -1426,7 +1426,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-1102</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-&lt;variable RID&gt;</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>

6
windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md
View File

@ -63,11 +63,11 @@ Device Registration is a prerequisite to Windows Hello for Business provisioning
| Phase | Description |
| :----: | :----------- |
| A | The user signs in to a domain joined Windows 10 computers using domain credentials. This can be user name and password or smart card authentication. The user sign-in triggers the Automatic Device Join task.|
| A | The user signs in to a domain joined Windows 10 computers using domain credentials. This can be user name and password or smart card authentication. The user sign-in triggers the Automatic Device Join task. Note: the Automatic Device Join tasks is triggered on domain join as well as retried every hour. It does not solely depend on the user sign-in.|
|B | The task queries Active Directory using the LDAP protocol for the keywords attribute on service connection point stored in the configuration partition in Active Directory (CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com). The value returned in the keywords attribute determines if device registration is directed to Azure Device Registration Service (ADRS) or the enterprise device registration service hosted on-premises.|
|C | For the managed environment, the task creates an initial authentication credential in the form of a self-signed certificate. The task write the certificate to the userCertificate attribute on the computer object in Active Directory using LDAP.
|D |The computer cannot authenticate to Azure DRS until a device object representing the computer that includes the certificate on the userCertificate attribute is created in Azure Active Directory. Azure AD Connect detects an attribute change. On the next synchronization cycle, Azure AD Connect sends the userCertificate, object GUID, and computer SID to Azure DRS. Azure DRS uses the attribute information to create a device object in Azure Active Directory.|
|E | The Automatic Device Join task triggers with each user sign-in and tries to authenticate the computer to Azure Active Directory using the corresponding private key of the public key in the userCertificate attribute. Azure Active Directory authenticates the computer and issues a ID token to the computer.|
|E | The Automatic Device Join task triggers with each user sign-in or every hour, and tries to authenticate the computer to Azure Active Directory using the corresponding private key of the public key in the userCertificate attribute. Azure Active Directory authenticates the computer and issues a ID token to the computer.|
|F | The task creates TPM bound (preferred) RSA 2048 bit key-pair known as the device key (dkpub/dkpriv). The application create a certificate request using dkpub and the public key and signs the certificate request with using dkpriv. Next, the application derives second key pair from the TPM's storage root key. This is the transport key (tkpub/tkpriv).|
|G | The task sends a device registration request to Azure DRS that includes the ID token, certificate request, tkpub, and attestation data. Azure DRS validates the ID token, creates a device ID, and creates a certificate based on the included certificate request. Azure DRS then updates the device object in Azure Active Directory and sends the device ID and the device certificate to the client.|
|H | Device registration completes by receiving the device ID and the device certificate from Azure DRS. The device ID is saved for future reference (viewable from dsregcmd.exe /status), and the device certificate is installed in the Personal store of the computer. With device registration complete, the task exits.|
@ -78,7 +78,7 @@ Device Registration is a prerequisite to Windows Hello for Business provisioning
| Phase | Description |
| :----: | :----------- |
| A | The user signs in to a domain joined Windows 10 computers using domain credentials. This can be user name and password or smart card authentication. The user sign-in triggers the Automatic Device Join task.|
| A | The user signs in to a domain joined Windows 10 computers using domain credentials. This can be user name and password or smart card authentication. The user sign-in triggers the Automatic Device Join task. Note: the Automatic Device Join tasks is triggered on domain join as well as retried every hour. It does not solely depend on the user sign-in. |
|B | The task queries Active Directory using the LDAP protocol for the keywords attribute on service connection point stored in the configuration partition in Active Directory (CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com). The value returned in the keywords attribute determines if device registration is directed to Azure Device Registration Service (ADRS) or the enterprise device registration service hosted on-premises.|
|C | For the federated environments, the computer authenticates the enterprise device registration endpoint using Windows integrated authentication. The enterprise device registration service creates and returns a token that includes claims for the object GUID, computer SID, and domain joined state. The task submits the token and claims to Azure Active Directory where it is validated. Azure Active Directory returns an ID token to the running task.
|D | The application creates TPM bound (preferred) RSA 2048 bit key-pair known as the device key (dkpub/dkpriv). The application create a certificate request using dkpub and the public key and signs the certificate request with using dkpriv. Next, the application derives second key pair from the TPM's storage root key. This is the transport key (tkpub/tkpriv).|

1
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
View File

@ -33,6 +33,7 @@ Before adding Azure Active Directory (Azure AD) joined devices to your existing
- Certificate Revocation List (CRL) Distribution Point (CDP)
- 2016 Domain Controllers
- Domain Controller certificate
- Network infrastructure in place to reach your on-premises domain controller. If the machines are external, this can be achieved using any VPN solution.
### Azure Active Directory Connect synchronization
Azure AD join, as well as hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure. To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you are using a key or a certificate. Ensure you have Azure AD Connect installed and functioning properly. To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect).

