deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into onboarding-server

Browse Source
This commit is contained in:
Joey Caparas 2020-04-24 10:59:15 -07:00
commit 14446551fa
44 changed files with 493 additions and 921 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.openpublishing.redirection.json
View File

@ -762,17 +762,17 @@
},
{
"source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings",
"redirect_url": "hhttps://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview",
"redirect_url": "https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
"redirect_document_id": true
},
{
"source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device",
"redirect_url": "https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
"redirect_document_id": true
},
{
@ -7832,11 +7832,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit",
"redirect_document_id": true
@ -7887,16 +7882,6 @@
"redirect_document_id": true
},
{
"source_path": "windows/deploy/integrate-configuration-manager-with-mdt-2013.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt-2013",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt",
"redirect_document_id": true
},
{
"source_path": "windows/deploy/introduction-vamt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/volume-activation/introduction-vamt",
"redirect_document_id": true
@ -13108,7 +13093,7 @@
},
{
"source_path": "windows/keep-secure/windows-defender-smartscreen-available-settings.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings",
"redirect_url": "https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
"redirect_document_id": true
},
{
@ -13118,7 +13103,7 @@
},
{
"source_path": "windows/keep-secure/windows-defender-smartscreen-set-individual-device.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device",
"redirect_url": "https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
"redirect_document_id": true
},
{
@ -15778,7 +15763,7 @@
},
{
"source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
"redirect_document_id": false
},
{
@ -15792,21 +15777,11 @@
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/integrate-configuration-manager-with-mdt",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
"redirect_document_id": false
@ -15875,6 +15850,10 @@
"source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
"redirect_document_id": false
},
{
"source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt", "redirect_document_id": false
}
]
}

9
browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
View File

@ -1,12 +1,13 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.date: 04/23/2020
ms.reviewer:
audience: itpro manager: dansimp
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
[Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy):
This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
[Microsoft browser extension policy](https://docs.microsoft.com/legal/microsoft-edge/microsoft-browser-extension-policy):
This article describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content these browsers display. Techniques that aren't explicitly listed in this article are considered to be **unsupported**.

4
devices/hololens/hololens-enroll-mdm.md
View File

@ -29,7 +29,7 @@ You can manage multiple Microsoft HoloLens devices simultaneously using solution
## Auto-enrollment in MDM
If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/mem/intune/enrollment/windows-enroll#enable-windows-10-automatic-enrollment)
When auto-enrollment is enabled, no additional manual enrollment is needed. When the user signs in with an Azure AD account, the device is enrolled in MDM after completing the first-run experience.
@ -45,4 +45,4 @@ Your device is now enrolled with your MDM server. The device will need to restar
## Unenroll HoloLens from Intune
You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.

2
devices/hololens/hololens2-autopilot.md
View File

@ -107,7 +107,7 @@ To register a HoloLens device in the Windows Autopilot program, you have to obta
**Retrieve a device hardware hash**
1. Start the HoloLens 2 device, and make sure that you sign in by using an account that is the device owner.
1. Start the HoloLens 2 device.
1. On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files.
1. Use a USB-C cable to connect the device to a computer.
1. On the computer, open File Explorer. Open **This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents**, and locate the AutopilotDiagnostics.zip file.

62
devices/surface/support-solutions-surface.md
View File

@ -1,5 +1,5 @@
---
title: Top support solutions for Surface devices
title: Top support solutions for Surface devices in the enterprise
description: Find top solutions for common issues using Surface devices in the enterprise.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
ms.reviewer:
@ -20,16 +20,36 @@ ms.audience: itpro
# Top support solutions for Surface devices
> [!Note]
> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated. For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
These are the Microsoft Support solutions for common issues you may experience using Surface devices in an enterprise. If your issue is not listed here, [contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection).
## Surface Drivers and Firmware
These are the top Microsoft Support solutions for common issues experienced when using Surface devices in an enterprise.
Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated.
- [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history)
- [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined)
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482)
- [Deploy the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices)
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906)
## Surface Dock Issues
- [Troubleshoot Surface Dock and docking stations](https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations)
- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
## Device cover or keyboard issues
- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
## Screen cracked or scratched issues
- [Contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection)
- [Contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection)
## Surface Power or battery Issues
@ -41,29 +61,13 @@ These are the top Microsoft Support solutions for common issues experienced when
- [Maximize your Surface battery life](https://support.microsoft.com/help/4483194)
## Device cover or keyboard issues
## Reset device
- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
- [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/help/4023512)
## Surface Dock Issues
- [FAQ: Protecting your data if you send your Surface in for Service](https://support.microsoft.com/help/4023508)
- [Troubleshoot Surface Dock and docking stations](https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations)
- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
## Surface Drivers and Firmware
- [Surface Update History](https://support.microsoft.com/help/4036283)
- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482)
- [Deploy the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices)
- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906)
- [Microsoft Surface Data Eraser](https://docs.microsoft.com/surface/microsoft-surface-data-eraser)
## Deployment Issues
@ -72,11 +76,3 @@ These are the top Microsoft Support solutions for common issues experienced when
- [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105)
- [System SKU reference](https://docs.microsoft.com/surface/surface-system-sku-reference)
## Reset device
- [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/help/4023512)
- [FAQ: Protecting your data if you send your Surface in for Service](https://support.microsoft.com/help/4023508)
- [Microsoft Surface Data Eraser](https://docs.microsoft.com/surface/microsoft-surface-data-eraser)

1128
mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md
View File

File diff suppressed because it is too large Load Diff

6
windows/client-management/mdm/defender-csp.md
View File

@ -272,6 +272,8 @@ Supported operation is Get.
<a href="" id="health-quickscanoverdue"></a>**Health/QuickScanOverdue**
Indicates whether a Windows Defender quick scan is overdue for the device.
A Quick scan is overdue when a scheduled Quick scan did not complete successfully for 2 weeks and [catchup Quick scans](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupquickscan) are disabled (default)
The data type is a boolean.
Supported operation is Get.
@ -279,6 +281,8 @@ Supported operation is Get.
<a href="" id="health-fullscanoverdue"></a>**Health/FullScanOverdue**
Indicates whether a Windows Defender full scan is overdue for the device.
A Full scan is overdue when a scheduled Full scan did not complete successfully for 2 weeks and [catchup Full scans](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-disablecatchupfullscan) are disabled (default)
The data type is a boolean.
Supported operation is Get.
@ -422,4 +426,4 @@ Supported operations are Get and Execute.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
[Configuration service provider reference](configuration-service-provider-reference.md)

3
windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
View File

@ -21,7 +21,7 @@ ms.topic: article
- Windows 10
In Microsoft Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
- The boot image that is created is based on the version of ADK that is installed.
For the purposes of this guide, we will use one server computer: CM01.
@ -90,7 +90,6 @@ Next, see [Add a Windows 10 operating system image using Configuration Manager](
## Related topics
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)<br>
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)<br>

8
windows/deployment/update/fod-and-lang-packs.md
View File

@ -1,6 +1,6 @@
---
title: Windows 10 - How to make FoD and language packs available when you're using WSUS/SCCM
description: Learn how to make FoD and language packs available when you're using WSUS/SCCM
title: Windows 10 - How to make FoD and language packs available when you're using WSUS or Configuration Manager
description: Learn how to make FoD and language packs available when you're using WSUS or Configuration Manager
ms.prod: w10
ms.mktglfcycl: manage
@ -14,7 +14,7 @@ ms.reviewer:
manager: laurawi
ms.topic: article
---
# How to make Features on Demand and language packs available when you're using WSUS/SCCM
# How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager
> Applies to: Windows 10
@ -26,6 +26,6 @@ In Windows 10 version 1709 and 1803, changing the **Specify settings for optiona
In Windows 10 version 1809 and beyond, changing the **Specify settings for optional component installation and component repair** policy also influences how language packs are acquired, however language packs can only be acquired directly from Windows Update. Its currently not possible to acquire them from a network share. Specifying a network location works for FOD packages or corruption repair, depending on the content at that location.
For all OS versions, changing the **Specify settings for optional component installation and component repair** policy does not affect how OS updates are distributed. They continue to come from WSUS or SCCM or other sources as you have scheduled them, even while optional content is sourced from Windows Update or a network location.
For all OS versions, changing the **Specify settings for optional component installation and component repair** policy does not affect how OS updates are distributed. They continue to come from WSUS, Configuration Manager, or other sources as you have scheduled them, even while optional content is sourced from Windows Update or a network location.
Learn about other client management options, including using Group Policy and administrative templates, in [Manage clients in Windows 10](https://docs.microsoft.com/windows/client-management/).