14
windows/security/identity-protection/vpn/vpn-office-365-optimization.md
View File

@ -239,12 +239,12 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".ps1")
# Extract the Profile XML from the ps1 file #
$regex = '(?sm).*^*.<VPNPROFILE>\r?\n(.*?)\r?\n</VPNProfile>.*'
$regex = '(?sm).*^*.<VPNProfile>\r?\n(.*?)\r?\n</VPNProfile>.*'
# Create xml format variable to compare with the optimize list #
$xmlbody=(Get-Content -Raw $VPNprofilefile) -replace $regex, '$1'
[xml]$VPNprofilexml="<VPNPROFILE>"+$xmlbody+"</VPNPROFILE>"
[xml]$VPNprofilexml="<VPNProfile>"+$xmlbody+"</VPNProfile>"
# Loop through each address found in VPNPROFILE XML section #
foreach ($Route in $VPNprofilexml.VPNProfile.Route)
@ -349,7 +349,7 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml")
$In_VPN_Only=$null # Variable to hold IP Addresses that only appear in the VPN profile XML file #
# Extract the Profile XML from the XML file #
$regex = '(?sm).*^*.<VPNPROFILE>\r?\n(.*?)\r?\n</VPNProfile>.*'
$regex = '(?sm).*^*.<VPNProfile>\r?\n(.*?)\r?\n</VPNProfile>.*'
# Create xml format variable to compare with optimize list #
$xmlbody=(Get-Content -Raw $VPNprofilefile) -replace $regex, '$1'
@ -367,7 +367,7 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml")
# In VPN list only #
$In_VPN_only =$ARRVPN | Where {$optimizeIpsv4 -NotContains $_}
[array]$Inpfile = get-content $VPNprofilefile
[System.Collections.ArrayList]$Inpfile = get-content $VPNprofilefile
if ($In_Opt_Only.Count -gt 0 )
{
@ -377,10 +377,10 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml")
{
# Add the missing IP address(es) #
$IPInfo=$NewIP.Split("/")
$inspoint = $Inpfile[0].IndexOf("</VPNProfile")
$routes += "<Route>"+"<Address>"+$IPInfo[0].Trim()+"</Address>"+"<PrefixSize>"+$IPInfo[1].Trim()+"</PrefixSize>"+"<ExclusionRoute>true</ExclusionRoute>"+"</Route>"
$routes += "<Route>`n"+"`t<Address>"+$IPInfo[0].Trim()+"</Address>`n"+"`t<PrefixSize>"+$IPInfo[1].Trim()+"</PrefixSize>`n"+"`t<ExclusionRoute>true</ExclusionRoute>`n"+"</Route>`n"
}
$Inpfile = $Inpfile[0].Insert($inspoint,$routes)
$inspoint = $Inpfile.IndexOf("</VPNProfile>")
$Inpfile.Insert($inspoint,$routes)
# Update filename and write new XML file #
$NewFileName=(Get-Item $VPNprofilefile).Basename + "-NEW.xml"

BIN
windows/security/threat-protection/microsoft-defender-atp/images/secconmgmt_baseline_intuneprofile2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 38 KiB

After

Width:  |  Height:  |  Size: 31 KiB

2
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
View File

@ -83,7 +83,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
- SUSE Linux Enterprise Server 12 or higher
- Oracle Linux 7.2 or higher
- Minimum kernel version 2.6.38
- Minimum kernel version 3.10.0-327
- The `fanotify` kernel option must be enabled
> [!CAUTION]
> Running Microsoft Defender ATP for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system.

22
windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
View File

@ -22,7 +22,7 @@ ms.custom: nextgen
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Block at first sight is a feature of next-generation protection that provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are also enabled. In most cases, these prerequisite settings are also enabled by default, so the feature is running without any intervention.
Block at first sight provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are also enabled. In most cases, these prerequisite settings are also enabled by default, so the feature is running without any intervention.
You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file. And, you can [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL.
@ -117,14 +117,28 @@ For a list of Windows Defender Antivirus device restrictions in Intune, see [Dev
If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered.
### Confirm block at first sight is enabled with the Windows Security app
### Confirm block at first sight is enabled with Registry editor
You can confirm that block at first sight is enabled in your Windows security settings.
1. Start Registry Editor.
Block at first sight is automatically enabled as long as **Cloud-delivered protection** and **Automatic sample submission** are both turned on.
2. Go to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet**, and make sure that
1. **SpynetReporting** key is set to **1**
2. **SubmitSamplesConsent** key is set to either **1** (Send safe samples) or **3** (Send all samples)
3. Go to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection**, and make sure that
1. **DisableIOAVProtection** key is set to **0**
2. **DisableRealtimeMonitoring** key is set to **0**
### Confirm Block at First Sight is enabled on individual clients
You can confirm that block at first sight is enabled on individual clients using Windows security settings.
Block at first sight is automatically enabled as long as **Cloud-delivered protection** and **Automatic sample submission** are both turned on.
1. Open the Windows Security app.
2. Select **Virus & threat protection**, and then, under **Virus & threat protection settings**, select **Manage Settings**.

2
windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
View File

@ -284,8 +284,6 @@ The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\
- %windir%\Ntds\Ntds*.pat
- %windir%\Ntds\EDB*.log
- %windir%\Ntds\TEMP.edb
#### The NTDS working folder

8
windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
View File

@ -74,8 +74,8 @@ Comma separated list of local addresses covered by the rule. Valid tokens includ
- \* indicates any local address. If present, this must be the only token included.
- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask default is 255.255.255.255.
- A valid IPv6 address.
- An IPv4 address range in the format of "start address - end address" with no spaces included.
- An IPv6 address range in the format of "start address - end address" with no spaces included. Default is Any address.
- An IPv4 address range in the format of "start address-end address" with no spaces included.
- An IPv6 address range in the format of "start address-end address" with no spaces included. Default is Any address.
[Learn more](https://aka.ms/intunefirewalllocaladdressrule)
@ -93,8 +93,8 @@ List of comma separated tokens specifying the remote addresses covered by the ru
- LocalSubnet indicates any local address on the local subnet.
- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.
- A valid IPv6 address.
- An IPv4 address range in the format of "start address - end address" with no spaces included.
- An IPv6 address range in the format of "start address - end address" with no spaces included.
- An IPv4 address range in the format of "start address-end address" with no spaces included.
- An IPv6 address range in the format of "start address-end address" with no spaces included.
Default is Any address.