6
windows/deployment/update/how-windows-update-works.md
View File

@ -106,7 +106,7 @@ When users start scanning in Windows Update through the Settings panel, the foll
|MU|7971f918-a847-4430-9279-4a52d1efe18d|
|Store|855E8A7C-ECB4-4CA3-B045-1DFA50104289|
|OS Flighting|8B24B027-1DEE-BABB-9A95-3517DFB9C552|
|WSUS or SCCM|Via ServerSelection::ssManagedServer <br>3DA21691-E39D-4da6-8A4B-B43877BCB1B7 |
|WSUS or Configuration Manager|Via ServerSelection::ssManagedServer <br>3DA21691-E39D-4da6-8A4B-B43877BCB1B7 |
|Offline scan service|Via IUpdateServiceManager::AddScanPackageService|
#### Finds network faults
@ -117,9 +117,9 @@ Common update failure is caused due to network issues. To find the root of the i
- The WU client uses SLS (Service Locator Service) to discover the configurations and endpoints of Microsoft network update sources WU, MU, Flighting.
> [!NOTE]
> Warning messages for SLS can be ignored if the search is against WSUS/SCCM.
> Warning messages for SLS can be ignored if the search is against WSUS or Configuration Manager.
- On sites that only use WSUS/SCCM, the SLS may be blocked at the firewall. In this case the SLS request will fail, and cant scan against Windows Update or Microsoft Update but can still scan against WSUS/SCCM, since its locally configured.
- On sites that only use WSUS or Configuration Manager, the SLS may be blocked at the firewall. In this case the SLS request will fail, and cant scan against Windows Update or Microsoft Update but can still scan against WSUS or Configuration Manager, since its locally configured.
![Windows Update scan log 3](images/update-scan-log-3.png)
## Downloading updates

4
windows/deployment/update/waas-delivery-optimization-reference.md
View File

@ -110,7 +110,7 @@ Download mode dictates which download sources clients are allowed to use when do
| Group (2) | When group mode is set, the group is automatically selected based on the devices Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
| Internet (3) | Enable Internet peer sources for Delivery Optimization. |
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
|Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using SCCM. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. |
|Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using Configuration Manager. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. |
>[!NOTE]
>Group mode is a best-effort optimization and should not be relied on for an authentication of identity of devices participating in the group.
@ -119,7 +119,7 @@ Download mode dictates which download sources clients are allowed to use when do
By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
[//]: # (SCCM Boundary Group option; GroupID Source policy)
[//]: # (Configuration Manager Boundary Group option; GroupID Source policy)
>[!NOTE]
>To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/)

2
windows/deployment/update/waas-delivery-optimization.md
View File

@ -54,7 +54,7 @@ The following table lists the minimum Windows 10 version that supports Delivery
| Windows Defender definition updates | 1511 |
| Office Click-to-Run updates | 1709 |
| Win32 apps for Intune | 1709 |
| SCCM Express Updates | 1709 + Configuration Manager version 1711 |
| Configuration Manager Express Updates | 1709 + Configuration Manager version 1711 |
<!-- ### Network requirements

2
windows/deployment/update/waas-wu-settings.md
View File

@ -112,7 +112,7 @@ Use **Computer Configuration\Administrative Templates\Windows Components\Windows
### Enable client-side targeting
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. This allows admins to configure device groups that will receive different updates from sources like WSUS or SCCM.
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. This allows admins to configure device groups that will receive different updates from sources like WSUS or Configuration Manager.
This Group Policy setting can be found under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Enable client-side targeting**.
If the setting is set to **Enabled**, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer.

4
windows/deployment/update/windows-update-troubleshooting.md
View File

@ -164,7 +164,7 @@ Check that your device can access these Windows Update endpoints:
Whitelist these endpoints for future use.
## Updates aren't downloading from the intranet endpoint (WSUS/SCCM)
## Updates aren't downloading from the intranet endpoint (WSUS or Configuration Manager)
Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:
1. Start Windows PowerShell as an administrator
2. Run \$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager".
@ -204,7 +204,7 @@ From the WU logs:
In the above log snippet, we see that the Criteria = "IsHidden = 0 AND DeploymentAction=*". "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results.
Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are 0 updates to install or download. This is due to bad setup or configuration in the environment. The WSUS side should approve the patches for WU so that it fetches the updates and installs it on the specified time according to the policy. Since this scenario doesn't include SCCM, there's no way to install unapproved updates. And that is the problem you are facing. You expect that the scan should be done by the operational insight agent and automatically trigger download and install but that wont happen here.
Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are 0 updates to install or download. This is due to bad setup or configuration in the environment. The WSUS side should approve the patches for WU so that it fetches the updates and installs it on the specified time according to the policy. Since this scenario doesn't include Configuration Manager, there's no way to install unapproved updates. And that is the problem you are facing. You expect that the scan should be done by the operational insight agent and automatically trigger download and install but that wont happen here.
```console
2018-08-06 10:58:45:992 480 5d8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57]

2
windows/deployment/windows-10-poc-sc-config-mgr.md
View File

@ -859,7 +859,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
sc stop ccmsetup
"\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /Uninstall
```
>If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by CCMSetup /Uninstall and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the SCCM client](https://blogs.technet.microsoft.com/michaelgriswold/2013/01/02/manual-removal-of-the-sccm-client/).
>If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by CCMSetup /Uninstall and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the Configuration Manager client](https://blogs.technet.microsoft.com/michaelgriswold/2013/01/02/manual-removal-of-the-sccm-client/).
9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue:

6
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
View File

@ -1321,7 +1321,7 @@ The following fields are available:
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Microsoft Endpoint Configuration Manager environment.
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Microsoft Endpoint Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier.
@ -3129,7 +3129,7 @@ The following fields are available:
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager.
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
@ -4528,7 +4528,7 @@ The following fields are available:
- **DeviceIsMdmManaged** This device is MDM managed.
- **IsNetworkAvailable** If the device network is not available.
- **IsNetworkMetered** If network is metered.
- **IsSccmManaged** This device is managed by Microsoft Endpoint Configuration Manager.
- **IsSccmManaged** This device is managed by Configuration Manager.
- **NewlyInstalledOs** OS is newly installed quiet period.
- **PausedByPolicy** Updates are paused by policy.
- **RecoveredFromRS3** Previously recovered from RS3.

10
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
View File

@ -1389,9 +1389,9 @@ The following fields are available:
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
### Census.Firmware
@ -3276,7 +3276,7 @@ The following fields are available:
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager.
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
@ -4512,7 +4512,7 @@ The following fields are available:
- **DeviceIsMdmManaged** This device is MDM managed.
- **IsNetworkAvailable** If the device network is not available.
- **IsNetworkMetered** If network is metered.
- **IsSccmManaged** This device is SCCM managed.
- **IsSccmManaged** This device is managed by Configuration Manager.
- **NewlyInstalledOs** OS is newly installed quiet period.
- **PausedByPolicy** Updates are paused by policy.
- **RecoveredFromRS3** Previously recovered from RS3.

8
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
View File

@ -1447,9 +1447,9 @@ The following fields are available:
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
### Census.Firmware
@ -4604,7 +4604,7 @@ The following fields are available:
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager.
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
@ -5632,7 +5632,7 @@ The following fields are available:
- **DeviceIsMdmManaged** This device is MDM managed.
- **IsNetworkAvailable** If the device network is not available.
- **IsNetworkMetered** If network is metered.
- **IsSccmManaged** This device is SCCM managed.
- **IsSccmManaged** This device is managed by Configuration Manager.
- **NewlyInstalledOs** OS is newly installed quiet period.
- **PausedByPolicy** Updates are paused by policy.
- **RecoveredFromRS3** Previously recovered from RS3.

8
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
View File

@ -1952,9 +1952,9 @@ The following fields are available:
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
### Census.Firmware
@ -2994,7 +2994,7 @@ The following fields are available:
- **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network.
- **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device.
- **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device.
- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft Endpoint Configuration Manager client to keep the operating system and applications up to date.
- **IsDeviceSccmManaged** Indicates whether the device is running the Configuration Manager client to keep the operating system and applications up to date.
- **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated.
- **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications.
- **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services).
@ -5410,7 +5410,7 @@ The following fields are available:
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
- **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected.
- **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceSccm** TRUE if the device is managed by Configuration Manager.
- **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
- **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress.
- **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry.

4
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
View File

@ -1733,9 +1733,9 @@ The following fields are available:
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment.
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
### Census.Firmware

4
windows/release-information/resolved-issues-windows-10-1903.yml
View File

@ -51,7 +51,7 @@ sections:
<tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 18362.295<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512508' target='_blank'>KB4512508</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='253msg'></div><b>Initiating a Remote Desktop connection may result in black screen</b><br>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.<br><br><a href = '#253msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='236msg'></div><b>Windows Sandbox may fail to start with error code “0x80070002”</b><br>Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.<br><br><a href = '#236msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='252msg'></div><b>Devices starting using PXE from a WDS or Configuration Manager servers may fail to start</b><br>Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"<br><br><a href = '#252msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>August 30, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -107,7 +107,7 @@ sections:
</pre><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#255msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='254msgdesc'></div><b>Issues updating when certain versions of Intel storage drivers are installed</b><div>Intel and Microsoft have found incompatibility issues with certain versions of the Intel Rapid Storage Technology (Intel RST) drivers and the Windows 10 May 2019 Update (Windows 10, version 1903).&nbsp;&nbsp;</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST&nbsp;drivers, versions<strong> 15.1.0.1002</strong>&nbsp;through version&nbsp;<strong>15.5.2.1053</strong>&nbsp;installed from installing or being offered Windows 10, version 1903 or Windows Server, version 1903, until the driver has been updated.</div><div><br></div><div>Versions&nbsp;<strong>15.5.2.1054 or later</strong>&nbsp;are compatible, and a device that has these drivers installed can install the Windows 10 May 2019 Update.&nbsp;For affected devices, the recommended version is <strong>15.9.8.1050</strong>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#254msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 25, 2019 <br>06:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='253msgdesc'></div><b>Initiating a Remote Desktop connection may result in black screen</b><div>When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#253msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 12, 2019 <br>04:42 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or SCCM servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='252msgdesc'></div><b>Devices starting using PXE from a WDS or Configuration Manager servers may fail to start</b><div>Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing <a href='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a> on a WDS server.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a>.</div><br><a href ='#252msg'>Back to top</a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4512941' target='_blank'>KB4512941</a></td><td>Resolved:<br>August 30, 2019 <br>10:00 AM PT<br><br>Opened:<br>July 10, 2019 <br>02:51 PM PT</td></tr>
</table>
"

2
windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -70,7 +70,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='374msgdesc'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><div>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc&nbsp;&nbsp;WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WUAHandler&nbsp;&nbsp;&nbsp;14/11/2019 16:33:23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;980 (0x03D4)\". <strong>Note</strong> All Configuration Manager information&nbsp;also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).</div><br><a href ='#374msg'>Back to top</a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='374msgdesc'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><div>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc&nbsp;&nbsp;WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WUAHandler&nbsp;&nbsp;&nbsp;14/11/2019 16:33:23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;980 (0x03D4)\". <strong>Note</strong> All Configuration Manager information&nbsp;also applies to System Center Configuration Manager and Microsoft Endpoint Configuration Manager.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).</div><br><a href ='#374msg'>Back to top</a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
"

2
windows/release-information/resolved-issues-windows-server-2008-sp2.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='374msgdesc'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><div>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc&nbsp;&nbsp;WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WUAHandler&nbsp;&nbsp;&nbsp;14/11/2019 16:33:23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;980 (0x03D4)\". <strong>Note</strong> All Configuration Manager information&nbsp;also applies to System Center Configuration Manager (SCCM) and Microsoft Endpoint Configuration Manager.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).</div><br><a href ='#374msg'>Back to top</a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='374msgdesc'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><div>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from Windows Update (WU), Windows Server Update Services (WSUS) or Configuration Manager and might be re-offered. If you use WU or WSUS, you might also receive the following error in the WindowsUpdate.log, “Misc&nbsp;&nbsp;WARNING: Digital Signatures on file C:\\Windows\\SoftwareDistribution\\Download\\XXXX are not trusted: Error 0x800b0109”. If you use Configuration Manager, you might also receive the following error in the WUAHandler.log, \"Failed to download updates to the WUAgent datastore. Error = 0x800b0109.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WUAHandler&nbsp;&nbsp;&nbsp;14/11/2019 16:33:23&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;980 (0x03D4)\". <strong>Note</strong> All Configuration Manager information&nbsp;also applies to System Center Configuration Manager and Microsoft Endpoint Configuration Manager.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in the December 2019 release of Windows Malicious Software Removal Tool (MSRT).</div><br><a href ='#374msg'>Back to top</a></td><td><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>January 23, 2020 <br>02:08 PM PT<br><br>Opened:<br>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
"

11
windows/security/identity-protection/hello-for-business/hello-faq.md
View File

@ -45,7 +45,7 @@ The statement "PIN is stronger than Password" is not directed at the strength of
The **Key Admins** and **Enterprise Key Admins** groups are created when you install the first Windows Server 2016 domain controller into a domain. Domain controllers running previous versions of Windows Server cannot translate the security identifier (SID) to a name. To resolve this, transfer the PDC emulator domain role to a domain controller running Windows Server 2016.
## Can I use a convenience PIN with Azure AD?
It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts. It is only supported for on-premises only Domain Joined users and local account users.
It is currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN is not supported for Azure Active Directory user accounts. It is only supported for on-premises Domain Joined users and local account users.
## Can I use an external camera when my laptop is closed or docked?
No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed. The product group is aware of this and is investigating this topic further.
@ -64,11 +64,11 @@ The user experience for Windows Hello for Business occurs after user sign-in, af
[Windows Hello for Business user enrollment experience](hello-videos.md#windows-hello-for-business-user-enrollment-experience)
## What happens when my user forgets their PIN?
If the user can sign-in with a password, they can reset their PIN by clicking the "I forgot my PIN" link in settings. Beginning with the Fall Creators Update, users can reset their PIN above the lock screen by clicking the "I forgot my PIN" link on the PIN credential provider.
If the user can sign-in with a password, they can reset their PIN by clicking the "I forgot my PIN" link in settings. Beginning with Windows 10 1709, users can reset their PIN above the lock screen by clicking the "I forgot my PIN" link on the PIN credential provider.
[Windows Hello for Business forgotten PIN user experience](hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience)
For on-premises deployments, devices must be well connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network.
For on-premises deployments, devices must be well-connected to their on-premises network (domain controllers and/or certificate authority) to reset their PINs. Hybrid customers can on-board their Azure tenant to use the Windows Hello for Business PIN reset service to reset their PINs without access to their corporate network.
## What URLs do I need to allow for a hybrid deployment?
Communicating with Azure Active Directory uses the following URLs:
@ -88,11 +88,12 @@ Windows Hello for Business has two types of PIN reset: non-destructive and destr
Organizations that have the on-premises deployment of Windows Hello for Business, or those not using Windows 10 Enterprise can use destructive PIN reset. with destructive PIN reset, users that have forgotten their PIN can authenticate using their password, perform a second factor of authentication to re-provision their Windows Hello for Business credential. Re-provisioning deletes the old credential and requests a new credential and certificate. On-premises deployments need network connectivity to their domain controllers, Active Directory Federation Services, and their issuing certificate authority to perform a destructive PIN reset. Also, for hybrid deployments, destructive PIN reset is only supported with the certificate trust model and the latest updates to Active Directory Federation Services.
## Which is better or more secure: Key trust or Certificate trust?
The trust models of your deployment determine how you authenticate to Active Directory (on-premises). Both key trust and certificate trust use the same hardware backed, two-factor credential. The difference between the two trust types are:
The trust models of your deployment determine how you authenticate to Active Directory (on-premises). Both key trust and certificate trust use the same hardware-backed, two-factor credential. The difference between the two trust types are:
- Required domain controllers
- Issuing end entity certificates
The **key trust** model authenticates to Active Directory using a raw key. Windows Server 2016 domain controllers enables this authentication. Key trust authenticate does not require an enterprise issued certificate, therefore you do not need to issue certificates to your end users (domain controller certificates are still needed).
The **certificate trust** model authenticates to Active Directory using a certificate. Because this authentication uses a certificate, domain controllers running previous versions of Windows Server can authenticate the user. Therefore, you need to issue certificates to your end users, but you do not need Windows Server 2016 domain controllers. The certificate used in certificate trust uses the TPM protected private key to request a certificate from your enterprise's issuing certificate authority.
## Do I need Windows Server 2016 domain controllers?
@ -102,7 +103,7 @@ There are many deployment options from which to choose. Some of those options re
Review [Azure AD Connect sync: Attributes synchronized to Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized) for a list of attributes that are sync based on scenarios. The base scenarios that include Windows Hello for Business are [Windows 10](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#windows-10) scenario and the [Device writeback](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#device-writeback) scenario. Your environment may include additional attributes.
## Is Windows Hello for Business multifactor authentication?
Windows Hello for Business is two-factor authentication based the observed authentication factors of: something you have, something you know, and something part of you. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
Windows Hello for Business is two-factor authentication based on the observed authentication factors of: something you have, something you know, and something part of you. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. Using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
## What are the biometric requirements for Windows Hello for Business?
Read [Windows Hello biometric requirements](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-biometric-requirements) for more information.

9
windows/security/threat-protection/TOC.md
View File

@ -413,7 +413,7 @@
### [Configure portal settings]()
#### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
#### [General]()
##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
##### [Verify data storage location and update data retention settings](microsoft-defender-atp/data-retention-settings.md)
##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
@ -700,9 +700,10 @@
#### [Family options](windows-defender-security-center/wdsc-family-options.md)
### [Microsoft Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
#### [Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
#### [Set up and use Microsft Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
### [Microsoft Defender SmartScreen](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md)
#### [Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md)
#### [Set up and use Microsft Defender SmartScreen on individual devices](microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md)
### [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md)
#### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)

2
windows/security/threat-protection/mbsa-removal-and-guidance.md
View File

@ -16,7 +16,7 @@ manager: dansimp
Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these additional checks had not been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive.
MBSA was largely used in situations where neither Microsoft Update nor a local WSUS/SCCM server was available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016.
MBSA was largely used in situations where neither Microsoft Update nor a local WSUS or Configuration Manager server was available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 is not updated to fully support Windows 10 and Windows Server 2016.
## The Solution
A script can help you with an alternative to MBSAs patch-compliance checking:

5
windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
View File

@ -89,7 +89,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
>
> Mikael then adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, he enables the **Override system settings** option and sets the switch to **On**. There are no other apps listed in the **Program settings** section.
>
> The result will be that DEP only will be enabled for *test.exe*. All other apps will not have DEP applied.
> The result will be that DEP only will be enabled for *test.exe*. All other apps will not have DEP applied.
>
>
> * **Example 2**
@ -100,8 +100,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
>
> Josie also adds the app *miles.exe* to the **Program settings** section and configures **Control flow guard (CFG)** to **On**. She doesn't enable the **Override system settings** option for DEP or any other mitigations for that app.
>
>The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*.
>CFG will be enabled for *miles.exe*.
> The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. CFG will be enabled for *miles.exe*.
> [!NOTE]
> If you have found any issues in this article, you can report it directly to a Windows Server/Windows Client partner or use the Microsoft technical support numbers for your country.

19
windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
View File

@ -1,6 +1,6 @@
---
title: Update how long data is stored by MDATP
description: Update data retention settings for Microsoft Defender Advanced Threat Protection (MDATP) by selecting between 30 days to 180 days.
title: Verify data storage location and update data retention settings
description: Verify data storage location and update data retention settings for Microsoft Defender Advanced Threat Protection
keywords: data, storage, settings, retention, update
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -15,9 +15,8 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/24/2018
---
# Update data retention settings for Microsoft Defender ATP
# Verify data storage location and update data retention settings for Microsoft Defender ATP
**Applies to:**
@ -25,10 +24,18 @@ ms.date: 04/24/2018
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
During the onboarding process, a wizard takes you through the general settings of Microsoft Defender ATP. After onboarding, you might want to update the data retention settings.
During the onboarding process, a wizard takes you through the data storage and retention settings of Microsoft Defender ATP.
After completing the onboarding, you can verify your selection in the data retention settings page.
## Verify data storage location
During the [Set up phase](production-deployment.md), you would have selected the location to store your data.
You can verify the data location by navigating to **Settings** > **Data retention**.
## Update data retention settings
1. In the navigation pane, select **Settings** > **Data retention**.

BIN
windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf
View File

Binary file not shown.

BIN
windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx
View File

Binary file not shown.

6
windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md
View File

@ -2,7 +2,7 @@
title: Information protection in Windows overview
ms.reviewer:
description: Learn about how information protection works in Windows to identify and protect sensitive information
keywords: information, protection, dlp, wip, data, loss, prevention, protect
keywords: information, protection, dlp, data, loss, prevention, protect
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -35,7 +35,7 @@ Microsoft Defender ATP applies the following methods to discover, classify, and
- **Data discovery** - Identify sensitive data on Windows devices at risk
- **Data classification** - Automatically classify data based on common Microsoft Information Protection (MIP) policies managed in Office 365 Security & Compliance Center. Auto-classification allows you to protect sensitive data even if the end user hasnt manually classified it.
- **Data protection** - Windows Information Protection (WIP) as outcome of Azure Information Protection label
## Data discovery and data classification
@ -95,6 +95,4 @@ InformationProtectionLogs_CL
- Go to **Settings** in Microsoft Defender Security Center, click on **Advanced Settings** under **General**.
## Related topics
- [How Windows Information Protection protects files with a sensitivity label](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels)

9
windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md
View File

@ -71,12 +71,13 @@ Filter by the following machine health states:
For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealthy-sensors.md).
### Security state
### Antivirus status
Filter by machines that are well configured or require attention based on the security controls that are enabled in your organization. Applies to active Windows 10 machines only.
Filter machines by antivirus status. Applies to active Windows 10 machines only.
- **Well configured** - Machines have the security controls well configured.
- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
- **Disabled** - Virus & threat protection is turned off.
- **Not reporting** - Virus & threat protection is not reporting.
- **Not updated** - Virus & threat protection is not up to date.
For more information, see [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md).

2
windows/security/threat-protection/microsoft-defender-atp/network-protection.md
View File

@ -27,7 +27,7 @@ ms.custom: asr
Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
Network protection expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
Network protection expands the scope of [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
Network protection is supported beginning with Windows 10, version 1709.

0
windows/security/threat-protection/windows-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png → windows/security/threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 151 KiB

After

Width:  |  Height:  |  Size: 151 KiB

0
windows/security/threat-protection/windows-defender-smartscreen/images/Windows-defender-smartscreen-control-2020.png → windows/security/threat-protection/microsoft-defender-smartscreen/images/Windows-defender-smartscreen-control-2020.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 106 KiB

After

Width:  |  Height:  |  Size: 106 KiB

0
windows/security/threat-protection/windows-defender-smartscreen/images/windows-defender-security-center.png → windows/security/threat-protection/microsoft-defender-smartscreen/images/windows-defender-security-center.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 39 KiB

0
windows/security/threat-protection/windows-defender-smartscreen/images/windows-defender-smartscreen-control.png → windows/security/threat-protection/microsoft-defender-smartscreen/images/windows-defender-smartscreen-control.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

2
windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md → windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
View File

@ -214,7 +214,7 @@ To better help you protect your organization, we recommend turning on and using
## Related topics
- [Threat protection](../index.md)
- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
- [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md)
- [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies)

3
windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md → windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
View File

@ -49,7 +49,7 @@ Microsoft Defender SmartScreen provide an early warning system against websites
- **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).
- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md).
- **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md).
@ -88,5 +88,6 @@ EventID | Description
1002 | User Decision Windows Defender SmartScreen Event
## Related topics
- [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
- [Threat protection](../index.md)
- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings)

2
windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md → windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
View File

@ -82,7 +82,7 @@ Microsoft Defender SmartScreen can be configured to warn users from going to a p
## Related topics
- [Threat protection](../index.md)
- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
- [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen-overview.md)
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).

2
windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
View File

@ -86,7 +86,7 @@ Windows Defender SmartScreen notifies users if they click on reported phishing a
For Windows 10, Microsoft improved SmartScreen (now called Windows Defender SmartScreen) protection capability by integrating its app reputation abilities into the operating system itself, which allows Windows Defender SmartScreen to check the reputation of files downloaded from the Internet and warn users when theyre about to run a high-risk downloaded file. The first time a user runs an app that originates from the Internet, Windows Defender SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, Windows Defender SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Microsoft Intune or Group Policy settings.
For more information, see [Windows Defender SmartScreen overview](windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
For more information, see [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
### Windows Defender Antivirus

2
windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
View File

@ -41,7 +41,7 @@ Potentially unwanted applications can increase the risk of your network being in
### Microsoft Edge
The next major version of Microsoft Edge, which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
The next major version of Microsoft Edge, which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Microsoft Defender SmartScreen](../microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
#### Enable PUA protection in Chromium-based Microsoft Edge

3
windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
View File

@ -50,7 +50,8 @@ Only the main version is listed in the following table as reference information:
Month | Platform/Client | Engine
---|---|---
Mar-2020 | 4.18.2003.x| 1.1.16900.x
Apr-2020 | 4.18.2004.x | 1.1.17000.x
Mar-2020 | 4.18.2003.x | 1.1.16900.x
Feb-2020 | - | 1.1.16800.x
Jan-2020 | 4.18.2001.x | 1.1.16700.x
Dec-2019 | - | - |

10
windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md
View File

@ -1,6 +1,6 @@
---
title: Shadow protection in next-generation protection
description: Learn about shadow protection in next-generation protection
title: Shadow protection
description: Learn about shadow protection
keywords: Windows Defender Antivirus, shadow protection, passive mode
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -16,7 +16,7 @@ ms.custom: next-gen
ms.collection:
---
# Shadow protection in next-generation protection
# Shadow protection
**Applies to:**
@ -67,7 +67,7 @@ The following images shows an instance of unwanted software that was detected an
|Windows Defender Antivirus engine |To make sure your engine is up to date, using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
> [!IMPORTANT]
> To get the best protection value, make sure Windows Defender Antivirus is configured to receive regular updates and other essential features, such as behavioral monitoring, IOfficeAV, tamper protection, and more. See [Protect security settings with tamper protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection)
> To get the best protection value, make sure Windows Defender Antivirus is configured to receive regular updates and other essential features, such as behavioral monitoring, IOfficeAV, tamper protection, and more. See [Protect security settings with tamper protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection).
## Frequently asked questions
@ -78,7 +78,7 @@ No. Shadow protection does not affect third-party antivirus protection running o
### Why do I need to keep Windows Defender Antivirus up to date?
The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack works in integration, and to get best protection value, you should keep Windows Defender Antivirus up to date.
Because Windows Defender Antivirus detects and remediates malicious items, its important to keep it up to date to leverage the latest machine learning models, behavioral detections, and heuristics for best results. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities work in an integrated manner, and to get best protection value, you should keep Windows Defender Antivirus up to date.
### Why do we need cloud protection on?